4 Replies Latest reply on Aug 13, 2015 7:26 AM by cwinning

    computers downloading from vendor site instead of distribution servers

    Apprentice

      were are having issues with some  computers  are bypassing the local distribution server ( I am assuming the patch they want is not available on the distribution server)  and are going outside (web/vendor) to download the updates. This is what we are seeing  from the logs as well as  from the traffic these machines are generating. This seems to be  isolated to  laptops. We do have a separate agent policy for laptops  and have protect cloud sync also configured for these. I am thinking this might be related to the agent setting "use vendor as a backup site) which is not enabled on the desktop. so if I uncheck this setting does that mean when that when my laptops are offsite  they will not update since they will not have access to the distribution servers?

       

      laptop agent.PNG

        • 1. Re: computers downloading from vendor site instead of distribution servers
          cwinning CommunityTeam

          Hello,

           

          With these settings:

          • The agent will attempt to retrieve all data (content, patches, threat) files from the Distribution Server assigned to it by your IP Range setup.
          • The agent will failover to downloading from the vendor (internet) if it is unable to connect to the Distribution Server or if the files have not been updated on the Distribution Server.

           

          "so if I uncheck this setting does that mean when that when my laptops are offsite  they will not update since they will not have access to the distribution servers?"

           

          That would be correct, they would attempt to connect to the Distribution Server and fail.

           

            In our upcoming release of Protect 9.2, we have something we are calling Predictive Patch and Predictive Sync, these new features should help those distribution Servers to stay up to dare.

           

          Predictive Patch:

          If enabled, patches that are likely to be deployed in the near future are automatically downloaded to the patch download directory. The patches will be downloaded immediately following the scheduled download of the core engines and definitions. Downloading patches in advance of their anticipated deployment will help speed the deployment process. This feature is beneficial for agentless deployments and for agents that deploy patches using the services of a distribution server.

           

          Here are some additional details about Predictive Patch:

          • The following patches will be downloaded to the console's download directory:
            • Missing patches that were detected by recent scans but that have not yet been downloaded. A recent scan is defined as a patch scan that was performed within the last 45 days.
            • Missing patches for products that Shavlik Protect can deduce are on your target machines
            • New patches that were recently added to the XML patch data file and that apply to products on your target machines.
          • New or missing service packs will be downloaded
          • The patches and service packs will be downloaded according to age (the most recent will be downloaded first)
          • The process will download up to 5GBs of patches and service packs during a scheduled download session
          • Patches that already exist in the download directory will not be downloaded.
          • You can synchronize Predictive Patch with your distribution servers so that they receive copies of the downloaded patches
          • An entry is recorded in Event History every time patches are downloaded to the console by Predictive Patch
          • The patch download is triggered by either a scheduled download of the core engines and definitions or by clicking Run now when Core engines/definitions is selected

           

          Predictive Sync:

          If enabled, those patches that have been downloaded to the console by the Predictive Patch feature will be synchronized with (copied to) this distribution server. Service packs are not included in this synchronization. The Patch Sync column in the top pane of the Distribution Servers tab will indicate if Predictive Patch is enabled for a distribution server.

           

          Let me know if you have any other questions.

           

          Thanks,

          Charles

           

          • 2. Re: computers downloading from vendor site instead of distribution servers
            Apprentice

            thanks Charles that confirms what I was thinking would be the case . Upon further investigations what we are seeing is that  not only are Laptop that have the agent policy  as in the print screen (desktops have the user vendor unchecked) we are seeing  all the computers that have agents also downloading some of the none patch files in particular pd5.xml and hf7B.xml  and these we can see as pulling from shavlik xml server IPs ( IPs listed  IP Addresses for Ivanti (Shavlik) content servers (xml.shavlik.com and content.ivanti.com)

            Some of these locations  get their connections saturated by these . I have also confirmed the  specific files are in the local distribution server shares. Should these  computers not be downloading from the local distribution server or if not  from the console server why are these going out to download the files? Attached is a partial example  of some of the machines downloading externally the two files mentioned above. The console is showing these machines as fully patched

             

            • 3. Re: computers downloading from vendor site instead of distribution servers
              Apprentice

              anyone else seeing this issue or  have  a suggestion as to how to resolve the issue?

              • 4. Re: computers downloading from vendor site instead of distribution servers
                cwinning CommunityTeam

                Hello,

                 

                My apologies, technical issues have been preventing me from replying to this post.

                 

                The agent will attempt to download files every time it perform a scan no matter if the machine is patched or not.  If configured to do so, it will attempt to download from the Distribution Server then failover to download from xml.shavlik.com.  Per the screenshot above, you do have your agents setup to failover to the vendor xml.shavlik.com in this case. I can only assume the agents are not able to download the files from the Distribution Server.

                 

                Failures would include:

                 

                Configuration issues with your Distribution Servers.

                The agents do not fall into the IP Ranges to are using.

                The files the agent require are not located on the Distribution Servers.

                Some unknown environmental issue.

                 

                We need logs from one or more of these agents that are downloading from the vendor instead of the Distribution Servers. 

                Gathering Agents Logs: Logs - Gathering Console, Client Side (agentless), and Agent log files for Protect Look for the Protect 9.x agent logging section.

                Create a case using https://support.shavlik.com/CaseLogging.aspx and attach the logs.

                 

                Please reference this post in the case.

                 

                Thanks,

                Charles