what is the point of the cloud services appliance firewall?
if i want the CSA to manage any internet device my users may have then i pretty much have to enable every public range. i dont see why it comes preconfigured with specific IPs listed in the allow and blocked list.
Is there some kind of best practices doc on this?
should i just disable the firewall to get rid of the overhead on the appliance?
I have been using management suite for a long time, but have never used the gateway.
I am going to stand up a gateway soon...just wondering has anyone ever installed a virus scanner program on the gateway? Is it even possible? Such as mcafee for linux. I realize it scans with sumo, just wondering if that is enough.
Hi All,
There is a new item "Manage LDMS certificates" in the UI after patching. Please anyone tell me what this certificate is used for? Where else can I apply it?
Here is the screenshot.
i have 2 updates i can't seem to apply on my CSA.
| BOOTSCRIPTS_2.3 | LDMGA 4.2 Boot scripts update 2.3 | This updates the system backup utilities to fix a bug where the automatic system backups couldn't be set to monthly or weekly correctly. | Apply |
| OPENSSH_5.8 | LDMGA 4.2 OpenSSH update 5.8p2 | Cloud Appliance has the SSLv3.0/TLSv1.0 Protocol Weak CBC Mode Vulnerability. This updates the openssh to 5.8 to fix it. |
anyone else have this problem?
i have rebooted numerous times and tried
additionally i see the following error on the same page:
PHP Warning: Cannot open '/usr/LANDesk/broker/webroot/browscap.ini' for reading in Unknown on line 0
but i've seen that during other updates and they seem to have applied.
bug: while applying updates it redirects you to:
https://hostname/gsb/datetime.php/gsb/datetime.php
There has been an issue identified on the Cloud Services Appliance that could possibly allow root login. To be able to remediate this, you can do the following:
Once this is done, only the admin account will be able to SSH into the device. Because this is the case, make sure the password for the admin account is a complex password with numbers, symbols, uppercase, and lowercase letters.
We have had to rebuild our appliance a few times now and each time we are forced with creating the user accounts from scratch instead of getting them from the default configuration backup. Is there a way to backup the users accounts separately and then do a restore of these accounts if the appliance gets rebuilt in the future? Certainly this information must be store somewhere on the appliance in a binary file or local DB.
Any info would be greatly appreciated.
Thanks
Description:
This document is to help in verifying basic configuration of the gateway settings to allow communication to the core, patching servers, and licensing server.
Steps:
1. Click on System > Network Settings
2. Remove any references to the 192.168.0.1 and 192.168.0.2
3. Set IP, subnet, and gateway for your network on eth0.
4. Click add
5. Set the hostname and dns suffix for your device
6. Click save
7. Click on the hostnames tab.
8. Remove any references to the 192.168.0.1 and 192.168.0.2
9. We will want to add the core here.
10. Core IP, domain suffix, CoreHostname click add
11. Ping license.landesk.com, patchec.landesk.com and patch.landesk.com to obtain the IP addresses.
12. Enter the IP, landesk.com, license click add
13. Enter patch IP, landesk.com, patch click add.
14. Click save
15. Click on the security section.
16. Remove any subnets you use from the blocked list.
17. Add the core IP to trusted
18. Add the patch.landesk.com, patchec.landesk.com and license.landesk.com IP's in the trusted
19. Click save at the bottom
20. Click on the users section. Make sure you know the service account password; we will need this to configure the core. It will only be used on the core in one location(Manage Gateway/Manage Cloud Service Appliances), so if you don't know it go ahead and reset it so you can have the correct password
21. Click on the Gateway Service Section. In the additional Hostnames section you will want anything the gateway can resolve to or from, FQDN, internal and external IP, Etc
22. Click Save
23. When applying patches the EECert patch needs to be installed prior to any other patches.
General:
Subject/Problem/Symptoms:
How to automate Macintosh agent communication for inventory scans, vulscans, and policy-based tasks through the CSA/gateway without the use of DNS.
Description/Details:
When an agent is out-of-band it will attempt to do a DNS lookup on the core server before directing traffic if the brokerconfig.exe is set to “Dynamically determine connection route”. If it gets a result other than “Host not found” or “Request could not find host” then it assumes it can communicate with the core server.
The issue that occurs is that many ISPs no longer allow for unlisted DNS entries, a requirement for CSA/gateway usage. This means when you try to reach core.domain.ext it will redirect you to another host, such as your ISP’s homepage web server. They assume you miss typed the address you are looking for and provide a re-direct. This means that the client will never contact the CSA/gateway because it believes it has reached the core.
This also resolves the issue of not being able to have a private and public DNS. (As long as your core is properly firewalled off from global traffic.)
Test Problem:
Set your DNS to use Open DNS while out-of-band – 208.67.222.222 and 208.67.220.220 – if your core is not publicly listed then it likely will experience this issue.
Resolution:
Attached to this document is an ldgatewayassistant.sh – this will install the LDGatewayAssistant daemon on your Macintosh based clients.
The LDGatewayAssistant daemon can do the following tasks for you:
1. Auto broker your Macintosh agents to the CSA/gateway. (in-band and out-of-band)
2. Automatically toggle your inventory scans, vulscans, and policy-based tasks between direct and gateway mode.
3. Automatically update core with latest IP when switching between direct and gateway mode.
4. Allow for limited custom in-band and out-of-band remote control permissions.
How it works:
After it is installed on your end-point you will find an LDGatewayAssistant daemon is running (/Library/LaunchDaemons). Every 15 minutes (configurable) the daemon will quickly run a query to validate that you are still able to communicate with your core server. It does this by checking the file structure of the cores web services. If you were previously in-band and the query returns in-band again then no further action is taken. However if it returns out-of-band then the daemon will:
1. Write out the proper connection info for the CSA/gateway to broker.conf.xml. (This is for inventory scans, vulscans, and policy-based tasks.)
2. Enable the optional remote control configurations for out-of-band. (Prevents vulscan from overwriting these settings.)
3. Automatically broker the agent if necessary.
4. Start an inventory scan to sync with the core server.
When the agent returns to being in-band then the service will:
1. Update the broker.conf.xml to automatic mode.
2. Set remote control configurations back to stricter settings. (Upon the next vulscan they will be returned to your agent configuration settings.)
3. Automatically broker the agent if necessary.
4. Start an inventory scan to sync with the core server.
How do I know if it is running?
Under /Library/Application Support/LANDesk/data/ there is a file called: ldgatewayassistant.plist.
With in 15 minutes of entering/leaving your network you should see the following events:
- The "count" field in the plist should increment by 1.
*Note: If any crashes occur please post them here.
What it works on?
It has been tested on 9.0.3, and 9.5.
Installation:
Basic Installation:
1. Manually configure the settings in the attached LDGatewayAssistant.sh file.
2. Manually install the LDGatewayAssistant on a client computer: sudo ./ldgatewayassistant.sh or sudo sh ldgatewayassistant.sh
Advanced Deployment Options:
1. Advanced Edit of Agent
- Documentation pending.
2. Custom Vulnerability
- Documentation pending.
3. Deployment package
- The ldgatewayassistant.sh file can be bundled into a LANDesk deployment package and distributed to end points.
Auto Brokering Information:
In order to auto broker on the Macintosh agents you will be required to generate a configbroker.enc file. The contents of this file will then be used in the LDGatewayAssistant to authenticate the brokering process.
To generate a configbroker.enc file follow the below steps:
1. On a mac run the following commands:
echo "username,password" > configbroker.txt
openssl enc -aes-256-cbc -a -salt -in configbroker.txt -out configbroker.enc
*When prompted enter a phrase to secure the credentials.
*Replace username and password with the appropriate LANDesk user credentials for your brokering account.
2. Copy the contents of the configbroker.enc (open it in textedit.app) and use them as the "code" in the LDGatewayAssistant.
When the client completes the brokering process it will overwrite the phrase that you provide in the LDGatewayAssistant settings with phrase_overwrite in order to secure the code and prevent it from being available post brokering. If you wish to have the LDGatewayAssistant be able to rebroker an agent if its certificate is lost then you can replace the contents of phrase_overwrite with the same contents of what you set phrase to.
*DISCLAIMER*
USE OF THE CONFIGBROKER.ENC IS SOLELY AT THE USER'S AND/OR COMPANY'S OWN RISK. THIS APPLICATION IS AVAILABLE "AS IS", AND THE AUTHOR DISCLAIMS ALL WARRANTIES INCLUDING ANY IMPLIED WARRANTIES.
THE FILE PRODUCED BY RUNNING THE ABOVE COMMANDS CONTAINS ACCOUNT NAME AND PASSWORD INFORMATION THAT MAY NOT BE FULLY PROTECTED UNDER CURRENT ENCRYPTION STANDARDS. THE AUTHOR SHALL NOT BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL OR EXEMPLARY DAMAGES, INCLUDING BUT NOT LIMITED TO DAMANGES FOR LOSS OF PROFITS, GOODWILL, USE, DATA OR OTHER INTANGIBLE LOSSES, OR COST OF PROCUREMENT OF SUBSTITUTE SERVICES.
Configuration Options:
PList Settings:
Address = IP Address of CSA/gateway
code = Follow the code generation steps above under "Auto Brokering Information".
phrase = phrase used to encrypt the code
phrase_overwrite = used to replace phrase after brokering is completed *default is "none"
Gateway = hostname.domain.ext of CSA/gateway
In = If the client last was "in-band" (true/false) *Default is false
Out = If the client last was "out-of-band" (true/false) *Default is false
rc = 0 or 1
0 = Off – Do not make any changes to client
1 = When device is out-of-band - LDGatewayAssistant turns off remote control permission required on the agent so that you can remotely access the computer without the user having to accept remote control, it also disables the identifiers of remote control. It automatically turns permission required and remote control identifiers back on when the client is back "in-band". *This is useful to remotely kick off policy based tasks immediately through the CSA/gateway, but please be aware of the security draw backs when the permission required option is removed.*
Scan = 0, 1
0 = Off - Do not run any scans
1 = Sends full inventory scans to core (works through gateway and in-band)
logging = 0 or 1
0 = Off
1 = Enables basic logging - currently only turns on display of server responses when checking if the client is properly talking to core. These will be displayed in the application log.
interval = 1 +
1 = 15 minutes
2 = 30 minutes
3 = 45 minutes (recommended)
4 = 1 hour
(and so on)
count = 1
# = displays current time in interval process, once this number reaches the value set in interval then it will execute 1 cycle and reset back to 1.
Example: If interval is set to 3 and count is set to 1, every 15 minutes count will increment by 1 make its values after 15 minutes be 2, 30 minutes be 3, and upon the 45 minutes it will execute and revert count to 1.
Uninstall:
Version 1.0.0.0:
To uninstall the LDGatewayAssistant you must do it from an administrative account.
From the terminal execute:
sudo rm "/Library/Application Support/LANDesk/data/ldgatewayassistant.sh"
sudo rm "/Library/Application Support/LANDesk/data/ldgatewayassistant.plist"
sudo rm "/Library/LaunchDaemons/com.landesk.ldgatewayassistant.plist"
Bug Fixes:
Version 1.0.0.1:
- Corrected an issue where the daemon would not properly start on boot-up for some OSX versions.
- Added versioning.
DISCLAIMER
THIS SOFTWARE IS NOT A PRODUCT OF LANDESK. THIS SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMANGES, OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT, OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
Problems/Symptoms:
How to automatically configure a client for the Cloud Services Appliance, without manually entering username and password information.
Details:
Configurebroker.exe creates an LNG file which can then be used to automatically authenticate through the Cloud Services Appliance. There are two methods of using this LNG file which are documented below.
Resolution:
Configurebroker.exe. (attached to the bottom of this article)
DISCLAIMER
USE OF THE CONFIGUREBROKER.EXE APPLICATION SOFTWARE IS SOLELY AT THE USER’S AND/OR COMPANY’S OWN RISK. THIS SOFTWARE APPLICATION IS AVAILABLE “AS IS,” AND LANDESK SPECIFICALLY DISCLAIMS ALL WARRANTIES INCLUDING ANY IMPLIED WARRANTIES.
THE FILE PRODUCED BY CONFIGUREBROKER.EXE CONTAINS ACCOUNT NAME AND PASSWORD INFORMATION THAT MAY NOT BE FULLY PROTECTED UNDER CURRENT ENCRYPTION STANDARDS. LANDESK SHALL NOT BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL OR EXEMPLARY DAMAGES, INCLUDING BUT NOT LIMITED TO DAMAGES FOR LOSS OF PROFITS, GOODWILL, USE, DATA OR OTHER INTANGIBLE LOSSES (EVEN IF LANDESK HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES), OR COST OF PROCUREMENT OF SUBSTITUTE SERVICES.
IMPORTANT:It’s strongly recommended to follow all of the steps listed below. Before implementing the ConfigureBroker.exe, it is recommended to make sure manual retrieval of the certificates using Brokerconfig.exe both internally and externally works. Configurebroker.exe is NOT a secure method of configuring devices for the Cloud Services Appliance.
Create a local user account on the core server called configure.broker. (Do not use a domain account)
Add the user account to the local LANDesk Management Suite Group on the core.
In the LANDesk Console, remove all LANDesk rights from the user.
Remove all Scopes from the configure.broker user.
The user should show the Default No Machines Scope and have no rights present.
NOTE: Only use this user for the ConfigureBroker.exe utility.
Copy the ConfigureBroker.exe to the LANDesk Core Servers ManagementSuite folder. This folder is shared by default with the share name of LDMain.
Run "ConfigureBroker.exe" and enter in the username and password of the broker.config user that was just created and that is a member of the LANDesk Management Suite user group.
(Do not use a domain account)
Click Save.
The ConfigureBroker.exe creates a folder in the LDMain share/ManagementSuite folder called "noshareLDLogon".
Inside this folder a file is created called "BrokerConfig.lng".
Copy the "BrokerConfig.lng" file to the root of the LDLogon share on the core server. The LDLogon folder is under the ManagementSuite folder.
NOTE: If using the ConfigureBroker.exe, it is highly recommended that “logon” rights from the local security policy for local users be removed. This will block non domain users from logging into the LANDesk application.
LANDesk 9.0 SP2:Role-based Administration has changed in LANDesk 9.0. The following items must be changed.
1. The configure.broker user is a part of the Script-Writers Group.
2. Add "modify" writes for the Script-Writers Group to the C:\Program Files\LANDesk\ManagementSuite\brokerreq folder on the core server
The following steps will update the default LANDesk Agent Configuration so that all agents will include the .lng file, and automatically retrieve the Gateway Certificate on Agent install.
Browse to the \ManagementSuite\ldlogon folder on the LANDesk Core Server.
Open the ntstacfg.in# file with notepad. Search for the [Common Base Agent Post Copy] section.
At the end of the [Common Base Agent Post Copy] section add the following line:
FILE10001=BrokerConfig.lng, %PROGRAMFILES%\LANDesk\Shared Files\cbaroot\broker\BrokerConfig.lng
LANDesk 9.0 SP2 Update: There are two [Common Base Agent Post Copy] sections in the LANDesk 9.0 SP2 agent.ini file. Be sure to add the previous lines to the larger section that appears first. If this is not done the LNG file will not be inserted in the self-contained agent executable. A good way to check this is to search the log for "brokerconfig.lng" after the self-contained executable is created. You should see a line stating that the brokerconfig.lng file was inserted into the CAB. (This is resolved in SP2 for LDMS 9.0 CR00047107)
After saving the changes, go to Configure | Services | Inventory and restart the Inventory Service.
After the service restarts, the existing agents must be rebuilt to include the new changes.
In the LANDesk Console, go to Tools | Configuration | Agent Configuration. Click the Rebuild All button.
To verify that the agents recieved the change, right click on an agent and choose Advanced Edit.
The Agent Configuration.ini file will open for that Agent.
Look under the [Common Base Agent Post Copy] section for the two lines that were added.
Create a self-extracting executable for the configuration by right-clicking on the configuration in the console and choosing Create self-contained client installation package.
Choose the location for the self contained EXE files, and click Save.
NOTE: After creating the self contained Agent Installer, it is highly recommended to remove the BrokerConfig.lng file from the Ldlogon share.
Install the self-extracting executable to the remote machine. If the machine is connected to the internet, then a cert will be created on the client during install.
If the machine was not connected to the internet when the agent was installed, When the inventory scanner runs and it will automatically run brokerconfig.exe -r when it realizes it doesn't have a cert.
After the client is configured for the Gateway then the BrokerConfig.lng is deleted
Run through the steps to create the .lng file. Manually copy the .lng file to the C:\Program Files\LANDesk\Shared Files\cbaroot\broker folder on an existing client. When the inventory scan executes on the client it will consume the .lng file and the broker certificates will be retrieved.
Macintosh Update: With the release of LANDesk 9 Macintosh clients can now connect through the Cloud Services Appliance. However, the process described below currently is not working. An enhancement request has been submitted to add the functionality in the future. Some other design changes may make this possible as well.
We are excited to announce the release of the 4.3 Cloud Services Appliance. Below you will find step by step documentation on upgrading your appliance and also how to determine if your device can be upgraded. There are two documents listed below. The CSA Upgrade 4.3 will walk you through upgrading a physical appliance. The CSA VM installation of 4.3 document will walk you through performing the side by side install of the new 4.3 CSA.
Pre-Requisites:
- CPU - 2 Processors
- Memory - 8GB RAM
- Storage - 50GB
- Network - 2 1GB NICs
Is it possible to remove the management gateway once it has been configured?
The server that the management gateway is pointing to is no longer active. Additionally the core server that is list has been renamed. I have looked for a way to remove these settings, but unless they are valid names or can be posted to the server (nonexistant) I cannot blank out the fields.
Anything obvious I am missing?
Environment
Cloud Service Appliance / LANDesk Management Gateway release 4.2
Cloud Service Appliance / LANDesk Management Gateway release 4.3
Problem/Issue/Symptoms
After upgrading the Cloud Services Appliance to the version 4.2 or 4.3, accessing to the web interface, opening the Remote assistance page and clicking on the Install now button doesn't work anymore.
The possible error messages are:
- The webpage cannot be found
- 404 Not Found. Path unresolvable
Solution
Cloud Services Appliance version 4.2
1. Access to your CSA with an SSH client.
2. If your are using a Windows system, you can download Putty form the follwing website: http://www.putty.org/
3. After having had access to the console, get the super user rights with the command "sudo su"
4. Go to the following directory: /usr/LANDesk/broker/webroot/client/LDSupport
5. List the content of the directory, you should see some executables files, one of them have to be names <public URL of the gatweay>.exe
6. If not, copy one of the existing executable files creating one withe name expected.
In the screenshot reported, the public hostname of the Cloud Services Appliance is ldcsa.lab.com.
Cloud Services Appliance version 4.3
1. Access to your CSA with an SSH client.
2. If your are using a Windows system, you can download Putty form the follwing website: http://www.putty.org/
3. After having had access to the console, get the super user rights with the command "sudo su"
4. Go to the following directory: /opt/landesk/broker/webroot/client/
5. Create the directory LDSupport
5. Copy the file LDSupport.exe into the directory just created, naming it <public URL of the gatweay>.exe
In the screenshot reported, the public hostname of the Cloud Services Appliance is ldcsa43.lab.com.
Hi all, on the new version of Cloud Appliance (appliance updated to the last release, or new Virtula appliance) i noted a change:
-Opening RCviewer via Gateway it asks credentials for gateway (i heard that in the last gateway version this was removed, finally! but it seems it was only a rumor); when it tries to cennect to remote client it starts windows "Searching for matching connections" with a progress bar that never stops; it's right that it happens if remote client is not available but it continues to searching untill you click cancel;
This introduces further delay on the RControl process to remote client over wan, is it not a long process yet ??
I would suggest LANDesk to suppress credential requests for Gateway and to make it show up directly connections table; i mean that is what i expected from new version.
Anyone noted this?
Regards
Environment
Cloud Services Appliance (formerly Management Gateway) release 4.3
Problem/Issue/Symptoms
Starting the Remote Control Console and trying to connect to the Cloud Service Appliance (formerly Management Gateway), you receive the following error messages:
Failed short session connection to the gatway (10)
Unable to send a request to the remote computer
One of the reasons why you are receiving this error message is that you are using an obsolete Remote Control Console.
This can happen when you installed the utility on a management workstation and haven't update the utility for a long time, or if you downloaded the utility from a Cloud Services Appliance 4.3, that contains a non updated version of the viewer.
You can check the version you are running checking the properties of the isscntr.exe file.
Solution
1. Uninstall your LANDesk Remote Control Console from the Programs and Features Windows panel.
2. Retrieve the installer of your most up to date version of the software on your core server in the directory C:\inetpub\wwwroot\common\ (the letter of the drive may change according to your IIS installation). The enurcsetup.exe installs the utility in English, in the same directory there are all the languages available for the LANDesk Remote Control Console.
3. Install the updated version of the software
Take a look at the image below for connecting the gateway. Click to expand.
Support Notice: Only the 4.0 and 4.2 versions of the Cloud Services Appliance/LANDesk Management Gateway are currently supported by Landesk Customer Support.
Notice:Any E-Learning content is available by default to Members who have a minimum support agreement at Professional level.
NOTE: This article is not a comprehensive list of documents and issues. You can continue to search the rest of the community or the portion specific to the Cloud Services Appliance if this page hasn't helped.
I am curious if any one else has experienced this issue. I have tried it on both the 4.2 and 4.3 version of the gateway connected to 9.5 SP1 cores. I have applied the latest patch for the Mac agent that gives Mavericks functionality.
Our Macs are mostly Lion and Mountain Lion. PC's work fine through the gateway. I don't think it is an issue with the client switching modes since it doesn't work when manually switching to gateway mode. They also will not send inventory scans when outside the network. The certificate test in Management Gateway app comes back OK. The deployment portal does work for installing software when the Mac is outside the network.
What is happening is when I try to connect to a Mac through the gateway web page, it will pull up the login page and then immediately revert back to the login page after entering valid credentials. I am using integrated security on the agent. When I try to connect to it from the remote control viewer pointed to the gateway, it gives me "receive failed: 4. you do not have rights to connect to remote computer."
I am working with LD support on this, but wanted to see if anyone in the community had experienced this and was able to resolve it without LD support.
I have configured a second CSA with the core server and now when I remote through the gateway it always selects the second CSA. How do we control the CSA selected?
Environment
LANDesk Cloud Services Appliance 4.3
Problem/Issue/Symptoms
The Cloud Services Appliance is unable to talk with the Core
The Cloud Services Appliance is unable to talk with the Internet
The Clous Services Appliance is correctly configured on the Core but is unable to activate online
The Cloud Services Appliance has two network interfaces configured both with a gateway - only one is working
Solution
Having two gateways configured on a single device simply doesn't work, as the device will just use one of the two,
If the Cloud Services Appliance has two network interfaces configured, make sure the only one interface, the one talking to the internet, has a default gateway configured.
Then, if the Core Server is on a different network segment than the Cloud Services Appliance, and the next hop to reach the Core server is different than the default gateway, you need to set up a static route to address the traffic to the core via the correct router/firewall.
Static route configuration is stored in a /etc/sysconfig/network-scripts/route- file.interface
For example, static routes for the eth0 interface would be stored in the /etc/sysconfig/network-scripts/route-eth0 file.
Example
Cloud Service Appliance with two network interfaces configured
Interface eth2 connected towards the internet
IP address 192.168.1.3 subnet mask 255.255.255.0 default gateway 192.168.1.1
Interface eth3 connected towards the LAN and the Core Server
IP adress 10.1.1.3 subnet mask 255.255.255.0 no default gateway, next hop to reach the Core 10.1.1.1
Core Server with IP address 10.20.20.1 subnet mask 255.255.255.0
What we need to do is configuring a static route to instruct the appliance to reach the network segment 10.20.20.0/24 via our next hop with IP address 10.1.1.1, for the interface eth3.
WARNING: Because we are operating on the network configuration of the appliance, it's safe to operate directly on the device's console, or at least having the possiblity to physically reach the device with a local keyboard and monitor in case of the network connectivity problems and especially if the appliance is off site.
1) Open the local console command line interface, press CTRL+ALT+F2 or open a SSH session to the appliance with an SSH client
2) Create or update the file /etc/sysconfig/network-scripts/route-eth3 with the following line 10.20.20.0/24 via 10.1.1.1
3) Reload your network configuration with the command service network reload
4) Verify the new static route with the command route
5) Verify you can correctly communicate wirth the appliance from the Core Server
This article addresses the most common gateway activation issues.
I: Networking is not configured correctly.
Follow these steps to test the ability of the gateway to activate:
a. If on a remote machine (not the gateway), open an SSH terminal and log in as admin.
If on the gateway itself, press AltF2 to go the other screen. Then right click and select xterm. (You can press AltF1 to go back to the first screen with the gateway web interface. You can switch back and forth between the screens as much as you want to).
b. Run this command:
sudo telnet yahoo.com 80
b1. On the Cloud Services Appliance 4.3 Run this command:
wget http://license.landesk.com/iisstart.htm
This command will tell you if routing and DNS are working. It will also tell you if you can make an outbound connection on port 80 from the gateway to the Internet. This command should normally complete within a few seconds:
c. If routing is not working, you will get an error like this:
telnet: Unable to connect to remote host: Network is unreachable
To correct this error, set the default gateway in the network settings (see screenshot below), and ensure there is network connectivity to the default gateway.
d. If the telnet command does not resolve the FQDN (fully qualified domain name) to an IP address, then DNS does not work. You may or may not get an error related to name resolution. Ensure you have specified a valid DNS server in the gateway configuration, and that ports TCP 53 and UDP 53 are open to that server. This is where you specify the default gateway and the DNS server in the gateway configuration:
e. If the telnet command resolves the IP address, and the default gateway works properly, but port 80 connections are not allowed, you will see an error like this:
This error is most likely caused by a firewall blocking http 80 outbound connections from the management gateway to the Internet. Ensure this port is open for the gateway.
II: Verify the activation credentials with Licensing. These are the same activation credentials that are used to activate the core server using the core server activation utility. These credentials can be obtained by calling the support line at 800-581-4553 and choosing the Licensing option.
If this error is received: "Page cannot be displayed" 500 error on the activation page after hitting activate online or by e-mail
(all other pages in the gateway configuration console work without errors).
a. Navigate to this gateway web page: https://gatewayname/gsb, click on the gateway service tab and change logging to normal or none. click save.
b. Next go into firewall settings and toggle enable or disable(the end result doesn’t matter it just needs to be toggled once or more)
Click save
c. Now click on the gateway activation tab, install now or online or by e-mail should work.
LANDesk™ Virtual Cloud Services Appliance (VCSA) Extending our market leadership in providing the best remote endpoint management tools for growing global organizations, LANDesk Software is excited to announce the availability of the LANDesk™ Virtual Cloud Services Appliance. As in the past, we offered the industry's best solution for managing remote devices, and we continue our tradition by offering the same great capabilities and benefits but without the need for a physical hardware appliance. We will continue to offer the traditional Cloud Services Appliance (CSA), but will add the Virtual Cloud Services Appliance to our excellent offering. |
Recommended Specifications:
ESXi 5.x server (for the vCSA) with the following resources available:
- CPU - 2 Processors
- Memory - 8GB RAM
- Storage - 50GB
- Network - 2 1GB NICs
LANDesk Virtual Cloud Services Appliance (vCSA) FAQ
Q. Where can I download the vCSA?
Q. How will customers be able to install the virtual appliance?
Q. What versions of VMWare ESX are supported?
Q. Are there any new features in the vCSA?
Q. How will the virtual appliance be updated?
Q. Will the vCSA scale to higher capacity if I increase the computer resources available to the Virtual Machine? Will this enable the vCSA to handle more maximum connections?
Q. Is Microsoft Hyper-V Supported?
A. No, at this time VMWare ESX is the only supported environment.
Q. If a customer has purchased the hardware appliance will they be entitled to the virtual appliance?
Q. Can a customer evaluate this software as part of a 45-day evaluation?
Q. Does the virtual appliance license allow for a second instance of the appliance to run in a disaster recovery configuration?
