/build/static/layout/Breadcrumb_cap_w.png

Quickfix for "error (Handshake Failed)" in KACE patching

Recently we updated all our KACE agents to 6.4 and once we did that, none of our servers were patching and a small amount of our windows workstations weren't either as they all came back with "error (Handshake Failed)" as their status. They were either missing all their .ospx files or just 1 of 2 of them. Since we have over 80+ servers coming back with this I really couldn't be bothered to go through each one and copy over the files they have missing so I wrote a powershell script to do it for me.

This script has a few limitations such as it doesn't support 32-bit PCs (purely because we don't have any so I didn't want to spend time writing lines for something that will never run for us) and it will not fix these issues for XP, Server 2003 and some 2008 servers (due to requiring at least Powershell 3.0 for the Invoke-Webrequest line to down the ospx files direct from the KACE server.
######

# A little script to confirm all ospx files are in place for KACE patching. This will not work for x86 Win machines as 2003 and 2008 do not support Invoke-Webrequest out of the box and we don't have any x86 client machines.

# USAGE:
#
# By Mike Donaldson (tekctrl@gmail.com)
#
######

#Specifiy variables.
$OS = ((Get-WmiObject Win32_OperatingSystem).Caption)
$ProgramFiles = "C:\Program Files (x86)\Dell\KACE\"

#First of all clear up any *.part files.
remove-item ($ProgramFiles + "*.part")
remove-Item "C:\ProgramData\Dell\KACE\patches\*.part"
#Work out the OS and the appropriate OS ospx file.
switch -wildcard ($OS)
{
'*2008 Standard*' {$kaceDL = 'win2k8.ospx'}
'*2008 R2*' {$kaceDL = 'win2k8r2x64.ospx'}
'*2003*' {$kaceDL = 'win2k3.ospx'}
'*Windows 10*' {$kaceDL = 'win10x64.ospx'}
'*Windows 7*' {$kaceDL = 'win7x64.ospx'}
}
#List out the ospx files required to compare to.
$ospxList = @("winapplications.ospx",
"windependencies.ospx",
"winsecuritydefinitions.ospx",
$kaceDL
)
#Get a list of ospx files currently on the system.
$ospxInstalled = @(get-childitem $ProgramFiles -filter *.ospx -Name)
#Compare the 2 lists and get a list of all missing files and any missing, download and store in the KACE program files location.
compare-object $ospxList $ospxInstalled |ForEach-Object {$_.InputObject}| foreach{
echo $_
Invoke-WebRequest ("http://kbox/patches/" + $_) -OutFile ($ProgramFiles + $_);
}
echo "We're done here. Fingers crossed, it's fixed KACE handshake issues now"
After I ran this I saw that all our servers were detecting missing patches once again and all was well in the world so I could get back to the pub.

Comments

  • Thank you for posting this. I used the following as an Offline KScript and it did the same:

    Verify

    Verify that the directory “C:\Program Files (x86)\Dell\KACE\” exists.

    On Success

    Launch “\del” with params “”C:\Program Files (x86)\Dell\KACE\*.part“ /Q /F”.
    Launch “\del” with params “C:\ProgramData\Dell\KACE\patches\*.part /Q /F”.

    Remediation

    Launch “\del” with params “”C:\Program Files\Dell\KACE\*.part“ /Q /F”.
    Launch “\del” with params “C:\ProgramData\Dell\KACE\patches\*.part /Q /F” - ShaneWWatson 7 years ago
    • just a hint: You can use the KACE variables to make this more global. Especially if you are using x86 and x64 together or also MACs this would help you to keep the script short and readable

      $(KACE_INSTALL) expands to the location where the agent is installed (ie C:\Program Files (x86)\Dell\KACE\ or C:\Program Files\Dell\KACE\ )

      $(KACE_DATA_DIR) expands to C:\ProgramData\Dell\KACE\

      (this may change if the location of the files will be changed and then it is easy to maintain the scripts since you don't need to change anything)

      This is also no secret knowledge since you can get it by klicking the litte blue circle with the white question mark right next to Tasks (required) - Nico_K 6 years ago
This post is locked

Don't be a Stranger!

Sign up today to participate, stay informed, earn points and establish a reputation for yourself!

Sign up! or login

Share

 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ