One location showing AMP connection active, but has not synced in 7 days.
We are a K-12 districtc with 20 locations. We recently updated our K1000 to the latest version, and enabled SSL as well. I'm not sure if that has anything to do with this, but it's solely isolated to one location at this point.
The AMP connection is green for most of the machines there, which shows they are online. However, it shows the last day synced as about 7 days ago on a lot of them. Could this be an issue with SSL or updated agent being pushed out to them? I have a replication box there, that is not powered on at the moment - could it be because they aren't the latest client due to the replication box not updating the clients (since it lost power)?
Answers (4)
Everything seems to be workig fine after I got the replication box powered on. I think the replication server and all clients were provisioned with the new agent, and they're all checking in now.
Everything seems to be workig fine after I got the replication box powered on. I think the replication server and all clients were provisioned with the new agent, and they're all checking in now.
Well if the agents aren't at the replicaiton point and you don' thave it failing over to the KBOX, the agents wouldn't get updated and shouldn't be impacted by anything. Did you check if port 443 was ok from that site?What agent version were they at and did they meet the minimum version for upgrade?
Did you involve support when you upgraded?
Comments:
-
We upgraded with support, and all agents seem to be checking in except for that school. The school should have been the same agent as others. I'm guessing it was that the replication box is off, and failover to the main K1000 is disabled, to not bog down our WAN. I just wasn't sure if K1000 agent provisioning was done by the replication box or not. I have a coworker going to relocate the replication box this afternoon, so I'll see if that fixes it. - sfigg 11 years ago
-
Also, do you know if there is something special I need to do in order for SSL to be enabled on these clients? The support rep for KACE said that they will enable it automatically, but I'm not sure how to check. We haven't disabled non-SSL regular http access yet. We want to make sure SSL is working 100% before we forward port 80 to 443. - sfigg 11 years ago
Check the amp.conf files on some of the clients and see if they are using https for their connections
Comments:
-
Nope - looks like they use it for the web URL, but not for the AMP connection - am I right in this assumption?
host=kbox.cusd200.org
log=amp.log
lasthost=kbox.cusd200.org
serverversion=5.4.70402
appliance=k1000
ampport=52230
ampurl=http://kbox.cusd200.org:52230
webport=443
weburl=https://kbox.cusd200.org
rto=20
wto=20
crto=30
pl=pluginDesktopAlerts,pluginPatching,pluginRunProcess,pluginWeb
companyname=wheaton cusd200
splashtext=dell kace systems management appliance is verifying your pc configuration and managing software updates. please wait...
cto=10 - sfigg 11 years ago -
Ok I got it to work from a remote machine...but it seems that the certificate must be installed on every machine, right? Is there a way to deploy this certificate through K1000? And what about doing it through K2000 while imaging, so each machine is setup with the certificate when deployed? - sfigg 11 years ago
Are these clients MacOS computers? A lot of our MacOS clients are showing this behaviour since the upgrade. At least I have noticed it mostly on MacOS computers, I haven't gone looking for it on Windows machines. The only solution I have found so far is to remove and re-install the agent. I have a ticket open with support but haven't received much feedback from them.
Comments:
-
Check the KBOX_LOG fiule just after trying a provision and see if there is a line like this
[2013-02-08 16:19:08 -0700] KBOX [info] Not allowing a (ppc) machine (F1966D4C935B4240BF7084899FD1A8E8) to upgrade to agent version 5.4.5315 - jdornan 11 years ago