The LANDESK Core Server has an internal activation tool that periodically checks in with the LANDESK licensing servers and gathers basic hardware information about the server LANDESK is installed on.

Before logging into the Management Suite console, the installation must be activated using a username and password supplied by the LANDesk Licensing team.

To activate the LANDESK Core Server follow these steps:

1.  Login to the LANDESK Core server and go to Start | Programs | LANDESK and run the Core Server Activation Utility.

2.  When the Core Server Activation tool opens, use the Username and Password that the LANDESK Licensing team provided.

If necessary, enter any Proxy information on the Proxy tab.

3.  Click the Activate button.  The Activation utility will gather the necessary information from the Core Server and send this to the activation server.  After the activation process completes, the following message will appear.

The activation registers this information about the LANDESK Core Server and some usage information on how many nodes are reporting to the Core Server.  The information sent can be seen here:

This is most commonly seen when the LANDESK Core server is migrated to a VMWare environment, or when the server receives a memory upgrade.  Please plan for this as the Licensing team is not available outside of the regular work week of Monday through Friday.

When you call support it can be helpful to gather your logs before hand, this utility will create zip file of the LDMS installation logs for you to upload or email.

Question

What virtual environments are supported for the LANDESK Core server ?

Answer

Ivanti supports core servers running in virtual environments.Product End Of Life | LANDESK

• VMware ESX/ESXi (any version)
  VMware GSX (any version)
• Microsoft Hyper-V
  

However, following conditions need to be applied.

• Must meet our hardware requirements in our deployment and BKM guides for both the Core Server and the database server.
• The VMware must use the VMswitch for network connections.
• Should not be sharing the allocated hardware with other VMs (Oversubscription can cause significant performance issues).
• Must have separate drives/sans allocated to the Core and Database.

Best Known Methods for Installing LANDESK Management Suite 9.6 (with videos)

Issue

Resolution

The following steps are done on the Core Server

1. Open the command line and change the path to
   

   "C:\Program Files\LANDesk\Shared Files\keys\"

2. There you will find the "genkey.exe" utility which creates the certificate (see genkey.log for details).
3. The certificate is then installed and added to the Default Client configuration by "installkey.exe" (see installkey.log for details).
4. Copy the previously backed up Certificate files over in the root of this directory (.CRT / .0 / .key -fileset).
5. Execute the following command from this path:

"installkey.exe "filename" "/LDMS=C:\Program Files\LANDesk\ManagementSuite\ldlogon"

To create a Certificate and/or install extra certificates (so they appear in the Trusted Certificates list – Agent Configuration) do the following:

1. Open a command prompt on the Core Server and type the following: "cd C:\Program Files\LANDesk\Shared Files\keys"

2. Then run "genkey.exe "test1" "test2""

Log information will be found in "genkey.log" file which gets updated.

On the Core Server go into the registry and change the Certname in the following key to the newly created key.

HKLM\Software\LANDesk\ManagementSuite\setup\Certname

If the above fails, it could be caused by a faulty/infected/corrupt LDPGP.EXE.

Step 3

From a command prompt, in the ManagementSuite directory on the Core, run:

landesk.managementsuite.licensing.activatecore debug all

On a NORMAL Core, this should ONLY give out a "debug.txt" to help you along.

In a case of a virus-infected/corrupt LDPGP.EXE, you'll get a 0 kb "debug.txt" and a new log-file called "licensing.log".

This one would then have entries such as:

Validate ldpgp arguments = validate -f "C:\DOCUME_{1\landesk\LOCALS}1\Temp\tmpCB2.tmp" -o "C:\DOCUME_{1\landesk\LOCALS}1\Temp\tmpCB3.tmp" -c "C:\Program Files\LANDesk\ManagementSuite\LANDesk2004.crt"
VerifyExternalSignature filepath = C:\Program Files\LANDesk\ManagementSuite\ldpgp.exe
VerifyExternalSignature return value = False
Validate exception = AuthValidationException: Unable to validate the authorization file
at LANDesk.ManagementSuite.Database.LicenseManager.xa33cdd2792a23ee8(String xd011938348d0e2dc)

You may also need to replace the ldpgp.exe file on the problematic core server with the ldpgp.exe file from a working core.

Issue

How to troubleshoot a missing or deleted core certificate.

If the certificate that is being used by the core server is deleted or overwritten, the following error may appear.

Attempting to activate core and got error message "Unable to build the core server activation file."

A number of other problems may occur such as web console and 32bit console not working or even loading.

This can also cause the "Unable to validate the current user with the database" error in the web console.

You can have an issue with remote control if SsSL is not working because the client cannot open;

https://{Core_Server_Name}/LANDesk/ManagementSuite/Core/SSL/remotecontrol/RemoteControlService.asmx

Message when attempting to remote control:

Unable to find the remote control web service on [CORENAME].

Troubleshooting

In some cases deleting the certificate has resulted in a necessary core rebuild. Before falling back to that check to see if an old certificate exists or if there is a backup certificate. If so then follow the steps below.

Registry

The name of the cert created on install is referenced in the following registry key.

HKLM|Software|LANDesk|ManagementSuite|Setup|CertName This file needs to exist in the \Program Files\LANDesk\Shared Files\Keys.

- For the activation process to work properly the original .crt and .key file have to be present in the \Program Files\LANDesk\Shared Files\Keys folder. If it does not but a backup key exists here, modify the registry key to point to the other key.

- The <hash>.0 public key is also in the C:\Program Files\LANDesk\ManagementSuite\ldlogon folder and needs to be there by default.

IIS

If there is an existing certificate but it is not correct then do the following:

1. Open up IIS manager
2. View the default website properties
3. Click directory security

If the view certificate box is gray then the cert is not installed. Follow below.

Install the certificate by doing the following:

1. Click server certificate
2. Next
3. Assign existing / next (remove existing if the current one is bad)
4. Click on the appropriate cert / next
5. ssl port set to 443 / next next / finish.

If the certificate does not show up under existing certificates do the following

1. Click Start / Run, type mmc, then press enter.
2. Click File / Add/Remove Snap-in, Add, Certificates, Add, Computer Account, Finish, close the add-in window, then click OK.
3. Open the protect.ini file on the core (LANDesk\Shared Files\keys) and note the hash.
4. Find the .0 file in the same folder that matches the hash from the protect.ini.  Open the .0 file and note the name of the key.
5. Back in the mmc window, drill down into Trusted Root Certificates/Certificates and find the name of the key from the previous step.  Right click on it and drag it to the Personal\Certificates\ folder and click on copy.
6. Run the following command from a commands prompt in the ManagementSuite folder.
   • securewebsiteinstall.exe "cert name" landesk/managementsuite/core/ssl
   • securewebsiteinstall.exe "cert name" landesk/managementsuite/core/ssl/remotecontrol
   • securewebsiteinstall.exe "cert name" landesk/managementsuite/core/ssl/information

If the wrong cert is installed or it is pointing to a cert that does not exist.

1. Click server certificate
2. Next
3. Remove existing cert
4. Click ok

Install the backup certificate by doing the following:

1. Click server certificate
2. Next
3. Assign existing / next (remove existing if the current one is bad)
4. Click on the appropriate cert / next
5. ssl port set to 443 / next
6. next / finish.

Check to see if the certificate has a private key associated with it.

1. In IIS right click on Default Website and click Properties
2. Click on the Directory Secutiry tab
3. Click View Certificate
4. At the bottom of the general tab it should say
5. You have a private key that corresponds to this certificate."

If you do not have a private key associated then do the following:

On the Core server:

1. Click Start, click Run, type mmc,and then click OK.
2. On the File menu, click Add/Remove Snap-in.
3. In the Add/Remove Snap-in dialog box, click Add.
4. Click Certificates, and then click Add
5. In the Certificates snap-in dialog box, click Computer account, and then click Next.
6. In the Select Computer dialog box, click Local computer: (the computer this console is running on), and then click Finish.
7. Click Close, and then click OK.
   
   (if the certificate exists in "Console Root | Certificates | Personal | Certificates" then skip to step 14)
   
   
8. In the Certificates snap-in, expand Certificates, right-click the Personal folder, point to All Tasks, and then click Import.
9. On the Welcome to the Certificate Import Wizard page, click Next.
10. On the File to Import page, click Browse.
11. In the Open dialog box, click the new certificate, click Open, and then click Next.
12. On the Certificate Store page, click Place all certificates in the following store, and then click Browse.
13. In the Select Certificate Store dialog box, click Personal, click OK, click Next, and then click Finish.
14. In the Certificates snap-in, double-click the imported certificate that is in the Personal folder.
15. In the Certificate dialog box, click the Details tab.
16. Click Serial Number in the Field column of the Details tab, highlight the serial number, and then write down the serial number.
17. Click Start, click Run, type cmd, and then click OK.
18. At the command prompt, type the following:
19. certutil -repairstore my "SerialNumber"

If stats are enabled, it freezes the metaschema preventing Coredbutil.exe from being able to run successfully during upgrades. Stats has to be removed for successful metaschema updates.

Verify that all of the tables in the LANDESK DB are owned by DBO. If they're not, change the ownership to DBO and then run the drop stats script:

use (LANDESK Database Name Goes Here and remove parentheses)

DECLARE @tblname sysname, @statname sysname, @sql nvarchar(2000)
DECLARE c CURSOR FOR
SELECT object_name(id), name FROM sysindexes WHERE INDEXPROPERTY(id, name, 'IsStatistics') = 1 and object_name(id) not like 'sys%'
OPEN c
FETCH NEXT FROM c INTO @tblname, @statname
WHILE @@FETCH_STATUS = 0
BEGIN
SET @sql = 'DROP STATISTICS [' + @tblname + '].[' + @statname + ']'
EXEC(@sql)
FETCH NEXT FROM c INTO @tblname, @statname
END
CLOSE c
DEALLOCATE c

Issue

When you try to active a core server you get the following error message:

This Core Server hardware has significantly changed. Please deactivate and reactivate.

Cause

There has been a change in your system.

The Core Server does not match the previously activated core.

Fix

Deactivate the core and then you will reactivate and all will be fixed

To deactivate a Core Server: Contact the LANDESK Support with the Company name and Core Server name that needs to be deactivated

• Description
• Renewing Subscription customers
• Activating the Core Server Online
• Manually Activating the Core Server

Description

LANDESK Management Suite and Security Suite licensing is managed using online activation.  A Core Server must be activated using this online activation before it will be functional.

Also, different features of LANDESK can be enabled or disabled with simple activation.  Installation of additional software is not usually needed.

Renewing Subscription customers

For renewing subscription Customers, simply reactivate your core.

Start | All Programs | LANDesk | Core Server Activation and clicking the Activation button.

Activating the Core Server Online

Complete an online activation of the Core Server using the following steps:

1. Run the Core Server Activation from the Start menu LANDesk Management group.
2. Enter valid credentials and click 'activate'.
3. The Licensing server will be accessed and the Core Server will be activated.

Note: Clicking on the Licenses... button will display the licenses received through the activation process.

Manually Activating the Core Server

Complete a manual core server activation by:

1. Run the Core Server Activation from the Start menu.
2. Enter valid credentials and click 'activate'.
3. The Licensing server will be accessed and the Core Server will be activated.
4. An error box will appear specifying a file has been created that must be e-mailed to licensing.
   
     A *.txt file is created in \program files\LANDesk\Authorization Files
   
   
5. Obtain the .txt file and e-mail the file to licensing@landesk.com.
6. When the new activation e-mail is returned a .AUTH file will be attached to the email. Place the attached .auth file in \Program Files (x86)\LANDesk\Authorization Files.  Ensure the file does not have a .TXT extension, it must have a .AUTH extension.

No further action is needed.  The core is activated upon placing a valid .auth file in the above folder.

Note: Clicking on the Licenses... button will display the licenses received through the activation process.

Important! If you run the core server activation and it appears to be successful, but you are unable to log into the console check to make sure that your license is valid for the product you are trying to use.  For example, if your credentials are valid for Management Suite 8.8 but you are trying to use Management Suite 9.0, the console login will fail.

Question(s):

This document will try to address the following questions:

• What ports does LANDESK Management Suite use?
• What ports need to be opened in my firewall?
• What port(s) does component X use?
• Does LANDESK have a ports list?
• What TCP and UDP Ports must be open on a Linux Agent's Firewall?
• Do I need to open my firewall to let ICMP ECHO/ECHO REPLY packets pass?
  
• Where can I find a network port diagram?

Answer:

ICMP

Quite a few functionalities of LANDESK rely on ping (ICMP ECHO) to probe if the device or server is reachable. Disabling ICMP ECHO within the network might result in losing LANDESK functions, such as bandwidth awareness or usage of preferred server.

The network port information has been divided into the following sections.

• Core Server
• Agent - Linux
• Agent - Mac
• Agent - Windows
• Management Gateway
• Mobile Device Manager Server
• PXE Representative
• Remote Console

Additionally a graphical representation of the data is attached to this article.

Note: It is recommended that all ports for a specific component be opened for backwards compatibility. Failing to open listed ports is not tested.

Core Server	Port #	Direction	Notes
TCP	22		UDD
TCP	25		UDD
TCP	80		Activation, Client, Core Sync, Inventory, Patch Manager, Security Suite, Web Console
TCP	139		Console, UNC
TCP	389		LDAP
TCP	443		Client, Console, Inventory, SLM, Software Distribution
TCP	445		Console, UNC
TCP	1433		Database (MS SQL Server)
TCP	1521		Database (Oracle)
TCP	5007		Inventory
TCP	8092		Core, Console, AMT MPS Server
TCP	8321		Core, Command Service
TCP	9535		Remote Management
TCP	9590		Console, SLM
TCP	9591		Console, SLM
TCP	9593		Software Distribution
TCP	9594		Software Distribution
TCP	9595		Agent Discovery
TCP	9971		Agentless AMT Discovery
TCP	9972		AMT Notification
TCP	9982		AMT Discovery (VPro)
TCP	12174		Remote Execute
TCP	12175		Software Distribution (Policy) [version 8.7 & Older]
TCP	12176		Software Distribution (Policy) [version 8.8 - Current]
TCP	16992		HTTP AMT Management
TCP	16993		HTTP AMT Management
TCP	16994		AMT Hello Packets
TCP	33354		Multicast
UDP	9595		Agent Discovery
UDP	33354		Multicast
UDP	38293		Agent Discovery

Linux Agent	Port #	Direction	Notes
TCP	25		UDD
TCP	80		Patch Manager, Inventory
TCP	443		Client, Core, Inventory
TCP	5007		Inventory
TCP	9535		Remote Management
TCP	9593		Software Distribution
TCP	9594		Software Distribution
TCP	9595		Agent Discovery
TCP	12174		Remote Execute
UDP	67		Imaging (PXE Broadcast)
UDP	68		Imaging (PXE)
UDP	69		Imaging (PXE TFTP)
UDP	1759		Imaging (PXE MTFTP)
UDP	4011		Imaging (PXE Unicast)
UDP	9595		Agent Discovery

Mac Agent	Port #	Direction	Notes
TCP	25		UDD
TCP	80		Patch Manager, Inventory, Software Distribution
TCP	443		Client, Core, Inventory, Patch Manager, Software Distribution
TCP	4343		HTML 5 Remote Control
TCP	5007		Inventory
TCP	9535		Remote Management
TCP	9593		Software Distribution
TCP	9594		Software Distribution
TCP	9595		Agent Discovery
TCP	12174		Remote Execute
TCP	12175		Software Distribution (Policy)
TCP	12176		Software Distribution (Policy)
TCP	33354		Software Distribution (Peer Download, Multicast)
UDP	9595		Agent Discovery
UDP	33354		Software Distribution (Multicast)
UDP	33355		Software Distribution (Multicast)

CSA (Management Gateway)	Port #	Direction	Notes
TCP	22		SSH Administration
TCP	25		Email Notification
TCP	80		Activation, Patching
TCP	443		Administration, Client, Core
TCP	444		DEP (iOS)

Mobile Device Management Server	Port #	Direction	Notes
TCP	80		(Core Only)
TCP	443		Enrollment
TCP	2195		APNS (Apple)
TCP	2196		APNS (Apple)
TCP	5223		APNS (Apple)
TCP	5228		C2DM (Google)
TCP	444		DEP (Apple)

PXE Rep	Port #	Direction	Notes
UDP	67		Imaging (PXE Broadcast)
UDP	68		Imaging (PXE)
UDP	69		Imaging (PXE TFTP)
UDP	1758		Imaging (PXE MTFTP)
UDP	1759		Imaging (PXE MTFTP)
UDP	4011		Imaging (PXE Unicast)

Remote Console	Port #	Direction	Notes
TCP	80		Console, Core, HTTP Management
TCP	139		Console, Core
TCP	443		Console, Client, Core, SLM
TCP	445		Console, Core
TCP	8092		Console, Core, AMT
TCP	9590		Console, Core, SLM
TCP	9591		Console, Core, SLM
TCP	9595		Agent Discovery
UDP	68		Imaging (PXE)
UDP	69		Imaging (PXE TFTP)
UDP	1758		Imaging (PXE MTFTP)
UDP	1759		Imaging (PXE MTFTP)
UDP	4011		Imaging (PXE Unicast)
UDP	9595		Agent Discovery
TCP	1433		Database (MS SQL Server)

Windows Agent	Port #	Direction	Notes
TCP	25		UDD
TCP	80		Patch Manager, Security Suite, Software Distribution, Inventory
TCP	137		NetBIOS (non-domain clients)
TCP	139		UNC
TCP	443		Client, Core, Inventory, Software Distribution
TCP	445		UNC
TCP	4343		HTML5 Remote Control
TCP	5007		Inventory
TCP	9535		Remote Management
TCP	9593		Software Distribution
TCP	9594		Software Distribution
TCP	9595		Agent Discovery
TCP	9971		AMT Discovery
TCP	9972		AMT Notification
TCP	9982		AMT Discovery/VPro
TCP	12174		Remote Execute
TCP	12175		Software Distribution (Policy) [ver. 8.7 & Older]
TCP	12176		Software Distribution (Policy) [ver. 8.8 - Current]
TCP	16992		HTTP AMT Management
TCP	16993		HTTPS AMT Management
TCP	16994		AMT Hello Packet
TCP	33354		Software Distribution (Peer Download, Multicast)
UDP	67		Imaging (PXE Broadcast)
UDP	68		Imaging (PXE)
UDP	69		Imaging (PXE TFTP)
UDP	1758		Imaging (PXE MTFTP)
UDP	1759		Imaging (PXE MTFTP)
UDP	4011		Imaging (PXE Unicast)
UDP	9535		Device Discovery, XDD
UDP	9595		Agent Discovery
UDP	33354		Software Distribution (Multicast)
UDP	33355		Software Distribution (Multicast)
UDP	38293		Agent Discovery

Rollup Core	Port #	Direction	Notes
TCP	1433		Rollup Core to SQL Servers
TCP	1433		SQL server to SQL server replication

**Note that if you are using Preferred Servers and replicators in your environment, the same ports that are used from the client to the Core and from the Core to the Client are used. As the Preferred Server must be an agent, and as some of the Core's tasks are off-loaded to the Preferred Server, the other clients will talk to it across the same ports they talk to the Core Server on.

LANDESK Architecture

There are several distinct services or functionalities that may be required or used with LANDESK Management Suite (LDMS). These can include some or all of the following:

• LANDESK Core Server
  • This server includes IIS which provides many key web services
• Database Server (MS SQL)
• LANDESK Cloud Services Appliance (CSA)
• Remote Management Console
• Preferred Servers
• PXE Representatives

There are other services or servers that can be used depending on the requirements, such as a Terminal Server to allow access to the Remote Management Console or a dedicated reporting server for custom reports and so forth.

Considerations for Upgrade and Install

When upgrading or installing LANDESK, the demands on the system may be higher than during normal use. This can be due to increased activity that can occur during an upgrade. For example, installing a new agent may cause that device to perform several scans to ensure it is up-to-date. Additionally adoption of new features can lead to increased load on the system, so an environment that was meeting expectations before, may begin to not meet expectations as the demand or feature adoption increases.

Software Requirements

Core Server

The LANDESK Management Suite Core Server is now fully 64-bit, so it cannot be run on any 32-bit systems.

• Microsoft Windows Server 2008 R2 with Service Pack 1, 64-bit (Supported for in-place upgrades only)
• Microsoft Windows Server 2012 R2 with Update 1, 64-bit

The install language of the Microsoft Windows Server should match the LANDESK install language and the language of all Remote Consoles.

Database Server

The following database systems are supported:

Microsoft SQL Server

• Microsoft SQL Server 2008 Express (Free to use, but limited)
• Microsoft SQL Server 2008 Standard/Enterprise
• Microsoft SQL Server 2012 Express (Free to use, but limited)
• Microsoft SQL Server 2012 Standard/Enterprise
• Microsoft SQL Server 2014 Standard/Enterprise

Oracle 11g

Oracle is not a supported database server for LDMS 2016

Remote Console

The LANDESK Managment Console is installed as part of the Core Server installation. Additional Remote Consoles can be installed as well to provide access to the LANDESK Management Suite/Security Suite tools and features. For LANDESK Management Suite 2016, the Remote Console can only be installed and run on 64-bit systems.

Supported Operating Systems:

• Windows 7 Professional, Business, Enterprise and Ultimate Editions x64
• Windows 8 Enterprise x64
• Windows 8.1 x64
• Windows 10 x64
• Windows Server 2008 R2 SP1
• Windows Server 2012 x64
• Windows Server 2012 R2 x64

Supported Client Platforms

Hardware Recommendations

Generic Guidelines

Additional Guidelines by Environment Size

Up to 750 Devices

All LANDESK Services on a single server

• Dual-core, 64-bit processor
• 4GB RAM
• 100/1000 Mb Network Adapter
• 72 GB of free disk space on 10K RPM or faster drives or arrays.
  • Drive/Array configuration
    • One drive or array for the operating system, LANDESK Management Suite application, and database application
    • One drive or array for the database and database logs

750 to 1,500 Devices

All LANDESK Services on a single server

• Quad-core, 64-bit processor. (Preferably two physical quad-core processors)
• 4+ GB RAM
• 100/1000 Mb Network Adapter
• 72 GB of free disk space on 10K RPM of faster drives or arrays
  • Drive/Array configuration
    • One drive or array for the operating system, LANDESK Management Suite application, and database application.
• One drive or array for the database and database logs. RAID 0, 5, 10, or an equivalent/faster redundant storage technology is recommended.

1,500 - 3,000 Devices

All LANDESK Services on a single server

• Two Quad-core, 64-bit processors (8 CPU cores total)
• 8 - 12+ GB of RAM or more
• Gigabit network adapter
• 3 storage arrays with 72 GB of free space each on 15K or faster drives
  • One array for the Operating System. RAID 0, 1, 5 or faster
  • One array for LANDESK Management Suite software. RAID 0, 5, 10 or an equivalent/faster technology
  • One array for the database and database logs. RAID 0, 5, 10 or an equivalent/faster redundant storage technology

A LANDESK system for 1,500 to 3,000 devices all running on a single server could see performance issues with disk I/O depending on the use and configuration of both LANDESK and the storage arrays. Some tuning may be needed. As noted above, the arrays should be on separate spindles (physical disk) to reduce any resource conflicts.

3,000 to 5,000 Devices

LANDESK Core Server and Database Server on separate servers

The Core Server

• Two quad-core, 64-bit processors (8 CPU cores total)
• 4 - 8 GB RAM
• Gigabit Network Adapter
• 2 arrays with 72 GB of free space per array on 15K RPM or faster drives
  • The operating system should be on an array of RAID 0, 1 or an equivalent/faster technology
  • LANDESK Management Suite software should be on an array of RAID 0, 5, 10 or an equivalent/faster redundant storage technology

The Database Server

• Quad-core, 64-bit processors (4 CPU cores total)
• 8+ GB of RAM
• Gigabit Network Adapter
• Three arrays with 72 GB of free space per array on 15K RPM or faster drives
  • The operating system array should be RAID 0, 1 or an equivalent/faster technology
  • One array for the database. RAID 0, 5, 10 or an equivalent/faster redundant storage technology
  • One array for the database logs, RAID 0 or an equivalent/faster redundant storage technology

5,000 to 8,000 Devices

LANDESK Core Server and Database Server on separate servers

The Core Server

• Three - four quad-core, 64-bit processors (12 - 16 CPU cores total)
• 4 - 8 GB RAM
• Gigabit Network Adapter
• 2 arrays with 72 GB of free space per array on 15K RPM or faster drives
  • The operating system should be on an array of RAID 0, 1 or an equivalent/faster technology
  • LANDESK Management Suite software should be on an array of RAID 0, 5, 10 or an equivalent/faster redundant storage technology

The Database Server

• Two quad-core, 64-bit processors (8 CPU cores total)
• 12+ GB of RAM
• Gigabit Network Adapter
• Three arrays with 72 GB of free space per array on 15K RPM or faster drives
  • The operating system array should be RAID 0, 1 or an equivalent/faster technology
  • One array for the database. RAID 0, 5, 10 or an equivalent/faster redundant storage technology
  • One array for the database logs, RAID 0 or an equivalent/faster redundant storage technology

8,000 to 12,000 Devices

LANDESK Core Server and Database Server on separate servers

For more recommendations and guidelines for an environment of this size, see Recommendations for tuning LDMS and MS SQL for large enterprise Core Servers

The Core Server

• Four quad-core, 64-bit processors (16 CPU cores total)
• 16+ GB of RAM
• Gigabit Network Adapter
• 2 arrays with 72 GB of free space per array on 15K RPM or faster drives
  • The operating system should be on an array of RAID 0, 1 or an equivalent/faster technology
  • LANDESK Management Suite software should be on an array of RAID 0, 5, 10 or an equivalent/faster redundant storage technology

The Database Server

• 3+ quad-core premium 64-bit processors (12+ CPU cores total)
• 24+ GB of RAM
• Gigabit Network Adapter
• Three arrays with 72 GB of free space per array on 15K RPM or faster drives
  • The operating system array should be RAID 0, 1 or an equivalent/faster technology
  • One array of four or more disks for the database. RAID 0, 5, 10 or an equivalent/faster redundant storage technology
  • One array for the database logs, RAID 0 or an equivalent/faster redundant storage technology
• Microsoft SQL Server Enterprise Edition is recommended for environments of this size. Consult Microsoft for a detailed SQL Server Edition comparison.

12,000 to 16,000 Devices

LANDESK Core Server and Database Server on separate servers

For more recommendations and guidelines for an environment of this size, see Recommendations for tuning LDMS and MS SQL for large enterprise Core Servers

The Core Server

• Four quad-core, 64-bit processors (16 CPU cores total)
• 16+ GB RAM
• Gigabit Network Adapter
• 2 arrays with 72 GB of free space per array on 15K RPM or faster drives
  • The operating system should be on an array of RAID 0, 1 or an equivalent/faster technology
  • LANDESK Management Suite software should be on an array of RAID 0, 5, 10 or an equivalent/faster redundant storage technology

The Database Server

• Four quad-core premium, 64-bit processors (16 CPU cores total)
• 32+ GB of RAM
• Gigabit Network Adapter
• Three arrays with 72 GB of free space per array on 15K RPM or faster drives
  • The operating system array should be RAID 0, 1 or an equivalent/faster technology
  • One array of four or more disks for the database. RAID 0, 5, 10 or an equivalent/faster redundant storage technology
  • One array for the database logs, RAID 0 or an equivalent/faster redundant storage technology
• Microsoft SQL Server Enterprise Edition is strongly recommended for environments of this size

More than 16,000 Devices

For LANDESK Management Suite installations of this size, additional tuning and design assistance from LANDESK Professional Services or from a valued Expert Solution Provider (ESP) is strongly recommended.

Issue

While upgrading from LDMS 9.5 to 9.6 you get the following error. Also happens when upgrading from 9.6 to LDMS 2016

ERROR: Execution of CBA8InstallCommand completed. Return code: 32, State: Failure     (SetupController.ExecuteNextCommand())

Resolution

This error is easily resolved by running the cba8cleanup.exe followed by an IIS reset.

1. Execute "LANDeskSoftware960\LANDESK\LDMS\Program Files 64\LD\MS\_non\ldlogon\cba8cleanup.exe" 
   The LDMS 2016 location is \LANDESKSoftware2016\LD\MS\PF\LD\MS\_non\ldlogon\cba8cleanup.exe.
2. Execute command "
3. iisreset"Restart the installer or click "Try Again" if you have not canceled the installer.

The attached document covers the installation process for Ivanti Endpoint Manager 2018.1.

The document is provided in PDF and DOCX format for your convenience.

Currently Does Not Work With 2018.1 or Higher

Description

EPM Tool was originally started in order to remove Landesk (LDMS) from remote consoles and cores. Since then, other features have been added.

EPMTool is capable of the following and listed in the menu structure below:

          MAIN MENU

             Uninistall/ Install Utilities

               A.) Agent Uninstall                    How To: Uninstall the LANDESK Agent

               B.) Console Uninstall                How to remove a 9.6 and 9.6 SP1 console from client machines when the uninstall or reinstall fails

               C.) Remove IIS (in progress)

             Inventory Utilities

               A.) Mini to Miniscn                    .MINI Scan Files In LDSCAN Folder

             Failed Core Install Utilities

               A.) Fix Strong Name                 Strong Name Verification Errors

               B.) Fix .Net for DA                    Issue: Data Analytics Install Fails With .NET 4.7

               C.) Run Streams                      Troubleshooting Failed installs.

             Support Utilities

               A.) Fetch Logs

               B.) Diagnostics

               C.) Network Tests

                         A.) Core to Agent

                         B.) Core to db

                         C.) Custom Host and Port

                         D.) DEP IOS Test

                         M.) MDM Check from Core

               D.) Remove Auth Files               Issue: Unable to Build Core Server Activation File

               E.) COM+ Rebuilder                   How to rebuild the LANDesk COM+ Objects

               F.) EPM Mail (in progress)

               G.)Enumerate Programs

             Service Control

               A.) Stop LANDesk Services

               B.) Start LANDesk Services

               C.) Restart Landesk Services

               D.) Delete ASP .Net Files

Note: If you have issues uninstalling.

Try Microsoft's FixIt tool https://support.microsoft.com/en-us/help/17588 "Fix problems that block programs from being installed or removed"

Current version: 11-28-2017

This batch file is known to work on:

• 9.5SP3
• 9.60 - 9.6SP3
• 2016.0 - 2016.3 Service Update 4
• 2017.1 - 2017.1 Service Update 1
• 2017.3

Description

It is advised to run these steps prior to running any Ivanti installer (Full install or Service Update). There can be instances where an Ivanti EPM installer will fail or run into issues after installation. Below are best practices to follow when installing or updating the Core Server.

Prerequisites

1. Backup or snapshot your core server and your applicable databases (including the Core Server Database and the Workspaces Database).
   • With these backups available, you can quickly restore to a functional state if you run into errors.
     
     
2. Verify that your C drive and the drive you intend to install LANDESK onto have plenty of free space. For full specs, please visit: Ivanti Endpoint Manager 2017 Architecture - Overview
   
   
3. If upgrading to a new full release, verify Licensing for that version is listed in your product license.
   • You can verify this by opening the Core Server Activation and clicking on Licenses. This will show all the version assigned to your credentials.
   • Please contact support if you are missing any versions.
     
     
4. If having to use RDP to connect to your core server when running the install, use the admin switch for the RDP session.
   • This is done by running the RDP application with the admin switch "mstsc /admin".
     
     
5. Disable UAC, anti-virus, malware, and EPS software on the machine for the install.
   
   
6. Download the installer to the computer locally. Do not run from a network drive.
   
   
7. Before extracting the installer, right-click the file and go to Properties to Unblock the installer.
   • In the bottom right-hand corner of the properties window for the installer package there may be an Unblock button or check box. If this is there, unblock the file and then click Apply and OK.
   • It is critical to have the file be unblocked prior to running the LANDesk installer.

     8. Check version of Microsoft .NET that is installed and take actions appropriate for the version of EPM/LDMS that you are installing/updating to.

• You can use this document to check the version you have installed on your core server: How To: Tell What Version of .NET Framework Is Installed
• The following document goes over version specific .NET information and considerations .NET Considerations for EPM/LDMS on the Core and Remote Consoles

     9. For "NEW" installs ONLY - DO NOT install the IIS role prior to installing your core. Ivanti will do this for you as part of the installer.

• LANDESK will incur problems during install if IIS is already installed and will not be able to proceed.
  
  

     10. Once the installer has been unblocked and extracted, run Microsoft Streams against the extracted location and install destination folders using the switches -s and -d.

• See the following document for information on how to run Microsoft StreamsStreams; and why you should remove them.
• Additional information on Streams can be found here - Streams
  
  

     11. Check to make sure the boot.wim is not mounted on the Core server.

• Follow this document if it is: How To: Cleanup WIM Images Before Upgrading/Patching Core

     12. Right-click the installer and click "Run as Administrator", even if logged on as an admin on the machine.

Conclusion

Thanks for taking the time to read through these best practices steps. If you have any suggestions to add to this list, please add a comment to this document so we can internally vet those suggestions and update this document as needed.

Issue

Core server installation failed at "verifying IIS configurations".

Cause

Check the installation logs and find errors similar to the following:

2016-10-21 13:15:46 INFO: Executing command RepairWebSiteConfiguration         (SetupController.ExecuteNextCommand())

2016-10-21 13:15:46 INFO: Executing: msiexec.exe /fomus {B69C4A6F-116D-421B-9811-D31FC358CCE4} /quiet /lv+ "C:\Users\ADMINI~1\AppData\Local\Temp\1\LANDesk.Setup.WebSiteConfiguration.Repair.msi.log"         (Launcher.ExecuteXmlCommand())

2016-10-21 13:15:46 INFO: Notifying ProcessBegin: msiexec.exe         (Launcher.ExecuteXmlCommand())

2016-10-21 13:15:46 ERROR: Execution of RepairWebSiteConfiguration completed. Return code: 1622, State: Failure         (SetupController.ExecuteNextCommand())

This means that the installation process failed to create the "1" folder under "C:\Users\ADMINI~1\AppData\Local\Temp\" directory in this example.

Resolution

Manually create a folder named "1" in C:\Users\ADMINI~1\AppData\Local\Temp\ directory. Resume installation. Installation goes through this stage successfully.

Purpose

This document is intended to assist LANDESK® Management Suite users with the installation and configuration of Microsoft® SQL Server 2012 (MSSQL) for a LANDESK® Management Suite installation.

Note: When installing LANDESK software, it is recommended to not use Remote Desktop. If this is the only available method, please initiate the RDP session using "mstsc /admin". This generates a console session as opposed to a terminal session.

Information

Migrating a database is a pretty straightforward process and is well documented on TechNet and other outlets. Here is a list of instructions you can use to migrate a SQL database from one server/host to another.

1. Build or install new SQL server.      Install SQL Server 2012 from the Installation Wizard (Setup)
        http://msdn.microsoft.com/en-us/library/ms143219.aspx
2. Use the following directions to backup your database and restore it on your new SQL server:
        http://technet.microsoft.com/en-us/library/ms187048.aspx
3. If the database is a new install, you'll want to verify that Mixed-mode login is enabled on the SQL server. The how-to for that is found here Change Server Authentication Mode and is posted below in case the link stops working.

Using SQL Server Management Studio to change authentication mode

1. In SQL Server Management Studio Object Explorer, right-click the server, and then click Properties.
2. On the Security page, under Server authentication, select the new server authentication mode, and then click OK.
3. In the SQL Server Management Studio dialog box, click OK to acknowledge the requirement to restart SQL Server.
4. In Object Explorer, right-click your server, and then click Restart. If SQL Server Agent is running, it must also be restarted.
5. Navigate to Start > All Programs > LANDesk > LANDesk Configure Services. Once opened edit the SQL connection information to reflect your new SQL server credentials. Once that is done, you'll want to reboot your core server so all your services start up with the new connection information.

Once this is done your core should now be pointing to your new database server and working as expected. At this point, you may want to consider detaching or deleting your old database from the old SQL Server, though this would be up to your discretion. If you're doing a side by side upgrade I would suggest that you keep a copy of this old database around for a while so you can work out any kinks in your upgrade process and have something to fall back to in case there are problems.

Issue

Core Server Activations can fail for a number of reasons, below is a list of some of the main things to check when activation is failing. This is not an all inclusive list but should cover most known issues.

Solution(s)

1. Verify that you can ping license.landesk.com from your core server; (ip address may vary)
   Ensure the registry key for Provider is set to LEGACY on the core.HKLM\software\LANDesk\managementsuite\licensing\provider OR HKLM\software\wow6432Node\LANDesk\managementsuite\licensing\provider)
   
2. Disable any AV that you may have running when attempting to activate.
3. Delete the contents in the LANDESK\Authorization files folder.
4. Locate the current windows temp folder using the %temp% command, then delete the contents in that folder.
5. Verify the "CertName" value under [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\LANDesk\ManagementSuite\Setup] matches the value of the certificate file name under Landesk\Shared files\keys
   
6. Open the .0 file with notepad, verify the key=CertName
   
7. In the Shared Files\Keys folder on the core, be sure that the hash.0 file (that is bound to IIS) matches what is in the protect.ini file.
   
8. Verify that the LANDesk Management Usage Service is running on the core. Restart if you suspect an issue.
9. Check to see if you can activate the license on another core. This will prove or disprove an issue with the license itself. If an issue with the license is found then you should work with licensing.landesk.com to resolve.
   
   
   If your core activates successfully but you are still unable to login, you should check the verification date and grace period for your license to make sure it has not expired. Also verify the Product Name(s) and Product Version(s) for your license are correct.
   
10. Verify that the activating user belongs to the core's Built-in Administrators group.
11. Check the ldpgp files - Best Known Method for Troubleshooting Remote Console Activation Error
12. If these steps still don't work, reinstall the version of LANDESK that you are currently on. If on a flat of 9.5 or 9.6, just reinstall the flat version. If on a service pack, reinstall of the service pack is all that's needed.

• • DESCRIPTION
  • PROCESS OVERVIEW
  • WARNINGS
  • I. Backup Your Existing Core Server
  • II. Backup Your Existing Database
  • III. Backup Critical Core Server Files
  • IV. Backup Other Needed Files and Information
  • V. Prepare Your New Core Server
  • VI. Install Microsoft SQL Server
  • VII. Create/Configure Your New Database and Restore Your Old One
  • VIII. Import Your Certificates
  • IX. Install Ivanti Endpoint Manager (the most current version)
  • X. Migrate Your Clients by Deploying a New Agent
  • Additional Considerations
  • Creating a Core DNS Redirect

DESCRIPTION

A side by side migration consists in having both your existing Ivanti Endpoint Manager Core Server and your future CoreHo Server running at the same time.

You can either use a new clean database or use your current database and have it upgraded to the new version.

I will cover here the second choice: migration using the current database.

    ATTENTION:Please note that this article covers a basic side by side migration, which means that if you have other LANDESK products like a CSA, then you will first have to think or ask about how to migrate it as well.

PROCESS OVERVIEW

1. Backup your existing Core Server (This is not covered in this article, you may want to have an image of your Core server copied on a media/server)
2. Backup your database
3. Backup Critical Core Server Files
4. Backup Other Needed Files and Information
5. Prepare your new Microsoft Windows 2012 Server for your future Core server (Installation and configuration of the server are not covered in this article as it depends on the infrastructure you manage)
6. Install your Microsoft SQL Server 2012
7. Create and configure your database
8. Restore your database to the new server
9. Install Ivanti Endpoint Manager on the new server
10. Import your certificates
11. Migrate your clients by deploying a new agent
12. Additional Considerations
    1. Core Server DNS Redirect
       

WARNINGS

This article is not supposed to get you through the issues you may fix, but to give you a good starter guide if you want to do a side by side migration.

If you actually encounter any error, please contact us through the support portal or our community web site.If you have any customized settings, queries or files, please be aware that you should take screenshots of these configurations, and save the files that may not be saved by our CoreDataMigration tool.

If you plan on changing corenames, then you will need to use the DNS alias for MDM devices to still communicate to the core. Please see doc: Using a Core server DNS alias with the Cloud Service Appliance.

I. Backup Your Existing Core Server

You should have a snapshot/image of your Core Server in order to be able to roll back.

II. Backup Your Existing Database

    VIDEO:Backup your LANDesk Management Suite 9.5

From Microsoft SQL Server Management Studio, go to Databases, Tasks, Back Upand check where this backup goes to copy it to your future Core Server.

In this case, it goes to:

    C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Backup\

    Remember to copy this ".bak" file as it is your future database.

III. Backup Critical Core Server Files

    VIDEO:Core Data Migration LDMS 9.5

LANDESK has created a tool to backup critical files to a share. This tool is called CoreDataMigration.exe.

Newer versions of CoreDataMigration.exe may backup files that were not backed-up in previous versions.

One of the installation files is an updated CoreDataMigration.exe and it may be better to use the new version instead of the version that is currently on the Core Server.

NOTE: The Ivanti 2017.x CoreDataMigration.exe will not work on previous versions. Instead, just use the CoreDataMigration.exe that is in the \landesk\managementsuite folder on the current core server. Please refer to the CoreDataMigration.exe document for further details. 

The new Ivanti Endpoint Manager version of CoreDataMigration.exe can be found in the EPM installation media under the:

    \LANDESK\PF\LD\MS\_non

If Ivanti Endpoint Manager was downloaded, extract LANDESKSoftware.exe to access this file, situated in the Resourcesfolder:

Once you have copied the folder Resources on your old Core server, create a folder named CoreBackup, in this example:

    C:\CoreBackup\

Then open a Command Prompt (CMD) and browse to the folder where you extracted the Resources folder, in this example:

    cdC:\Resources extracted from old server\

And type the following command (in this example):

    CoreDataMigration.exe GATHER C:\CoreBackup\

It may be necessary in some situations to use a local backup directory to work around NTFS and share permissions.

You will be able to find in your CoreBackup folder the critical files you will need for your migration (your scripts, certificates, ldlogon folder with your application packages, etc.), if you want to use them in your new environment, you can copy/paste them from this folder to your future Core Server once the full installation is done.

IV. Backup Other Needed Files and Information

    Some files will not be automatically saved, you must be careful in order to be sure you will have a backup of everything:

• Distribution Package installation files, if stored on a package share created on the Core Server
• The Patch directory, if it is stored on the Core Server
• \ldlogon\ldappl3.template, if modifications have been made to it
• \ldlogon\AgentWatcher\*.ini files

V. Prepare Your New Core Server

In order to be sure that your Windows Server installation is going to match your infrastructure needs, please check the following articles:

• Supported Platforms and Compatibility Matrix for LANDESK Management Suite/Ivanti Endpoint Manager
• About the LANDESK Management Suite 2016 Architecture - An Overview
• Ivanti Endpoint Manager 2017 Architecture - Overview
• Ivanti Endpoint Manager 2018 Architecture Guidelines

Ensure that your server has the latest updates.

    Then do not forget that the following items are NOT SUPPORTED for the Core Server installation:

• A Primary Domain Controller (PDC), Backup Domain Controller (BDC), or an Active Directory
• A Domain Controller
• A server that has been upgraded from a previous version of windows
• Servers running other third-party applications as their primary server function such as a SharePoint server

VI. Install Microsoft SQL Server

    VIDEO:Install SQL Server 2012 for a Side by side migration of LMDS 9.5 to 9.6

The installation and configuration of Microsoft SQL Server 2012 is described in this document:

• How to install Microsoft SQL Server 2012 for LDMS

You may also find these links useful:

• SQL Tuning and Performance
• Reindexing LANDESK Databases

VII. Create/Configure Your New Database and Restore Your Old One

    VIDEO:Database creation, configuration and restore for Side by side migration 9.5 to 9.6

    An important point here is not to install Ivanti Endpoint Manager on the new server before you restore your old database as the installation process has to convert your old database into the new version.

First you will need to create a new database, so right click on Databases,New Database and put these settings:

Then create your database administrator by going into Security, right click Logins,New Login:

Now you need to restore your old Database into this new database we just created, to do so, right click your new database, Tasks, Restore, Database

• In the General tab, check Device and indicate the path of your old database backup file (*.bak) we made in the previous steps, after that double-check that the Destination Database is the one you created earlier
• In the Files tab, check the Relocate all files to folder option
• In the Options tab, check the Overwrite the existing database (WITH REPLACE) option

Then validate and you are now ready to install Ivanti Endpoint Manager to the new server. Here is a good article as well about this Backup / Restore process:

• Backup and Restore Database: How to move the LANDesk database to another server

VIII. Import Your Certificates

    VIDEO:Import LDMS 9.5 certificates to your 9.6 Server for a side by side migration

In order to use some features on your new Ivanti Endpoint Manager server with your old clients, you will need to have a certificate they already trust.

The files you will need have normally been saved during our CoreDataMigration done earlier except the keys directory.You will need to manually copy core certificate files. These files must be handled securely and should only be placed in a secure location. You can copy them into the CoreBackup folder, but they must be handled with care. You must copy the following files shown below.

You will find these files in the CoreBackup folder you created, in:

    C:\CoreBackup\landesk\Shared Files\keys\

You must copy the following files:

• C:\Program Files\LANDesk\Shared Files\Keys\*.key
• C:\Program Files\LANDesk\Shared Files\Keys\*.crt
• C:\Program Files\LANDesk\Shared Files\Keys\*.0  
• C:\Program Files\LANDesk\Shared Files\Keys\ldcryptoconfig.xml
• C:\Program Files\LANDesk\Shared Files\Keys\Compatible\*.xml(These files will only exists if client security mode is enabled)

Copy them into your new keys folder on your new server, it may look like this:    C:\Program Files\LANDesk\Shared Files\KeysYou also have to copy the *.0 file to your new ldlogon folder, which should be there:    C:\Program Files\LANDesk\ManagementSuite\ldlogon Once this is done, your new Ivanti Endpoint Manager Server will be able to directly remote your clients, with the highest security features enabled. Please note that side by side migrations from 9.6 to 2017.3 requires a full agent reinstall due to the certificate changes in 2017.3. Copying the certificates from the old core to the new one will not allow remote control to function.

Here is an article that might be interesting:

• Moving a Core server to another Domain/Forest - Scenario

IX. Install Ivanti Endpoint Manager (the most current version)

Before starting the install on the new core, you should first create the C:\Program Files\LANDesk\Shared Files\Keys directory and copy ldcryptoconfig.xml into it from your CoreBackup.  This will ensure data that was encrypted and written in the database will be decrypted properly.

If files were copied from C:\Program Files\LANDesk\Shared Files\Keys\Compatible, then they must also be restored back into this directory

    VIDEO: Install LANDesk Management Suite 9.6 for Side by side Migration from 9.5

First, download the latest version of Ivanti Endpoint Manager from this page:

• Downloads for Endpoint Manager (formerly LANDESK Management Suite and Security Suite)

Then extract the files on your server and the installation will begin.

    For this installation, you will only have to be careful with the following settings:

• How should Ivanti configure your database: Upgrade an existing database
• Database information: Enter your Server name, Database name we created earlier, User we created earlier as well and its Password

Here are the articles you may find useful as well for this process:

• How to install Ivanti Endpoint Manager 2017.3
• Ivanti Endpoint Manager 2018.1 Install Guide

X. Migrate Your Clients by Deploying a New Agent

After having done all of this, you should have your infrastructure looking like this:

What we want now is to have our clients directly reporting to our new Server. In order to do that properly, you will have to create new agents (similar to your previous settings if you want) and deploy them gradually with pilot groups/computers.

    Keep in mind that once you have deployed an agent to your client, it may not be manageable anymore from your old server.

Once all of your infrastructure has been "moved" to your new Ivanti Endpoint Manager Server, you can shut down your old server, which will look like this:

    You must be aware as well that a side by side migration can be pretty long and complex as you will have to manage both your old and new server until you are sure of your new settings.

Additional Considerations

Creating a Core DNS Redirect

Some administrators after following this document may encounter some issues where existing agents/agent functions are attempting to communicate with the old core rather than the new, despite the old core having already been removed from production. To avoid such issues, it is recommended as a best practice that administrators after performing a side-by-side migration setup a DNS redirect that will take all traffic intended for the previous core name/fqdn and route it to the new core. This can help to avoid complications and ensure that agent functions remain functional through the migration.

ATTENTION:Please note that DNS redirection is problematic for devices behind CSA (Cloud Services Appliance), reinstallation of the agent on these devices will be required to avoid communication issues.

You will need to manually copy core certificate files. These files must be handled securely and should only be placed in a secure location. You can copy them into the CoreBackup folder, but they must be handled with care. You must copy the following files: