Hi everyone,

We've been using kace for the last couple of years and it seems that every so often without warning some machines (not all) will have their C:\ProgramData\Dell\KACE\amp.conf file will lose all its relevant information and then be unable to talk to the kace agent as it doesnt have the kace hostname anymore.

It happened since being on version 6.1 and is now still happening on version 7.1. There hasnt been a common theme among any of the users that I've found.

Anyone had this happen?
Answer Summary:
Cancel
5 Comments   [ + ] Show Comments

Comments

  • I have never had this happen. How are you pushing / updating your agents?
    • I just do it through the kace console when an agent update is available, and push it out there.
  • We are currently investigating this issue. Not all customers are facing it (which would've be easier, so we can find the root cause) It seems to happen in some environments.
    No settings or programming within the Kace Agent, are established to reset or reconfigure the amp.conf file. So I was wondering, could anyone help to check AV logs, Firewall, or incase those agents are remote, review load balancer or Proxy?
    • When we rolled out KACE we were using Trend Officescan on our workstations, but in the last couple of months we've swapped to Dell Threat Protection (made by Cylance) and while Trend has caused many issues and headaches for me, its not been a common factor in the KACE agents that have had their amp files wiped. And this is across many different configurations for Trend.

      And so far Dell Threat Defense also hasnt had a negative impact on KACE.

      From what I can tell it seems to happen every 4-6 months it just decides to wipe some peoples config files, but I cant see anything in the kace user logs that show the agent getting wiped. Not to mention its not something you realize until a few weeks of it not checking in.
  • I see this on Replication servers. We are at 7.0. We also have PC's with an incomplete amp.conf. I found these after upgrading from 6.4 to 7. I would really like to know how this happens. It would be easier to target and remediate.
  • I have experienced this issue since 6.2 – 6.4 while working at NASA. KACE has never fully identified the cause. It has to do with a networking glitch. At some point, the agent communicates to the server and confirms the host name of the server. When it doesn’t get a response, its wipes out the name. In 6.3, KACE added the "last known good host" entry at my request and that helped with the issue. I am now at a different employer (DoD) and on version 7.2. I have found multiple occurrences of the host name being wiped out since my arrival. This issue is still an issue because KACE has never found root cause, and their fix has always been the work around of running the amptools command with host switch.
  • Anyone in 8.0 with 8.0 agents have seen this issue?
Please log in to comment

Answer Chosen by the Author

1
What I noticed was after my amp.conf got corrupted, I saw it trying to connect to "kbox:443" in the log. 
Well, I just added a DNS record on my domain(cname) for "kbox" to the correct host and as soon as the machine's dns cache was cleared and service restarted the machine connected correctly to the correct host and it "fixed" it's amp.conf. A reboot probably could have also worked.
Hope that might help. 
Answered 10/09/2017 by: b.adams
Senior White Belt

  • I too noticed that agents were attempting to connect to kbox even though the agent was originally pushed with the correct host name. I used your CNAME fix yesterday and >100 machines started communicating with my K1000 again. Thanks for the tip. Hopefully this gets fixed in a future release.
    • Best tip for K1000 so far!
  • Finally was able to get the dns record in, and its starting to rectify PCs. Thanks very much for the tip.

    What log did you see this in though?
    • It's been awhile tbh, but I believe I found it in the konea.log in windows generally located C:\ProgramData\Dell\KACE
Please log in to comment

Answers

0
Yes, we have had this happen. It is better since 6.4 but it still happens sometimes. I regularly look through the inventory to find machines that aren't reporting and we start figuring out why. It's easy enough to just add the host line and restart the service remotely.
Answered 07/13/2017 by: chucksteel
Red Belt

  • Have Dell, now Quest, said anything about this? Because while it is easy to copy over a working config and restart the services, it can get very hectic with laptops etc and multiple offices around the world. It gives off a lot of false positives.
    • Without being able to replicate the issue I never entered a ticket to have them look into it.
      • Hi Chuck, We've been experiencing the same issue. Kace K1000 appliance having issue with Kace agent not reporting to appliance. When looking into the issue, the amp.conf file either goes blank or is deleted and the device stops communicating with the Kace appliance. We've uninstalled and reinstalled the agent and have noticed the issue come back on some of the same devices. We're on version 7.1.62, upgrading from previous version did not resolve the issue. We have a Dell environment with the exception of some Surface Pros and Panasonic ToughPads. Issue happens on all of the various devices. We currently have a case open with Quest Support.
Please log in to comment
0
We have close to 20K agents in our K12 environment and this has plagued us for 2 years. We ruled out anti virus as well. Sometimes the file if full of null entries and sometimes it is empty. We had a support ticket in and the cause was never found. Our work around is a scheduled task that checks the amp.conf file for our server name. If it finds it, it quits and nothing harmed. If it does not find it, it replaces the file with a good one and runs an inventory. We have this task run three times a week. The batch file it points to is in a folder we create in the ProgramData\Dell\KACE folder which also holds the good version of the file.
Answered 12/07/2017 by: Bethski
Senior White Belt

Please log in to comment
0

We are currently investigating this issue. Not all customers are facing it (which would've been easier, so we can find the root cause) It seems to happen in some environments.

No settings or programming within the Kace Agent, are established to reset or reconfigure the amp.conf file. So I was wondering, could anyone help to check AV logs, Firewall, or in case those agents are remote, review load balancer or Proxy?

 

FYI renaming host, is the fastest way to get around this situation in meantime the investigation completes

Use the “Amptools.exe resetconf host=x.x.x.x” in order to rename host on client machines.

The AMPTOOLS command can be found in one of the following Windows-based locations and must be performed in an elevated (Run as Administrator) command prompt:

 

On 32-bit systems: C:\Program Files\Dell\KACE\

On 64-bit systems: C:\Program Files (x86)\Dell\KACE\


Please log in to comment
0

I opened case today, as we have recently noticed this issue still occurring.  We are on 7.2 of the server and 7.2 of the agent. But some PCs still on 7.1 agent also have had this issue.

It can't be AV as Symantec would delete the file not empty the file.

And in the past the agent used to have 2 paths back to the server the URL name as well as the server's IP to ensure communication would not be so easily broken.  But I don''t see that any longer in the flle.

We see this on WIN 7 32 and 64 and WIN 10 64.

And while you could run the amptools fix what if you can't remote to a system in the field?

Answered 11/07/2017 by: mjohnson007
White Belt

  • I would say this is one of the top 3 issues I have seen here in ITNinja in terms of complexity...

    Being honest, it is very hard to reproduce, and like other users said, this might happen to each PC from 0 to 2 times per year (at least on my environment).....

    It has been improved with latest versions (I would say from 0 to 1 time per year), but like the author of the post says, the issue have been around since 6.0 versions.

    Support confirmed there are no routines or modules on the code to clear amp.conf . That means something bad happens and cleans that out...

    Maybe is something simple, but it doesn't happen very often and it will not leave any clues or logs pointing to the reason why.

    Please post here your results from support if you have any new Data\Findings.

    (in my case I have a GPO policy that will replace the file every three months, with one that is fully populated, maybe that is why I don't see that often).

    (we also have a folder in Documents inside the golden Image with a bunch of BAT files for users, one of them will generate an AMP.conf file, users just have to double click the BAT file, and it will generate a brand new populated amp.conf file).

    Again it doesn't happen very often, the last time one user our of many, had use the BAT file was on June 4th according to our helpdesk.
Please log in to comment
Answer this question or Comment on this question for clarity