• • DESCRIPTION
  • PROCESS OVERVIEW
  • WARNINGS
  • I. Backup Your Existing Core Server
  • II. Backup Your Existing Database
  • III. Backup Critical Core Server Files
  • IV. Backup Other Needed Files and Information
  • V. Prepare Your New Core Server
  • VI. Install Microsoft SQL Server
  • VII. Create/Configure Your New Database and Restore Your Old One
  • VIII. Import Your Certificates
  • IX. Install Ivanti Endpoint Manager (the most current version)
  • X. Migrate Your Clients by Deploying a New Agent
  • Additional Considerations
  • Creating a Core DNS Redirect

DESCRIPTION

A side by side migration consists in having both your existing Ivanti Endpoint Manager Core Server and your future CoreHo Server running at the same time.

You can either use a new clean database or use your current database and have it upgraded to the new version.

I will cover here the second choice: migration using the current database.

    ATTENTION:Please note that this article covers a basic side by side migration, which means that if you have other LANDESK products like a CSA, then you will first have to think or ask about how to migrate it as well.

PROCESS OVERVIEW

1. Backup your existing Core Server (This is not covered in this article, you may want to have an image of your Core server copied on a media/server)
2. Backup your database
3. Backup Critical Core Server Files
4. Backup Other Needed Files and Information
5. Prepare your new Microsoft Windows 2012 Server for your future Core server (Installation and configuration of the server are not covered in this article as it depends on the infrastructure you manage)
6. Install your Microsoft SQL Server 2012
7. Create and configure your database
8. Restore your database to the new server
9. Install Ivanti Endpoint Manager on the new server
10. Import your certificates
11. Migrate your clients by deploying a new agent
12. Additional Considerations
    1. Core Server DNS Redirect
       

WARNINGS

This article is not supposed to get you through the issues you may fix, but to give you a good starter guide if you want to do a side by side migration.

If you actually encounter any error, please contact us through the support portal or our community web site.If you have any customized settings, queries or files, please be aware that you should take screenshots of these configurations, and save the files that may not be saved by our CoreDataMigration tool.

If you plan on changing corenames, then you will need to use the DNS alias for MDM devices to still communicate to the core. Please see doc: Using a Core server DNS alias with the Cloud Service Appliance.

I. Backup Your Existing Core Server

You should have a snapshot/image of your Core Server in order to be able to roll back.

II. Backup Your Existing Database

    VIDEO:Backup your LANDesk Management Suite 9.5

From Microsoft SQL Server Management Studio, go to Databases, Tasks, Back Upand check where this backup goes to copy it to your future Core Server.

In this case, it goes to:

    C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Backup\

    Remember to copy this ".bak" file as it is your future database.

III. Backup Critical Core Server Files

    VIDEO:Core Data Migration LDMS 9.5

LANDESK has created a tool to backup critical files to a share. This tool is called CoreDataMigration.exe.

Newer versions of CoreDataMigration.exe may backup files that were not backed-up in previous versions.

One of the installation files is an updated CoreDataMigration.exe and it may be better to use the new version instead of the version that is currently on the Core Server.

NOTE: The Ivanti 2017.x CoreDataMigration.exe will not work on previous versions. Instead, just use the CoreDataMigration.exe that is in the \landesk\managementsuite folder on the current core server. Please refer to the CoreDataMigration.exe document for further details. 

The new Ivanti Endpoint Manager version of CoreDataMigration.exe can be found in the EPM installation media under the:

    \LANDESK\PF\LD\MS\_non

If Ivanti Endpoint Manager was downloaded, extract LANDESKSoftware.exe to access this file, situated in the Resourcesfolder:

Once you have copied the folder Resources on your old Core server, create a folder named CoreBackup, in this example:

    C:\CoreBackup\

Then open a Command Prompt (CMD) and browse to the folder where you extracted the Resources folder, in this example:

    cdC:\Resources extracted from old server\

And type the following command (in this example):

    CoreDataMigration.exe GATHER C:\CoreBackup\

It may be necessary in some situations to use a local backup directory to work around NTFS and share permissions.

You will be able to find in your CoreBackup folder the critical files you will need for your migration (your scripts, certificates, ldlogon folder with your application packages, etc.), if you want to use them in your new environment, you can copy/paste them from this folder to your future Core Server once the full installation is done.

IV. Backup Other Needed Files and Information

    Some files will not be automatically saved, you must be careful in order to be sure you will have a backup of everything:

• Distribution Package installation files, if stored on a package share created on the Core Server
• The Patch directory, if it is stored on the Core Server
• \ldlogon\ldappl3.template, if modifications have been made to it
• \ldlogon\AgentWatcher\*.ini files

V. Prepare Your New Core Server

In order to be sure that your Windows Server installation is going to match your infrastructure needs, please check the following articles:

• Supported Platforms and Compatibility Matrix for LANDESK Management Suite/Ivanti Endpoint Manager
• About the LANDESK Management Suite 2016 Architecture - An Overview
• About the Ivanti Endpoint Manager 2017 Architecture
• Ivanti Endpoint Manager 2018 Architecture Guidelines

Ensure that your server has the latest updates.

    Then do not forget that the following items are NOT SUPPORTED for the Core Server installation:

• A Primary Domain Controller (PDC), Backup Domain Controller (BDC), or an Active Directory
• A Domain Controller
• A server that has been upgraded from a previous version of windows
• Servers running other third-party applications as their primary server function such as a SharePoint server

VI. Install Microsoft SQL Server

    VIDEO:Install SQL Server 2012 for a Side by side migration of LMDS 9.5 to 9.6

The installation and configuration of Microsoft SQL Server 2012 is described in this document:

• How to install Microsoft SQL Server 2012 for LDMS

You may also find these links useful:

• SQL Tuning and Performance
• Reindexing LANDESK Databases

VII. Create/Configure Your New Database and Restore Your Old One

    VIDEO:Database creation, configuration and restore for Side by side migration 9.5 to 9.6

    An important point here is not to install Ivanti Endpoint Manager on the new server before you restore your old database as the installation process has to convert your old database into the new version.

First you will need to create a new database, so right click on Databases,New Database and put these settings:

Then create your database administrator by going into Security, right click Logins,New Login:

Now you need to restore your old Database into this new database we just created, to do so, right click your new database, Tasks, Restore, Database

• In the General tab, check Device and indicate the path of your old database backup file (*.bak) we made in the previous steps, after that double-check that the Destination Database is the one you created earlier
• In the Files tab, check the Relocate all files to folder option
• In the Options tab, check the Overwrite the existing database (WITH REPLACE) option

Then validate and you are now ready to install Ivanti Endpoint Manager to the new server. Here is a good article as well about this Backup / Restore process:

• Backup and Restore Database: How to move the LANDesk database to another server

VIII. Import Your Certificates

    VIDEO:Import LDMS 9.5 certificates to your 9.6 Server for a side by side migration

In order to use some features on your new Ivanti Endpoint Manager server with your old clients, you will need to have a certificate they already trust.

The files you will need have normally been saved during our CoreDataMigration done earlier except the keys directory.You will need to manually copy core certificate files. These files must be handled securely and should only be placed in a secure location. You can copy them into the CoreBackup folder, but they must be handled with care. You must copy the following files shown below.

You will find these files in the CoreBackup folder you created, in:

    C:\CoreBackup\landesk\Shared Files\keys\

You must copy the following files:

• C:\Program Files\LANDesk\Shared Files\Keys\*.key
• C:\Program Files\LANDesk\Shared Files\Keys\*.crt
• C:\Program Files\LANDesk\Shared Files\Keys\*.0  
• C:\Program Files\LANDesk\Shared Files\Keys\ldcryptoconfig.xml
• C:\Program Files\LANDesk\Shared Files\Keys\Compatible\*.xml(These files will only exists if client security mode is enabled)

Copy them into your new keys folder on your new server, it may look like this:    C:\Program Files\LANDesk\Shared Files\KeysYou also have to copy the *.0 file to your new ldlogon folder, which should be there:    C:\Program Files\LANDesk\ManagementSuite\ldlogon Once this is done, your new Ivanti Endpoint Manager Server will be able to directly remote your clients, with the highest security features enabled. Please note that side by side migrations from 9.6 to 2017.3 requires a full agent reinstall due to the certificate changes in 2017.3. Copying the certificates from the old core to the new one will not allow remote control to function.

Here is an article that might be interesting:

• Moving a Core server to another Domain/Forest - Scenario

IX. Install Ivanti Endpoint Manager (the most current version)

Before starting the install on the new core, you should first create the C:\Program Files\LANDesk\Shared Files\Keys directory and copy ldcryptoconfig.xml into it from your CoreBackup.  This will ensure data that was encrypted and written in the database will be decrypted properly.

If files were copied from C:\Program Files\LANDesk\Shared Files\Keys\Compatible, then they must also be restored back into this directory

    VIDEO: Install LANDesk Management Suite 9.6 for Side by side Migration from 9.5

First, download the latest version of Ivanti Endpoint Manager from this page:

• Downloads for Endpoint Manager (formerly LANDESK Management Suite and Security Suite)

Then extract the files on your server and the installation will begin.

    For this installation, you will only have to be careful with the following settings:

• How should Ivanti configure your database: Upgrade an existing database
• Database information: Enter your Server name, Database name we created earlier, User we created earlier as well and its Password

Here are the articles you may find useful as well for this process:

• How to install / upgrade to an Ivanti Endpoint Manager ( EPM ) version 2017.3
• Ivanti Endpoint Manager 2018.1 Install Guide

X. Migrate Your Clients by Deploying a New Agent

After having done all of this, you should have your infrastructure looking like this:

What we want now is to have our clients directly reporting to our new Server. In order to do that properly, you will have to create new agents (similar to your previous settings if you want) and deploy them gradually with pilot groups/computers.

    Keep in mind that once you have deployed an agent to your client, it may not be manageable anymore from your old server.

Once all of your infrastructure has been "moved" to your new Ivanti Endpoint Manager Server, you can shut down your old server, which will look like this:

    You must be aware as well that a side by side migration can be pretty long and complex as you will have to manage both your old and new server until you are sure of your new settings.

Additional Considerations

Creating a Core DNS Redirect

Some administrators after following this document may encounter some issues where existing agents/agent functions are attempting to communicate with the old core rather than the new, despite the old core having already been removed from production. To avoid such issues, it is recommended as a best practice that administrators after performing a side-by-side migration setup a DNS redirect that will take all traffic intended for the previous core name/fqdn and route it to the new core. This can help to avoid complications and ensure that agent functions remain functional through the migration.

ATTENTION:Please note that DNS redirection is problematic for devices behind CSA (Cloud Services Appliance), reinstallation of the agent on these devices will be required to avoid communication issues.

You will need to manually copy core certificate files. These files must be handled securely and should only be placed in a secure location. You can copy them into the CoreBackup folder, but they must be handled with care. You must copy the following files:

Hi All,

I have setup new EPM v11.0.1.102, Data of scanned asset is few.

I have scanned VM, Cisco Router, Fortinet, Workstation through agent agentless, out put is not as required. I want to build CMBD of all my IT asset.

Some has said Agentless scan will give me limited informations of asset.

Please suggest am I missing something.

Regards,

Overview

When .NET is updated to an incompatible version on a Core Server, you may have any of these issues:

• Unable to launch core server activation utility
• Queries do not expand when starting tasks that target queries or scopes
  
• Unresponsiveness on the console
• Inventory Scans not processing
  
• Other issues
  

The most efficient and accurate way to determine which version of .NET is installed Navigate to the following registry keys:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Client\Version

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full\Version

Compatibility

This document contains compatibility information for .NET and EPM/LDMS:

About .NET Considerations for EPM/LDMS on the Core and Remote Consoles

Issues

If you are experiencing the activation issue, you may see:

"Unhandled exception has occurred in your application. "

 

Click details and you see the below errors:

 

"See the end of this message for details on invoking

just-in-time (JIT) debugging instead of this dialog box.

 

************** Exception Text **************

System.OutOfMemoryException: Array dimensions exceeded supported range.

at System.Diagnostics.TraceUtils.GetRuntimeObject(String className, Type baseType, String initializeData)

at System.Diagnostics.TypedElement.BaseGetRuntimeObject()

at System.Diagnostics.ListenerElement.GetRuntimeObject()

at System.Diagnostics.ListenerElementsCollection.GetRuntimeObject()

at System.Diagnostics.TraceInternal.get_Listeners()

at System.Diagnostics.TraceInternal.WriteLine(String message)

at LANDesk.ManagementSuite.Diagnostics.LogForNet.Init()

at LANDesk.ManagementSuite.Diagnostics.LogForNet.GetLogger(String loggerName)

at LANDesk.ManagementSuite.Licensing.ActivateCore.ActivateCoreForm.get_Log()

at LANDesk.ManagementSuite.Licensing.ActivateCore.ActivateCoreForm.ActivateCoreForm_Load(Object sender, EventArgs e)

at System.Windows.Forms.Form.OnLoad(EventArgs e)

at System.Windows.Forms.Form.OnCreateControl()

at System.Windows.Forms.Control.CreateControl(Boolean fIgnoreVisible)

at System.Windows.Forms.Control.CreateControl()

at System.Windows.Forms.Control.WmShowWindow(Message& m)

at System.Windows.Forms.Control.WndProc(Message& m)

at System.Windows.Forms.Form.WmShowWindow(Message& m)

at System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg, IntPtr wparam, IntPtr lparam)

 

 

************** Loaded Assemblies **************

mscorlib

Assembly Version: 4.0.0.0

Win32 Version: 4.6.1055.0 built by: NETFXREL2

CodeBase: file:///C:/Windows/Microsoft.NET/Framework64/v4.0.30319/mscorlib.dll

----------------------------------------

LANDesk.ManagementSuite.Licensing.ActivateCore

Assembly Version: 9.60.0.0

Win32 Version: 9.60.3.64

CodeBase: file:///C:/Program%20Files/LANDesk/ManagementSuite/LANDesk.ManagementSuite.Licensing.ActivateCore.exe

----------------------------------------

System.Windows.Forms

Assembly Version: 4.0.0.0

Win32 Version: 4.6.1055.0 built by: NETFXREL2

CodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/System.Windows.Forms/v4.0_4.0.0.0__b77a5c561934e089/System.Windows.Forms.dll

----------------------------------------

System

Assembly Version: 4.0.0.0

Win32 Version: 4.6.1055.0 built by: NETFXREL2

CodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/System/v4.0_4.0.0.0__b77a5c561934e089/System.dll

----------------------------------------

System.Drawing

Assembly Version: 4.0.0.0

Win32 Version: 4.6.1068.2 built by: NETFXREL3STAGE

CodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/System.Drawing/v4.0_4.0.0.0__b03f5f7f11d50a3a/System.Drawing.dll

----------------------------------------

LANDesk.ManagementSuite.Licensing.Activation

Assembly Version: 9.60.0.0

Win32 Version: 9.60.3.71

CodeBase: file:///C:/Program%20Files/LANDesk/ManagementSuite/LANDesk.ManagementSuite.Licensing.Activation.DLL

----------------------------------------

LANDesk.ManagementSuite.Database

Assembly Version: 9.60.0.0

Win32 Version: 9.60.3.68

CodeBase: file:///C:/Program%20Files/LANDesk/ManagementSuite/LANDesk.ManagementSuite.Database.DLL

----------------------------------------

LANDesk.ManagementSuite.Diagnostics

Assembly Version: 9.60.0.0

Win32 Version: 9.60.2.105

CodeBase: file:///C:/Program%20Files/LANDesk/ManagementSuite/LANDesk.ManagementSuite.Diagnostics.DLL

----------------------------------------

System.Configuration

Assembly Version: 4.0.0.0

Win32 Version: 4.6.1055.0 built by: NETFXREL2

CodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/System.Configuration/v4.0_4.0.0.0__b03f5f7f11d50a3a/System.Configuration.dll

----------------------------------------

System.Core

Assembly Version: 4.0.0.0

Win32 Version: 4.6.1055.0 built by: NETFXREL2

CodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/System.Core/v4.0_4.0.0.0__b77a5c561934e089/System.Core.dll

----------------------------------------

System.Xml

Assembly Version: 4.0.0.0

Win32 Version: 4.6.1064.2 built by: NETFXREL3STAGE

CodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_MSIL/System.Xml/v4.0_4.0.0.0__b77a5c561934e089/System.Xml.dll

----------------------------------------

System.Web

Assembly Version: 4.0.0.0

Win32 Version: 4.6.1069.1 built by: NETFXREL3STAGE

CodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_64/System.Web/v4.0_4.0.0.0__b03f5f7f11d50a3a/System.Web.dll

----------------------------------------

LANDesk.ManagementSuite.KeyValue

Assembly Version: 9.60.0.0

Win32 Version: 9.60.2.48

CodeBase: file:///C:/Program%20Files/LANDesk/ManagementSuite/LANDesk.ManagementSuite.KeyValue.DLL

----------------------------------------

System.Data

Assembly Version: 4.0.0.0

Win32 Version: 4.6.1055.0 built by: NETFXREL2

CodeBase: file:///C:/Windows/Microsoft.Net/assembly/GAC_64/System.Data/v4.0_4.0.0.0__b77a5c561934e089/System.Data.dll

----------------------------------------

LANDesk.ManagementSuite.Data

Assembly Version: 9.60.0.0

Win32 Version: 9.60.3.59

CodeBase: file:///C:/Program%20Files/LANDesk/ManagementSuite/LANDesk.ManagementSuite.Data.DLL

----------------------------------------

LANDesk.DataServices

Assembly Version: 9.60.0.0

Win32 Version: 9.60.3.50

CodeBase: file:///C:/Program%20Files/LANDesk/ManagementSuite/LANDesk.DataServices.DLL

----------------------------------------

LANDesk.ManagementSuite.Information

Assembly Version: 9.60.0.0

Win32 Version: 9.60.3.72

CodeBase: file:///C:/Program%20Files/LANDesk/ManagementSuite/LANDesk.ManagementSuite.Information.DLL

----------------------------------------

log4net

Assembly Version: 1.2.10.0

Win32 Version: 1.2.10.0

CodeBase: file:///C:/Program%20Files/LANDesk/ManagementSuite/log4net.DLL

----------------------------------------

 

************** JIT Debugging **************

To enable just-in-time (JIT) debugging, the .config file for this

application or computer (machine.config) must have the

jitDebugging value set in the system.windows.forms section.

The application must also be compiled with debugging

enabled.

 

For example:

 

<configuration>

<system.windows.forms jitDebugging="true" />

</configuration>

 

When JIT debugging is enabled, any unhandled exception

will be sent to the JIT debugger registered on the computer

rather than be handled by this dialog box."

           

Resolution

This problem is caused by .NET  You can remove .NET:

The .NET 4.6 update can often be found as KB 3045560 - https://support.microsoft.com/en-us/kb/3045560

• On Windows Vista SP2, Windows 7 SP1, Windows Server 2008 SP2, or Windows Server 2008 R2 SP1, Microsoft.NET Framework 4.6 is installed under Programs and Features in Control Panel.
• On Windows 8 or Windows Server 2012, Update for Microsoft Windows (KB3045562) is displayed under Installed Updates in Control Panel. (KB is for .Net Framework 4.6)
• On Windows 8.1 or Windows Server 2012 R2, Update for Microsoft Windows (KB3045563) is displayed under Installed Updates in Control Panel. (KB is for .Net Framework 4.6)

• On Windows 8 or Windows Server 2012, Update for Microsoft Windows (KB3045562) is displayed under Installed Updates in Control Panel. (KB is for .Net Framework 4.6.1)
• On Windows 8.1 and Windows Server 2012 R2, it's listed asUpdate for Microsoft Windows (KB3102467) Or KB4014510under theInstalled Updates in Control Panel (KB is for .Net Framework 4.6.1)
• On Windows 10 you can find this as Update for Microsoft Windows (KB3102495)under theInstalled Updates in Control Panel (KB is for .Net Framework 4.6.1)

• On Windows Server 2012 you can find this as Update for Microsoft Windows (KB3151804) under Installed Updates in Control Panel. (KB is for .Net Framework 4.6.2)
• On Windows 8.1 / Windows Server 2012 R2 you can find this as Update for Microsoft Windows (KB3151864) under Installed Updates in Control Panel. (KB is for .Net Framework 4.6.2)
• On Windows 10 you can find this as Update for Microsoft Windows (KB3151900) under Installed Updates in Control Panel. (KB is for .Net Framework 4.6.2)

.NET 4.7 Redistributable:

• .NET Framework 4.7 for Windows 7/Windows Server 2008 R2: KB3186497
• .NET Framework 4.7 for Windows Server 2012: KB3186505
• .NET Framework 4.7 for Windows 8.1/Windows Server 2012 R2: KB3186539
• .NET Framework 4.7 for Windows 10 Version 1607/Windows Server 2016: KB3186568
• .NET Framework 4.7 Language Packs for Windows Server 2012: KB4015882
• .NET Framework 4.7 Language Packs for Windows 8.1/Windows Server 2012 R2: KB3186606
• .NET Framework 4.7 Language Packs for Windows 10 Version 1607/Windows Server 2016: KB3186607

.NET 4.7.1

• On Windows 7 SP1 and Windows Server 2008 R2 SP1, the Microsoft.NET Framework 4.7.1 is listed as an installed product under the Programs and Features item in Control Panel.
• On Windows Server 2012, it’s listed as Update for Microsoft Windows (KB4033345) under the Installed Updates item in Control Panel.
• On Windows 8.1 or Windows Server 2012 R2, it's listed as Update for Microsoft Windows (KB4033369) under the Installed Updates item in Control Panel.
• On Windows 10 Anniversary Update, Windows 10 Creators Update and Windows Server 2016 it’s listed as Update for Microsoft Windows (KB4033393) under the Installed Updates item in Control Panel.

In addition, the removal of a .NET version may cause configuration issues for IIS, so it is recommended to check the following:

• Verify and re-enable services (run services.msc)
  • Set the World Wide Publishing Service to Automatic, then start IIS manager to verify
  • Applicable SQL services, depending on your configuration
  • Applicable LANDESK, Intel and Managed Planet services, depending on your configuration
• Verify IIS configuration affected by .NET
  • Application Pools should look like this:  (unless you have built custom app pools)

            *** If you have made any of the above adjustments, reboot your server ***

• Verify that the https binding on the Default Web Site has the appropriate certificate
• Check for ISAPI and CGI restrictions (set all to allow)

• We do not recommend the following registry tweak. This will fix the activation but doesn't fix the other issues known with .Net 4.6

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework

You'll probably find a useRyuJIT DWORD value of 1 there. Set it to 0.


Then, create a useLegacyJIT DWORD value into the same registry key and set it to 1.