LANDesk Community,
LANDesk has recently become aware of some issues where deploying SP2 to a LANDesk Management Suite 8.8 agent can cause the Policy Invoker to fail--preventing a machine from being able to download policies. At this time, the issue is sporadic and has only been seen in small subsets.
Currently, only policies are known to be affected. All other types of distribution methods seem to be functioning as designed.
If 8.8 SP2 has not yet been installed, LANDesk recommends at this time to not install SP2 until a new SP2 client patch has been thoroughly tested and re-released. LANDesk expects to have the client tested and ready for download by early next week.
If 8.8 SP2 has already been installed and clients have been deployed, please contact support for a patch that has been written to specifically address the issue.
LANDesk Support
***UPDATE 11/20/08***
Attached to this document is patch SWD-2025388.2-2 which addresses a number of issues surrounding the Policy Invoker. It is recommended that all 8.8 SP2 customers apply the patch. The fixes contained in the patch are outlined below:
• Pushing an agent with both LANDesk LaunchPad and HIPS caused policy.client.invoker.exe to crash
• Pushing an Updated SP2 Agent to an SP 1 agent will cause the invoker service to crash
• Policy.client.invoker.exe crashes with a Disk I/O error
• "Policy.client.invoker.exe application error at xxxxxxxxx referenced memory at xxxxxxxxxx" popup window on client when installing SP2 agent on device that also has console with SP2 installed
• On a Win2k8 Server and Windows vista with client pushed, clicking on deploy in distribution portal gives error that it can't display the webpage, because Policy.cgi.exe crashes.
• Launching some JIT links in Launch Pad could cause the invoker service to crash.##
For LANDesk customers that have not yet applied SP2, we will be releasing a slipstreamed version of SP2 in the next couple of days that will contain the fixes mentioned above. Vulnerability content will also be created and released by next week.
At this time, we have a few other known issues which will be addressed by mid-December.
• Policies do not show up in the Software Deployment Portal for user based LDAP targets (CR20128)
• Link Management is not working with name more then 8 characters (CR19629)
• Upgrading an agent via policy fails to register the policy.invoker file due to the file being in use at the time of registration (CR20188)
o A temporary workaround is being provided via the attached custom vulnerability V_INTL_CD-8608.xml.webloc. It will register the invoker and start the service.
o If an agent is updated via Patch Manager, the agent will install successfully.
Note: Applying the current SP2 and patch SWD-2025388 or the future slipstreamed SP2 SP will get you to the same point. Also, for customers who applied patch 14775 there have been two additions made to the final 20253. 14775 does not contain the fix for the distribution portal error on Vista and Windows 2008. Secondly, the command to force the client database to recreate itself was not in the patch.
****UPDATE 11/20/2008****
We have a report of an issue with the latest version of the patch. The issue does not seem to be causing significant issues but due to the nature of this patch we are investigating this throughly. If you are running an updated version of the Policy.client.invoker.exe there is no need to roll this back or take significant action at this time.
****UPDATE 11/21/2008****
The issue reported late last night has been resolved. We now recommend that all 8.8 SP2 users to apply the patch SWD-2025388.2-2. Attached are three files. Please see the readme.htm inside the setup folder for instalation information.
SWD-2025388.2-2 - Invoker patch
V_INTL_LD88-Invoker-20253-882 - Vulnerability for the SWD-2025388.2-2
V_INTL_CD-8608.xml - Vulnerability to register and restart the invoker service if an agent is installed via a policy
The above patch and vulnerability will be released into content later this afternoon. A slipstreamed version of SP2 will follow next week.
***Update***
Fixed the linked file V_INTL_CD-8608
***Update***
SP2A has been released internal to LANDesk. If the rest of the testing goes as planned, we should be releasing SP2A Monday the 8th.
***Update***
SP2A has been released into content. If you have SP2 installed but SWD-2025388.2-2 SP2A will detect as vulnerable. You can either patch your machines using SP2A or SWD-2025388.2-2 to remediate to the SP2A level.