Troubleshooting Agents That Are Not Checking In Windows (112029)

Return
  • Title

    Troubleshooting Agents That Are Not Checking In Windows
  • Description

    This document is for Agents on Windows.

    This document describes and approach to determining what is wrong with an agent that is not able to check-in. Apart from the steps in this document there may still be issues with the agent that are preventing it from checking-in. However, this approach will also help to rule out the common symptoms and issues surrounding check-in.

  • Resolution

    Installation Problems

  • In the services control panel the Dell Kace Agent should be started and running.
  • There should be a single process running when the agent is idle(see task manager with all processes by all users turned on):
    • AMPAgent.exe - runs under the SYSTEM user
  • if you run a netstat -nao | find /I "52230" output you will see a process with an ID matching the ID of AMPAgent.exe that is listening on 0:52230
  • In add/remove programs list you will see a Dell Kace Agent entry
  • In HKLM\Software\<32-bitnode>\Dell\Kace you will see the KUID entries. MachineID may be blank or not
  • Value for HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon will be KusrInit.exe
  • config files and log are at: C:\Users\All Users\Dell\KACE
  • binaries are at: c:\program files\dell\kace (32-bit program files)
  • Connectivity/ Networking problems

    In 5.3 an agent establishes a connection with the server based on the host name and port number that you have specified in the network settings of your K1000. If you have installed the agent from the kbox (i.e. using either the auto-Agent update from a previous version or Agent Provisioning) then these settings will be inherited from your k1000 network settings.

    You should first check the network settings on your box. They should look like this document "Setting your KBOX Web Server Name"

    You can determine if the agent cannot connect with the following tests:

  • Check your agent communication window Settings->K1000 Agent->Agent Settings and make sure that the setting IS NOT 12:00am to 12:00 . That means 0 minutes. If you want 24 hours then specify 12:00am to 12:00am (+1day).
  • Turning on debugging on the agent (http://www.kace.com/support/resources/kb/solutiondetail?sol=SOL112035). The resulting logs are human readable. You will see errors early in the log showing connection attempts failing
  • From the server side there is a log called the "access log". A client that is not able to connect will have no entries in the access log. If you know the IP address of the PC that is having trouble then you can search this log for that IP address. A client that is not able to connect will have no entries in the access log.
  • If after looking at that information you suspect that the agent cannot connect then you should check the following:

    • Open the amp.conf file in a text editor and check the entries for the servernames and ports. For most customers these values will look something like this:

      host=kbox
      log=amp.log
      lasthost=kbox
      serverversion=5.3.45497
      appliance=k1000
      ampport=52230
      ampurl=http://kbox:52230
      webport=80
      weburl=http://kbox
      rto=20
      wto=20
      crto=10
      pl=pluginDesktopAlerts,pluginPatching,pluginRunProcess,pluginWeb
      companyname=Dell | Kace : John Doe
      splashtext=Dell KACE Systems Management Appliance is verifying your PC Configuration and managing software updates.      Please Wait...
  • TIP: if you have a working agent then compare the files between the two machines
  • Some tests to try if the agent still cannot connect
    • Ping test: Can you ping the K1000 at the list host name / IP address. Machines that are on different subnets might have different results. Machines on VPN / WAN may have different results. Make sure you are comparing apples to apples. e.g. ping kbox.yourcompany.com
    • Telnet Test: Try telnetting to the kbox on the hostname and port number you have specified. A successful telnet test results in a blank screen and does not give you an error message. E.g. telnet kbox.yourcompany.com 80 or telnet kbox.yourcompany.com 52230. Both of those tests should be successful. E.g of a successful test to 192.168.2.122
      Web Browser Test: You should be able to open a web browser and browse to http;//kbox.yourcompany.com:80 and see the user portal
      Disable firewalls: Turn off any firewall software on the PC (e.g. Windows Firewall). A local firewall may be blocking the port / application. Turning it off for a test would demonstrate this. It is possible for Windows firewall to block the kbox agent but not block the tests above.
      Relocation Test: Put a test PC on the same hub /switch with the kbox and try the above again. This will eliminate any intermediate gateways, etc from being the problem and create a simpler environment to troubleshoot.
      Note: If anything needs correcting in the amp.conf file then I would just reinstall: uninstall, delete the amp.conf file, reinstall.
    • Web Browser Test: You should be able to open a web browser and browse to http;//kbox.yourcompany.com:80 and see the user portal
    • Disable firewalls: Turn off any firewall software on the PC (e.g. Windows Firewall). A local firewall may be blocking the port / application. Turning it off for a test would demonstrate this. It is possible for Windows firewall to block the kbox agent but not block the tests above.
    • Relocation Test: Put a test PC on the same hub /switch with the kbox and try the above again. This will eliminate any intermediate gateways, etc from being the problem and create a simpler environment to troubleshoot.

    Note: If anything needs correcting in the amp.conf file then I would just reinstall: uninstall, delete the amp.conf file, reinstall.

    SSL considerations

    It is not the default but if you are now using SSL....
    If you cannot get to the secure website of your kbox using the host value shown in amp.conf without a security exception then neither can the agent. Make sure that you have not made any exemptions in the browser -- these exemptions will not be allowed by the agent.
    The agent will try https first even if it is configured for http on port 80. If it cannot find an answer on https (443) then it will try http (80). If it gets an error on 443 then it will not try 80. Make sure that no proxy server, etc is responding on 443.


    Task priority on the K1000 (ie K1000 is busy doing other things)

    On the server side:

    When an Agent wants to do something it establishes what is called an AMP connection with the kbox (or uses it's already established connection) on port 52230. An agent that is already connected to the server will show a green light icon beside the machine name in inventory. If you open the detail record for this machine then it will tell you the time that is has been "connected since". Note: this is different then the last time that it checked in/last sync.

    An agent that wants to do an inventory will establish an AMP connection and then ask the k1000 to do an inventory. Depending on how busy the K1000 is it may nor may not be able to process that inventory right away. If you know the machine name of the PC that is trying to connect then you can do the following:

    1. Go to Settings->Support->Troubleshooting Tools->Click on "See status of K1000 Agent tasks" (on a 1200 box this is in the "system" organization). This will show a list of the "in progress" tasks. 
    2. If you see the machine that you are looking for in this list then it is currently doing something. If the task type is "Inventory" or "KBOT-ORGX-2" then it is checking-in. This should only take a few minutes. If it extends into 30 minutes or more then you may have a problem.

    If you do not see the machine then:

    1. Choose the "All tasks" from the drop-down. 
    2. Search on the machine name that you want to find
    3. If you can find the machine in this list but not in the other then that means the K1000 is waiting to finish other tasks first. You must wait. You can try to do a "force inventory update" from the detail view of that machine's inventory record. This might work because a force check-in has a higher priority then regular inventory requests.

    If this PC has a new install/re-install of the agent then this may not work. Instead you will need to search for the "bootstrap" request of the agent. To search for the bootstrap request do the same as above except the machine name will be [Text Missing]. If you do not see that in the "in progess" list then you can use the drop-down list and choose tasks of type "bootstrap".  If you still do not see it then there is a different problem. 

    If the individual tasks on the other machines take a long time to complete then you may have some other issues with your K1000 / agents. Please call technical support.

    On the agent side:

    On the agent side you can try to force a bootstrap by going to the binaries directory and running runkbot 4 0. While this runs you should see kinventory.exe run for part of the time. At the end of it you should have a machine in inventory and the kbots 4,5,6 in c:\users\all users\dell\kace\kbots_cache and perhaps other kbots.

    Other issues

    If you have come to this point and are still unable to connect then you should try to restart the services on the agent PC, reboot the PC and reboot your kbox (if possible).
    If that is unsuccessful then at this point you should call technical support. You should have documented evidence of following the troubleshooting steps above including the debug logs from the PC. Also be prepared for support to want to tether your box (see http://www.kace.com/support/resources/kb/solutiondetail?sol=SOL111232)



Product(s):
K1000 Systems Management Appliance
5.4.76847, 5.4.70402, 5.3.53053

Topic(s):
Troubleshooting

Article History:
Created on: 9/2/2013
Last Update on: 8/12/2014

Feedback submitted.

Did this article help?

[Select Rating]

Thank you for your rating!

Close

Request or Create a KB Article »