Troubleshooting deploy issues

The following topics apply to troubleshooting issues with Deploy Jobs:

Deploy job returns warning — cannot delete asset

The Deploy Job generates "cannot delete asset" warnings following an undo/rollback even if it completed the task successfully.

(Solaris) Local single-user mode has problems

For single-user mode to work correctly on Solaris platforms when the agent is installed with the -local option, you must do the following on the target server:

  • Add an S90rscd script to the /etc/rc2.d directory. (A copy of this script is in the conf directory under the agent installation directory.)
  • Export NSHDIR and LD_LIRBRARY_PATH.
  • Verify that the NSHDIR and LD_LIBRARY_PATH variables are exported within the script file.
  • Set NSHDIR to the agent install directory.
  • Set LD_LIBRARY_PATH to the lib directory in the agent install path.

Cannot add NFS protocol version in the Mount URL

Currently it is not possible to add the version of the NFS protocol in the Mount URL. You must edit the configuration files on the target servers.

Deploy job failing for Windows 2008 or Windows 2012 with agent mount

During a Deploy job on Windows 2008 or Windows 2012 (including Windows 2012 R2) in which a BLPackage was defined using the SMB protocol, a security warning is issued. This warning causes the Deploy Job to time out while waiting for user input. As a result, the Deploy job cannot mount the UNC path (that is, the SMB URL) and fails to complete the deployment.

Workaround:

To successfully run the Deploy Job, you must temporarily disable security zone checking. Use the following steps:

  1. Download and run the the provided script, Disable_Zone_Checking_for_All_User.bat.
  2. Reboot the target Windows server.
  3. Run the Deploy Job.
  4. To re-enable security zone checking after the Deploy Job has completed, run the provided script, Enable_Zone_Checking_for_All_User.bat.

Deploy Job fails on AIX when the BLPackage contains a large number of files

Deployment to an AIX server fails when the BLPackage contains a large number of files (around 2000 or more). The Deploy Job fails with an out of memory error for the mapped root user.

Workaround:

Increase the data segment size and maximum memory size for the root user. In the /etc/security/limits file, increase the values that are set for the following parameters, or even set them to unlimited:

  • data — data segment size
  • rss — max memory size

Issues with remediation of MSS keys

Deploy jobs for compliance remediation fail to remediate in the following scenarios:

  • Remediation of MSS GPO keys for Not Defined values.
  • Remediation of MSS group policy settings when MSS keys are not registered on the target server. For remediation to work, you must configure the MSS group policy settings on the target.

Rollback fails after deleting a registry key

If you deploy a rollback after deleting a registry key that does not belong to BUILTIN\Administrators, the rollback fails. To change ownership of a registry key, you must have the SE_RESTORE_NAME privilege. The agent uses the default user account, which does not have this privilege enabled by default.

Rollback does not remove XML configuration file

Rolling back a deployment that created an XML configuration file on a system leaves the file on the target system, with all encoding information still present. The root key block that was used in creating the file also remains. Although keeping the XML configuration file on the target system upon rollback does not leave the system in its original state, it is the correct process when managing configuration files.

New properties do not appear in an open template

If a template is open in the template editor and you add new properties to a class, the new properties do not appear in the property list drop-down until you close and reopen the template.

System creates an empty BLPackage

If you choose a COM+ folder for packaging and it happens to be empty, a BLPackage is created, but it is empty.

(Linux) Out-of-band reboot does not work

You cannot do an out-of-band reboot with an external command on Linux if the target contains a pre-7.4 agent.

Problems specifying a payload source

Any payload source that is referred to remotely using Network File System (NFS) must have the correct world access to the files for the deployment staging or direct use to work properly. This is true even if the NFS agent mounting option is used (which is done as root) and the payload is owned by root. The export through an NFS does not translate the root account access over so the payload must be world read.

Only use spaces in the payload file/directory name if the installation command can accept spaces in the name. The 'rpm' command does not accept spaces in the command and any deployment with this command fails when using the remote source reference method.

Deployment is interrupted — package overwritten

There is no mechanism to prevent overwriting a package on a repeater while the package is being deployed to a target server.

Deployment method changes from Copy to Agent to direct staging

A fundamental incompatibility exists between target-based parameterization and the use of repeaters. To avoid the conflict, in those cases where source URLs contain target parameterization and Copy to agent at stagingis specified for those URLs, the system forces the deployments into direct staging (without a repeater). Whenever this forced deployment occurs, the system issues a warning message indicating the staging change and the reason for the change.

Deployed hotfixes do not appear until after a reboot

Deployed hotfixes that require a reboot do not appear when you are browsing the target server until that server is rebooted.

BLPackage cannot be created when the name was already used in the folder

Creation of a new BLPackage ends with the error "... already exists in the group." This happens if you previously renamed a BLPackage in the same depot folder (by changing its NAME property value in the Properties view), and are using the original name of that other BLPackage for the new BLPackage.

If you need to use this name for the new BLPackage, create the BLPackage in a different, temporary folder, and then cut and paste the new BLPackage into the relevant depot folder.

Expiration date attribute in BLPackage does not include time

The BLPackage editor lets you set the date and time for the Expiration Date attribute. However, when the BLPackage is deployed, the date is set but not the time.

Cancelled Deploy Job copies payload to stage

If a cancel is issued during the stage step of a Deploy Job execution, in some cases, the payload is copied to the stage directory of all targets.

Undoing a job run does not retain set execution override

When a user attempts to undo a job run with "set execution override" enabled, the undo action does not retain the "set execution override" setting.

Events appear out of order in Deploy Job run log

Events in the Deploy Job run log do not appear in logical order when sorted by time for jobs that completed during the same second.

Drive for Deploy Job staging directory matches agent location's drive

The staging directory is based on the location of the agent installation. If the agent is installed on the C drive, the default location for STAGING_DIR is on the Windows C drive, unless another drive is explicitly specified. Similarly, if the agent is installed on D, the staging directory is by default located on D.

Modify action not working correctly for certain Microsoft services

When using a BLPackage to change the Distributed Transaction Coordinator, Smart Card, or Scheduler services on a Windows 2008 or Windows 7 platform, you can change the Start and Stop actions, but changes to the Modify action do not work properly because of a Microsoft defect.

External command does not run properly due to special characters

External commands are run on the target as shell scripts (.bat on Windows and .sh on Linux or UNIX). The contents of the command and the values of properties included in the command are subject to the standard limitations in the use of special characters that exist for each shell type. Improper use of special characters can cause issues in the execution of the external command and might even cause the Deploy Job to fail. In many cases you can escape a special character with another special character.

Example

You want to run the following external command on a Windows server: echo ??TARGET.PASSWORD??

If the value of the password property contains a percent % character, the Deploy Job fails.

To resolve this issue, you can escape the % character by including another % character just before it. 

Password in grub configuration file does not deploy properly

When attempting to deploy a grub password by adding a password entry in the grub.conf file and packaging it in a BLPackage, the password is not deployed properly. On the target servers, the password entry is appended at the end of the grub.conf file after the group title (instead of being added before the group title). As a result, you are prompted for a grub password during the next OS reboot.

As a workaround for this issue, create your BLPackage in the following manner:

  1. Include the following external command as the first item in your BLPackage:

    if [ -s  /etc/grub.conf ]
    then
           awk '/title/ && !x {print "password"; x=1} 1' /etc/grub.conf > /etc/grub.conf.1
           # add \ in front of cp just in case alias cp -i is set in the users profile
           # use -p option to  :  same as --preserve=mode,ownership,timestamps
           \cp -fp /etc/grub.conf.1 /etc/grub.conf
          rm -f  /etc/grub.conf.1
    else
        echo "/etc/grub.conf file does not exist"
    fi

  2. Open your local grub.conf file (using any text editor), and include a password entry before the group title (that is, before the title line), as in the following example:

    password --md5 $1$TNUb/1$TwroGJn4eCd4xsYeGiBYq.
    title Red Hat Enterprise Linux Server (2.6.18-194.el5)
  3. In the BLPackage, use the Import Assets option to import the password entry from the grub.conf file into your BLPackage (as a live server object).
    Ensure that you position the password asset as the second item in your BLPackage.
  4. Remember to remove the password entry from the grub.conf file after successfully importing it into the BLPackage.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*