2 Replies Latest reply on Nov 30, 2009 7:59 AM by aelliot

    EPO 4.5 Client Tasks Ignored

      We have recently implemented a new ePO 4.5 system within our corporate LAN/WAN, for 6000+ endpoints and several hundred servers.  This was implemented with VS 8.7 p1, upgrading endpoints from VS 7.1 and VS 8.5 p0.  All functions have been working very well during rollout to approximately 1/4 of the estate so far.  As we are using e-directory and Zenworks currently, I am deploying the ePO Agent 4 via Novell rather than ePO, prior to our future migration to a MS solution.  Therefore, the ePO system tree has been manually created, rather than LDAP.

       

      As mentioned, client tasks are running well, rolling the endpoints up to VS 8.7 p1, applying policies, SDAT's etc and a good level of reporting.  We recently noticed VS 8.7 p2 and ePO Agent 4.5 were available, so I created a test container and disabled the ePO Agent update client task from the root of the tree.  As we started with VS 8.7 RPL1, we had no hotfix task present to auto update patches/service packs.  I then dutifully checked the new ePO agent and hotfix into the current branch (yes I know this wasn't the best strategy, but you live and learn) and tested virtual desktops against the new software.

       

      It was at this point I noticed that ePO Agent 4.5 had probably been deployed to about 1000+ endpoints and that patch 2 was being deployed, despite any client tasks referring to these being disabled.  This wasn't really an issue on our LAN, but we have many WAN sites with high seat density and moderate bandwidth, which had and will continue to have a high impact for events of this type.

       

      Therefore, do these types of software simply deploy with no client task assigned?  Or have I simply missed some other finer point of ePO 4.5?

       

      As stated before, no tasks were set to deploy the new agent (and no other tasks had this enabled incidently).  Similarly, no tasks were set to deploy the patch and the SDAT task did not have the patch/service pack option ticked.

       

      Finally, if this is some sort of client task corruption with the current tasks, would it be preferrable to simply delete all current tasks and recreate them from scratch?

       

      Thanks in advance for any assistance.

       

       

      Message was edited by: Andrew Elliott on 11/28/09 6:44 AM
        • 1. Re: EPO 4.5 Client Tasks Ignored
          JoeBidgood

          Hi Andrew... I might be able to answer one half of this, but not the other   I can't explain why the 4.5 agent has been installed - this is installed via a product deployment task, which you have set to disabled, so it shouldn't be that. I would suggest investigating the agent installation logs on an affected client machine and see if you can match the time of installation to anything that might have happened in your environment.


          With regard to the VSE patch being installed - this I might be able to explain    What's probably happening here is that you are getting bitten by an "all products" update task. There are a number of situations in which the agent will run a task which updates all products on the machine, and so can potentially apply a patch that you didn't want it to.

           

          The first of these is when the user right-clicks on the tray icon (assuming it's available) and chooses Update Now. This kicks off a one-shot task that is set to update all products on the machine: so even if your scheduled tasks are all set not to update VSE (and thereby apply the patch) this type of task will still apply it.

           

          The second type is Global Updating. When you have global updating enabled, it tells the machines to (again) update all products.

           

          The third method is via a deployment task. If a deployment task runs and actually does something - either install a product or remove one - it will trigger an all-products update afterwards. This may be what's happening in your environment - if a deployment task is running and installing the MA 4.5 agent, the update task that is triggered afterwards will be applying the VSE patch.

           

          Controlling this scenario can be difficult. The Update Now problem can be addressed in MA 4.5 - you can remove this option from the users. The other two methods are harder to contain. Probably the most effective method is to set up a separate distributed repository containing the patch, and only allow the machines you wish to have the patch to use that repo.

           

          Regards -

           

          Joe

          • 2. Re: EPO 4.5 Client Tasks Ignored

            Thanks for the help Joe, much appreciated

             

            The local VS client auto-update was indeed the culprit, as this had been left enabled in the ePO policy.

             

                

             

             

             

            ** System Tree> Assigned Policies> VSE 8.7 (in this case )> User Interface Policies> select either Workstation or Server> check the check box "disable default AutoUpdate task schedule". **

            Thanks to Hem at McAfee Gold Support for confirming this aswell.

             

             

            Andy