Description
The following are errors that may be received when trying to remote control.
Troubleshooting
General Tips
- Ensure the user is part the LANDesk Management Suite group.
- Verify that the Console is patched to the same level as the Core, (even if installed after the Core was updated).
- Verify that the LANDesk Management Agent is running on the machine. If it is not running or will not start, run the cba8inst.msi file in c:\program files\LANDesk\ldclient.
- Set SecurityType to 0 (Local Template).
Attempt to browse http://{Agent Nameor_IP_Address}:9595
Attempt to Telnet to 9535 on the Agent. If you cannot Telnet to this port shut down any firewalls, and / or run ICFConfig-V4.exe to open those ports in the Windows Firewall.
On the Agent create a text file titled isswuser32.log in the C:\Program Files\LANDesk\LDClient directory, attempt Remote Control, check it for errors.
Verify that the Remote Control Viewer is not to set to use “Enable old agent compatibility (pre 8.5 agents)” in Tools > Options.
Note: RC-11047587.2 addresses this issue.
Verify that the Agent is only in Gateway mode only if the Management Gateway is being used.
Verify that only .NET 1.1 is installed on the Core Server, if .NET 2.0 or 3.0 is installed in 8.7 verify that the Default Website is set to use .NET 1.1 and move to step 8. If in a version prior to 8.7 uninstall other .NET versions and move to step 8.
Note: If .NET 3.0 has been installed on a Core Server and removed it will need to be reinstalled for 8.7 to function properly, this has not been tested in versions previous to 8.7.
On the Core Server run from a command prompt; %windir%\microsoft.net\framework\v.1.1.4322\aspnet_regiis.exe –i.
Restart IIS.
Re-push Agent.
]]>Attempt to browse in IIS https://Core_Server_Name/LANDesk/ManagementSuite/Core/SSL/remotecontrol/RemoteControlService.asmx from both the core and from the machine when Remote Control is being performed.Attempt to browse in IIS https://Core_Server_Name/landesk/managementsuite/core/ssl/information/databaseinformation.asmx from both the core and from the machine when Remote Control is being performed. - If the Console does not show the Remote Control Icon when choosing an Agent for Remote Control, run C:\Program Files\LANDesk\LDClient\issuser.exe /resident on the client.
Windows NT Security / Local Template
- Verify that the User (that is logged on to Windows, not the Console) is part of the Remote Control Operators group (synonymous with HDAllowed) on the Agent and LANDesk Management Suite group on the Core Server.
Certificate Based Security
- Verify that the user (that is logged on to Windows, not the Console) performing Remote Control is part of the LANDesk Management Suite group on the Core Server.
- Set Component Services | Computers | My Computer | COM+ Applications | LANDesk and LANDesk1 > Right-Click> Choose Properties> Advanced Tab > Server Process Shutdown> Leave Running When Idle.
- Create an SSL AppPool (for instructions on how to create this see Optimizing IIS 6.0, available from KB Article #3076.
- Check %windir%\system32\inetsrv\w3wp.exe.log for errors.
Integrated Security:
- Perform same tasks as with Certificate Based Security.
- Specify Domain Administrator Credentials in Component Services | Computers | My Computer | COM+ Applications | LANDesk and LANDesk1 > Right-Click> Choose Properties> Identity Tab> This User.
- Verify on the Client that the LANDesk Remote Control Service is running. If the service is not running, run C:\program files\LANDesk\LDClient\issuser.exe /resident.
Help in Finding the Problem
To help troubleshoot the exact problem, use Processmon.exe from Sysinternals to tell exactly why the specified user was being blocked. This utility can show which permissions were being denied to the following site:
https://Core_Server_Name/LANDesk/ManagementSuite/Core/SSL/remotecontrol/RemoteControlService.asmx.
Once it is known which permissions were denied, compare the NTFS permissions from a working Core Server with the Core Server you are working on. For example, you may noticed that the management suite\landesk folder did not have the LANDesk Management Suite group added to the Security portion of the folder. Once that group is added, that particular cause of this issue would be resolved.
If Simple File Sharing is enabled, Windows NT Security (the Remote Control Operators group) will not work. You can check it via Windows Explorer: Tools, Folder Options, View, and scroll to the bottom of Advanced Settings. You can also check the registry and/or write a package to disable it: HKLM\System\CurrentControlSet\Control\LSA\ForceGuest (0 = disabled)