PROBLEM
After trying to deploy security patches, or install and Agent the status stays at 'Pending'.
ENVIRONMENT
- GFI LanGuard
- All supported environments
SOLUTION
- Check that the GFI LanGuard XX Attendant Service is running
- Change account used by GFI LanGuard XX Attendant Service
- Open the Services Panel (Control Panel > Administrative Tools > Services)
- Locate and double click the GFI LanGuard XX Attendant service
- Select the Log On tab and in the Log on as: section select This account
- Specify an account having Local administrative rights in the format <Domain>\<User> or just browse to the admin user
- Provide the correct password for the specified account
- Click the Apply button
- Select the General tab and click the Start button to start the service
- On the LanGuard server, change the DCOM identity
- Open DCOMcnfg (Start > Run > type dcomcnfg and press Enter)
- Expand Component Services > Computers > My Computer > DCOM Config
- Enter the Properties of LNSSCommunicator
- In the Identity tab click the Browse button and select a user that has Administrator rights on all machines in the domain
- Enter the password for the selected user and apply your changes
- Open the Local Security Policy (gpedit.msc) on the LanGuard server
- Navigate to Local Computer Policy > Computer Configuration > Windows Settings > Security Settings > Local Policies > User Rights Assignment
- Check the properties of Replace a process level token and Adjust memory quotas for process.
- Add the account used in the Identity tab (above) to these policies
- Do the same for the Logon as a batch job policy
- Restart the GFI LanGuard XX Attendant service
- On LanGuard server update the IP address in LanGuard Console
- From Configuration tab, select Agents Management
- Click Agents Settings
- From General tab under Communications
- Select the IP address of LanGuard not using the Default selection
- Click OK to apply the changes
- On the target machine(s), explicitly add the user account that is running the services to the Log on as Services Local security Policy
- Go to Start > Run and type secpol.msc and press Enter
- Expand Local Policies
- Select User Rights Assignment
- Scroll down till you see Log on as a service
- Right click it and go to Properties
- Click Add User or Group and add that account there
- Click Apply and OK and close out of the Local Security Policy
- Apply the changes
- Go to Run > type GPupdate /force and press Enter
- Disable UAC on both server and client machines
- Click Restart Now to apply the change right away, or click Restart Later and close the User Accounts tasks window
- Clear the Use User Account Control (UAC) to help protect your computer check box, and then click OK
- If UAC is currently configured in Admin Approval Mode, the User Account Control message appears. Click Continue.
- In the User Accounts tasks window, click Turn User Account Control On or Off
- In the User Accounts window, click User Accounts
- In Control Panel, click User Accounts
- Click Start, and then click Control Panel
Notes
- If LanGuard has more network interface cards, the wrong one can be used for agent deployment or the remediation.
- Ensure to disable these network interface cards locally and run a localhost scan using the HW audit in LanGUard to update the correct IP address before starting a new agent deployment and/or remediation.
CAUSE
The service account is not able to start the remediation job due to a security feature blocking its process and/or the wrong IP address is used for agent deployment or remediation.