KACE Product Support Question

Heartbeat good but agent check-in not working

12/08/2017 1985 views
runkbot 4 0 works fine when run locally on the pc. Verified plenty of hdd space and no disk errors (those have caused agent issues in the past).

From k1, force inventory and the normal check-in does not work. And the last inventory will go up until I run runkbot again. I've looked all over the site trying different things.

My first go to, I try when things aren't working right:
amptools.exe host=k1100.host

Later I tried:
sc stop konea
sc start konea
MsiExec.exe /X{F66E9801-5F03-4ECD-A5BC-8678FAE8FBAA}
AMPTools.exe uninstall all

Anything else to try, let me know. If worst case, I have to set up a scheduled task on the local machine, does it really matter? This is the latest agent I believe, 8.0.152 and my K1 should be up to date as well.

(I since discovered this blog post and went through the various steps and thought I would update my post, with that info.)
  • I have 53 license seats open, not a licensing issue
  • inventory.xml is fine
  • agent services are good
  • amp.conf is configured correctly
  • Two pem cert files are present
  • I went ahead and explicitly opened ports 80,443,139,445 on TCP. Haven't really found how to confirm this. So any ideas on firming this one down, let me know. If I run a netstat -a I do not see them listed.
  • HDD space is good
  • No WMI issues. Inventory works fine when triggered via runkbot 4 0.

4 Comments   [ + ] Show comments


  • We are having the same issue with our K1000. Here is the original thread from another user that we had responded to: http://www.itninja.com/question/inventory-falling-off-k1000

    We currently have an open ticket with support and expect to have webex with them either today or Monday.
    • Cool. Mine is just one machine, so I hadn't bothered with a ticket yet.
  • We have 20K agents and this was a big problem for us because we have an education environment where staff and students take their computers home. The User Downloads and Run Now scripts always failed because the devices had the home IP addresses and didn't refresh when they came back to our network. We configured a Scheduled task to run a runkbot 4 0 with a trigger on the new network connection event viewer entry. While it does make a little more traffic, it greatly improved our end user support and use of the User Portal.

    We also have a scheduled task that checks the amp.conf file and if it lost our settings, it repairs it by copying a good amp.conf file that we saved in a different folder. That tasks runs 3 times a week. Our agent connections went from about 1K to over 4K

    I can share the tasks if anyone is interested
    • 20,000 agents!! That's impressive, wow.
    • Hi, Bethski I would appreciate to see how you set up those tasks because we have the same kind of issues in our environment.
      Thanks in advance :)
  • Bethski: Loved to see the task for the AMP.CONF. We've had the same problem in the past. Random trash get's added to our AMP.CONFs and they won't check in. 7.20 agents.
  • You will need to create a folder in the C:\ProgramData\Quest\KACE folder, called mine fix
    If you have an older SDA version the path will be Dell instead of Quest
    I add this folder and the two files inside as a post imaging task
    In this folder you will need a good amp.cong file and a batch file, mine is called KaceAgent.bat
    the batch looks like this:
    @echo off
    findstr /m "servicedesk" C:\ProgramData\Quest\KACE\amp.conf
    if %errorlevel%==0 goto ipcheck
    if %errorlevel%==1 goto kacefix

    copy "C:\ProgramData\Quest\KACE\fix\amp.conf" "C:\ProgramData\Quest\KACE\amp.conf" /Y >nul
    goto refresh

    for /f "delims=: tokens=2" %%a in ('ipconfig ^| findstr /R /C:"IPv4 Address"') do (set tempip=%%a)
    set tempip=%tempip: =%
    findstr /i %tempip% C:\ProgramData\Quest\KACE\inventory.xml
    IF %ERRORLEVEL% EQU 0 goto end
    IF %ERRORLEVEL% EQU 1 goto refresh

    "C:\Program Files (x86)\Quest\KACE\runkbot.exe" 4 0
    goto end


    In our environment our SDA has servicedesk in the url, so you may need to change the string by whatever your SDA name is

    Set up the task in task Scheduler on one machine , called mine QuestAgentFix with these settings:
    General Tab:
    Use System account to run
    Run whether user is logged on or not
    Run with highest privileges
    Hidden and select OS version ( Windows 10 in our environment)
    Triggers Tab:
    Daily 8:00 am ( for us this balances the secondary and elementary levels so they don't all hit the server at once)
    Actions Tab:
    Start a Program C:\ProgramData\Quest\KACE\fix\KaceAgent.bat
    The rest of the tabs are default and the box to run if it is missed is selected

    Export the task as an xml and add it to the post imaging task after the KACE agent is installed.

    I have this stored in a tmp folder on my image and use these commands to run it:
    schtasks.exe /Create /XML "C:\tmp\QuestAgentFix.xml" /tn "QuestAgentFix"
    robocopy "C:\tmp\fix" "C:\ProgramData\Quest\KACE\fix" /E /IS

    So in a nutshell, it looks at the amp.conf file to see it is has the server name, a broken file will be blank or have all nul characters, if it is broken, it will copy the good one I planted and run an inventory reconnecting it to the SDA.

    The second part looks at the current IP address on the laptop and if it matches the entry in the C:\ProgramData\Quest\KACE\inventory.xml, it just exits.
    If the current IP address is different, it will run and inventory and update it reconnecting to the SDA.

    Our staff and students take their laptops home and they constantly loose connection. This task can be run on demand as well, but it really improved our performance.

    Hope it helps :)

All Answers

This looks like a Powershell issue

Assuming the agent was completely removed and reinstalled, the fact that runkbot 4 0 works, kind of rules out networking or AV issues.

I bet powershell is corrupted or not enabled on that device.
Try to open CMD and from there type "powershell" and hit enter, let me know if you see any errors....

Answered 12/08/2017 by: Channeler
Red Belt

  • You're on the right track. It says powershell is not recognized. I verified that powershell is installed. $PSVersionTable.PSVersion = 5 (major) 1 (minor) 15063 (build) 726 (revision). So I thought it was a PATH issue, but when I check environment variables. The same thing listed on my other machines is listed on the problem machine. (%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\). What should I do next? Uninstall PS and reinstall? (IMAGE: https://i.imgur.com/mg5tQRS.png)
    • I have seen troublesome PS issues like the one your picture describes...
      When it's not the path is gotta be something hard to Troublshoot...

      Check if by any chance we are not restricting PS via GPO.
      Also check in Windows Features, see if Powershell is enabled there.

      Unfortunately, the agents are not going to auto-checkin on their own, because they're doing the same, calling PS via BAT scripts executed in CMD.
      • Check the path statement; Once I added the semi-colon back into the path after (%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\) - then I ran a 'Force Inventory'. After few minutes; I ran another Force Inventory at Device Detail and it worked as it should.

Don't be a Stranger!

Sign up today to participate, stay informed, earn points and establish a reputation for yourself!

Sign up! or login


This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ