We have several Windows 2012 servers with .NET 4.6 installed.

Our patching product is BSA that is using the shavlik catalogs.

Why is shavlik detect that patch KB4096494 (for .NET 4.5.2) is missing ?

Patch KB4096416 (for .NET 4.6) is installed.

The following alert is written:

windows8-rt-kb4096494-x64.msu-MS18-05-MRNET-4099634-en-WINDOWS SERVER 2012 STANDARD (X64)-Gold     Q4096494 Important     MS18-05-MRNET-4099634     CVE-2018-1039     N/A     WINDOWS SERVER 2012 STANDARD (X64)     Missing Security and Quality Rollup for .NET Framework 3.5 SP1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7 and 4.7.1 updates for Windows 2012 Server 2012 (KB4099634)     This update resolves a vulnerability in Microsoft .NET framework that could cause denial of se...[Truncated]     The registry key 'SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages_for_KB4096494~31bf3856ad364e35~amd64~~6.2.1.0\CurrentState' does not exist. It is required for this patch to be considered installed.

Why is shavlik searching for registry key for .NET 4.5.2 as .NET 4.6 is installed ?

We have a few more than 100+ false possible alerts.

Purpose

This document will show you how to run/schedule the "Console Clean Up" ITScript to clean up your Patch Repository

The Patch Repository location is the path listed under "Patch download directory" in the Downloads tab under Tools > Operations (Tools > Options in 9.3)

The default location is C:\ProgramData\LANDesk\Shavlik Protect\Console\Patches

Symptoms

Your patch repository is taking up too much storage space storing old patches you no longer need

Steps

Go to Manage > ITScripts, and when it is done updating, close the pop-up if it did not close automatically

Under the "Maintenance" category, highlight "Console Clean Up" and click "Approve"

Then go to Tools > "Run console ITScripts"

The values listed are in Days (the default value for both is 180 days) - if you want to modify a value, double-click on the parameter you want to change (patchAge/deploymentAge) and enter the desired value

When finished, press "Continue" to proceed to the scheduling options

Click "Run" to run immediately, or select the scheduling options you want and click "Schedule" (the "Run" button changes to "Schedule" when you select scheduling options)

Affected Product(s)

Shavlik Protect 9.2

Ivanti Patch for Windows  Servers 9.3

Purpose

To have a better understanding of the Custom Action process and why things may fail or be an issue.

Overview

• If you create a custom patch and classify it as a Custom Action the (Custom Action scan/Null patch scan) will now find two missing patches.
• All Custom Actions and Custom Patches run as the Local SYSTEM account.
• Custom Actions and Custom Patches can not have any windows requiring user interaction.
• Test your commands and files before trying a Custom Action.
• All files pushed in Custom Actions will be located in the sandbox (%PATHTOFIXES%)
• Custom Actions can be used to push multiple files to the target machine
• Custom Actions can execute multiple files
• Test your Custom Action before adding triggers

Affected Products

Ivanti Patch for Windows 9.3x

Shavlik Patch 9.2x

Hi All

Hoping someone can save me from alot of extra work.

I have just taken over the Ivanti Patching for a number of estates in out company which where previously managed by a single user. When all the patching was set up it was set up under his Personal account. I am now in the process of taking over will be moving this to be managed by a Single Service Account, I have re-added required credentials fine, re-added the hosts fine. Off to a great start so far

When running a test Scan against a machine group 0 machines are discovered or scanned, in the machine group in question the VM's are there but there is no "Browse Credentials" assigned to the VM's. When I R-Click to add these credentials to the VM's the "Browse Credentials" Setting is Greyed out and not able to be selected. (see Image below for example)

My current solution to this is to manually re-add each individual VM back into the machine group which then presents the "Browse Credentials" with ones assigned and I am able to run a Scan successfully.

Is there a way round the "Browse Credentials" being Greyed out or is there a reason for this that can be worked around. There are multiple Machine groups with 200+ VMs whcih will need to manually added in so will take considerable time, where I could Select all and change the Brewse Credentials for all in one go if this was not greyed out.

Hope this issues makes sense and someone has some insight.

Thanks

Hi All,

Coming up against an Issues, I have taken over the ivanti Console from another user, and have replicated the credentials required. When running a Scan and Deployment, the process Scans the VMS fine, Downloads the Patch to the machines, but then I get an Error essentially stating the Credentials are invalid and the patches never install.

Please see image:

I have tried a number of accounts, of which are members of Domain Admin, have access to logon to the VM's and OS.

Any Ideas welcome, Thanks

Is it possible to schedule scan quarterly?

The only option is to schedule scan monthly.

Are they any plans to add an option on which month or every X month to scan?

For example in Outlook I can select monthly recurrence on every X month:

This simple choice allows me to do something quarterly not monthly.

Hello,

I’m trying to move my Ivanti console from one server (W2K8R2 STD) to another server (W2K16STD) but I always get the same error : Object reference not set to an instance of an object

Steps I did :

• Attached/detached my DB from SQL2005 to SQL2016 - SP1 – CU5 (13.0.4451.0)
• Changed the DB location with “Database setup tool” to this new SQL server

on the old server : (UserID with Admin rights on the server)

• Upgrade my Shavlik console from 9.1.xxx to IvantiPatchForServers_9.3.4510
• Backup Core settings
• Backup User settings

on the new server : (The same userid)

• Installed IvantiPatchForServers_9.3.4510
• The installation also installed SQL Express
• Created a local DB for the new installation of Ivanti Console
• Copied the Backup files from the old server to the new server
• Tried to Restore the Core settings but it always fails with the same error

This is the output of the logfiles located at C:\ProgramData\LANDESK\Shavlik Protect\Logs

1. ST.Backup.Protect.UI.managed.[username]@[domain].log

2017-12-15T10:20:09.8032504Z
0001 I Program.cs:49|'D:\Program Files\LANDESK\Shavlik
Protect\ST.Backup.Protect.UI.exe' is starting, version: 9.3.4510.0, full name:
ST.Backup.Protect.UI, Version=9.3.0.0, Culture=neutral,
PublicKeyToken=19306d7375e33918.

2017-12-15T10:20:35.7350073Z
0001 I Database.cs:70|Starting restore of the database.

2017-12-15T10:20:35.8600074Z
0006 I Credentials.cs:167|Starting deletion of invalid credentials.

2017-12-15T10:20:35.8912586Z
0005 I Credentials.cs:184|Finished deletion of invalid credentials.

2017-12-15T10:20:35.9068835Z
0005 I Credentials.cs:258|Starting restore of user credentials.

2017-12-15T10:20:35.9225083Z
0005 I Credentials.cs:274|Finished restore of '0' user credentials.

2017-12-15T10:20:36.0318846Z
0001 E MainForm.cs:414|System.NullReferenceException: Object reference not set
to an instance of an object.

   at
ST.Core.Net.ProxyCredentials.InitGlobalProxy(ProxyCredentials proxyCredentials)

   at
ST.BusinessObjects.FileDownload.ProxyConfiguration.<SafeConfigureAsync>d__2.MoveNext()

--- End of
stack trace from previous location where exception was thrown ---

   at
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()

   at
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task
task)

   at
ST.Backup.Protect.RestoreWorkflow.<RunInternalAsync>d__2.MoveNext()

--- End of
stack trace from previous location where exception was thrown ---

   at
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()

   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task
task)

   at
ST.Backup.Protect.NTService.<RunWithStoppedAsync>d__4`1.MoveNext()

--- End of
stack trace from previous location where exception was thrown ---

   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()

   at
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task
task)

   at
ST.Backup.Protect.UI.MainForm.<RestoreAsync>d__24.MoveNext()

--- End of
stack trace from previous location where exception was thrown ---

   at
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()

   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task
task)

   at
ST.Backup.Protect.UI.MainForm.<RunRestoreInternalAsync>d__26.MoveNext()

1. ST.DatabaseConfiguration.log

2017-12-15T10:19:32.0039302Z
0001 I Program.cs:212|'D:\Program Files\LANDESK\Shavlik
Protect\ST.DatabaseConfiguration.exe' is starting, version: 9.3.4510.0, full
name: ST.DatabaseConfiguration, Version=9.3.0.0, Culture=neutral,
PublicKeyToken=19306d7375e33918.

2017-12-15T10:19:32.0195551Z
0001 I Program.cs:238|Database installation wizard started.

2017-12-15T10:19:32.5664347Z
0001 S Program.cs:147|InstallInteractive|Entering.

2017-12-15T10:19:39.3477731Z
0001 S
InstallWizard.OnTransitionAwayHandlers.cs:16|PrepareConfigureSqlState|Entering.

2017-12-15T10:19:39.3946194Z
0001 S
InstallWizard.OnTransitionAwayHandlers.cs:16|PrepareConfigureSqlState|Leaving.

2017-12-15T10:19:44.6603745Z
0001 S InstallWizard.TransitionGuardHandlers.cs:43|GetDatabaseConnectionState|Entering.

2017-12-15T10:19:44.8634994Z
0001 S ConnectionValidator.cs:268|QueryConnectionState|Entering.

2017-12-15T10:19:44.8791260Z
0001 S ConnectionValidator.cs:268|QueryConnectionState|Leaving.

2017-12-15T10:19:44.8791260Z
0001 S SqlPrincipalManager.cs:420|QueryNameBySid|Entering.

2017-12-15T10:19:44.8791260Z
0001 S SqlPrincipalManager.cs:420|QueryNameBySid|Leaving.

2017-12-15T10:19:44.8947507Z
0001 S PermissionManager.cs:165|HasPermission|Entering.

2017-12-15T10:19:44.9416268Z
0001 S PermissionManager.cs:165|HasPermission|Leaving.

2017-12-15T10:19:44.9416268Z
0001 S PermissionManager.cs:165|HasPermission|Entering.

2017-12-15T10:19:44.9416268Z
0001 S PermissionManager.cs:165|HasPermission|Leaving.

2017-12-15T10:19:44.9416268Z
0001 S PermissionManager.cs:165|HasPermission|Entering.

2017-12-15T10:19:44.9416268Z
0001 S PermissionManager.cs:165|HasPermission|Leaving.

2017-12-15T10:19:44.9416268Z
0001 S PermissionManager.cs:165|HasPermission|Entering.

2017-12-15T10:19:44.9416268Z
0001 S PermissionManager.cs:165|HasPermission|Leaving.

2017-12-15T10:19:44.9572508Z
0001 S PermissionManager.cs:165|HasPermission|Entering.

2017-12-15T10:19:44.9572508Z
0001 S PermissionManager.cs:165|HasPermission|Leaving.

2017-12-15T10:19:44.9572508Z
0001 S RoleManager.cs:32|IsInRole|Entering.

2017-12-15T10:19:44.9572508Z
0001 S RoleManager.cs:270|IsInRole|Entering.

2017-12-15T10:19:44.9572508Z
0001 S RoleManager.cs:270|IsInRole|Leaving.

2017-12-15T10:19:44.9572508Z
0001 S RoleManager.cs:32|IsInRole|Leaving.

2017-12-15T10:19:44.9728759Z
0001 S
InstallWizard.TransitionGuardHandlers.cs:43|GetDatabaseConnectionState|Leaving.

2017-12-15T10:19:44.9728759Z
0001 S SqlPrincipalManager.cs:420|QueryNameBySid|Entering.

2017-12-15T10:19:44.9728759Z
0001 S SqlPrincipalManager.cs:420|QueryNameBySid|Leaving.

2017-12-15T10:19:45.0510019Z
0004 S DatabaseInstallerController.cs:237|ExecuteInstallAsync|Entering.

2017-12-15T10:19:45.0822517Z
0004 S DatabaseInstaller.cs:158|InstallAsync|Entering.

2017-12-15T10:19:45.0822517Z
0004 S DatabaseInstaller.cs:298|GetIntelligentTimeoutAsync|Entering.

2017-12-15T10:19:45.0822517Z
0004 S DatabaseInstaller.cs:298|GetIntelligentTimeoutAsync|Leaving.

2017-12-15T10:19:45.1291272Z
0005 I DatabaseInstaller.cs:365|Commit started.

2017-12-15T10:19:45.1447528Z
0004 I DatabaseInstaller.cs:412|(1000201) Linking console

2017-12-15T10:19:45.1603771Z
0005 I DatabaseInstaller.cs:377|Console linked to existing database.

2017-12-15T10:19:45.1603771Z
0005 I DatabaseInstaller.cs:1096|Completed install transaction scope.

2017-12-15T10:19:45.1603771Z
0005 S DatabaseInstaller.cs:937|SetupRoleUsersAsync|Entering.

2017-12-15T10:19:45.1603771Z
0005 I DatabaseInstaller.cs:441|Changed database context to 'Protect'.

2017-12-15T10:19:45.1760023Z
0005 S SqlPrincipalManager.cs:212|GetCreateServiceAccountLogin|Entering.

2017-12-15T10:19:45.1760023Z
0005 S SqlPrincipalManager.cs:326|GetCreateAccountLogin|Entering.

2017-12-15T10:19:45.1760023Z
0005 S SqlPrincipalManager.cs:326|GetCreateAccountLogin|Leaving.

2017-12-15T10:19:45.1760023Z
0005 S SqlPrincipalManager.cs:212|GetCreateServiceAccountLogin|Leaving.

2017-12-15T10:19:45.1916275Z
0005 S RoleManager.cs:309|IsInRoleAsync|Entering.

2017-12-15T10:19:45.1916275Z
0004 S RoleManager.cs:309|IsInRoleAsync|Leaving.

2017-12-15T10:19:45.1916275Z
0004 S DatabaseInstaller.cs:937|SetupRoleUsersAsync|Leaving.

2017-12-15T10:19:45.1916275Z
0004 S RoleManager.cs:211|CleanupDbExecutorRoleAsync|Entering.

2017-12-15T10:19:45.1916275Z
0004 I RoleManager.cs:219|Removing db_executor role.

2017-12-15T10:19:45.3166285Z
0005 S RoleManager.cs:211|CleanupDbExecutorRoleAsync|Leaving.

2017-12-15T10:19:45.3166285Z
0005 S DatabaseInstaller.cs:158|InstallAsync|Leaving.

2017-12-15T10:19:45.3166285Z
0005 S DatabaseInstallerController.cs:237|ExecuteInstallAsync|Leaving.

2017-12-15T10:19:48.5298254Z
0001 S Program.cs:147|InstallInteractive|Leaving.

2017-12-15T10:19:48.5298254Z
0001 I Program.cs:277|Database installation complete.

1. ST.Protect.managed.[Username]@[domain].log

2017-12-15T10:19:51.7651871Z
0001 C Launcher.cs:87|System.InvalidOperationException: Crash from UI thread
---> System.InvalidOperationException: Crash from UI thread --->
System.NullReferenceException: Object reference not set to an instance of an object.

   at
ST.Core.Net.ProxyCredentials.InitGlobalProxy(ProxyCredentials proxyCredentials)

   at
ST.BusinessObjects.FileDownload.ProxyConfiguration.<ConfigureAsync>d__1.MoveNext()

--- End of
stack trace from previous location where exception was thrown ---

   at
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()

   at
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task
task)

   at
ST.Protect.Forms.ConsoleStateExaminer.<RunChecksThatCauseApplicationExitAsync>d__13.MoveNext()

--- End of
stack trace from previous location where exception was thrown ---

   at
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()

   at
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task
task)

   at
ST.Protect.Forms.ConsoleStateExaminer.<IsStateValidAsync>d__0.MoveNext()

--- End of
stack trace from previous location where exception was thrown ---

   at
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()

   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task
task)

   at
ST.Protect.Forms.Main.Splash.<OnShownAsync>d__6.MoveNext()

--- End of
stack trace from previous location where exception was thrown ---

   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()

   at
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task
task)

   at
ST.Protect.Forms.Main.Splash.<TaskFormShown>d__9.MoveNext()

--- End of
stack trace from previous location where exception was thrown ---

   at
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()

   --- End of inner exception stack trace ---

   at
ST.Protect.Launcher.TerminateFromThreadException(Exception exception)

   at ST.Protect.Launcher.ApplicationThreadException(Object
sender, ThreadExceptionEventArgs e)

   at
System.Windows.Forms.Application.ThreadContext.OnThreadException(Exception t)

   at
System.Windows.Forms.Control.InvokeMarshaledCallbacks()

   at
System.Windows.Forms.Control.WndProc(Message& m)

   at
System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg, IntPtr
wparam, IntPtr lparam)

   --- End of inner exception stack trace ---

   at
ST.Protect.Launcher.TerminateFromThreadException(Exception exception)

   at ST.Protect.Launcher.ApplicationThreadException(Object
sender, ThreadExceptionEventArgs e)

   at
System.Windows.Forms.Application.ThreadContext.OnThreadException(Exception t)

   at
System.Windows.Forms.Control.WndProcException(Exception e)

   at System.Windows.Forms.NativeWindow.Callback(IntPtr
hWnd, Int32 msg, IntPtr wparam, IntPtr lparam)

   at
System.Windows.Forms.UnsafeNativeMethods.DispatchMessageW(MSG& msg)

   at
System.Windows.Forms.Application.ComponentManager.System.Windows.Forms.UnsafeNativeMethods.IMsoComponentManager.FPushMessageLoop(IntPtr
dwComponentID, Int32 reason, Int32 pvLoopData)

   at
System.Windows.Forms.Application.ThreadContext.RunMessageLoopInner(Int32
reason, ApplicationContext context)

   at
System.Windows.Forms.Application.ThreadContext.RunMessageLoop(Int32 reason,
ApplicationContext context)

   at
System.Windows.Forms.Form.ShowDialog(IWin32Window owner)

   at ST.Protect.Launcher.ExecuteMain()

   at ST.Protect.Launcher.ExecuteInMutex(Action
action, String mutexName)

   at ST.Protect.Launcher.Main(String[] args)

2017-12-15T10:19:51.7808124Z
0001 W Licensing.cs:400|No capability for 17170444

2017-12-15T10:19:51.7808124Z
0001 W Licensing.cs:400|No capability for 17170444

1. ST.ServiceHost.managed.log

2017-12-15T10:19:47.8110702Z
2414 I Host.cs:89|Service 'Host' is stopping.

2017-12-15T10:19:47.8423209Z
0006 I ComponentManager.cs:367|Component 'ResultsReceiver' shutdown.

2017-12-15T10:19:47.8423209Z
0006 I ComponentManager.cs:367|Component 'Messaging' shutdown.

2017-12-15T10:19:47.8891952Z
2415 I ComponentManager.cs:367|Component 'Scheduler' shutdown.

2017-12-15T10:19:48.1391970Z
0001 I Program.cs:41|'D:\Program Files\LANDESK\Shavlik
Protect\ST.ServiceHost.exe' is starting, version: 9.3.2666.0, full name:
ST.ServiceHost, Version=9.3.0.0, Culture=neutral,
PublicKeyToken=19306d7375e33918.

2017-12-15T10:19:48.1860722Z
0004 I Host.cs:75|Service 'Host' is starting.

2017-12-15T10:19:48.2329482Z
0004 I ComponentManager.cs:321|Component 'Administration' loaded.

2017-12-15T10:19:48.2329482Z
0005 I ComponentManager.cs:321|Component 'AgentDeployment' loaded.

2017-12-15T10:19:48.2641984Z
0004 I ComponentManager.cs:321|Component 'AgentSupport' loaded.

2017-12-15T10:19:48.2641984Z
0005 I ComponentManager.cs:321|Component 'CloudSynchronization' loaded.

2017-12-15T10:19:48.2641984Z
0004 I ComponentManager.cs:321|Component 'Credentials' loaded.

2017-12-15T10:19:48.2798221Z
0005 I ComponentManager.cs:321|Component 'EngineOrchestrator' loaded.

2017-12-15T10:19:48.2798221Z
0005 I ComponentManager.cs:321|Component 'PowerShellEngine' loaded.

2017-12-15T10:19:48.2954485Z
0004 I ComponentManager.cs:321|Component 'Exporter' loaded.

2017-12-15T10:19:48.3110723Z
0004 I ComponentManager.cs:321|Component 'Messaging' loaded.

2017-12-15T10:19:48.3110723Z
0005 I ComponentManager.cs:321|Component 'ResultQueueMonitor' loaded.

2017-12-15T10:19:48.3110723Z
0004 I ComponentManager.cs:321|Component 'ResultsReceiver' loaded.

2017-12-15T10:19:48.3266980Z
0005 I ComponentManager.cs:321|Component 'STS' loaded.

2017-12-15T10:19:48.3266980Z
0005 I ComponentManager.cs:321|Component 'Synchronization' loaded.

2017-12-15T10:19:48.3266980Z
0005 I ComponentManager.cs:321|Component 'Tracker' loaded.

2017-12-15T10:19:48.3266980Z
0005 I ComponentManager.cs:321|Component 'VirtualDeployment' loaded.

2017-12-15T10:19:48.3266980Z
0004 I ComponentManager.cs:321|Component 'Scheduler' loaded.

2017-12-15T10:19:48.5767001Z
0006 I ComponentManager.cs:437|Component 'Scheduler' started.

2017-12-15T10:19:48.5767001Z
0005 I ComponentManager.cs:437|Component 'Messaging' started.

2017-12-15T10:19:48.6704528Z
0007 I ComponentManager.cs:437|Component 'ResultsReceiver' started.

2017-12-15T10:19:48.8735770Z
0005 E ComponentManager.cs:396|Component 'Administration' failed to start.:
System.NullReferenceException: Object reference not set to an instance of an
object.

   at
ST.Core.Net.ProxyCredentials.InitGlobalProxy(ProxyCredentials proxyCredentials)

   at
ST.BusinessObjects.FileDownload.ProxyConfiguration.<SafeConfigureAsync>d__2.MoveNext()

--- End of
stack trace from previous location where exception was thrown ---

   at
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()

   at
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task
task)

   at ST.Services.Administration.AdministrationServiceComponent.<StartAsync>d__3.MoveNext()

--- End of
stack trace from previous location where exception was thrown ---

   at
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()

   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task
task)

   at
ST.Host.ComponentManager.<StartComponentAsync>d__21.MoveNext()

2017-12-15T10:20:35.3756307Z
0010 I Host.cs:89|Service 'Host' is stopping.

2017-12-15T10:20:35.3912549Z
0007 I ComponentManager.cs:367|Component 'ResultsReceiver' shutdown.

2017-12-15T10:20:35.3912549Z
0007 I ComponentManager.cs:367|Component 'Messaging' shutdown.

2017-12-15T10:20:35.4068806Z
0011 I ComponentManager.cs:367|Component 'Scheduler' shutdown.

2017-12-15T10:20:36.0006346Z
0001 I Program.cs:41|'D:\Program Files\LANDESK\Shavlik
Protect\ST.ServiceHost.exe' is starting, version: 9.3.2666.0, full name:
ST.ServiceHost, Version=9.3.0.0, Culture=neutral,
PublicKeyToken=19306d7375e33918.

2017-12-15T10:20:36.0318846Z
0004 I Host.cs:75|Service 'Host' is starting.

2017-12-15T10:20:36.0475096Z
0004 I ComponentManager.cs:321|Component 'Administration' loaded.

2017-12-15T10:20:36.0475096Z
0005 I ComponentManager.cs:321|Component 'AgentDeployment' loaded.

2017-12-15T10:20:36.0475096Z
0004 I ComponentManager.cs:321|Component 'AgentSupport' loaded.

2017-12-15T10:20:36.0475096Z
0004 I ComponentManager.cs:321|Component 'Credentials' loaded.

2017-12-15T10:20:36.0475096Z
0005 I ComponentManager.cs:321|Component 'CloudSynchronization' loaded.

2017-12-15T10:20:36.0475096Z
0005 I ComponentManager.cs:321|Component 'Messaging' loaded.

2017-12-15T10:20:36.0475096Z
0004 I ComponentManager.cs:321|Component 'EngineOrchestrator' loaded.

2017-12-15T10:20:36.0475096Z
0005 I ComponentManager.cs:321|Component 'PowerShellEngine' loaded.

2017-12-15T10:20:36.0475096Z
0004 I ComponentManager.cs:321|Component 'Exporter' loaded.

2017-12-15T10:20:36.0631349Z
0005 I ComponentManager.cs:321|Component 'ResultQueueMonitor' loaded.

2017-12-15T10:20:36.0631349Z
0004 I ComponentManager.cs:321|Component 'ResultsReceiver' loaded.

2017-12-15T10:20:36.0631349Z
0005 I ComponentManager.cs:321|Component 'STS' loaded.

2017-12-15T10:20:36.0631349Z
0005 I ComponentManager.cs:321|Component 'Synchronization' loaded.

2017-12-15T10:20:36.0631349Z
0005 I ComponentManager.cs:321|Component 'Tracker' loaded.

2017-12-15T10:20:36.0631349Z
0005 I ComponentManager.cs:321|Component 'VirtualDeployment' loaded.

2017-12-15T10:20:36.0631349Z
0004 I ComponentManager.cs:321|Component 'Scheduler' loaded.

2017-12-15T10:20:36.1725103Z
0006 I ComponentManager.cs:437|Component 'Scheduler' started.

2017-12-15T10:20:36.1881361Z
0006 I ComponentManager.cs:437|Component 'Messaging' started.

2017-12-15T10:20:36.2193855Z
0006 I ComponentManager.cs:437|Component 'ResultsReceiver' started.

2017-12-15T10:20:36.3131354Z
0005 E ComponentManager.cs:396|Component 'Administration' failed to start.:
System.NullReferenceException: Object reference not set to an instance of an
object.

   at
ST.Core.Net.ProxyCredentials.InitGlobalProxy(ProxyCredentials proxyCredentials)

   at
ST.BusinessObjects.FileDownload.ProxyConfiguration.<SafeConfigureAsync>d__2.MoveNext()

--- End of
stack trace from previous location where exception was thrown ---

   at
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()

   at
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task
task)

   at
ST.Services.Administration.AdministrationServiceComponent.<StartAsync>d__3.MoveNext()

--- End of
stack trace from previous location where exception was thrown ---

   at
System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()

   at
System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task
task)

   at
ST.Host.ComponentManager.<StartComponentAsync>d__21.MoveNext()

Overview

These documents provides information about the End of Life policy for legacy Shavlik products, VMware branded versions of the same product lines and legacy Shavlik and HEAT OEM products that are now a part of the Ivanti family. The Ivanti Product Support Policy applies to the products released under the Shavlik or HEAT brand name. The Shavlik Product Support Policy applies to the products released under the Shavlik and VMware brand names. All dates presented in this document are in the ISO developed international format. This format uses a numerical date system as follows: YYYY-MM-DD where YYYY is the year, MM the month and DD the day. The information contained herein is believed to be accurate as of the date of publication, but updates and revisions may be posted periodically and without notice.

Legacy Shavlik products, VMware branded versions of the same product lines:

End of Life Information for Products Powered by Shavlik

Legacy Shavlik and HEAT OEM products that are now a part of the Ivanti family:

End-of-Life Information for OEM Products Powered by Shavlik and HEAT

Symptoms

To diagnose this issue, there are many symptoms that may need to be considered:

• Agent is failing to register and stops at 50%.
• RegistrationLog.txt will show:
  Registering agent with host 'https://Host:3121/ST/Console/AgentRegistration/Registration'.
  Unable to register agent with host 'https://Host:3121/ST/Console/AgentRegistration/Registration'.
  All attempts at registration failed. Cannot register agent.
• STAgentManagement.log may show:
  Attempting to register with 'https://Host.fqdn:3121/ST/Console/AgentRegistration/Registration'.
  2014-10-23T20:52:32.2820836Z 0408 E RegistrationServiceClient.cpp:411 Unable to register agent with host 'https://Host.fqdn:3121/ST/Console/AgentRegistration/Registration'. Error: 'class STServiceModel::Wws::CWebServiceException at RegistrationServiceClient.cpp:401: Unable to register the agent with the provided registration key.
  Error detail:
  There was an error communicating with the endpoint at 'https://Host.fqdn:3121/ST/Console/AgentRegistration/Registration'.
  The connection with the server was terminated abnormally
• Results from running the Agent Diagnostic may show the following:
  • Unable to register agent with host 'https://Host.fqdn:3121/ST/Console/AgentRegistration/Registration'. Error: 'class STServiceModel::Wws::CWebServiceException at RegistrationServiceClient.cpp:401: Unable to register the agent with the provided registration key.

  • Agent To Console CommunicationTest test
    FAILED - No consoleUri in environment. Unable to complete test.

Cause

There are many reasons the registration could fail, but generally the above symptoms indicate some sort of communication issue with the agent being unable to reach the Protect console for registration.

Resolution

Start by first checking that some simple connection tests work from the agent system to the console system:

• Ensure you can ping the console system.
  • If you can't ping the console system, either you have no connection from the agent to the console system, or (rarely) you may have ICMP disabled.
• Ensure you are able to successfully resolve the console system by nslookup.
  • Make sure the results of both forward and reverse nslookup match. Ensure there is no problem with machine name resolution.
• Can you telnet to the console system over port 3121 successfully?
  • Port 3121 is used for agent communication back to the console. This is a port requirement and is not configurable.
• Can you telnet to the target machine over port 4155 successfully?
  • Port 4155 is used for the console to communicate to the target machine. This is a default port requirement, but can be changed on the General Settings tab of your agent policy.
• Make sure that TLS 1.0 is enabled or TLS 1.2 is properly configured as is mentioned in this document Disabling TLS 1.0 may causes issues with Protect and Patch for Windows Servers

If the above tests are all successful, continue to the next steps in troubleshooting:

• Ensure that the name, FQDN, or IP the agent is attempting to resolve exists in the Console Alias Editor within the Protect console.
• In many of the log snippets above you can see that the agent attempts to register with https://Host.fqdn:3121/ST/Console/AgentRegistration/Registration
  • Test putting the URL from your log into an Internet Explorer window to see if you can successfully navigate to it. (On the agent system)
    • If the test is successful you would see a screen displayed stating something along the lines of, "A service was created".
      • If this test works the agent should by all means be able to successfully register successfully.
      • Follow the steps in this document: Agent - Complete Uninstall then attempt installation again.
      • Contact support if it still fails.
    • If the test fails with an "Internet Explorer cannot display the webpage" message, continue to the next step.

• Run a test on the agent system to see what security protocols are enabled.
  • Qualys SSL Labs - Projects / SSL Client Test is a good site to test with.
  • You may not have a security protocol enabled or something is incorrect in the configuration.
  • If no protocols are enabled, a secure web connection cannot truly be established, thus causing the agent registration to fail.
    • The Microsoft article TLS/SSL Tools and Settings: Logon and Authentication covers how to ensure protocols are enabled or disabled.
    • Generally you may need to investigate settings in the following registry key:
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols
      
      

Additional Information

If the agent is failing to install at a different percentage mark or when manually installing, you may want to consider reviewing the following documents:

Agent Failing at 67% (Registration Failure)

Manual installation of agent fails on registration.

Affected Products

Shavlik Protect 9.x

Ivanti Patch for Windows 9.3.x

Purpose

The purpose of this document is to resolve the issue where Patch for Windows crashes when attempting to access scheduled console tasks.

Symptoms

The console returns the following error when Accessing Manage > Scheduled Console Tasks

"Sorry, an unexpected error has occurred and Shavlik Protect Advanced must close to recover."

This can also be identified in the ST.Protect.managed log:

Crash from main UI thread ---> System.InvalidOperationException: Crash from main UI thread ---> System.InvalidOperationException: Crash from main UI thread ---> System.FormatException: The input is not a valid Base-64 string as it contains a non-base 64 character, more than two padding characters, or an illegal character among the padding characters.

Cause

A  non-Patch for Windows scheduled job has been created  in the Protect area of the MS Task Scheduler.

The path to this area is found under Task Scheduler > LANDESK > Protect

Resolution

Delete the non-Patch for Windows scheduled task located in any of the folders under Task Scheduler > LANDESK > Protect

Affected Products

Patch for Windows 9.3.x

Protect 9.2

Purpose

This documents describes how to disable Automatic Updates in Windows Server 2016.

Solution

Open SCONFIG and verify your current Windows Update Settings:

1. Open a command prompt with Admin permissions.
2. Type sconfig and press Enter.
   • NOTE: There may be a short pause as the tool inspects your system.
3. Option #5 shows the current configuration of your Windows Update settings.

To change your Automatic Update Settings, follow these steps:

1. From the SCONFIG screen press 5 and then Enter. This will bring up the following options for you to choose from:

• (A)utomatic– This will configure your machine to automatically scan, download, install and reboot after applying any updates.
• (D)ownloadOnly– This will automatically scan, download and notify the admin if updates need to be installed. This is the default setting on Windows Server 2016.
• (M)anual -- This turns Automatic Updates off. Your system will never check for updates.

    2. Press the letter specified in the "( )" and press Enter to apply.

    3. When the tool applies the configuration you have selected, you will see a message pop-up similar to the one below. Click the OK button to dismiss the message. The tool will refresh the menu and option 5 will now show the new configuration.

Affected Products

Windows Server 2016

• Purpose
• Description
• Recommendations 
  • Configure settings at the local computer level.
  • Disable Automatic Updates through GPO.
  • Windows Update Service
  • Remove specific intranet Microsoft update service location
• Additional Information
• Affected Products

Purpose

The purpose of this document is to explain the best practices for Windows Automatic Update configuration in a Shavlik environment.

Description

When Windows Automatic Update is configured to check for updates, even if it is not configured to download or install them, it can cause slow deployments with Shavlik.

Recommendations 

Configure settings at the local computer level.

Go to Control Panel> All Control Panel Items> Windows Update> Change settings and choose "Never check for updates (not recommended)" then hit OK.

Disable Automatic Updates through GPO.

1. Click Start, and then click Run.

2. Type gpedit.msc, and then click OK.

3. Expand Computer Configuration > Administrative Templates> Windows Components> Windows Update.

4. Select Configure Automatic Updates,choose Disabled, and hit Ok.

5. As GPO updates every 90 minutes, you can force this update to take effect by running the command gpudate /force.

More information on this process can be found in Configure Automatic Updates using Group Policy.

Windows Update Service

• From the local machine, open services.msc, find the Windows Update service, right-click and go to Properties. Stop the service first. Set the Startup type to Manual and then click Apply/OK to save the change.
  

• From GPO, go to Computer Configuration > Policies > Windows Settings > Security Settings > System Services. Find Windows Updates in the list, double-click to enter the configuration window. Check 'Define this policy setting' then select Manual. Click Apply/OK to save.

Remove specific intranet Microsoft update service location

• This is set in Group Policy Object Editor. Go to Computer Configuration > Administrative Templates >Windows Components >Windows Update. Find the setting "Specify intranet Microsoft update service location". If setting is currently configured, change to 'Not Configured'.
  

Additional Information

• Methodology has changed in Windows 10 build 1511, 1607, and 1703. To disable Windows Automatic Updates for Windows 10 Build 1607 and 1703, view this document: How To: Disable Automatic Updates in Windows 10 1607 and 1703
  
• Microsoft has reverted back to the methodology in this document with Windows 10 build 1709
• Methodology has changed in Windows Server 2016. To disable Windows Automatic Updates for Windows Server 2016, view this document: How To: Disable Automatic Updates in Windows Server 2016

Affected Products

All Windows OS with the exception of Window 10 build 1511, 1607, and 1703

Issue

When trying to send a command to an Agent from the Console you receive the response: "Agent didn't respond"

Possible Causes

1) Are you able to ping the Agent Machine. Is it on your network still and turned on?

2) Are the proper ports open. The Agent machine needs to have port 4155 open to listen for commands from the Console and the Console needs to have port 3121 open to recieve the response back from the Agent.
           To test this you can use Telnet:

           Using Telnet to Test Ports

3)  Ensure that DNS resolution is working correctly when contacting the Protect console system. From the client system run the following commands. The results should match up.

            nslookup consolemachinename
            nslookup consoleIPaddress

4) Is your Agent able to resolve the names in your Console Alias Editor. If needed update the Console Alias Editor by adding the IP Address, NetBios and FQDN. To do this in Protect go to Tools>Console Alias Editor and add the Alias needed. Then manually have your Agent check-in to update it.

5. Is the time on your Agent Machine within 2 minutes of the time on the Console. If the times are not synced they will not communicate because of trust issues by not being able to verify the certificates.

Additionally the following entry can be found in the STAgentUpdater.log:

Error detail:

The server returned a security fault: 'An error was discovered processing the <wsse:Security> header'.

This normally indicates the time/date is incorrect on the agent machine.

Affected Products

Shavlik Protect

• Purpose
• Description
  • Standard License
    • Configuration
    • Group Policy
    • Information
    • Maintenance
    • Support -
  • Advanced License (Includes All Standard ITScripts Plus the Following)
    • Configuration
    • Information
    • Maintenance
    • Network
    • Support
• Additional Information
• Affected Products

Purpose

The purpose of this document is to show what scripts are available in the standard licensing versus what is available in the advanced licensing.

Description

Standard License

Configuration

• Disable Adobe Flash Update
• Disable Adobe Reader and Acrobat Updater
• Disable Apple Auto Update
• Disable Java Update Service
• Disable Mozilla Firefox Updates
• Disable Remote Desktop
• Enable Remote Desktop
• Set Target Machine Verbose Logging

Group Policy

• Get List of Machines from Active Directory Security Group

Information

• Get Date and Time
• Get Hardware Asset Tag
• Get Reboot Time
• Get Registry Key Value
• Get Remote User Accounts Last Login Times
• Get Running Processes
• Get Services
• Get Shares

Maintenance

• Check Disk
• Console Clean Up
• Remove Temp Files

Support -

• Get Console & Agent Logs

Advanced License (Includes All Standard ITScripts Plus the Following)

Configuration

• Disable USB Disk Service
• Enable Wake-on-LAN
• Set Power Plan

Information

• Get Account Information for All Local Accounts
• Get Available Disk Space
• Get Dell Warranty Information
• Get GPO Account Lockout Settings
• Get GPO Password Policy Settings
• Get List of Files in a Directory
• Get Local Groups and Members
• Get McAfee Enterprise Antivirus Engine and DATs Versions
• Get Security Center Status
• Get Statuses for Built-in Administrator and Guest Accounts
• Get Symantec Antivirus Engine and Definition Versions
• Get System Events

Maintenance

• Defrag Disk Drive
• Terminate Process

Network

• Open Port Scanner

Support

• Get Client Computer Group Policies

Additional Information

How to: Execute an ITScript using Ivanti Patch for Windows

Custom Action, Custom Patch, and ITScript Information and Troubleshooting

Affected Products

Shavlik Protect 9.2

Ivanti Patch for Windows Server 9.3

Is it possible to initiate a scan and automatic update initiated from the client? Instead of the push update via the Protect server with a scheduled task?

When creating a  new template/image for VDI roll out I want to implement a quick update cycle with all updates that are available instead of

opening the Avanti Protect console but start it from a script.

Is this possible or not?

I'm using Patch for Windows 9.3.  I created a custom patch to install R Studio on multiple computers rather than installing it individually on them all.  It successfully scans and sees it's not installed, but when it tries to run the installation it fails with a status "Patch is not available for the language selected".  When I've looked up this error everything I find is related to virus scan software.  I don't have any issues installing patches on a regular basis, just installing this software.  Has anyone run into this error not related to virus scan software?

Purpose

This article provides steps to completely remove all components of the Protect/Patch for Windows Servers (PWS) agent from a client system and then perform a clean re-installation of the agent.

Resolution

To uninstall and then reinstall the agent:

1. Uninstall the Shavlik Protect/Ivanti PWS Agent and its components from Add/Remove Programs or Programs & Features in the Windows Control Panel.
2. Delete the ProgramData folder: C:\ProgramData\LANDesk\Shavlik Protect
3. Delete the C:\Program Files (x86)\LANDesk\Shavlik Protect Agentfolder (C:\Program Files\LANDesk\Shavlik Protect Agent for 32-bit machines)
4. Delete the relevant certificates.
   To delete certificates:
   1. ClickStart>Run, type mmc, and clickOK. The MMC Snap In window opens.
   2. ClickFile>Add/Remove Snap-In.
   3. Under Available Snap Ins, selectCertificates.
   4. ClickAdd.
   5. Select theComputer Accountoption and clickNext.
   6. Ensure that theLocal Computeroption is selected and then clickFinish.
   7. Close the Add or Remove Snap Ins window.   
      You should now see Certificates listed under Console Root.
   8. Expand Certificates.
   9. Delete these certificates that are listed as being issued by ST Root Authority:
      • Personal\Certificates
      • Trusted Root Certification Authorities\Certificates
      • Intermediate Certification Authorities\Certificates
   10. Close the window.
5. Verify that the agent machine keys are removed.

Do not delete any certificates or files in theCrypto\RSA\MachineKeysfolder that you are not sure about. If you have any questions, contact Shavlik Support.

6. Open regedit and navigate to HKEY_CLASSES_ROOT\Installer\UpgradeCodes\

        Delete or rename the key that contains any of the GUIDS below:

        Make sure to use the corresponding GUID for the version of Protect you are attempting to uninstall.

• Protect 9.2.x:                                    {FD2F9A1228457E545BD699619B461852}
• Patch for Windows Servers 9.3.x     {FD2F9A1228457E545BD699619B461852}

7. Delete the following registry key, if it exists: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\LANDESK\Shavlik Protect\Agent
8. Reboot the machine.
9. (Optional) Install the agent either from the Protect console or using the manual installer package.

Affected Products

Shavlik Protect 9.x

Ivanti Patch for Windows Server 9.3+

Purpose

This document discusses how to resolve the issue where you see updates missing through your agent, but nothing gets installed.

Symptom

The Agent GUI shows that patches were detected as missing, but no patches install.

In the C:\ProgramData\Landesk\Shavlik Protect\Logs\STPatch.log on the agent you see something similar to the following:

2018-06-29T15:15:38.0011057Z 18b0 I PatchWorkflowEngine.cpp:759 Attempting to deploy 0 missing service packs and 0 patches.

2018-06-29T15:15:38.0167296Z 18b0 I PatchWorkflowEngine.cpp:892 Patch operation complete. There is nothing left to deploy.

2018-06-29T15:15:38.0167296Z 18b0 I PatchWorkflowEngine.cpp:1618 Workflow 'Group_2209c768023a49dea848cb175f8ec5f9_Agent Test' terminated from state '7'.

Cause

This error happens when you scan for a given update, but you are using a deployment patch group in your agent policy that does not have the update. Therefore the agent will not deploy it.

Resolution

Find your agent policy either in the bottom right corner of the agent GUI or in View > Machines then do one of the following in your agent policy's patch task's scan and deploy options:

• Select to deploy All patches detected as missing.
• Add the update you are trying to deploy to the patch group you are using.

Affected Products

Ivanti Patch for Windows 9.3.x

Shavlik Protect 9.x

Looking to the community for help. I have Shavlik running on all of my workstations. As a Manager I want to know at any time what my patch compliance rate is (e.g. the % of computers that are fully patched based on my baseline). From what I've heard, workstations must be on for Shavlik to perform a scan to collect that information. The issue is, if a computer is not on my network then they won't be scanned even though they do receive the patches. So I have computers where I never know if they have been patched or not. There must be some way for the agent to report the status without a computer being scanned while on a company network. How are all of you getting accurate information on the patch compliance of your patching?

Purpose

This document provides steps to perform an offline or manual activation of the Ivanti Patch for Windows 9.3 or Patch for SCCM 2.3+.

Description

If you are unable to activate Ivanti Patch for Windows 9.3 or Patch for SCCM 2.3+. over an Internet connection for any reason, you have to option to choose the "Manual Activation" function. Use the steps below to perform a manual (or offline) activation of Shavlik Protect.  If file transport from the secure offline network to an online network is not allowed, follow instructions to use the DisconnectedLicenseInfo.txt file.

Open the license activation window:

Protect - click "Help" > "Enter/refresh license key"

Patch - click "Software Library" > "Software Updates", right-click "Shavlik Patch" and choose "Settings", click the "License" tab, then click "Enter/refresh license key"

Steps to create a license activation file

1. Select an activation mode (either "Product or bundle license" or "Trial mode")
2. Paste or type your key into the "Enter your activation key(s)" field
3. Select "Manual activation"
4. Click "Create request"
5. Files named LicenseInfo.xml and DisconnectedLicenseInfo.txt are generated and saved to the desktop of your console computer. These files contain the information needed to make an offline activation request
6. Move the LicenseInfo.xml file to a computer with Internet access. If file transport from the secure offline network is not allowed, follow instructions under "If Secure to Non Secure network file transfer is not allowed" to use the information in DisconnectedLicenseInfo.txt
7. On the Internet-connected computer, open a browser and go to https://license.shavlik.com/OfflineActivation
8. Upload the LicenseInfo.xml file
9. Download the processed license file and move it to the offline console computer
10. Open the license activation window and import the processed license file to the console by selecting 'Import offline license' and selecting the processed license file

If Secure to Non Secure network file transfer is not allowed

Go to https://license.shavlik.com/OfflineActivation to enter this data as shown below:

• The web portal will process the license information and generate a license file
• Download the processed license file and move it over to the offline console computer.
• In the license activation window, click 'Import offline license' and select the processed license file

If for some reason you are unable to activate using the offline activation portal mentioned above, please open a case with support and send your manual activation file in using the support portal: support.ivanti.com

Please see this article if you need assistance registering: http://community.shavlik.com/docs/DOC-2265

Further details about activating the program can be found in the following pages from our online user guides:

Protect - https://help.ivanti.com/sh/help/Protect/OnlineHelp/92/enu/EN/Activation.htm

Patch - https://help.ivanti.com/sh/help/Patch/OnlineHelp/23/enu/PAT.htm#EN/License_Tab.htm

Affected Products

Shavlik Protect 9.2

Ivanti Patch for Windows 9.3

Ivanti Patch for SCCM 2.3

Ivanti Patch for SCCM 2.4