Manualshelf

HP Device Manager 4.6 - HP t5740 Windows XPe Support Guide

ManualsBrandsHP ManualsSoftwareHP Device Manager
12345678910
Creating a template sequence to update the HPDM Agent
After you create a task template that can stop the SEP service, you can combine that with the HDPM Agent Update template
in a template sequence that performs the HPDM Agent updates on the XPe thin clients.
Troubleshooting
HDPM Agent update task fails
If the Agent Update task that uses the sequence we created fails, it might be because SEP firewall was not disabled. To test
whether the firewall is disabled, send the Stop SEP template to a test device with the Write Filter Policy set to excute
regardless of Write Filter status. Then, without rebooting, verify on the device that the SEP has stopped. The icon disappears
from the system tray on the device, if the SEP has stopped. If it does not stop, verify that the command line is correct.
If the SEP firewall does stop, verify that FTP server is configured correctly for both the data channel port range and the
external IP address of the firewall. For more information on FTP configuration, see the FTP Server Configuration white paper.
HPDM Agent update task succeeds, but the HPDM Agent still shows as older version
It has been observed in some cases that the Update Agent task succeeds, but the agent version still shows as the older
version in the HPDM Console. In these cases, the HPDM Agent was updated and shows correctly on the thin client itself.
Restarting the devices or sending a Get Asset Information task usually resolves this issue.
Symantec Endpoint Protection (SEP) Firewall
As the port requirements have changed, the firewall rules in SEP in XPe need to be updated to enable the needed ports. One
issue that might occur before updating the SEP rules is that tasks with a payload might fail because the SEP might block the
PASV ports being requested by FTP client on the thin client. This section describes how to configure the SEP rules, how to
export those rules, and how to create a task template to use the current version of HPDM to deploy the updated firewall
rules.
Additional firewall ports needed by the current version of HPDM
Port 139
This port is needed to allow NetBIOS Session Services connections. Either create a new rule to allow outbound TCP
connections to this remote port or modify an existing rule to add this port.
Port 40004
This port is used for SSL VNC Proxy in listen mode (reverse VNC) and is required to enable the new or updated SSH secure
shadowing feature. Previous versions of HPDM used SSL to secure VNC traffic on the standard port 22. Either create new
rules to allow outbound TCP connections to this remote port and inbound TCP connections to this local port or modify
existing rules to add this port.
Port 40009
This port is used by the HPDM Agent to send resource information (CPU, RAM, Disk IO, Network IO, Processes, and so on) to
the HPDM Server. Either create a new rule to allow outbound TCP connections to this remote port or modify an existing rule
to add this port.
Ports 4915265535
In order to deploy files when using IIS 7 or higher for the FTP repository, a data channel port range (passive port range)
needs to be configured on the FTP server and firewall rules need to be added to SEP to allow outbound TCP connections to
the passive port range. This example port range is the example used in the FTP Server Configuration white paper. This range
can be configured as desired so long as the firewall rules on both the server and the thin client match the port range defined
in IIS FTP.
Note:
If currently using IIS 7 or higher, the passive port range needs to be opened on the thin client regardless of which version of
HPDM is in use. If this is the case and you are unable to transfer files until the ports are open on the thin clients, you might
have issues attempting to deploy the new firewall rules. There are three ways in which you can overcome this limitation.
First, you can set up another repository using the Filezilla FTP server and deploy from there. Second, you can set up a
network share and use a command task to instruct the thin client to copy and deploy the new rules. Third, you can use a
command task to temporarily turn off the SEP firewall and deploy the new rules.
5