|
Policy Invoker Error with LDMS 8.8 SP2
Created on: Nov 12, 2008 10:06 AM by Bennett Norton - Last Modified: Dec 8, 2008 4:27 PM by Bennett Norton
LANDesk Community,
LANDesk has recently become aware of some issues where deploying SP2 to a LANDesk Management Suite 8.8 agent can cause the Policy Invoker to fail--preventing a machine from being able to download policies. At this time, the issue is sporadic and has only been seen in small subsets.
Currently, only policies are known to be affected. All other types of distribution methods seem to be functioning as designed.
If 8.8 SP2 has not yet been installed, LANDesk recommends at this time to not install SP2 until a new SP2 client patch has been thoroughly tested and re-released. LANDesk expects to have the client tested and ready for download by early next week.
If 8.8 SP2 has already been installed and clients have been deployed, please contact support for a patch that has been written to specifically address the issue.
LANDesk Support
***UPDATE 11/20/08***
Attached to this document is patch SWD-2025388.2-2 which addresses a number of issues surrounding the Policy Invoker. It is recommended that all 8.8 SP2 customers apply the patch. The fixes contained in the patch are outlined below:
• Pushing an agent with both LANDesk LaunchPad and HIPS caused policy.client.invoker.exe to crash
• Pushing an Updated SP2 Agent to an SP 1 agent will cause the invoker service to crash
• Policy.client.invoker.exe crashes with a Disk I/O error
• "Policy.client.invoker.exe application error at xxxxxxxxx referenced memory at xxxxxxxxxx" popup window on client when installing SP2 agent on device that also has console with SP2 installed
• On a Win2k8 Server and Windows vista with client pushed, clicking on deploy in distribution portal gives error that it can't display the webpage, because Policy.cgi.exe crashes.
• Launching some JIT links in Launch Pad could cause the invoker service to crash.##
For LANDesk customers that have not yet applied SP2, we will be releasing a slipstreamed version of SP2 in the next couple of days that will contain the fixes mentioned above. Vulnerability content will also be created and released by next week.
At this time, we have a few other known issues which will be addressed by mid-December.
• Policies do not show up in the Software Deployment Portal for user based LDAP targets (CR20128)
• Link Management is not working with name more then 8 characters (CR19629)
• Upgrading an agent via policy fails to register the policy.invoker file due to the file being in use at the time of registration (CR20188)
o A temporary workaround is being provided via the attached custom vulnerability V_INTL_CD-8608.xml.webloc. It will register the invoker and start the service.
o If an agent is updated via Patch Manager, the agent will install successfully.
Note: Applying the current SP2 and patch SWD-2025388 or the future slipstreamed SP2 SP will get you to the same point. Also, for customers who applied patch 14775 there have been two additions made to the final 20253. 14775 does not contain the fix for the distribution portal error on Vista and Windows 2008. Secondly, the command to force the client database to recreate itself was not in the patch.
****UPDATE 11/20/2008****
We have a report of an issue with the latest version of the patch. The issue does not seem to be causing significant issues but due to the nature of this patch we are investigating this throughly. If you are running an updated version of the Policy.client.invoker.exe there is no need to roll this back or take significant action at this time.
****UPDATE 11/21/2008****
The issue reported late last night has been resolved. We now recommend that all 8.8 SP2 users to apply the patch SWD-2025388.2-2. Attached are three files. Please see the readme.htm inside the setup folder for instalation information.
SWD-2025388.2-2 - Invoker patch
V_INTL_LD88-Invoker-20253-882 - Vulnerability for the SWD-2025388.2-2
V_INTL_CD-8608.xml - Vulnerability to register and restart the invoker service if an agent is installed via a policy
The above patch and vulnerability will be released into content later this afternoon. A slipstreamed version of SP2 will follow next week.
***Update***
Fixed the linked file V_INTL_CD-8608
***Update***
SP2A has been released internal to LANDesk. If the rest of the testing goes as planned, we should be releasing SP2A Monday the 8th.
***Update***
SP2A has been released into content. If you have SP2 installed but SWD-2025388.2-2 SP2A will detect as vulnerable. You can either patch your machines using SP2A or SWD-2025388.2-2 to remediate to the SP2A level.
Paul Hoffmann
says
in response to Bennett Norton:
For completeness sake -- testing has now been completed and the patch SWD-2025388.2-2 can now be acquired by contacting support as needed / from this document.
Paul Hoffmann
LANDesk EMEA Technical Lead
marcouj
says
in response to pmoreno:
Do you guys know when the new sp2 patch will come out with this fix? I am installing a new core next week.
Bennett Norton
says:
The final date of the slipstream version of SP2 has yet to be determined. However, installing SP2 and patch SWD-2025388.2-2 will get you to the same point.
LANDesk support will update this post as soon as a date is determined.
EricG
says
in response to Bennett Norton:
Do you have the updated XML for the new patch file? The one posted still looks to install the non-2 version.
Thx
Golddiggie
says
in response to Bennett Norton:
I installed this update as per instructions during a call into support... Ever since then, ANY/ALL agents that get deployed show status of being offline. Even when I have the system right next to me and it's most definately ONLINE... I need to know how to undo this update since it's completely broken my ability to deploy new systems with the agent on them...
Ty
says
in response to Golddiggie:
This patch has nothing to do with what you are describing. How did you "update" your agents? New client install, etc...
My guess is. You re-deployed your agents and the "Landesk Management Agent" service diod not install.
You can install it by running the following from the client system:
\\coreserver\ldlogon\cba8inst.msi
Golddiggie
says
in response to Ty:
Actually, this is on all NEW deployments of the agent... Ever since the update was applied... ALL older agents have zero issue with being remote controlled, showing online, etc... All new agent installs are buggered...
Ty
says
in response to Golddiggie:
Like I said. That update does not affect CBA. Has nothing to do with agent not installing properly. Did you re-boot after applying the update to your core.
There is also an agent update that you should apply.CLN-977388.2-2
EricG
says
in response to Ty:
What is CLN-977388.2-2 ? And how do i get it, do i need to call support?
Bennett Norton
says
in response to EricG:
Patch CLN-977388.2-2 is designed to overcome some issues with agent being caught in a half-installed/uninstalled state during upgrades. CLN-977388.2-2 is not needed for SWD-2025388.2-2 to function as designed. If you happen to run into issues with agents not upgrading correctly, call support and request CLN-977388.2-2.
Golddiggie
says
in response to Ty:
I'm working with one of the support guys to figure out what's going on... Seems to defy logic at this point... Giving serious thought to reapplying SP2 at this point...
| ||||||
LANDesk Community,
We are in the final stages of our regression testing regarding the policy invoker issues. Tomorrow we will post our exact results along with the patch and updated vulnerability files.
Bennett