PROBLEM

After trying to deploy security patches, or install and Agent the status stays at 'Pending'.

ENVIRONMENT

• GFI LanGuard 
• All supported environments

SOLUTION

1. Check that the GFI LanGuard XX Attendant Service is running
2. Change account used by GFI LanGuard XX Attendant Service
   1. Open the Services Panel (Control Panel > Administrative Tools > Services)
   2. Locate and double click the GFI LanGuard XX Attendant service
   3. Select the Log On tab and in the Log on as: section select This account
   4. Specify an account having Local administrative rights in the format <Domain>\<User> or just browse to the admin user
   5. Provide the correct password for the specified account
   6. Click the Apply button
   7. Select the General tab and click the Start button to start the service
3.  On the LanGuard server, change the DCOM identity
   1. Open DCOMcnfg (Start > Run > type dcomcnfg and press Enter)
   2. Expand Component Services > Computers > My Computer > DCOM Config
   3. Enter the Properties of LNSSCommunicator
   4. In the Identity tab click the Browse button and select a user that has Administrator rights on all machines in the domain
   5. Enter the password for the selected user and apply your changes
   6. Open the Local Security Policy (gpedit.msc) on the LanGuard server
   7. Navigate to Local Computer Policy > Computer Configuration > Windows Settings > Security Settings > Local Policies > User Rights Assignment
   8. Check the properties of Replace a process level token and Adjust memory quotas for process.
   9. Add the account used in the Identity tab (above) to these policies
   10. Do the same for the Logon as a batch job policy
   11. Restart the GFI LanGuard XX Attendant service
4. On LanGuard server update the IP address in LanGuard Console
   1. From Configuration tab, select Agents Management
   2. Click Agents Settings
   3. From General tab under Communications
   4. Select the IP address of LanGuard not using the Default selection
   5. Click OK to apply the changes
5. On the target machine(s), explicitly add the user account that is running the services to the Log on as Services Local security Policy
   1. Go to Start > Run and type secpol.msc and press Enter
   2. Expand Local Policies
   3. Select User Rights Assignment
   4. Scroll down till you see Log on as a service
   5. Right click it and go to Properties
   6. Click Add User or Group and add that account there
   7. Click Apply and OK and close out of the Local Security Policy
   8. Apply the changes
   9. Go to Run > type GPupdate /force and press Enter
6. Disable UAC on both server and client machines
   1. Click Restart Now to apply the change right away, or click Restart Later and close the User Accounts tasks window
   2. Clear the Use User Account Control (UAC) to help protect your computer check box, and then click OK
   3. If UAC is currently configured in Admin Approval Mode, the User Account Control message appears. Click Continue.
   4. In the User Accounts tasks window, click Turn User Account Control On or Off
   5. In the User Accounts window, click User Accounts
   6. In Control Panel, click User Accounts
   7. Click Start, and then click Control Panel

Notes

• If LanGuard has more network interface cards, the wrong one can be used for agent deployment or the remediation.
• Ensure to disable these network interface cards locally and run a localhost scan using the HW audit in LanGUard to update the correct IP address before starting a new agent deployment and/or remediation.

CAUSE

The service account is not able to start the remediation job due to a security feature blocking its process and/or the wrong IP address is used for agent deployment or remediation.