5 Replies Latest reply on Jan 3, 2013 12:36 PM by SupportKM

    Botched a GPO agent install, need advice to recover

    Rookie

      I setup the agentinstaller.msi to be deployed to workstations via GPO about a week ago. I tested it ahead of time and it worked great.  I figured i'd apply it over the break as only a few people were going to be in sporatically and maybe i could flush out any issues before everyone got back this week.  Last week went flawless and i had seen about as many computers as i expected registered with the vcenter console, and was awaiting today to see almost all of them.

       

      Then I did something dumb and on monday rebooted the vcenter protect server to install some windows updates and didn't check to see if i came back up completely.  Of course, it hadn't. The server was up but the vcenter protect service wasn't started.  I didn't notice tihs today until mid-morning and by then most people were probably in. I started up the service, but i have only a few more computers than I did on monday (i expected ~150 more).

       

      So I'm guessing what happened is the GPO installed the software, but coudln't register with the vcenter protect server so it isn't running on the machines but also won't be reinstalled again.  A few questions I have is

       

      1. am i lucky enough to think that maybe the service will try to re-register itself on next reboot of the machines?

      2. Is there a way to tell the computers to re-register themselves through maybe a login script gpo, and if so is there any negative effect if it runs on a machine thats already been rergistered?

       

      If anybody has any other ideas as to how to dig myself out of this predicament i'd love to hear them!

        • 1. Re: Botched a GPO agent install, need advice to recover
          Apprentice

          Hello,


          This is a bit of a strange situtation as agentinstaller.msi is no longer the official method of installing agents manually.  The new file is STPlatformupdater.exe and is located in the same location on the console as agentinstaller.msi.


          While agentinstaller.msi may work in some installations of the agent, it can lead to potential partial installs of the agents and registration issues.  My recommendation is to reinstall the agents with STPlatformupdater.exe.  If you have 2-way communication between the console and the agent machines a quicker solution would be to install the agents from the console itself.


          For further reference please see our agent guide at : http://www.shavlik.com/assets/docs/qsg-prt-8-0-2-Agent.pdf


          Thank you,

          Kevin McTague

          • 2. Re: Botched a GPO agent install, need advice to recover
            Rookie

            That explains why theres virtually no mention of it in the documentation for 8.x.  This is actually my first time really doing a software install via GPO, but it's my understanding that you need msi's to do it.  Can you deploy using that stplatformupdater.exe automatically? i need to deploy it to like 800 machines so last thing i want is to do it manually

            • 3. Re: Botched a GPO agent install, need advice to recover
              Apprentice

              You'd have to do some sort of scripted solution to deploy the agent to the machines without using the console.  While we don't provide support for this functionality, there is an example of the syntax at http://www.shavlik.com/support/Protect801HTMLHelp/HFN.htm go to Agents > Using an Agent > Creating and Using a Manual Installation Script.

               

              I didn't see if you confirmed that you have no communication between the console and the potential agent machines, it requires port 4155 connectivity from the console to the agent machine and port 3121 from the agent to the console.  The reason I ask is because it's far easier to install agents from the console instead of manually.

              • 4. Re: Botched a GPO agent install, need advice to recover
                Rookie

                I can install the agents from the console,and have done it for a few machines, but there were a few things that made it seem like a really tough way to do it for a large organization.  I'll list them and you can let me know if I'm looking at it the wrong way.

                 

                My method was to just select "My Domain" from the default machine groups, then right click at the bottom on My Domain and choose Install/Reinstall agent

                 

                1. when it finds machines, it found servers as well which I don't even think I'm licensed for (we did workstations only to begin wtih) nor would I want to use the same policy on servers as workstations.  So i'd have to go through and deselect the servers from the list of hundreds of pcs

                 

                2. If I run this say today, knowing on any given day there is maybe 50 or more people who are't in the office and won't get the agent (laptop users in the field or people with machines turned off and we don't have power management licensed).  Now if I want to get those people hoping they're in tomorrow, if I run it tomorrow on the whole domain, is it going to reinstall the agent on every machine i installed it on today as well?  Would I have to basically compare the list of machines in the agent console to a list of machines in my domain and then determine which ones didn't receive the agent already and then pick them off one by one?

                 

                 

                 

                Basically

                • 5. Re: Botched a GPO agent install, need advice to recover
                  Apprentice

                  I don't recommend just installing agents to the whole domain as you could very easily end up with them on machines you don't want, or run out of licenses.  I guess if you are constantly adding machines to the domain the only good way to do it would have the manual agent install be part of your login script or imaging process.  If you ran it against the whole domain I think it would reinstall agents on machines with them currently, it wouldn't do a delta-install.

                   

                  If the install was part of a logon script for a specific subset of roles or machines then you'd be able to get the agents installed with minimal intervention while ensuring other servers or sensitive machines are skipped.  This is assuming of course you have logon scripts parsed out by machine type/role/location etc.

                  1 of 1 people found this helpful