Support Portal | SolarWinds

Support Portal

Questions and Answers from the Community
Ask Search:
Chris PawelChris Pawel 

About a third of my workstations failed to upgrade from 10.5.4 to 10.5.6, leaving them without a WinAgent.exe.

I've partially repaired them by: 

  • copying over the WinAgent.exe from the package.zip which is used for Group Policy deployment.
  • winagent.exe /configure
  • net start "Advanced Monitoring Agent"
This gets it checking in with the dashboard but the following still does not work:
  • Remote Background says: Disconnected: Failed to start Remote Background Session. Device not connected. 
  • Managed Antivirus - Communication problem with Managed Antivirus Agent, please ensure the Managed Antivirus services are running on the device.
  • Take Control is grayed out
I've tried disabling the remote background from the dashboard, having  the workstation run its checks, wait a few minutes, and then re-enable it, but that does not fix it.

I've spent nearly a week trying to get their support to help, but haven't even been able to get a knowledgeable person on the phone who could look at the logs or do a remote support session. Any help would be greatly appreciated.
Best Answer chosen by Chris Pawel
JonathanJonathan (SolarWinds MSP) 
Hi there Chris. 

I responded to a similar post to will copy and paste here:

The issue your facing is when using the auto update to the latest GA agent, what happens here is we push down the command to stop winagent.exe and other processes to complete the update. we wait for Languard service to stop, but it times out, which causes the issues with the update. then you have a device that the winagent.exe process stops. When you login to machine and start this it checks in, then it see's there is a pending update and the the process starts again. This does not happen on all machines!

To sort this. I would start by cancelling the auto update pending updates.

If you connect on to local machine, open task manager and kill winagent.exe then run the download and run the 10.5.6 (or the the latest GA or RC release)  agent installer from the dashboard.  This should update the agent.

Once update it worth checking your agent auto update to make sure if there is a pending update for this device its cancelled or else we will try to push update down again and its causes a loop.

We have addressed this issue, but this is not available till 10.5.7 which has since been replaced with 10.5.9 which is RC at the moment.



Jonathan
Cal LeongCal Leong 
I would like to manually start a scheduled backup job via the command line using a batch script.  Is this possible?
Best Answer chosen by Aleksey (SolarWinds MSP) 
Jeremy BastyrJeremy Bastyr

Assuming you have the software installed and configured with a schedule, use the clienttool.exe application in "C:\Program Files\Backup Manager." To start a backup immediately, the command is: "clienttool.exe control.backup.start"

Elroy WassinkElroy Wassink 
Hello,

I would like to see the ability to make a Executive Summary Report for our customers per site.

Now we can only make it for the whole customer.

Can this be a feature request or is this already being adressed?
Best Answer chosen by Elroy Wassink
GregoryGregory (SolarWinds MSP) 
Hi Elroy,

This is coming in MSP N-central 11.0 SP1, which is currently in Beta.

Thanks,

Gregory
Zach ChechowitzZach Chechowitz 
I have one particular machine that has been consistently failing the Vulnerability Scan for the past couple of days with a "System Cannot Find the File Specified" error.

I have tried the two LogicNow solutions I found online (https://support.logicnow.com/kb/remote-management/Patch-Management-Vulnerability-Scan-Failed and https://support.logicnow.com/kb/remote-management/Vulnerability-Scan-Failed-the-system-cannot-find-the-file-specified), checked all my service settings for the agent and LanGuard services, upgraded the agent to the latest version (10.3.5), and even tried removing and re-adding the agent and all monitoring on the machine, but I'm still running into this issue, Am I missing something here?

I can attach the logs in a reply.
Best Answer chosen by Kevin (SolarWinds MSP) 
Paul HartPaul Hart
I had a similar issue and ran this on all Windows workstations that had problems.

msiexec /i "C:\PROGRA~2\ADVANC~1\featureres\LANguard11Agent.msi" /qn GFI_SERVERTYPE="MAX" GFI_INSTALLDIR="C:\PROGRA~2\ADVANC~1\\patchman" /L*v "C:\PROGRA~2\ADVANC~1\feature_2_install.log" /quiet /norestart

After running the above...try "Re-run Vulnerability Check"

This worked for me everytime. Hope it works for you.
Tom SeymourTom Seymour 
On several Machines Patch management refuses to activate and in the portal all I get for the Vulnerability check is Scan failed and

There has been a problem with the patch scanner. Please check your internet connection and services. If the problem persists please contact support.

OLE error C8000222
The Windows Update (wuauserv) service might be disabled on scan target
but a service check shows it is running.
The Machines I am most concerned about are running Vista Home 32bit. with Agent 10.0.4

Tom Seymour
Best Answer chosen by Kevin (SolarWinds MSP) 
KevinKevin (SolarWinds MSP) 
Hello Tom,

Please give the following a shot:

1)  Start -> Run and type services.msc
2)  Stop the service Automatic Updates
3)  Delete all files/subfolder under C:\WINDOWS\SoftwareDistribution\
4)  Startup the service Automatic Updates

Thank you!

Kevin Jones
Supervisor, Technical Support
www.logicnow.com
LogicNow | Helping Companies Win Through Technology
Steve DealSteve Deal 
Is there a way to use the 'Alternative Remote Access' (Edit Server / Remote Access) with a DRAC or iLO address? It seems like it would be dreadfully handy to have a one-click to a DRAC when Take Control is away for some reason.
Best Answer chosen by Kevin (SolarWinds MSP) 
GarthGarth (SolarWinds MSP) 

Hi Steve, 

Remote Access is not currently possible via iLO or DRAC, I encourage you to vote and comment on a similar idea which has been posted on our ideas website which can be found in the link below,
http://logicnow.ideascale.com/a/dtd/Allow-Additional-Remote-Access-Method-of-iLO

Regards, 
Garth Hefferan
APAC Support Supervisor

 

Larry OrchierLarry Orchier 
I have just installed the latest build of the Advanced Monitoring Agent on a brand new Dell minitower with Windows 10 Home.

I get the following error message:


There has been a problem with the Patch Management scanner. Please check your internet connection and services. If the problem persists please contact support.

Unable to collect scan data


Advanced Monitoring Network Management Service is enabled through the Windows Firewall

How do I proceed?  Thanks.
Best Answer chosen by Kevin (SolarWinds MSP) 
RyanRyan (SolarWinds MSP) 
Larry, 

I hope you are doing well today.  Typically that error is a sign of 3 things that could of gone wrong on the install.  1) the service was never installed, 2) the service is installed but not working properly, and 3) the service is working, but the Lastpatchscan.xml is not generating properly. (this file is located under Program Files (x86)/Advanced Monitoring Agent. 


To tell issue one and two look at the debugfeature.log (under Advanced Monitoring Agent Folder) and search with Cntrl F for Patchmanagement. This will show you the install as well as what happens when the service tries to run. 

For option 3, a good start would be if you are not using Managed Antivirus would be to excluse Patch Management from the AV. 

http://help.logicnow.com/remote-management/helpcontents/pm_prerequisites.htm

Thanks and Regards, 

Ryan Armstrong 
Technical Lead 
​Logicnow
Brett YoungBrett Young 
I have 1 system at a clients site. The vulnerability scan keeps failing. The messge from the check is "Vulnerability scan results not uploaded by device.". I tried the delete the settings.ini, and uninstalling and reinstalling the agent. I even tried the RC client. The check keeps failing. 
Best Answer chosen by Kevin (SolarWinds MSP) 
BenjaminBenjamin (SolarWinds MSP) 

Hello everyone!

To expand on what Ryan said earlier, I wanted to narrow down exactly what it is we are looking for and where you can find it:

1) The service we are looking for is called the GFI LanGuard 11 Attendant service. It should be running as a Local System Account and will start a Process called lnssatt.exe

Our Advanced Monitoring Agent keeps tabs on this service under the debugfeature.log which is found under C:\Program Files (x86 if 64bit)\Advanced Monitoring Agent (GP if Group Policy).

You can use the search term CPatchManagement to search for any and all Patch Management activities in this log. I usually search from the bottom of the log, up so that I can see the most recent events.

If you do see any errors with the service itself, then please check for this registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\gfi_lanss11_attservice

This key should have an Expandable String Value (REG_EXPAND_SZ) value called ImagePath. Based on the architecture of your machine, it should be pointing to:
==32bit==
"C:\PROGRA~1\ADVANC~1\patchman\11\lnssatt.exe" -service
==64bit==
"C:\PROGRA~2\ADVANC~1\patchman\11\lnssatt.exe" -service

2) We will also check to make sure that the Vulnerability Scan is actually starting and finishing. Errors can be caused because either the Scan is timing out, hanging, or it completed but recorded errors. To check on the status, its easiest to use the debug.log found in C:\Program Files (x86 if 64bit)\Advanced Monitoring Agent (GP if Group Policy)

The search term to use is PM_SCHEDULE_SCAN. Example from my device today on what you should see upon a successful start and finish:
29-09-2016 10:01:11: winagent(3756): CSchedule::IsTriggered fired: PM_SCHEDULE_SCAN
29-09-2016 10:01:11: winagent(3756): CTest_Vulnerability::DoTest task triggered: PM_SCHEDULE_SCAN
29-09-2016 10:02:11: winagent(3756): CTest_Vulnerability::DoTest task still active: PM_SCHEDULE_SCAN
29-09-2016 10:03:12: winagent(3756): CTest_Vulnerability::DoTest task still active: PM_SCHEDULE_SCAN
29-09-2016 10:04:12: winagent(3756): CTest_Vulnerability::DoTest task still active: PM_SCHEDULE_SCAN
29-09-2016 10:05:12: winagent(3756): CTest_Vulnerability::DoTest task still active: PM_SCHEDULE_SCAN
29-09-2016 10:06:12: winagent(3756): CTest_Vulnerability::DoTest task still active: PM_SCHEDULE_SCAN
29-09-2016 10:07:12: winagent(3756): CTest_Vulnerability::DoTest task still active: PM_SCHEDULE_SCAN
29-09-2016 10:08:12: winagent(3756): CTest_Vulnerability::DoTest task still active: PM_SCHEDULE_SCAN
29-09-2016 10:09:12: winagent(3756): CTest_Vulnerability::DoTest scan has finished, advancing schedule: PM_SCHEDULE_SCAN

If you see any message regarding "killing operations" or "timed out" then the scan is hanging. More verbose logging would be needed to determine where the hang is occurring.

3) All Vulnerability Scan results are written to a single file called the LastPatchScan.xml file. This file is found under the C:\Program Files (x86 if 64bit)\Advanced Monitoring Agent (GP if Group Policy) folder.

Sometimes this file can become corrupt because of the large amounts of data that are dumped into this file. Simply deleting this file and re-running the Vulnerability Scan should work. You can do this in the Dashboard by:
Right-click on affected device > Patch Management > Rerun Vulnerability Scan

Hopefully this helps clear up where we look and what we look for. If you have additional questions please let us know.

Thanks,
Benjamin Owen
Technical Team Lead
LOGICnow | Choose Intelligence
https://www.logicnow.com

Ben KrauseBen Krause 
I will often use remote background if I don't want to disturb a customer working on their computer.  I love this feature.  However, there are a couple of problems I have with it.

1.  Why does the dashboard need to wait for a computer to check in before it enabled the "Remote Background" button?  Sometimes I know a computer is on and ready to be connected to but the button is greyed out.  Why not just have the button enabled at all times so that it can try to establish a connection with the client?

2.  Sometimes remote background with disconnect and when I try to reconnect to the device, it will say "Failed to start Remote Background Session.  Device not connected.".  However, the device is in fact on and I can remote into it using teamviewer.  Is the remote background just not a resilient service on the machine and it has to time out to start working again?

 
Best Answer chosen by Kevin (SolarWinds MSP) 
BenjaminBenjamin (SolarWinds MSP) 
Ben,

Good afternoon! Hopefully your week is off to a good start so far? Thanks for taking the time to reach out to us!

1. The Remote Background Management feature is ran via the Advanced Monitoring Agent service and is not its own separate service. We run the RBM feature over a persistent connection that is only started upon the Advanced Monitoring Agent's initial check-in. If that persistent connection is broken or a restart occurs, the persistent connection would not resume until the Advanced Monitoring Agent service is manually started or until the next Advanced Monitoring Agent check-in cycle, which for Workstations is typically 60 minutes. That persistent connection is also what allows for you to Run Checks from the Dashboard and have changes pushed down instantly instead of waiting for the check cycle to complete.

2. That disconnection cannot be resumed until either the Advanced Monitoring Agent's next check in or the Advanced Monitoring Agent service is restarted.

While you and I know that the device is on, the Advanced Monitoring Agent only has two ways of telling the Dashboard that it is on:
1) Persistent connection over RBM
2) The Advanced Monitoring Agent check in cycle

If that first persistent connection is broken or severed, the only time we will know the device is online is at the next check in cycle.

Hopefully this helps! If you do have any other questions just leave a comment. I am following this thread and will get any updates. If I don't hear from you, have an excellent week!

Thanks,
Benjamin Owen
Technical Team Lead
LOGICnow | Choose Intelligence
https://www.logicnow.com
Ben KrauseBen Krause 
I've had several calls this morning from users saying that when they login, there stuff is gone on the desktop and windows says they have been logged in with a temporary profile.  If they reboot everything is fine but it's odd that it's happening on so many systems.  Two terminal servers on different hardware experienced this, a windows 7 desktop had this issuse, etc.  It's happened under several different clients across different regions.  At first I thought this was some weird microsoft glitch, but then I thought it might be something related to the Max Remote Management Software.   I wanted to post this to see if anyone had been seeing similar issues or if I'm just going CRAZY!?

Thanks.
Best Answer chosen by Jonathan (SolarWinds MSP) 
Daniel GrönjordDaniel Grönjord
This has been solved by an update from Bitdefender:

https://status.maxfocus.com/2016/09/21/max-rm-local-profile-issues-with-mav-bitdefender-resolved/

After the update a logout and login seems to be enough (no reboot necessary).