Heartbeat good but agent check-in not working
runkbot 4 0 works fine when run locally on the pc. Verified plenty of hdd space and no disk errors (those have caused agent issues in the past).
From k1, force inventory and the normal check-in does not work. And the last inventory will go up until I run runkbot again. I've looked all over the site trying different things.
My first go to, I try when things aren't working right:
amptools.exe host=k1100.host
Later I tried:
sc stop konea
sc start konea
MsiExec.exe /X{F66E9801-5F03-4ECD-A5BC-8678FAE8FBAA}
AMPTools.exe uninstall all
Anything else to try, let me know. If worst case, I have to set up a scheduled task on the local machine, does it really matter? This is the latest agent I believe, 8.0.152 and my K1 should be up to date as well.
EDIT:
(I since discovered this blog post and went through the various steps and thought I would update my post, with that info.)
- I have 53 license seats open, not a licensing issue
- inventory.xml is fine
- agent services are good
- amp.conf is configured correctly
- Two pem cert files are present
- I went ahead and explicitly opened ports 80,443,139,445 on TCP. Haven't really found how to confirm this. So any ideas on firming this one down, let me know. If I run a netstat -a I do not see them listed.
- HDD space is good
- No WMI issues. Inventory works fine when triggered via runkbot 4 0.
4 Comments
[ + ] Show comments
Answers (1)
Please log in to answer
Posted by:
Channeler
6 years ago
This looks like a Powershell issue
Assuming the agent was completely removed and reinstalled, the fact that runkbot 4 0 works, kind of rules out networking or AV issues.
I bet powershell is corrupted or not enabled on that device.
Try to open CMD and from there type "powershell" and hit enter, let me know if you see any errors....
https://support.quest.com/kace-systems-management-appliance/kb/225066
Assuming the agent was completely removed and reinstalled, the fact that runkbot 4 0 works, kind of rules out networking or AV issues.
I bet powershell is corrupted or not enabled on that device.
Try to open CMD and from there type "powershell" and hit enter, let me know if you see any errors....
https://support.quest.com/kace-systems-management-appliance/kb/225066
Comments:
-
You're on the right track. It says powershell is not recognized. I verified that powershell is installed. $PSVersionTable.PSVersion = 5 (major) 1 (minor) 15063 (build) 726 (revision). So I thought it was a PATH issue, but when I check environment variables. The same thing listed on my other machines is listed on the problem machine. (%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\). What should I do next? Uninstall PS and reinstall? (IMAGE: https://i.imgur.com/mg5tQRS.png) - five. 6 years ago
-
I have seen troublesome PS issues like the one your picture describes...
When it's not the path is gotta be something hard to Troublshoot...
Check if by any chance we are not restricting PS via GPO.
Also check in Windows Features, see if Powershell is enabled there.
Unfortunately, the agents are not going to auto-checkin on their own, because they're doing the same, calling PS via BAT scripts executed in CMD. - Channeler 6 years ago-
Check the path statement; Once I added the semi-colon back into the path after (%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\) - then I ran a 'Force Inventory'. After few minutes; I ran another Force Inventory at Device Detail and it worked as it should. - Hall2rs 6 years ago
We currently have an open ticket with support and expect to have webex with them either today or Monday. - RyanPersaud 6 years ago
We also have a scheduled task that checks the amp.conf file and if it lost our settings, it repairs it by copying a good amp.conf file that we saved in a different folder. That tasks runs 3 times a week. Our agent connections went from about 1K to over 4K
I can share the tasks if anyone is interested - Bethski 6 years ago
Thanks in advance :) - GOTRIDA1 6 years ago
If you have an older SDA version the path will be Dell instead of Quest
I add this folder and the two files inside as a post imaging task
In this folder you will need a good amp.cong file and a batch file, mine is called KaceAgent.bat
the batch looks like this:
@echo off
findstr /m "servicedesk" C:\ProgramData\Quest\KACE\amp.conf
if %errorlevel%==0 goto ipcheck
if %errorlevel%==1 goto kacefix
:kacefix
copy "C:\ProgramData\Quest\KACE\fix\amp.conf" "C:\ProgramData\Quest\KACE\amp.conf" /Y >nul
goto refresh
:ipcheck
for /f "delims=: tokens=2" %%a in ('ipconfig ^| findstr /R /C:"IPv4 Address"') do (set tempip=%%a)
set tempip=%tempip: =%
findstr /i %tempip% C:\ProgramData\Quest\KACE\inventory.xml
IF %ERRORLEVEL% EQU 0 goto end
IF %ERRORLEVEL% EQU 1 goto refresh
:refresh
"C:\Program Files (x86)\Quest\KACE\runkbot.exe" 4 0
goto end
:end
In our environment our SDA has servicedesk in the url, so you may need to change the string by whatever your SDA name is
Set up the task in task Scheduler on one machine , called mine QuestAgentFix with these settings:
General Tab:
Use System account to run
Run whether user is logged on or not
Run with highest privileges
Hidden and select OS version ( Windows 10 in our environment)
Triggers Tab:
Daily 8:00 am ( for us this balances the secondary and elementary levels so they don't all hit the server at once)
Actions Tab:
Start a Program C:\ProgramData\Quest\KACE\fix\KaceAgent.bat
The rest of the tabs are default and the box to run if it is missed is selected
Export the task as an xml and add it to the post imaging task after the KACE agent is installed.
I have this stored in a tmp folder on my image and use these commands to run it:
schtasks.exe /Create /XML "C:\tmp\QuestAgentFix.xml" /tn "QuestAgentFix"
robocopy "C:\tmp\fix" "C:\ProgramData\Quest\KACE\fix" /E /IS
So in a nutshell, it looks at the amp.conf file to see it is has the server name, a broken file will be blank or have all nul characters, if it is broken, it will copy the good one I planted and run an inventory reconnecting it to the SDA.
The second part looks at the current IP address on the laptop and if it matches the entry in the C:\ProgramData\Quest\KACE\inventory.xml, it just exits.
If the current IP address is different, it will run and inventory and update it reconnecting to the SDA.
Our staff and students take their laptops home and they constantly loose connection. This task can be run on demand as well, but it really improved our performance.
Hope it helps :) - Bethski 6 years ago