Support Portal | SolarWinds

Support Portal

Questions and Answers from the Community
Ask Search:
Zach ChechowitzZach Chechowitz 
I have one particular machine that has been consistently failing the Vulnerability Scan for the past couple of days with a "System Cannot Find the File Specified" error.

I have tried the two LogicNow solutions I found online (https://support.logicnow.com/kb/remote-management/Patch-Management-Vulnerability-Scan-Failed and https://support.logicnow.com/kb/remote-management/Vulnerability-Scan-Failed-the-system-cannot-find-the-file-specified), checked all my service settings for the agent and LanGuard services, upgraded the agent to the latest version (10.3.5), and even tried removing and re-adding the agent and all monitoring on the machine, but I'm still running into this issue, Am I missing something here?

I can attach the logs in a reply.
Best Answer chosen by Kevin (LogicNow) 
Paul HartPaul Hart
I had a similar issue and ran this on all Windows workstations that had problems.

msiexec /i "C:\PROGRA~2\ADVANC~1\featureres\LANguard11Agent.msi" /qn GFI_SERVERTYPE="MAX" GFI_INSTALLDIR="C:\PROGRA~2\ADVANC~1\\patchman" /L*v "C:\PROGRA~2\ADVANC~1\feature_2_install.log" /quiet /norestart

After running the above...try "Re-run Vulnerability Check"

This worked for me everytime. Hope it works for you.
Tom SeymourTom Seymour 
On several Machines Patch management refuses to activate and in the portal all I get for the Vulnerability check is Scan failed and

There has been a problem with the patch scanner. Please check your internet connection and services. If the problem persists please contact support.

OLE error C8000222
The Windows Update (wuauserv) service might be disabled on scan target
but a service check shows it is running.
The Machines I am most concerned about are running Vista Home 32bit. with Agent 10.0.4

Tom Seymour
Best Answer chosen by Kevin (LogicNow) 
KevinKevin (LogicNow) 
Hello Tom,

Please give the following a shot:

1)  Start -> Run and type services.msc
2)  Stop the service Automatic Updates
3)  Delete all files/subfolder under C:\WINDOWS\SoftwareDistribution\
4)  Startup the service Automatic Updates

Thank you!

Kevin Jones
Supervisor, Technical Support
www.logicnow.com
LogicNow | Helping Companies Win Through Technology
Steve DealSteve Deal 
Is there a way to use the 'Alternative Remote Access' (Edit Server / Remote Access) with a DRAC or iLO address? It seems like it would be dreadfully handy to have a one-click to a DRAC when Take Control is away for some reason.
Best Answer chosen by Kevin (LogicNow) 
GarthGarth (LogicNow) 

Hi Steve, 

Remote Access is not currently possible via iLO or DRAC, I encourage you to vote and comment on a similar idea which has been posted on our ideas website which can be found in the link below,
http://logicnow.ideascale.com/a/dtd/Allow-Additional-Remote-Access-Method-of-iLO

Regards, 
Garth Hefferan
APAC Support Supervisor

 

Larry OrchierLarry Orchier 
I have just installed the latest build of the Advanced Monitoring Agent on a brand new Dell minitower with Windows 10 Home.

I get the following error message:


There has been a problem with the Patch Management scanner. Please check your internet connection and services. If the problem persists please contact support.

Unable to collect scan data


Advanced Monitoring Network Management Service is enabled through the Windows Firewall

How do I proceed?  Thanks.
Best Answer chosen by Kevin (LogicNow) 
RyanRyan (LogicNow) 
Larry, 

I hope you are doing well today.  Typically that error is a sign of 3 things that could of gone wrong on the install.  1) the service was never installed, 2) the service is installed but not working properly, and 3) the service is working, but the Lastpatchscan.xml is not generating properly. (this file is located under Program Files (x86)/Advanced Monitoring Agent. 


To tell issue one and two look at the debugfeature.log (under Advanced Monitoring Agent Folder) and search with Cntrl F for Patchmanagement. This will show you the install as well as what happens when the service tries to run. 

For option 3, a good start would be if you are not using Managed Antivirus would be to excluse Patch Management from the AV. 

http://help.logicnow.com/remote-management/helpcontents/pm_prerequisites.htm

Thanks and Regards, 

Ryan Armstrong 
Technical Lead 
​Logicnow
Brett YoungBrett Young 
I have 1 system at a clients site. The vulnerability scan keeps failing. The messge from the check is "Vulnerability scan results not uploaded by device.". I tried the delete the settings.ini, and uninstalling and reinstalling the agent. I even tried the RC client. The check keeps failing. 
Best Answer chosen by Kevin (LogicNow) 
BenjaminBenjamin (LogicNow) 

Hello everyone!

To expand on what Ryan said earlier, I wanted to narrow down exactly what it is we are looking for and where you can find it:

1) The service we are looking for is called the GFI LanGuard 11 Attendant service. It should be running as a Local System Account and will start a Process called lnssatt.exe

Our Advanced Monitoring Agent keeps tabs on this service under the debugfeature.log which is found under C:\Program Files (x86 if 64bit)\Advanced Monitoring Agent (GP if Group Policy).

You can use the search term CPatchManagement to search for any and all Patch Management activities in this log. I usually search from the bottom of the log, up so that I can see the most recent events.

If you do see any errors with the service itself, then please check for this registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\gfi_lanss11_attservice

This key should have an Expandable String Value (REG_EXPAND_SZ) value called ImagePath. Based on the architecture of your machine, it should be pointing to:
==32bit==
"C:\PROGRA~1\ADVANC~1\patchman\11\lnssatt.exe" -service
==64bit==
"C:\PROGRA~2\ADVANC~1\patchman\11\lnssatt.exe" -service

2) We will also check to make sure that the Vulnerability Scan is actually starting and finishing. Errors can be caused because either the Scan is timing out, hanging, or it completed but recorded errors. To check on the status, its easiest to use the debug.log found in C:\Program Files (x86 if 64bit)\Advanced Monitoring Agent (GP if Group Policy)

The search term to use is PM_SCHEDULE_SCAN. Example from my device today on what you should see upon a successful start and finish:
29-09-2016 10:01:11: winagent(3756): CSchedule::IsTriggered fired: PM_SCHEDULE_SCAN
29-09-2016 10:01:11: winagent(3756): CTest_Vulnerability::DoTest task triggered: PM_SCHEDULE_SCAN
29-09-2016 10:02:11: winagent(3756): CTest_Vulnerability::DoTest task still active: PM_SCHEDULE_SCAN
29-09-2016 10:03:12: winagent(3756): CTest_Vulnerability::DoTest task still active: PM_SCHEDULE_SCAN
29-09-2016 10:04:12: winagent(3756): CTest_Vulnerability::DoTest task still active: PM_SCHEDULE_SCAN
29-09-2016 10:05:12: winagent(3756): CTest_Vulnerability::DoTest task still active: PM_SCHEDULE_SCAN
29-09-2016 10:06:12: winagent(3756): CTest_Vulnerability::DoTest task still active: PM_SCHEDULE_SCAN
29-09-2016 10:07:12: winagent(3756): CTest_Vulnerability::DoTest task still active: PM_SCHEDULE_SCAN
29-09-2016 10:08:12: winagent(3756): CTest_Vulnerability::DoTest task still active: PM_SCHEDULE_SCAN
29-09-2016 10:09:12: winagent(3756): CTest_Vulnerability::DoTest scan has finished, advancing schedule: PM_SCHEDULE_SCAN

If you see any message regarding "killing operations" or "timed out" then the scan is hanging. More verbose logging would be needed to determine where the hang is occurring.

3) All Vulnerability Scan results are written to a single file called the LastPatchScan.xml file. This file is found under the C:\Program Files (x86 if 64bit)\Advanced Monitoring Agent (GP if Group Policy) folder.

Sometimes this file can become corrupt because of the large amounts of data that are dumped into this file. Simply deleting this file and re-running the Vulnerability Scan should work. You can do this in the Dashboard by:
Right-click on affected device > Patch Management > Rerun Vulnerability Scan

Hopefully this helps clear up where we look and what we look for. If you have additional questions please let us know.

Thanks,
Benjamin Owen
Technical Team Lead
LOGICnow | Choose Intelligence
https://www.logicnow.com

Ben KrauseBen Krause 
I will often use remote background if I don't want to disturb a customer working on their computer.  I love this feature.  However, there are a couple of problems I have with it.

1.  Why does the dashboard need to wait for a computer to check in before it enabled the "Remote Background" button?  Sometimes I know a computer is on and ready to be connected to but the button is greyed out.  Why not just have the button enabled at all times so that it can try to establish a connection with the client?

2.  Sometimes remote background with disconnect and when I try to reconnect to the device, it will say "Failed to start Remote Background Session.  Device not connected.".  However, the device is in fact on and I can remote into it using teamviewer.  Is the remote background just not a resilient service on the machine and it has to time out to start working again?

 
Best Answer chosen by Kevin (LogicNow) 
BenjaminBenjamin (LogicNow) 
Ben,

Good afternoon! Hopefully your week is off to a good start so far? Thanks for taking the time to reach out to us!

1. The Remote Background Management feature is ran via the Advanced Monitoring Agent service and is not its own separate service. We run the RBM feature over a persistent connection that is only started upon the Advanced Monitoring Agent's initial check-in. If that persistent connection is broken or a restart occurs, the persistent connection would not resume until the Advanced Monitoring Agent service is manually started or until the next Advanced Monitoring Agent check-in cycle, which for Workstations is typically 60 minutes. That persistent connection is also what allows for you to Run Checks from the Dashboard and have changes pushed down instantly instead of waiting for the check cycle to complete.

2. That disconnection cannot be resumed until either the Advanced Monitoring Agent's next check in or the Advanced Monitoring Agent service is restarted.

While you and I know that the device is on, the Advanced Monitoring Agent only has two ways of telling the Dashboard that it is on:
1) Persistent connection over RBM
2) The Advanced Monitoring Agent check in cycle

If that first persistent connection is broken or severed, the only time we will know the device is online is at the next check in cycle.

Hopefully this helps! If you do have any other questions just leave a comment. I am following this thread and will get any updates. If I don't hear from you, have an excellent week!

Thanks,
Benjamin Owen
Technical Team Lead
LOGICnow | Choose Intelligence
https://www.logicnow.com
Ben KrauseBen Krause 
I've had several calls this morning from users saying that when they login, there stuff is gone on the desktop and windows says they have been logged in with a temporary profile.  If they reboot everything is fine but it's odd that it's happening on so many systems.  Two terminal servers on different hardware experienced this, a windows 7 desktop had this issuse, etc.  It's happened under several different clients across different regions.  At first I thought this was some weird microsoft glitch, but then I thought it might be something related to the Max Remote Management Software.   I wanted to post this to see if anyone had been seeing similar issues or if I'm just going CRAZY!?

Thanks.
Best Answer chosen by Jonathan (LogicNow) 
Daniel GrönjordDaniel Grönjord
This has been solved by an update from Bitdefender:

https://status.maxfocus.com/2016/09/21/max-rm-local-profile-issues-with-mav-bitdefender-resolved/

After the update a logout and login seems to be enough (no reboot necessary).
Stephen CoveneyStephen Coveney 

Hi all

The Endpoint Master Service stops and doesn't restart intermittantly on various machines here. So I created an automated task to start this service again if the check fails. 

However it never actually works by itself. I always have to manually run the task and then it does work (except one machine where i had to do it locally).

Images of the setup are below. Has this happened anyone else or am I missing something very basic
 



Setup part 1
Setup part 2

Best Answer chosen by Kevin (LogicNow) 
BenjaminBenjamin (LogicNow) 
Stephen,

Good evening! Hopefully you're doing well today?

The above Automated Task should actually work if the Managed Antivirus - BitDefender services were not branded. At this stage, this is a known issue with this Automated Task and a branded service as our Advanced Monitoring Agent does not take into account the branded service.

Our RM Development Team and BD Development Teams are working together to resolve. You can watch our status.maxfocus.com page for our MAX Remote Management releases and check the BUGFIX: section for when this is released.

Thanks,
Benjamin Owen
Technical Team Lead
LOGICnow | Choose Intelligence
https://www.logicnow.com
David WrightDavid Wright 
I'm keen to be able to add the following fields to my assets - Purchase date, Cost, Life cycle (yrs) to my corporate assets, to aid in my ability to plan future Capex costs. Is there any releases coming up to assist with recording and reporting this information? Don't want to have to export to XML to complete this? Are there any add-in's or other products that can be used along side Remote Management to provide this functionality? 
Best Answer chosen by Kevin (LogicNow) 
BenjaminBenjamin (LogicNow) 
David,

Good evening! Ready for a good upcoming week?

In the MAX Remote Management Dashboard, if you select View > Asset Tracking, this should launch your Asset Tracking Dashboard.

From this second tab ( or window ) select Settings > Asset Tracking Settings

The first screen that should load is Custom Fields. These are Fields that you can define manually that then appear on the Summary Tab in the Asset Tracking Dashboard.

Thanks,
Benjamin Owen
Technical Team Lead
LOGICnow | Choose Intelligence
https://www.logicnow.com
Hayden RobinsonHayden Robinson 
Does patch management not update Java major versions e.g. 7 to 8? Other apps update between them fine e.g. Teamviewer 10 to 11.

I have logged two support cases about this and neither are showing in my open or closed cases. I can only assume they have been deleted?
Best Answer chosen by Kevin (LogicNow) 
BenjaminBenjamin (LogicNow) 
Hayden,

Good evening! Hopefully you're week is off to a good start?

Patch Management only updates to major versions of certain applications due to the way the application updates. Most major version upgrades to Java, for example, require the uninstall of the previous version and the install of the new version. If an update to a major version were to stall or fail, it would leave no Java installed on the device, which could cause compatibility and usage issues for the users. For this reason we do not upgrade Java major versions.

We actually have a class of applications for which we perform major version upgrades and that can be found here:
http://www.gfi.com/support/products/gfi-languard/What-3rd-party-products-does-GFI-LanGuard-offer-major-minor-version-upgrades-for

For your second question about support cases. We do not delete support cases, even in the event of duplicates. Each time a case is created, it should generate an email notification with a Case # in the subject. If you have those emails with Case #s, I'd be more than willing to check on their status.

Have a great evening!

Thanks,
Benjamin Owen
Technical Team Lead
LOGICnow | Choose Intelligence
https://www.logicnow.com