This could hapen in any of the following cases:
Endpoint Central Agent installation might fail due to various reasons like invalid credential, blocking by firewalls etc. In most cases, executing the script below will fix the problem. This is applicable for Active Directory based network setup.
Run the script as explained here in all the client machines to configure the Windows Firewall and to install the agent.
If running the script doesn't help, check the following reasons based on the error messages that you see in the remarks column:
This error will be shown in any of the following cases:
2.1.1. If the client computer is down or not accessible
Check the client computer is switched on and connected in the network properly and try installing the agent. Also ensure that the computer name is specified correctly.
2.1.2. If the "File and Printer Sharing for Microsoft Networks" is not enabled in the network adapter of the client computers.
Enable this in all the client computers as below and try installing the agent:
- Select Start --> Settings --> Network Connections.
- Right-click the network connection and select Properties.
- In the connection properties dialog, select the General tab.
- Select the "File and Printer Sharing for Microsoft Networks" and click OK.
- If you do not find this option, click Install button.
- In the network component type, select Service and click Add.
- Select File and Printer Sharing for Microsoft Networks and click OK.
- Click Close to exit the properties dialog
2.1.3. If a third-party Firewall blocks the agent installtion
Run the script as explained here in all the client machines to configure the Firewall and to install the agent.
This error is shown in any of the following cases:
2.2.1. If the specified admin credential is no longer valid
If the admin credential specified during defining Scope of Management is no longer valid, use the Edit Credential link to update and try installing the agent.
2.2.2. In case of Workgroup setup, if simple file sharing is enabled
If simple file sharing is enabled, you will get as Access Denied error. Make the following change in all the client computers and try installing the agent:
- Start --> Run--> explorer
- Select Tools --> Folder Options
- Select the View tab.
- Unselect the option "Use simple file sharing" and click OK
The possible reasons for this error include:
2.3.1 When you do not have access to admin$ of the client computer
From the computer where Endpoint Central Server is installed, select Start --> Run and type \\<client Computer Name>\admin$. If you get the same error, enable Remote Administration Exception in the client computers as below:
- From the client computer, select Start --> Run and type gpedit.msc and hit enter
- Expand the Administrative Templates -> Network Connections -> Windows Firewall
- Click the Domain Profile and double click the Windows Firewall : Allow remote administration exception
- Select Enabled and click OK
2.3.2 Make sure you are able to ping the client computer by FQDN
Ensure that you are able to ping the client computers from the computer where Endpoint Central Server is installed using the Fully Qualified Domain Name (eg. hostname.domainname.com)
2.3.3 When File and Print Sharing For Microsoft Networks is not enabled
Enable File and Print Sharing For Microsoft Networks in the client computers as below:
- Select Start --> Settings --> Network Connections.
- Right-click the network connection and select Properties.
- In the connection properties dialog, select the General tab.
- Select the "File and Printer Sharing for Microsoft Networks" and click OK.
- If you do not find this option, click Install button.
- In the network component type, select Service and click Add.
- Select File and Printer Sharing for Microsoft Networks and click OK.
- Click Close to exit the properties dialog.
2.3.4 If File and Printer Sharing is disabled in the Windows Firewall of the client computers.
Enable File and Printer Sharing the in client computers as below:
- Open the Windows Firewall and select the Exceptions tab
- Select the File and Printer Sharing check box and click OK.
If you still get the same error, verify that you are configuring File and Printer Sharing in the same profile that the Endpoint Central Server computer is using. If you enable File and Printer Sharing in the domain profile, but the Endpoint Central Server computer is using the standard profile, then File and Printer Sharing might not be enabled. You can use the Netsh tool to determine which profile the Endpoint Central Server computer is currently using and which profile has File and Printer Sharing enabled. To enable File and Printer Sharing for all profiles, use the following command:
From the command prompt, type netsh firewall set service type = FILEANDPRINT mode = ENABLE scope = ALL profile = ALL and press enter.
2.3.5 Configre Security Policy
- Select Start --> Settings --> Control Panel --> Administrative Tools --> Local Security Policies
- In Security Options -> local policies -> Security Options -> Change the Network security: LAN Manager authentication level: Send LM & NTLM responses
2.3.6 If the "Workstation Service" is not running in the Client Computers
- Select Start --> Settings --> Control Panel --> Administrative Tools --> Services.msc
- Right-click Workstation service and then click start
2.3.7 If the "TCP/IP NetBIOS Helper" service is not running in the Client Computers
- Select Start --> Settings --> Control Panel --> Administrative Tools --> Services.msc
- Right-clickTCP/IP NetBIOS Helper service and then click start
This error will be shown if IRPStackSize registry entry on the client computer is set too low. Increase the IRPStackSize registry entry as below:
It is advised to remove agents from the managed computers from the Scope of Manageemnt page prior to uninstalling the product. If, by mistake, you have removed the product without uninstalling the agents, follow the steps below to uninstall the agents:
If you have an Windows Active Directory setup, configure as below to run the script as a startup script:
Note: You should perform these steps in the Domain Controller. For the script to execute successfully, the file association of .vbs files should be set to "Microsoft Windows (r) Based Script Host" in all the client computers. If this has been modified to some text editor, the scripts will not execute.
The Endpoint Central Agents will get unnstalled in the client computers during next startup.
Yes, you need to notify the following to Synamtec Endpoint Protection as trusted:
Yes, you can change the following in the Endpoint Central Agents that have been already installed:
To change the values,
Yes, Endpoint Central Agents can be pushed to the client computers through imaging. Install Endpoint Central Agent in any one client computer. Create an image and deploy it to other computers.
Note:
To configure the Firewall and to install the agent, download and run the script as given below:
Running the above script will open the following ports in the client computers and installs the Endpoint Central Agent:
To run the script in multiple computers, you can either use the PsExec utility or add this script as a startup script in the GPO of Active Directory.
For Remote Desktop Sharing to work, in addition to running the above script, you need to ensure that the firewall allows to establish remote network connection.
Most of the agent installation failures are due to improper configuration of Windows Firewall and DCom Settings in the client computers. To configure the Windows Firewall and DCOM Settings and to install the agent, download and run the script as given below
Run the script in a single computer
- Download the DesktopCentralAgent.msi by clicking the "Download Agent" link in the Scope of Management page of the Endpoint Central User Interface.
- Download the script InstallAgent.txt
- Rename it to InstallAgent.vbs
- Run the script in each of the client computers from the command prompt: CSCRIPT InstallAgent.vbs DesktopCentralAgent.msi
Run the script in multiple computers using GPO of Active Directory
If you have an Active Directory setup, you can add this as a startup script in all the client computers as below:
- Create a network share (eg. \\MyServer\MyShare).
- Download the DesktopCentralAgent.msi by clicking the Download Agent link in the Scope of Management page of the Endpoint Central client. Save the msi in the network share created in step 1.
- Start -> Run -> gpmc.msc
- Right-click the domain and select "Create and Link a GPO here".
- Specify a name for the GPO
- Select the GPO from the tree.
- Select the Scope tab.
- Click the Add button in the Security Filtering to specify the computers.
- Click the Object Types button in the "Select User, Computer, or Group" dialog and select Computers object type and click OK.
- Specify the computer names and click Check Names to add the required computers.
- Click OK to close the "Select User, Computer, or Group dialog".
- Right-click the GPO and select Edit.
- Expand Computer Configuration --> Windows Settings --> Scripts.
- Right-click Startup and select properties.
- Click Show Files and drag and drop the InstallAgent.vbs to this location and close.
- In the Startup Properties dialog, click Add.
- Browse to select the InstallAgent.vbs script.
- Specify the Script Parameters as, for example, \\MyServer\MyShare\DesktopCentralAgent.msi. This refers to the shared location where you have stored the Endpoint Central Agent.
- Click OK to close the Add a Script dialog
- Click OK to close the Startup Properties dialog
- Close the Group Policy Object Editor
- Close the Group Policy Management dialog.
The script will get executed during the next reboot of the client computers. After the execution of the scirpt, the Endpoint Central Agents gets automatically installed in all the client computers.
Note: For the script to execute successfully, the file association of .vbs files should be set to "Microsoft Windows (r) Based Script Host" in all the client computers. If this has been modified to some text editor, the scripts will not execute.