/build/static/layout/Breadcrumb_cap_w.png

Amp.conf file being modified on random computers

We have roughly 2500 computers across the US.  I've noticed that some computers stop communicating with our Kace box and I have found that most if not all of the computers that stop talking is because the amp.conf was modified (not sure how or by what) and breaks the connection.  
The computers that stop talking have no pattern whatsoever.  Some are laptops and some are desktops.  All Dell hardware.  Affects roughly 5-10% of computers at each of our sites.  Not sure if anyone else has experience this before in their org.  Looking for some suggestions on how to go about this.  

If I replace the amp.conf file with a good copy and reboot the computer, it connects again.   

1 Comment   [ + ] Show comment
  • Never seen that. What part(s) of the file are being modified? - rockhead44 8 years ago
    • The contents itself is being modified, again, no pattern. Normally the config file looks like (removed our company info from the file:

      host=hostname
      log=amp.log
      ampport=52230
      ampurl=ampurl:52230
      webport=80
      rto=20
      wto=20
      cto=10
      crto=30
      pl=pluginDesktopAlerts,pluginPatching,pluginRunProcess,pluginWeb
      lasthost=hostname
      serverversion=6.2.109330
      appliance=k1000
      weburl=weburl
      companyname=company name
      splashtext=Systems Management service is verifying your PC Configuration and managing software updates. Please Wait...
      servercompress=true
      maxDownloadSpeed=0
      KSWMeterSvcDbMaxRows=5000


      On some computers half the lines will be missing and on others I might just have the first line with no data. I've been meaning to open a ticket with vendor support but just wanted to see if others have seen this before. - FloRod621 8 years ago

Answers (2)

Answer Summary:
Posted by: jknox 8 years ago
Red Belt
2

Top Answer

This typically happens when there is an antivirus solution that is interfering with the amp.conf write.  Ensure that these directories and files are whitelisted: https://support.software.dell.com/k1000-systems-management-appliance/kb/111785

I would also suggest upgrading to to the 6.3.314 agent as it has some features built in to try to avoid this scenario.

Comments:
  • Thanks for this information. - FloRod621 8 years ago
Posted by: Nico_K 8 years ago
Red Belt
1
amp.conf only need the host=hostname line.
If this line is missing, the client is unable to contact the appliance.

It is a good idea to upgrade to 6.3 and update the agent to 6.3 too.
the 6.3.314 agent has a heartbeat function which means, that the amp.conf is only read and no more written like with 6.2 and before.
Update can be found here: https://support.software.dell.com/kb/148053

Whitelist the agent correctly since some firewalls and antivirus may recognize the agent binary as a virus.
https://support.software.dell.com/kb/111775 for all ports
https://support.software.dell.com/kb/111785 for the whitelist


Comments:
  • Thanks for this information as well. - FloRod621 8 years ago

Don't be a Stranger!

Sign up today to participate, stay informed, earn points and establish a reputation for yourself!

Sign up! or login

Share

 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ