Issue

• When running a repair job, an error stating: "Node's reported device ID is not in the database" in the scheduled task window.
• 406 Errors may appear in the IIS W3SVC log
• Error "The core (servername) received the vulnerability info but was unable to process it!" may appear in the Vulscan log
• When running a security or inventory scan from the console you get back the error message "Lost contact"

This is caused by a device ID problem when checking the ID of that agent against the database/core. This can be because of a DB record problem, or it can be caused by a problem in ASP/IIS on the core.

Initial Steps

It may be beneficial to reboot both the SQL server and the Core Server.  Database connectivity is necessary for Device ID lookup

Inventory Related Troubleshooting

Ensure that the client's inventory record is up to date:

1. Setup a scheduled task to run an inventory scan on the machines with /F /SYNC to repopulate the data to the core. This can be done by modifying the inventory scanner script found in manage scripts, adding the /f /sync to the script.   Replace the variable %server% with the core server name.

Example:

REMEXEC1=%LDMS_CLIENT_DIR%\LDISCN32.EXE /NTT=%server%:5007 /S="%server%" /I=HTTP://%server%/ldlogon/ldappl3.ldz /NOUI /NOCD /F /SYNC

    2. After successfully retrieving an inventory scan, re-run the original repair job.

Make sure that the client is pointing to the correct core server.

Check for the core server in the registry:

HKLM\Software\Intel\LANDesk\LDWM\Core Server

Also, check the Inventory scanner shortcut.

Can the client resolve the core servers name?   Look in the above registry key for the core server name, and then try pinging that name from the client.

• Ensure that there are not database performance related issues.  It is a good idea to tune SQL and the Core for the best performance: Recommendations for tuning EPM (LDMS) and MS SQL for large enterprise Core Servers

IIS Related Troubleshooting

1. Is IIS Running?   Restart IIS.   Sometimes this will cause the process to start working.
2. In IIS Manager go to Web Service Extensions and ensure that .NET 2.0 is allowed.   Run IIS Reset from a Run prompt.
3. Ensure that the IUSR account has the proper rights.   If the IUSR account is in the Guest group, ensure that the Guest group is not disabled.

Try to browse to http://coreserver/wsvulnerabilitycore/vulcore.asmx.   If the client cannot reach this page:

1. Click Start, choose Programs, Administrative Tools, and IIS manager
2. Expand Application pools
3. Right-click LDAppVulnerability and choose properties
4. Choose the Identity tab
5. Select predefined and Local System from the drop-down list
6. Reset IIS
7. Test Vulscan, Inventory, and a Scheduled task

Re-Register ASP.NET

1. Run cmd.exe from the start-->run on the pc.
2. Change into the C:\Windows\Microsoft.Net\Framework\v2.0.50727 folde
3. Run aspnet_regiis -i (this will reinstall .NET 2.0)
4. Run IISRESET.

Review IIS Virtual Directory and File permissions

About IIS Virtual Directories and File Permissions for Security and Patch Manager

In particular, the permissions for IncomingData and VulscanResults are important.

───────────────────────────────────────

Defaults for IncomingData:  (R = Read, X = Write)

───────────────────────────────────────

Defaults for VulscanResults: (R = Read, X = Write)

───────────────────────────────────────

Restore IIS settings from backup if available.

If the IIS settings were from before the last applied service pack, reapply the last service pack.

• Ensure that IUSR has not been placed into the Guest group on the core server.

COM+ Objects

Ensure that the COM+ objects have the correct identity set.

1. Specify credentials for the LANDesk COM+ objects by clicking on Start, going to Administrative Tools, choose Component Services, click the plus sign next to Component Services, click the plus sign next to Computers, click the plus sign next to My Computer, COM+ Applications, right-click on LANDesk (you will also perform this task on LANDesk1), click on the Advanced Tab, place the Radial button in “Leave running when idle”, click on the Identity tab, specify a Domain Administrator and password for this user. (This will replace LANDeskComPlus, the new username must be in the domain\username format.)
2. Restart the Core Server. (This must be done because of caching done by IIS, for more information see Microsoft KB Article

       # 326818 http://support.microsoft.com/kb/326818

Issue from import of Scan and Repair settings

If none of the above options resolve this, you may have an issue with some of your scan and repair settings (agent behaviors) that were imported from another core server.

1. Browse to ...LANDesk\ManagementSuite\ldlogon\AgentBehaviors and look to see if you have any agent behaviors that contain the name of a different core in them. If you do, open it up in an editor and check to see what core it is pointing to. If it is pointed to the old core, you imported it with incorrect settings.
2. You need to have imported it using the "Insert items into selected group or owner" and not "Update"
3. The best method is to delete out the old Scan and Repair settings that were imported incorrectly and re-import.
4. Then you will need to update the scan and repair settings on the client machines.