Jump to content
  • 0

WEM Agent


Jim McKelvie1709159887

Question

Posted

I am having issues with the WEM agent on a VDA, I keep receiving errors regarding 'No available configuration source detected, local cache not found or initialised!'

 

I can run the agentcacheutility and it runs fine without errors. It does report the total number of changes downloaded are 0/0.

 

I am using WEM 4.7, created a configuration set and added the hostname of the VDA into the configuration set I want to apply.

 

The machines have manually been added to Active Directory Objects under machines and are showing the green tick under State.

 

Within the WEM console under Administratration > registrations there are no sign of the machines registering, yet they can communicate with the infrastructure broker server over ports 8285 and 8286.

 

Could this problem be related to a trust issue. The VDA is in a different forest to the infrastructure server.

 

thanks.

20 answers to this question

Recommended Posts

Posted
On 6.3.2019 at 10:32 AM, James Kindon said:

you can apply settings to users from the remote domain across an external trust - I am doing this currently for a customer and know some big deployments that also do this

 

You need to enable cross forest lookups for WEM and tools like modelling do not work, but the settings apply

 

 

I was sure i replied to this, obviously not. 

 

The one im refering to has cross forest enabled etc. 

did som quick checking,

 

They have domain A, that holds the infrastructure (DDC/SF/WEM broker) and several domains trusted with forest wide 2way.
These domains hold: Users,  seperate VDA's with  wem agents pr forest. 

In that scenario, they cannot assign i.e apps/registry  via domain local groups in domain A, wem only sees groups located in the domain where the vda+users resides from. 

 

DDC for just pulished apps handles this with no issues as of recent release.

Posted
1 hour ago, Geir Dybbugt said:

Yes, you can pull users and machine objects into wem via trusts, but you cannot apply settings, like registry, shortcuts etc via this. 

 

you can apply settings to users from the remote domain across an external trust - I am doing this currently for a customer and know some big deployments that also do this

 

You need to enable cross forest lookups for WEM and tools like modelling do not work, but the settings apply

Posted
9 hours ago, James Kindon said:

you can pull in users and groups from external trusts and it works fine, you just cant have the agents in different domains with external trusts

 

 

Yes, you can pull users and machine objects into wem via trusts, but you cannot apply settings, like registry, shortcuts etc via this. 

 

In the scenario where the wem broker is in domain a, and users in domain b. 

Creating a localgroup in domain a, adding users to this from domain b, then using the localgroup in wem to push reg/shortcuts settings etc, since wem runs on the userlevel and sees only the user from domain b logs on, and pulls group memberships from that user from domain b at logon. 

 

Not a "normal" scenario, but can be usefull if you want to have all control for assignementes from domain b, so you dont need to create various groups in the trusted domain, i.e for a hoster or someone with many trusts. 

Posted

Yes, external trusts is not supported. Citrix documentations for this was first updated docs for 4.7 and all after, i suspect they did it after my supportcase in the refered blogg.

 

Hoping they add the support soon, also hoping they will add support for doing assignments for users via domain local groups in domain A (where broker is), with members in the local groups from Domain B (user forest)  as users/globalgroups - that would be great. But I can safely say that that is absolutely not working as of 1811 :-)  They have gotten it in place on the DDC side though, so thats a start. 

Posted
1 minute ago, James Kindon said:

Makes sense. The wem standpoint on trusts could use some firm documentation, some scenarios work fine, others not at all.. hopefully once you get something firm from Citrix, they can publish an article 

Yes agree, thanks for your help.

Posted

Makes sense. The wem standpoint on trusts could use some firm documentation, some scenarios work fine, others not at all.. hopefully once you get something firm from Citrix, they can publish an article 

Posted

I have been carrying out some wireshark tracing this morning, I can see the WEM agent queries the domain the agent resides in and then gives up. The issue is 'external trusts'. The WEM agent and WEM infrastructure broker are in different domains in different forests. The domains are trusted with an external trust.

Citrix WEM engineers are already aware of the issue and their engineers are working on the supportability of external trusts which will be a feature released in a future release.

Posted
1 minute ago, James Kindon said:

do you have any trusts in place? The fact that you are ending up with GUIDS would probably be the root of your problems....DNS or AD issues?

Yes we have trusts.

 

Infrastructure broker service is in our management domain and the agents are in another user domain.

The infrastructure broker server can telnet all the common Active Directory ports in the agents domain. Can resolve dns in both domains.

Posted

Got a little further this morning following a reboot of the WEM broker.

 

Once the WEM broker was up and running, I initiated a agentcacheutility -refreshcache and had success with objects downloading.

 

image.thumb.png.12422420376f48eef47181208b5ec3a8.png

 

In the event viewer of the agent, I am seeing errors.

 

'Service appears to be offline and no valid local cache found!'

 

There is also no sign of the Agent appearing in 'registrations' within the WEM broker.

Posted
9 hours ago, James Kindon said:

silly question - have you configured and applied a GPO with the WEM ADMX templates to point your machines to the WEM brokers?

No not all, it's good to have a second pair of eyes.

Yes I have gpo which sets the WEM broker. I have confirmed it is applying by looking through the local registry.

Also when running the agentcacheutility from a command line it connects to the server without error, just doesn't pull anything down.

Noticed I cannot add a OU, can add a machine as an object but is displayed as the GUID.

thanks.

Posted

I cant recall exactly - but did WEM 4.3 use sites or was it config set level at that stage? are the policies definitely writing to the local machine - should be able to see norskale entries within the registry 

 

I have always updated ADMX as i go through the iterations - i don't recall any more changes as far as settings until 1. Config sets and 2. Cloud

Posted

James, Thanks for your reply. Yes I have GPO's all pointing the VDA's to the brokers. I use a VIP for NS. Today I removed that even and pointed them directly to the primary WEM server and it still occurs. 

Another thought... I have the old WEM 4.3 ADMX files on the Domain Controllers. I never updated them. However, I still use WEM 4.3 in production at 2 other sites. Does this matter? We can try the 4.7 or 1808 ADMX files?

 

Still open to ideas. This is killing me. It looks like it is actually site wide and users are just not reporting the issue. So far Citrix WEM support has not come up with a resolution but they like to collect all the logs.

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...