|
This Question is Answered (go to answer)
1 "helpful" answer available (10 pts)
4,866 Views
7 Replies
Last post:
May 20, 2009 4:32 PM by
Kothoga 
It looks like we have a bunch of good information here, maybe I can add a little clarification.
The two parts of the Agent that we need to differentiate from are:
- BrokerConfig.exe and its settings.
- Remote Control (issuser.exe) and its settings.
Much of this has been covered by Mach6 so hopefully I'll try not to beat a dead Speed Racer.
Broker Configuration - BrokerConfig.exe
C:\Program Files\LANDesk\LDClient\BrokerConfig.exe
Picture of the Connection Settings: Dynamic, Direct to Core, Direct to Gateway
The settings in Broker Config control the communication states for processes such as Inventory (LDISCN), Software Distribution (SOFTMON), and Security (VULSCAN). These settings do not control the Remote Control service's state of Direct or Gateway Mode.
"Dynamically determine connection route" is the preferred method for 99% of the client configurations and it is not recommended to change this settings except for testing purposes.
If BrokerConfig on the client is set to "Connect using the Management Gateway", AND the client is on the local network then the client will experience problems with scanning and software distribution.
To quote James Marriott:
"leaving a system in Gateway mode only (when on the local network) will prevent the client from getting software that is located on a source other than the core unless IIS is tweaked to allow it, and that you will not be able to PUSH jobs or make on demand scans of a system."
With all this information about BrokerConfig, I'll remind you that this does not affect the state of the Remote Control service on the client.
Remote Control Service - (issuser.exe)
C:\Program Files\LANDesk\LDClient\BrokerConfig.exe
Picture of the two modes of Remote Control: Direct Mode, and Gateway mode.
These settings can only be changed manually. The current LANDesk agent does not have the capability to automatically detect the appropriate mode and switch. Mach6 did reference a script on Droppedpackets.org which can be used for this capability.
To quote Mach6:
"There is no built in method of changing that. There is a link to one that was created outside of support, but that a lot of people have had success with. I tested an earlier version (much earlier) and had mixed results, but I understand that the current version is pretty solid. I haven't tested it, but I haven't heard any problems with it either.
Here's a link, so you can research this as an option:
http://community.landesk.com/support/blogs/jack/2009/05/08/ldmsautogateway-is-prime-time"
The usual agent installation includes a remote control icon in the taskbar with which you can bring up issuser and switch modes. If you don't show the Remote Control icon on your client's taskbar, you can change the mode with this registry entry.
HKLM\SOFTWARE\Intel\LANDesk\WUSER32, Gateway Mode, 0=Direct Mode, 1=Gateway Mode
If a client machine is on the network and their remote control service is set to Gateway Mode then normal remote control from the Core will fail to connect to the client. On the Core server, if you try "Remote through the Management Gateway", you may get a successfull connection to the machine but this varies depending on the security architechture of the environment.
Hopefully this Helped.
I know this was still a lot of information, but I hope it helped clarify some of the differences in communication using the Management Gateway.
Kothoga!
| ||||||
