Updating orphaned agents/devices
During an attempted SMA update from 12 to 13 something happened that caused about 100 of our agents/devices to be stuck, offline, on the old agent version. I had support on the line and they basically said "not sure, you'll just have to update those with group policy or something similar". Here's what I've tried so far:
- KACE's own GPO creation utility. I feel like this is meant for devices that either A) have not yet had an agent installed on them, or B) were originally provisioned via GPO & the same type of utility. The devices in question were not provisioned via GPO, the agent is installed during imaging. The policy applies all of the registry values contained within itself, but the agent still sits there offline, on v12.
- Wrote a custom powershell script that catches machines on the affected versions (ignoring all of the "good" machines that actually got the v13 update), then uninstalls "bad" v12 agent, and installs v13. As a user logon script it fails if the user isn't a local admin, as a computer startup script it seems to be getting some devices, but not all. I'm assuming it's not valid for wifi and/or VPN devices.
- Created a computer level software package GPO. Doesn't seem to be having any affect, but I'm not super familiar with these types of policies - there's a chance I've set it up incorrectly.
Anyone have any suggestions on reaching these devices?
Answers (1)
Top Answer
depends on the agent itself:
your questions:
1. The GPO tool creates an initial installation GPO, which is used for systems which are in the domain but don't have an agent installed. You should update it regulary to have the latest agent here.
2. if the agents are still online, checking in but don't update, wait a bit, since the update is not running on all machines at the same time to not DDOS your appliance.
3. if the agents are in unknown state (offline or uninstalled) you can try with WMI from remote to uninstall and let the GPO kick in the installation. Depending on the cause of the offline there may be other solutions (for example for any reason the c:\programdata\quest\kace\amp.conf was deleted or corrupted a simple c:\program files (x86)\quest\kace\amptools.exe resetconf host=YOUAPPLIANCEIP will fix it.) You can run the command on many systems using psexec from the Microsoft powertools, see here: https://learn.microsoft.com/en-us/sysinternals/downloads/psexec ( or you can create a simple script which does the same)
And as always: if you need help feel free to contact support.
Comments:
-
Ahh, forgot about good old psexec... I should be able to script it to them with that, thanks! - SkipPetrucci 1 year ago