"I assume that this server will contact my other Shavlik Protect Server, that have access to internet!?"
You can setup this disconnected Protect console to point to another internet facing Protect console to obtain data files This won't correct this error since the server the disconnected Protect console is installed on needs to verify the signature of the scriptcatalog.zip file and fixing the CRL issue is the only fix.
The CRL Verify the scriptcatalog.zip file is not corrupt. The file should be 355-356kb in size and you should be able to view the contents and extract the zip. I'm not sure what fix you tried, but I would suggest attempting the manual portion of this article: How to update the Certificate Revocation List (CRL) on a disconnected Protect console server if installing the CRL by hand or through Protect didn't correct the issue.
Thanks for your answer
The scriptcatalog.zip that is on the disconnected Protect (secure )server is old and just 270kb in size. I can open it.
The scriptcatalog.zip that is on the connected Protect (online) server is from may 2014 and are 356kb in size.
The secure Protect server is connected to the online Protect server.
I tried the CRL update, but I have another CRL file, for the second file (URL=http://crl.verisign.com/pca3.crl)
I downloaded that instead, but it didn't help. I have the same error
I am very new to shavlik, so maybe I am way off
So more help is appreciated
And I keep getting error like this, when I try to patch a server in my secure zone. I then use the Offline Shavlik server.
Error: File not downloaded: Windows8.1-KB2922229-x64.msu
Error reason: The remote server returned an error: (404) Not Found.: http://x.x.x.x/shavlikpatches/Windows8.1-KB2922229-x64.msu
But the server I am patching is not a Windows 8.1, but a Windows Server 2012R2. Can't understand why it will try to update with windows 8.1 update? Maybe it is for both OS
If I search on the Shavlik server that is online, I find the patch.
So it seems that the Offline Shavlik Server can't get all the patch from the Online Shavlik server.
Can this have something to do with scriptcatalog.zip is old and fails to update?
"The scriptcatalog.zip that is on the disconnected Protect (secure )server is old and just 270kb in size. I can open it."
This would indicate the file is corrupt or partially copied.
The scriptcatalog.zip is used only for the ITScripts feature so it would have no affect on download files. patch scans etc.
"The secure Protect server is connected to the online Protect server."
Do you have screenshots of the setting you are using?
"I tried the CRL update, but I have another CRL file, for the second file (URL=http://crl.verisign.com/pca3.crl) "
Don't worry about the CRL, the scriptcatalog.zip your secure Shavlik Protect is corrupt so it would never pass the digital signature test.
"Error reason: The remote server returned an error: (404) Not Found.: http://x.x.x.x/shavlikpatches/Windows8.1-KB2922229-x64.msu"
This would indicate that the secure Shavlik protect is trying to download from the internet and not from the other internet facing Protect. Please post a screenshot of your settings showing the secure Shavlik Protect server pointing to the internet Shavlik Protect server.
We will be working with the Downloads tab from the first screenshot. I see you are pointing to http URLs, do you have these webpages setup on the internet facing Protect console? Are they URLs that you can past into IE on the secure Shavlik console and get to a webpage that contains the datafiles and patches?
If yes, does it prompt you for credentials. (it needs to be anonymous)
If you can't connect, you will need to correct this or use UNC connections instead. (\\servername\datafiles and \\servername\patches)
I can access the URL without using any credentials.
I have copied some patches manually from the online server to the offline server, to patch a testserver.
But that seems not to be the right way to do it
This is how it looks on the onlineserver:
Maybe this isn't the place to set the setting on the online Server, and it is me that's f..ks it up
It looks like you are trying to combine a Distribution Server setup with the setup I was attempting to show you. My apologies for not being more specific about what I was trying to accomplish.
You can use HTTP and I would suggest to use a Distribution Server setup in your case. We have a guide for this type of setup.
Here is a summary on how the workflow would look like:
1) The online Shavlik Protect Server would download Content Data and Patches through everyday usage. This is normally done through scans and deployments to y our online environment. You can also schedule the download of Content Data Files or manually use Help - Refresh Files to download Content Data files. You can manually download patches.
2) The Shavlik Protect Server would sync this data with a Distribution Server you have setup locally. This process gathers all required files in one location which can then be used on the offline Shavlik Protect server by using the Distribution Server feature.
3) The Secure Shavlik Protect server would request files from the Distribution Server located on the internet facing Shavlik Protect server. This is accomplished by changing the download locations for the data files and patches to point to the Distribution Server you setup on the online server.
On the internet facing Shavlik Protect server:
As stated in the document I linked above, you would setup the Distribution Server locally on the internet facing Shavlik Protect Console through Tools - Operations - Distribution Server. Make sure you set the UNC path for the Synchronize Path so the console can sync the content data and patches to the local share. (missing in the your screenshot above) You should also setup Scheduled Automatic Synchronization tasks for All engines, definitions and patch downloads from the same Distribution Server tab. That will ensure the Distribution Server is synced with the data being download from the internet. Lastly, go to the Downloads tab and set a Schedule Automatic Downloads task for Core Engines/Definitions.
The DS (Distribution Server) setup on the internet Shavlik Protect server would look like this:
The Scheduled Automatic Synchronization tasks would look something like this:
Your Download tab would look like this: (ignore the 42342, it's for another setup of mine)
On the secure Shavlik Protect server:
You will need to configure this server to download content data files and patches from the Distribution Server located on the online Shavlik Protect server.
You will need to create a Distribution Server entry that points to the online server's Distribution Server and it would look like this:
Go to the Downloads tab and set this Distribution Server as the download source for
That should do it, if you have any issues I would suggest opening a support case using the Support Portal so we can take a look at your logs.
Thank you for all your time
I will look in to this
Let us know if you need anything else.
I have now done some things to improve my shavlik servers, but I still wonder about something
This is on the online server:
I can't scheduled Threat data synchronize!? I don't have this option anywhere
This is the Offline Server:
My patch folder on the online server contains around 200 more updates then the patch folder in the offline server!
I thought these two folder should contain the same files?
All my shavlikfiles is under C:\ProgramData\LANDesk\Shavlik Protect\Console\DataFiles
All my patches is under D:\Patches
Do this have something do with, that the patch folders doesn't contains the same patches?
"I can't scheduled Threat data synchronize!? I don't have this option anywhere "
Are you licensed for Anti-Virus/Threat? You can see this in Help > About.
"My patch folder on the online server contains around 200 more updates then the patch folder in the offline server! I thought these two folder should contain the same files?"
The location of the \Patches folder has not effect on what patches are stored there. The offline server's \Patches folder will only contain the patches 1) were copied over for deployments or 2) manually copied over by right-clicking on the patch and choosing to download (copy in your case) to the \Patches folder. In other words, the folder that contains the patches on the online and offline servers will rarely match since this isn't a sync operation. The only scheduled job you have that is downloading files to the offline server is for core files which do not include patches.
The synchronization you have set if for the online server only. This will place all the core files and patches from the online server in the Distribution Server folder so they are available to the offline server it requests them.