Troubleshooting pcanywhere plug-in Deployment



Similar documents
pcanywhere Advanced Configuration Guide

User Manual. Onsight Management Suite Version 5.1. Another Innovation by Librestream

PC Power Down. MSI Deployment Guide

ACTIVE DIRECTORY DEPLOYMENT

Altiris Patch Management Solution for Windows 7.1 from Symantec Release Notes

WhatsUp Gold v16.1 Installation and Configuration Guide

WhatsUp Gold v16.3 Installation and Configuration Guide

Installation Notes for Outpost Network Security (ONS) version 3.2

XStream Remote Control: Configuring DCOM Connectivity

WhatsUp Gold v16.2 Installation and Configuration Guide

Network Connect Installation and Usage Guide

Workflow Automation Support and troubleshooting guide

LANDesk Patch and Compliance. Common Troubleshooting steps for Vulnerability Remediation.

Docufide Client Installation Guide for Windows

Setting Up a Unisphere Management Station for the VNX Series P/N Revision A01 January 5, 2010

ALTIRIS Software Delivery Solution for Windows 6.1 SP3 Product Guide

Installing and Configuring vcenter Multi-Hypervisor Manager

Altiris Patch Management Solution for Linux 7.1 SP2 from Symantec User Guide

CODESOFT Installation Scenarios

USER GUIDE. Snow Inventory Data Receiver Version 2.1 Release date Installation Configuration Document date

DC Agent Troubleshooting

NovaBACKUP Central Management Console

Sophos Cloud Migration Tool Help. Product version: 1.0

Installing Windows Server Update Services (WSUS) on Windows Server 2012 R2 Essentials

Outpost Network Security

Migrating MSDE to Microsoft SQL 2008 R2 Express

Symantec pcanywhere Solution User s Guide. Version 12.5

User Guide. Version 3.2. Copyright Snow Software AB. All rights reserved.

Setting up an MS SQL Server for IGSS

FileMaker Server 11. FileMaker Server Help

You may have been given a download link on your trial software . Use this link to download the software.

How to Configure Terminal Services for Pro-Watch in Remote Administration Mode (Windows 2000)

Best Practices. Understanding BeyondTrust Patch Management

EML-09 Keeping Operating Systems and Applications up to date with Patch Management 7.1

Spector 360 Deployment Guide. Version 7.3 January 3, 2012

2X ApplicationServer & LoadBalancer Manual

Reference and Troubleshooting: FTP, IIS, and Firewall Information

Sophos Enterprise Console server to server migration guide. Product version: 5.1 Document date: June 2012

FTP, IIS, and Firewall Reference and Troubleshooting

DCOM Setup. User Manual

BCA Software Installation and Troubleshooting Guide

ALTIRIS Patch Management Solution 6.2 for Windows Help

Upgrade Guide BES12. Version 12.1

Sophos Enterprise Console server to server migration guide. Product version: 5.2

Quick Install Guide. Lumension Endpoint Management and Security Suite 7.1

Citrix Access Gateway Plug-in for Windows User Guide

Receiver Updater for Windows 4.0 and 3.x

LifeCyclePlus Version 1

Understanding BeyondTrust Patch Management

Symantec AntiVirus Corporate Edition Patch Update

Spector 360 Deployment Guide. Version 7

SonicWALL CDP 5.0 Microsoft Exchange InfoStore Backup and Restore

TROUBLESHOOTING GUIDE

ProjectWise Mobile Access Server, Product Preview v1.1

VMware Software Manager - Download Service User's Guide

4.0 SP1 ( ) November P Xerox FreeFlow Core Installation Guide: Windows Server 2008 R2

NSi Mobile Installation Guide. Version 6.2

Allworx OfficeSafe Operations Guide Release 6.0

Aventail Connect Client with Smart Tunneling

Installing Policy Patrol on a separate machine

Idera SQL Diagnostic Manager Management Pack Guide for System Center Operations Manager. Install Guide. Idera Inc., Published: April 2013

Dell SupportAssist Version 2.0 for Dell OpenManage Essentials Quick Start Guide

Sophos Anti-Virus standalone startup guide. For Windows and Mac OS X

Attix5 Pro Server Edition

Altiris Patch Management Solution for Windows 7.1 SP2 from Symantec User Guide

Upgrading from MSDE to SQL Server 2005 Express Edition with Advanced Services SP2

How To Upgrade A Websense Log Server On A Windows 7.6 On A Powerbook (Windows) On A Thumbdrive Or Ipad (Windows 7.5) On An Ubuntu (Windows 8) Or Windows

Aspera Connect User Guide

Installing and Trouble-Shooting SmartSystems

Arkay Remote Data Backup Client Quick Start Guide

Installation Guide. Live Maps 7.4 for System Center 2012

2XApplication Server XG v10.6

LogMeIn Network Console User Guide

VeriCentre 3.0 Upgrade Pre-Installation and Post Installation Guidelines

Kaseya 2. Installation guide. Version 7.0. English

VMware vcenter Support Assistant 5.1.1

Installation Steps for PAN User-ID Agent

Configuring Security Features of Session Recording

Introduction. This white paper provides technical information on how to approach these steps with Symantec Antivirus Corporate edition.

Kaseya 2. User Guide. for VSA 6.3

Sophos for Microsoft SharePoint startup guide

How To Install Caarcserve Backup Patch Manager (Carcserver) On A Pc Or Mac Or Mac (Or Mac)

Aspera Connect User Guide

Connection and Printer Setup Guide

Live Maps. for System Center Operations Manager 2007 R2 v Installation Guide

Nobeltec TZ: Microsoft SQL Server problems

FlexSim LAN License Server

WhatsUp Gold v16.1 Database Migration and Management Guide Learn how to migrate a WhatsUp Gold database from Microsoft SQL Server 2008 R2 Express

Installation Guide For Choic Enterprise Edition

Creating Home Directories for Windows and Macintosh Computers

DCA Local Print Agent Push Install

Enterprise Remote Control 5.6 Manual

Configuring MassTransit Server to listen on ports less than 1024 using WaterRoof on Macintosh Workstations

The SSL device also supports the 64-bit Internet Explorer with new ActiveX loaders for Assessment, Abolishment, and the Access Client.

All Tech Notes and KBCD documents and software are provided "as is" without warranty of any kind. See the Terms of Use for more information.

GFI LANguard 9.0 ReportPack. Manual. By GFI Software Ltd.

Installation Guide: Delta Module Manager Launcher

Web Security Service

NETASQ SSO Agent Installation and deployment

Installation Guide for Pulse on Windows Server 2008R2

Transcription:

Contents Verify implementation of pcanywhere Solution... 2 Deployment of the pcanywhere plug-in from the SMC... 3 Plug-in installation on managed computer... 5 Problems during pcanywhere Plug-in installation... 6 Verify the plug-in installation... 7 Test a remote control session... 8 Default Settings... 10 pcanywhere Settings policy... 11 Verify the correct host settings... 12 Checking the client policy XML file... 13 Refresh policies and filters in the SMC... 14 How pcanywhere policy settings are implemented... 15 Page 1 of 15

Verify implementation of pcanywhere Solution 1. Install the Symantec Management Platform (SMP) and the latest updates to it. 2. Open Symantec Installation Manager (SIM). Under the Installed Products list, Symantec pcanywhere Service Pack 2 (SP2, build 12.5.539) should be listed: If not, then install pcanywhere Solution SP2 from either Install new products or View and install updates (depending on whether the original Solution is installed already). 3. Once SIM shows Symantec pcanywhere SP2 (build 12.5.539) under Installed Products, browse the Add/Update licenses page in SIM to confirm that the License Type listed for Symantec pcanywhere SP2 is Full rather than Extended Trial. If not, install the Full license at this time. pcanywhere Solution exhibits odd behavior if the number of computers with the plug-in installed exceeds the number of Extended Trial license count, such that computers do not appear in the target membership of the pcanywhere Install or the pcanywhere Settings policies. 4. Only if still running pcanywhere Solution SP1 Apply the Resolution in the following Knowledge Base (KB) article: KNOWN ISSUE: SP1 filter "Windows computers requiring pcanywhere plug-in Upgrade" shows errors at https://kb.altiris.com/article.asp?article=49314&p=1 5. Only if still running pcanywhere Solution SP1 If there were any clones of pcanywhere policies prior to installation of pcanywhere Solution SP1, apply the Resolution in the following KB article: KNOWN ISSUE: SP1 installation overwrites customizations to default policies and removes cloned policies at https://kb.altiris.com/article.asp?article=49304&p=1 Page 2 of 15

Deployment of the pcanywhere plug-in from the SMC Once pcanywhere Solution is installed and patched, it is the responsibility of the administrators to deploy the pcanywhere Solution plug-in to managed computers. As with most solutions, deployment of the plug-in can be done by assigning an Install policy to the desired target computers (based on target filters or computer lists). Symantec recommends using the default filters provided with pcanywhere Solution. However, if the default filters are not optimal in a particular environment, then clone the default policy, remove the default filter, and specify a new set of target computers. When specifying targets, remember two very important rules: 1. The SMP server itself must never be a target for the pcanywhere Install policy, because installation of the pcanywhere Solution plug-in to the SMP server will cause problems and is not supported. 2. Each pcanywhere host computer must be a target of just one pcanywhere Install policy, regardless of whether the policy targets a computer list or a filter. It is up to the Symantec Management Platform administrators to enforce these rules. Page 3 of 15

To view membership of the default filters, for example the Windows Computers with no pcanywhere plug-in Installed filter shown above, browse to the Install policy in the SMC and double-click the filter. The following dialog will open: Click Update results to show a list of computers which belong to this filter. If this results in errors "No items found" and "The data could not be loaded, then please install pcanywhere Solution SP2. Otherwise, if SP1 remains in use, refer to this KB article: https://kb.altiris.com/article.asp?article=49314&p=1. Finally, remember to turn On or Enable the Install policy or policies when ready to deploy the pcanywhere Solution plug-in. There are two ways to do this When viewing the policy, toggle the On/Off button to On and then click Save Changes: Or, right-click the Install policy and then click Enable: Page 4 of 15

Plug-in installation on managed computer Once a pcanywhere plug-in Install policy is assigned to a target computer, the Symantec Management Agent must retrieve the policy information before it downloads and installs the plug-in. This will occur at the next scheduled configuration update, or if the Symantec Management Agent is forced to Update its configuration policies. Following are some methods to force the Symantec Management Agent to Update: Directly from the client computer: 1. Right-click the Symantec Management Agent icon in the system tray, click Altiris Agent Settings > Update. 2. Or, perform restart of the Altiris Agent service 3. Or, run AeXAgentUtil.exe /Server:<SMPservername> Remotely, from the SMC: 1. Click Manage > Jobs and Tasks. Expand Jobs and Tasks > Samples > Notification Server. Click the "Update Client Configuration" task in the left pane, in the right pane click "Quick Run", and enter/select the client computer to which the task should apply. 2. Directly access the Power Management page to "tickle" the Agent. The following KB article shows how to test this: https://kb.altiris.com/article.asp?article=50125&p=1. The main installer file for Windows is pcaclientinstallmanager.exe. It launches a few other processes as it installs multiple components including: pcanywhere host package This is the pcanywhere software. pcanywhere Solution plug-in - This component communicates between the pcanywhere host and the Symantec Management Agent. Once the Agent downloads the pcanywhere Solution plug-in installer, allow it at least several minutes to run. Periodically check membership of the filter Windows Computers with no pcanywhere plug-in Installed after enabling the pcanywhere Install policy. Over time, the number of computers included in this filter membership should decline, while membership of the default filter for the pcanywhere Settings policy, pcanywhere Plug-in for Windows Installed Active, should increase. If the number of members in these filters does not appear to be correct, then follow some of the troubleshooting steps below Page 5 of 15

Problems during pcanywhere Plug-in installation One possible cause of problems is that after an initial run of the pcanywhere plug-in Install or Uninstall policy, subsequent attempts to run the same policies are blocked by the "Run once ASAP" setting that is enabled by default in the policies. Therefore, if the pcanywhere plug-in Install or Uninstall policies must be run more than once, then it is necessary to uncheck the "Run once ASAP" option in the policies, and schedule the policies to run. The pcanywhere plug-in package will create log files in the location where the Symantec Management Agent downloads it. On a Windows client computer, the package will download to, and run from the default location C:\Program Files\Altiris\Altiris Agent\Agents\SoftwareManagement\Software Delivery\{B364DA8F-1735-4DD3-865A- 8B33CA5523CD}\cache. For 64-bit Windows, C:\Program Files (x86)\. The following log files may exist in this folder: hostexelog.txt log.txt msilog.txt pcasolinstaller-pcaclientinstallmanager-trace.log Symantec Technical Support may request these files for case evidence. Another installation problem may be that the pcanywhere host package installs successfully, but the Symantec pca Agent plug-in fails to register with the Symantec Management Agent. See the following Knowledge Base article for assistance with this: https://kb.altiris.com/article.asp?article=50260&p=1. Incomplete or failed pcanywhere Solution plug-in installation may be related to Task Server or Package Server problems. Examine the Symantec Management Agent (formerly Altiris Agent) logs for clues. For example, if there are many instances of errors like this: <![CDATA[CTAgent::OnExecute-Loop(): CAtrsException exception, error = "Unable to start thread", OS error = 8, at line 154... <![CDATA[CTaskAgentBase::ProcessNewSettings(): The settings are the same.]]></event> then the issue is likely related to the Package Servers listed under Settings > Notification Server > Site Server Settings. See https://kb.altiris.com/article.asp?article=51514&p=1 for information on Site Servers. Page 6 of 15

Verify the plug-in installation To verify that the pcanywhere plug-in installation has completed on a managed client computer running the Windows platform: Verify whether the pcanywhere system tray icon is present. Note that it is possible to hide this icon from the Settings policy, so this isn t always a valid test. Run services.msc, and look for Symantec pcanywhere Host Service. Verify that the service is installed and running. If it will not start, reboot the computer and check again. Note that there is a potential for conflicts with RDP and Terminal Services, so it may not be possible to start the Host Service from within an RDP session. Symantec Technical Support is currently working to define when the conflict occurs. For now we have general information in this KB article: https://kb.altiris.com/article.asp?article=45749&p=1. Right-click the Symantec Management Agent icon in the system tray and click Symantec Management Agent Settings. "Symantec pca Agent" should be listed under Installed Agents. From within the SMC, to verify that the pcanywhere plug-in installation has completed on managed computers, view the membership of the filter pcanywhere Plug-in for <Platform> Installed Active. This filter can be found in multiple locations including the pcanywhere Settings policy for each platform. Note that computers on which the pcanywhere plug-in is installed will not immediately appear as members of this filter. The Symantec Management Agent must complete a Basic Inventory and report the results back to the SMP server, and the server must process the inventory, before the canned filter shows the computer. So if the Symantec pca Agent is listed under Installed Agents on a managed computer,but the filter pcanywhere Plug-in for <Platform> Installed Active does not show the computer as a member, then perhaps the server has not received or processed the Basic Inventory from that computer. Another way to verify plug-in installation from the SMC is to check whether the specific computer s basic inventory shows the Symantec pca Agent. Open Resource Manager for that computer, then click Summaries > Resource Summary. Under the Altiris Agent Details section, the Symantec pca Agent should be listed along with other solution agent plug-ins. Page 7 of 15

Another trick to verify that pcanywhere hosts are running and listening for connections is to open the link for the Symantec pcanywhere program on the SMP server. Click Quick Connect in the left pane, and in the right a list of hosts in the Waiting state will gradually appear. Note that Symantec offers a very handy tool for customer use, the Remote Altiris Agent Diagnostics (RAAD). Symantec Management Platform administrators can use this tool remotely to look at client logs, run a configuration update, send basic inventory, and run solution-specific diagnostics and remediation. See this article for an overview and to download the tool: https://kb.altiris.com/article.asp?article=49683&p=1 Page 8 of 15

Test a remote control session To test a remote control session to a computer, click Actions > Remote Management > Remote Control, type a hostname or IP address, and click Connect. If the dialog for credentials appears, the pcanywhere host is running and has responded to the connection attempt. If the dialog for credentials does not appear, then the pcanywhere Remote on the SMP server was not able to reach the pcanywhere Host. Verify the connection from the SMP server to the default TCP port 5631 on the host computer by using telnet. Open a Command Prompt window and type: telnet [hostname IP address] 5631 If the response is Please press <Enter> as shown here, then the port was open and the connection was successful: If the response is Could not open connection to the host, on port 5631: Connect failed then: the host is not running; or the host is listening on a different (non-default) port; or there is a firewall blocking the network communications to that port. Page 9 of 15

Default Settings Once the pcanywhere host is installed and running, it is important to remember that it will initially run default settings, even if a pcanywhere Settings policy is turned On and applied to the managed computer. By design, the pcanywhere plug-in does not immediately incorporate the settings from a pcanywhere Settings policy. As of pcanywhere Solution SP1 (12.5.415), the default pcanywhere host settings include the following: listen on TCP port 5631 the Require user to approve connection" option is enabled only the local "Administrators" group caller is available for authentication the Support global NT users and groups option is disabled, so only accounts directly in the local Administrators group will authenticate. Remember that while the default settings are in place, you must provide the credentials for a user that is directly a member of the local Administrators group. The pcanywhere Solution plug-in will run with the default settings until the following conditions are met: 1. Exactly one pcanywhere Settings policy is applied to the target computer, AND 2. The pcanywhere Settings policy is turned On, AND 3. The Symantec Management Agent performs an Update to receive the pcanywhere Settings policy. Note that SP2 includes a fix for an issue such that the default caller is defined literally as the local "Administrators" group. On host computers running a language where the Administrators group does exist, it is possible to authenticate as a member of that group. However, for languages where Administrators is not the correct name of the group, then no caller will be able to authenticate until the Symantec Management Agent applies the pcanywhere Settings policy. Here is a link to the KB article: https://kb.altiris.com/article.asp?article=49180&p=1. Upgrade to SP2 to resolve this. Page 10 of 15

pcanywhere Settings policy pcanywhere Solution offers the ability to modify the pcanywhere host settings in the console under Settings > Agents/Plug-ins > Remote Management > Remote Control > <Linux Mac Windows>. For each platform, we can modify settings under four tabs: Connection, Authentication, Security and Access Server. There is a default pcanywhere Settings policy provided for each supported platform. Rather than modify the settings or target of a default policy, best practices are to leave the default policy intact and work with a cloned version: 1. disable the default settings policies 2. right-click the default policy 3. click Clone 4. name the cloned policy accordingly 5. adjust the Schedule options as needed 6. remove the default target(s) under the Apply to section (if any exist) 7. apply the policy to the desired targets Important Note: Each pcanywhere host computer can be a target of ONLY ONE pcanywhere Settings policy, regardless of whether the policy targets a computer list or a filter. In other words, filters used in pcanywhere Settings policies must be mutually exclusive. Page 11 of 15

Verify the correct host settings Assuming that the pcanywhere plug-in is installed on a managed computer, look under the Configuration section at the top of the same Symantec Management Agent Settings dialog box. To determine whether the managed client computer received the newest configuration policy, you can check whether the "Changed" timestamp is accurate when compared to the most recent pcanywhere Setting policy change that you made in the SMC. To investigate potential problems with pcanywhere Settings policies on managed computers, access the client policy file. This is an XML file located in the folder C:\Program Files\Altiris\Altiris Agent\Client Policies\. Look for the larger XML file, with a name format similar to one of the following: <servername>.<domain>.<com>.xml <servername>.xml Symantec Technical Support may request the client policy XML file for case evidence. Inside the client policy XML file there should be a section containing the host configuration settings that were set in the SMC. An easy way to find the section is to search for the element <pcasettings>. Here is a snippet showing the beginning of a pcanywhere configuration policy element: - <Policy guid="{8204b0d5-a56b-4f2e-ba2f-ded9c61e515c}" name="pcanywhere Settings - Windows" version="7.0.7270.0" hash="90afdc63464606e1c575b4c86933b45a" userpolicy=""> - <ClientPolicy agentclsid="symantec.pcaagent"> <DateTime>2010-1-18 16:25:13</DateTime> + <pcasettings> Page 12 of 15

Checking the client policy XML file Does the <pcasettings> element exist? If not, then the Symantec Management Agent has not retrieved the latest policy for some reason. It may be necessary to: force an Update of the Symantec Management Agent (described above); or force a refresh of the filters in the SMC (described below). ensure that the managed computer is a member of the target for the pcanywhere Settings policy. Do the settings match the policy in the SMC? If the <pcasettings> element exists in the client computer's local policy XML file but the settings do not match the intended policy in the SMC, then: the computer may not belong to the target filter specified. This may be due to a mistake in filter query logic (if not using the default filter); or force a refresh of the filters in the SMC (described below). Does the client policy file contain more than one <pcasettings> element? If the client policy XML file contains more than one <pcasettings> element, then it is likely related to an issue with pcanywhere Solution SP1 described in this KB article: https://kb.altiris.com/article.asp?article=50644&p=1. If so, this must be addressed by following the Resolution in that article. Page 13 of 15

Refresh policies and filters in the SMC If it appears that a managed computer is member of the target filter that is applied to a pcanywhere Settings policy, but the managed computer has not received the policy settings based on an examination of the client policy XML file, then perhaps the filter membership has not yet been updated. This occurs based on a schedule, so over time this situation should resolve itself. It is also possible to force a refresh from the SMC. To force a refresh, click Settings > Notification Server > Resource Membership Update. To the right of the Complete Update Schedule line, click the the page should refresh with a notification stating Complete Update Schedule has completed. button. Eventually Performing this step may result in quicker distribution of the pcanywhere Settings policy to the intended managed computers. Page 14 of 15

How pcanywhere policy settings are implemented Once the Symantec Management Agent receives the correct pcanywhere Settings policy and the pcanywhere plug-in parses the policy file, the data is then stored on the managed computer under one of these folders (depending on the version of Windows): C:\Documents and Settings\All Users\Application Data\Symantec\pcAnywhere\Hosts C:\ProgramData\Symantec\pcAnywhere\Hosts in these files: pcanshost.bhf *.CIF Symantec Technical Support may request these host files for case evidence. The BHF (Be a Host File) contains host configuration settings and is modified on the managed computer when a modified settings policy is received by the Symantec Management Agent. There must be at least one CIF (Caller) file present in this folder, and possibly multiple CIF files depending on the number of callers defined in the Settings policy in the SMC. If the pcanshost.bhf file or *.CIF files are missing, then the Symantec pcanywhere Host service will error at startup. Contact Symantec Technical Support to investigate. In addition, the pcanywhere host service uses several registry keys including these: HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\pcAnywhere\CurrentVersion\Host HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\pcAnywhere\CurrentVersion\System Some of the settings, such as the TCP listening port, are stored in the registry and therefore can be viewed to compare against the policy settings. Page 15 of 15

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information