Endpoint system management is a critical component of KACE SMA and its understanding play an important role for using side features that rely on device periodic inventory.
Let’s get started by reviewing the ports required for KACE Agent to communicate with KACE SMA:
· Port 80 – Agent check-in
· Port 443 – Agent check-in (Mandatory for KACE 8.0)
· Port 139/445 – Agent/Client provisioning
· Port 52230 – Agent AMP Persistent connection (6.4 and lower Only).
Note: For additional information please check the following article - Which network ports and URLs are required for the KACE?
KACE Agent performs a number of periodic activities based on communication settings schedules (Settings | Provisioning | Communication Settings); for this configuration, KACE Support recommends to keep the number of connections per hour under 500. The reason for this is to allow KACE SMA manage the different activities on schedule without major delays.
Note: For multi-org KACE SMA this value will apply to all the organizations in total. Example, if KACE SMA has 5 organizations, that would mean each organization should be under 100 connections per hour.
Another value that needs attention is “Load average Score” (Settings | Provisioning | Communication Settings); this particular value should not exceed 8 – 10 rate. In case that this number is high, it would be recommended check communication settings.
What would be the next step?
The next point to be considered is checked how are the services running. A service under failed status will create a direct impact on the agent proper communication; How do we check KACE SMA Services status?
Settings | Support | Run Diagnostic Utilities | Select “Services” Hit Run.
Important Note: If any of services are appearing as” Failed” Status contact KACE Support immediately for assistance.
Additional items to be checked:
A misconfiguration in communication settings, for example, if the schedules exceed 500 connections per hour or let’s say that multiple tasks (Patching, Scripting, etc.) were launch simultaneously these most likely may generate high congestion or a high agent task traffic; in those cases, it will be necessary to see the number of activities being handled by the agents.
How do we find these agent activities? And What specifically we are looking for?
· Click on Settings | Support | Display Agent task status
· Use “View By: In Progress”
· Under “Timeout” column look times showing as negative
If that would be the case, proceed to remove all those showing negative numbers under “Timeout”. Wait for the next inventory cycle and wait for the results.
Let’s review troubleshooting steps and integrate some additional solutions.
What to do when the check-in issue is happening to all or most of the devices?
· Check that all services are up and running
· Check communication settings and make proper adjustments – KACE recommends no more than 500 connections per hour overall.
· Check Agent Tasks – Look if there are activities showing negative numbers
· Check Device Smart labels: Labels within labels, labels assigned to software and device metering may become corrupted and generate delays or prevent agents to check in.
Other KB articles to take in consideration for troubleshooting:
· How fast can the KACE SMA appliance complete different tasks per machine? - https://support.quest.com/kace-systems-management-appliance/kb/116816
· Agent Communication Issues Checklist (190297) - https://support.quest.com/kace-systems-management-appliance/kb/190297
· Agent troubleshooting practices - Agents not checking in or not running inventory (195835) - https://support.quest.com/kb/195835/agent-troubleshooting-practices-agents-not-checking-in-or-not-running-inventory
What to do if inventory issue is occurring with only one system or a particular system?
- Check the number of license nodes and devices in used
- Is inventory.xml file created, does it show 0 KB, is it updating? - Check C:\ProgramData\Quest\KACE
- Are the agent services running?
- Is “amp.conf” file containing the right KACE SMA hostname? – Check C:\ProgramData\Quest\KACE
- Are PEM cert files correct or present? – Check C:\ProgramData\Quest\KACE – Folder should contain two *.pem files.
Note: In some cases, it will be required to apply a re-trust if PEM files are corrupted. How to apply re-trust command, check following article AMPTOOLS.EXE Command Switches (146458) - https://support.quest.com/kace-systems-management-appliance/kb/146458
- Check that required ports are opened and KACE folders are not affected by antivirus software (whitelist - C:\ProgramData\Quest\KACE and C:\Program Files (x86)\Quest\KACE) - For additional details see - Which directories and executables do I need to whitelist for the SMA agent? (111785)
- See if HDD space in the machine is not full, a full disk will make agent services to fail.
- Look for WMI related errors. For additional information check the following resources.
· How to repair or fully rebuild Windows WMI Repository (231983)
· WMI Isn't Working!
· WMI Diagnosis Utility
Several important features in KACE SMA make use of the agent inventory cycle and its correct functionality is essential for all the activities to properly run.
What features depend on Agent inventory?
· Managed installations
· File Synchronization
· Replication Shares
· Smart Labels
What should we know about KACE Agent 8.0?
· KACE 8.0 exclusively communicate via port 443 - Using KONEA Technology.
· IPv6 Appliance Support - Agent can provide inventory to the Systems Management Appliance via IPv6