5 Replies Latest reply on Feb 15, 2011 6:21 PM by historicalshavlikemployee

    Agent Scanning on Windows XP SP3 Embedded systems

    Master
      Hello, I've been using agent scanning on Windows XP SP3 Embeded for over a year with no problems.  Starting after July 21, 2010, my agents no longer scan the systems, they check in and update the scan files.  On the Embeded system, in the Client GUI you can see the Patch Scan start and immediately end then send the results to NetPt.  Back at the console in Machine View, the Check In time and date update and the Latest Patch Scan Date remains the same as the last scan performed, 7/21/2010.  I've reloaded agents on the systems and opened all of the ports indicated in the clients firewall even though the firewall is off by Group Policy, yet Agent scanning still does not work for my Embedded systems.  Am I missing some setup parameter somewhere?

      Thanks all.
        • 1. Re: Agent Scanning on Windows XP SP3 Embedded systems
          Master

          Which version of NetChk is being used?
          Please verify the License has not expired within Help -> About.
          As a test, create a new agent policy to patch scan only. no deployment, no Threat scans, no Active Protection.
          Have the policy get its data from the Internet (not a distribution svr).
          Create a new test machines group.
          Enter the single target machine by IP.
          Verify you can agentlessly scan the machine within the new machine group.
          Select the machine in the machine group and push the new test agent.
          Does the agent install complete? Give it some time; do you see scan results for this machine within the Machine View?
          Regards,
          Bob

          • 2. Re: Agent Scanning on Windows XP SP3 Embedded systems
            Master
            Bob,
            Which version of NetChk is being used?   ->  Currently we are using 7.6.0, just upgraded from 7.5.x. 
            Please verify the License has not expired within Help -> About.   ->  License has not expired, renewal is in April, however, we have renewed for 2011..
            As a test, create a new agent policy to patch scan only. no deployment, no Threat scans, no Active Protection.
            Have the policy get its data from the Internet (not a distribution svr).
            Create a new test machines group.
            Enter the single target machine by IP.
            Verify you can agentlessly scan the machine within the new machine group.   ->   This we are unable to do, the machines, as setup by the Vendor will not allow us to scan agentlessly.  That is why we have been using agents on all of our Embedded systems.
            Select the machine in the machine group and push the new test agent.   ->   We are unable to push the agent to the system, we can install the agent manually.
            Does the agent install complete?  ->    Yes, it does install and complete.  
            Give it some time; do you see scan results for this machine within the Machine View?  ->   No, scan results do not show in Machine View, however, the systems shows checkin as current.  If we perform a checkin request, the unit does checkin.  If we perform a manual scan at the unit, it indicates that patch results have been sent.  Then refreshing Machine View, no results for the current Date/Time.  As stated, the latest scan results are 7/21/2010.  On the Test machine, no Latest Patch Scan Date is listed, it's blank.  On the existing systems, Latest Patch Scan Date varies from 6/29/2010 up to 7/21/2010.  the Last Agent Check In for all systems, including the test system, is current.

            From all of the indications, the Agent installs properly, it will perfom a patch scan, it thinks is has sent the scan results.  At the console, the Check In request is sent to the Agent, the Agent does check in, no patch results are received by the console.  This leads me to believe that some process or port that is necessary for proper operation is being blocked. 
             
            • 3. Re: Agent Scanning on Windows XP SP3 Embedded systems
              Master

              Within the Machine View, add the tab Patch Definition, What is the version of the patch definition listed?
              What is the XML version listed within the agents GUI itself?
              Does the target machine get its data/patches from the internet or a distribution server?
              If Internet, does the target machine use a proxy to access the internet?
              Does the site XML.shavlik.com get cached within the proxy?
              Are all of the other non-embedded agent machines are able to scan and update the console with the latest patch scan results?
              Another basic test, do you have an embedded system w/ agent on the same network as the console itself?
              -Bob

              • 4. Re: Agent Scanning on Windows XP SP3 Embedded systems
                Master

                In the console, the Patch Definition is 1.1.4.1190 for 33 units, 1.1.3.5186 for 2 and nothing listed for 5 of them (the newest installs) .  The Patch Definition in the Agent Gui is 1.1.4.1542 (2/9/2011) on all units.
                I initially started with using a distribution server, however, when I noticed that the DVRs were not being updated, I switched to Internet to see if that would help.  
                We do not use an internet proxy.
                I am able to sucessfully scan/patch all non-embedded desktop and laptops from the console and using an agent.
                Currently, I have 3 units on the same subnet as the console, 2 live and one test.
                In the Agent GUI, on all of the units, the Overview lists Patches missing 0, approved 0 and installed 0.  I do have an approved patch list for these units which contains only those updates approved by the vendor.  Currently is stands at 101 with a lot of them being pre-SP3.
                Terry

                • 5. Re: Agent Scanning on Windows XP SP3 Embedded systems
                  Master

                  Also make sure port 3121 is open. This is the port the agent uses to communicate back to the console.