Our remote site has over 200 machines, but only 83 show up in the old smart label we use and I get the same result testing a new smart label. All machine names at the remote site begin with the same 4 letters and that's the criteria used for the label. ==> "Begins" with "abcd". Also tried "contains".  Out of the 83 that do show up, only 6 received patches during a patch run 3 weeks ago. Most of the rest return "error (Handshake Failed)". I'm hoping a complete uninstall of the agent and data files and then a reinstall will correct this.

I need to force the install of the agent or maybe remove it first and then install it on over 200 remote clients with limited physical accessibility. I have one guy on site there, but he's swamped with other stuff so I'm trying to address this programmatically. 

Our sec policies prevent us from running NTLM in a compatible manner with Kace. We must deploy first time install agents via GPO. I'm not clear on whether existing installed agents get their agent updates from the GPO or from Kace or from whichever happens to communicate with the client next. I'm also not sure if Kace can deploy agent updates at all due to our NTLM restrictions. Our Agent Updates from Kace page is set to Enabled as shown below.  

*** Our Provisioned Configurations page has 75 configurations created by a previous tech, but they are all disabled. Do these configurations need to be working in order for Kace to deploy an updated agent to a machine with an older agent?

We have 2 sites and one replication machine that is located at the remote replication site. The replication action is confirmed to be working and has new files in the repl2\patches\windows directory with today's date.

Any tips or suggestions on getting the machines to report back to our K1K are greatly appreciated.

0 Comments   [ + ] Show Comments


Please log in to comment


The previous provisioning configurations don't have anything to do with the agent upgrade settings. If your agents aren't being upgraded then I would look into whether they are checking in correctly. Do machines have connections and are they updating their inventory? Also keep in mind that smart labels are only applied at agent checkin so if your computers aren't checking in that would explain why the label isn't getting applied to the machines that should have it.

If you want to remove and reinstall the agent then you can create provisioning jobs to do that. If you know that the machines will be online during a specific timeframe you can setup a provisioning job that will uninstall the agent first and then setup another job to install the agent. 
Answered 09/12/2014 by: chucksteel
Red Belt

  • Thank you Chuck! Great info.

    My only hang up with provisioning is our NTLM limitations. Back around 2009, we had to change the NTLM settings (Send NTMLv2 only. Refuse LM/NTLM), which broke our ability to provision with Kace. Kace support directed us to GPO's which is how I've done it since then (soft install).

    I'm working on what I expected to be a simple script to remove and reinstall, but I'd rather use Kace's provisioning if it were possible. The script's install doesn't install all the file though. That's another matter though. If you have any suggestions on how to use the provisioning with our limitations or any other options, I'll be glad to try anything.

    EDIT: I tried a provision to one of my good lab (W7), machines and nothing happens on the client. Using the same domain admin credentials I'm logged on to the client with and the provisioning results return a failed status with NT_STATUS_LOGON_FAILURE
    Step 1 - TCP/SSH - Sucessful
    Step 2 - Authentication - FAILED - Failed to open connection - NT_STATUS_LOGON_FAILURE
    Step 3 - Push Scripted\Provision - FAILED

    No joy in Mudville. :-(

    Thanks again
Please log in to comment
Answer this question or Comment on this question for clarity