Catalog Files Wont Download from DMZ Depot

Gesperrt
Benutzeravatar
ctearney
Beiträge: 171
Registriert: 21. Feb 2014, 04:14
Wohnort: Dallas, Texas
Kontaktdaten:

Catalog Files Wont Download from DMZ Depot

Beitrag von ctearney » 22. Jun 2017, 21:10

A system connected to the external Depot server will check in, download the PM3 install from Configurator\Packages\Matrix42\PM3Client\16.1 and begin to execute. You can see the C:\EmpirumAgent\PatchManagement_v3 folder get created and the PM3.exe running in Task Manager but after 10 seconds or so it stops. If you look at the SWDepot log files you will see the below:

15.06.2017 15:21:44, Section [WriteInstallationResultMessage], Line 1:
ErrorLogMsg: Initialization failed!

Communication with Matrix42.Platform.Service.Host (UAF) is not available!
Agent template not compatible! or
Cannot download the catalog from the server! or
Check Windows Update Service, please!

If you check the log files in the C:\EmpirumAgent\PatchManagement_v3 folder you will see this:
2017-06-15 15:29:07.825 [PM3Client] Downloading Shavlik Catalogs...
2017-06-15 15:29:07.825 [PM3Download] Starting enumerate job, server uri: https://EMPIRUM.coserv.com:443/Matrix42 ... r/Packages, relative path: PatchManagement_v3\Catalog
2017-06-15 15:29:07.825 [PM3Download] Got value False for Key Matrix42.Platform.Service.Processor.Transfer.AcceptOnlyTrustedSsl
2017-06-15 15:29:07.825 [PM3Download] Got value False for Key Matrix42.Platform.Service.Processor.Transfer.UseClientCertificate
2017-06-15 15:29:07.825 [PM3Download] Got value for Key Server.ClientCertificateSerial
2017-06-15 15:29:09.028 [PM3Download] Enumerate job failed, https://empirum.coserv.com/Matrix42-Emp ... v3/Catalog. The remote server returned an error: (403) Forbidden.

Since the Shavlik catalog files cant be downloaded, extracted, and checked against by the scan mechanism the distribution failes. If the same system connects to the internal depot server there are no issues. The catalog files get pulled down to the system and all runs as expected.

it is confusing that the agent can download everything else but when it comes to the 2 catalog files it acts like it does not have access. Anyone seen this before with a DMZ depot?

Benutzeravatar
Hendrik_Ambrosius
Moderator
Moderator
Beiträge: 7410
Registriert: 13. Dez 2004, 23:10
Wohnort: Adendorf/Lüneburg

Re: Catalog Files Wont Download from DMZ Depot

Beitrag von Hendrik_Ambrosius » 23. Jun 2017, 08:39

Did you assign the PM sync template ESubdepot_PM3 to the depot server?
Sync status?
Compare the \Configurator\Packages\PatchManagement_v3 directories.
Hendrik Ambrosius / Senior Consultant
Mobile: +49 172 408 4447 | hendrik.ambrosius@matrix42.com
Matrix42 AG | Elbinger Straße 7 | 60487 Frankfurt am Main | Germany | www.matrix42.com

Disclaimer: I participate in this forum on a voluntary basis. Views expressed are not necessarily those of Matrix42 AG or of the support team.

Benutzeravatar
ctearney
Beiträge: 171
Registriert: 21. Feb 2014, 04:14
Wohnort: Dallas, Texas
Kontaktdaten:

Re: Catalog Files Wont Download from DMZ Depot

Beitrag von ctearney » 23. Jun 2017, 15:21

Yes, I have checked the IIS settings, repushed the Webservices Depot package, applied the latetest 16.1.3 patch/ hotfix, and even deleted the directories and did a full resync. I cant seem to pinpoint why just the catalog files dont download.

I am suspecting that the issue sits with PM3 Scan script as it is the one that calls out for the download of the catalog files. I tried runing debugview to capture someting but was not successful, my next steps is to see if wireshark will pick up anything.

Benutzeravatar
ctearney
Beiträge: 171
Registriert: 21. Feb 2014, 04:14
Wohnort: Dallas, Texas
Kontaktdaten:

Re: Catalog Files Wont Download from DMZ Depot

Beitrag von ctearney » 27. Jun 2017, 17:59

We got this fixed. The issue was with IIS having an account listed in the WebDAV authentication settings that it did not recognize. Even though the correct account was there the unrecognized account was causing IIS to not authenticate properly. (i.e. we had our standard domain service accoutn which is what the agent works off of listed as well as the local accoutn that we use on the depot as it is not a member of the domain and in the dmz).

Gesperrt

Zurück zu „Patch Management (EOL)“

Wer ist online?

Mitglieder in diesem Forum: 0 Mitglieder und 1 Gast