Software Management Group

Managed Software Delivery
   General Configuration
   Software Resource Settings
   Compliance Settings
   Remediation Settings
   Supersede Settings
   Advanced Options
   Download Options
   Results-Based Actions
   Walkthrough
   Task Settings
   Sequencing
   Complex Software Management
   Scheduling
   Core Software Management
   Testing
   Rules
      Manual Execution
   Software Publishing
   Troubleshooting

Managed Software Delivery

Managed Software Delivery Policies are the intelligent way to deploy and manage software. These policies are versatile, and enable you to make use of the functionality discussed in configuration terms about the Software Components. Unlike Quick Delivery Tasks, Managed Software Delivery policies are Agent-based. The policies and executions are tracked on the Agent side.

General Configuration

Setting up a basic Managed Delivery policy is easy. Most of the configuration is done on the front end when you create the Software Resource. The following walkthrough takes you through the basic setup of a Managed Software Delivery (MSD) Policy.

1. In the Symantec Management Console browse under the Manage menu and click Policies.
2. In the upper left-hand pane browse down through Software > and select Managed Software Delivery.
3. Right-click on the Managed Software Delivery folder and choose New > Managed Software Delivery.
4. Name the Policy. As the name is not initially selected it is easy to fail to name it, which may result in confusion as the default name New Managed Software Delivery. Click on the name field to activate it.
5. If desired, add a description by clicking on Add description found below the Name field.
6. Under the section Policy Rules/Actions, under the Software tab, click the + Add button and select a Software resource.
7. In the picker use the Search field to find the applicable or desired Software Resource and click OK. See this screenshot for an example of an added Software Resource:

   

8. In the right-pane you can select what Package and Command line the Policy will use. Be sure to select the correct command line. If an uninstall command-line is selected inadvertently, this policy will not behave as expected.

   Note that the above example shows "A detection rule is not defined for the software." This does not mean the Policy will not run any Detection Rule, in fact it will run one. The default detection rule uses the Softwarecache.xml where the Software Discovery data is held. When software is installed, an entry is put into this cache to be reported the next time Inventory runs. If no detection rule is defined it will look for the software using this information in the cache file

9. Scroll down and open the Applied to section by clicking on the expand/shrink arrow button.
10. Click Apply to v dropdown and choose Computers.
11. The Filter interface should be familiar if you walked through the Quick Delivery section concerning creating a Target. Add machines using the same method described on page 32.
12. You should now see a row for the Computer List you just created, including a Count column that shows you how many machines are targeted for the Policy.
13. Scroll down and open the Schedule section by clicking the arrow button.
14. There are two schedules that can be applied to a Managed Software Delivery Policy. The first schedule is the Compliance check, the second the remediation.

    A common request involves having target clients download the package in advance, or even well in advance, of the execution. The download is tied directly to the compliancy check (running of the detection rule). Set the Compliance check well in advance to allow systems time to download the package. This is useful for large packages or servicing WAN sites.

15. Under the Compliance section click the Add schedule v Dropdown and select an appropriate Schedule option. The different settings here will be covered later.
16. Under the Remediation section, either leave the default set to immediately or set a schedule later than the compliance schedule. Here is a screenshot showing the two schedule options:

    

17. After adding the schedules, browse back to the top and be sure to turn the Policy on by clicking on the On/Off toggle dropdown and selecting On.
18. Click Save changes to save and commit the policy.

How do I get the ASAP option to run a Compliance check immediately? This is a common question, especially from those customers who were familiar with the ASAP option found in version 6.x of Software Delivery. In the above screenshot, you'll notice there is a reoccurring schedule and a run once schedule with no repeat. ASAP is achieved by having a Run Once > No repeat schedule where the Start date is in the past. If you want ASAP to work right out of the gate, click Advanced and change the start date to the day prior.

Software Resource Settings

After you've added a Software Resource to a Managed Software Delivery Policy, you have a myriad of options in how the policy interacts with the Software Resource during detection and deployment. This section covers all the settings involved. When selecting a Software Resource in the Rules/Actions list, the right-hand pane presents the settings surrounding the Resource.

Compliance settings

By default the Compliance Settings will automatically choose what Detection Rule was selected during the creation of the Software Resource. You can toggle the detection on or off by checking or removing the check to the box labeled: Perform software compliance check using:. You can also manipulate the detection rule by clicking on the hyper link named after the Detection Rule name. You will see the View Rule dialog, which allows you to edit the Expressions and rules defined.

WARNING: Changing a Detection Rule in this window will result in the Software Resource being updated with the changes. Only make changes that you wish to make to the Software Resource directly. Also note the default detection rule explained under the Managed Delivery Policy walkthrough preceding this section.

Remediation settings

By default the Install Command-line is selected in the Command-line dropdown. If the Resource has more than one command-line, use the selection dropdown to choose the appropriate one. Below the dropdown the Command-line is listed for reference so you can ensure you've selected the right one. The Package dropdown allows you to select a different Package if the Software Resource has more than one Package defined. For most use cases typically only one package is required or specified.

Supersede settings

The two checkboxes listed here allow greater control of how updates and newer versions are handled in regards to the Policy. The logic to allow automatic updates or to avoid applying a lower version than what's already installed avoids any issues stemming from the wrong versions being applied.

• Automatically upgrade software that has been superseded by this software - Any software detected that this software supersedes will initiate the update.
• Do not install if a newer version of this software is already installed - This uses any Software Resources marked as superseding the selected Resource.

Note that the options will be grayed out if no Supersede associations are found for the selected Software Resource.

Advanced options

At the bottom of the Remediation settings section Advanced options are offered. While these are similar to those Advanced Options covered earlier for Quick Delivery Tasks, there are key differences. This section covers the different options and how they affect the Policy. First I'll details the options, and then provide a walk-through for some of the more popular options.

Download Options

By default the Altiris Agent will download files to the following location: install_path\Program Files\Altiris\Altiris Agent\Agents\SoftwareManagement\Software Delivery\. Each package is placed inside a folder matching the GUID of the Package and a subsequent Cache folder. At times an administrator may want to put the package in a non-default location. Change the Destination download location radial to Location on destination computer. The path will be local relative to the target systems.

The Download using: options present a unique situation. In versions 6.x the defaults found here were also found under the Altiris Agent Configuration Policies. This is no longer the case. The settings for Downloading in the Altiris Agent Configurations and the options here are exclusive. While it does add to confusion, it allows you to configure more options than previously. There are two primary use cases for manipulating the options here:

1. Control limited bandwidth between the Package source and target clients, particularly in WAN environments or poor VPN connections.
2. Have the execution occur locally directly from the Package Server instead of downloading it first.

The two checkboxes can be checked, giving the appearance that the two settings can be used together. Since they are mutually exclusive concerning downloading or running remotely, you should only use one at a time.

The option: Delete package from client computer can be used to control how long the source files are available. For most Managed Software Delivery Policies the default is 7 days. You may need to increase this, or deselect the option altogether when considering how long the source files should stay for the circumstance.

The nature of installations may suggest you'll only need the files for the Installation. Check the option to delete the package to clean these up, especially if hard drive space is at a premium. One type of exception is for those applications that install via an MSI and where the Source files may be needed in the future for a Repair, Component addition, etc.

Run

The Run As options provides options for what user context will be used for the installation.

The default option on a Managed Software Delivery Policy was changed to be the Symantec Management Agent credentials. The policy will use the Agent credentials to elevate the execution from a logged on user that will allow this configuration to work even for users that do not have install rights. Note that we execute in a separate session so any rights elevation will not be usable by the logged on user. We have seen occasional rights issue despite the elevation, so unless there is a reason to target the logged on user, it is advised to only use this when the installation requires the user's own session.

Generally the Symantec Management Agent credentials are sufficient for an install. Since the package is downloaded, all necessary rights exist on the local system. Some exceptions to this are detailed here:

• The install accesses network resources or location during the install. This does not include the ability of the application to contact network resources after the installation.
• The source files for the install will be executed from a remote location, such as a UNC or the option to execute from the Package Server is selected.
• The application must be run under the User's context that will launch the application for use.

For the first two use-cases, Specific user should be used, one that has rights to the resources or network locations to be used during the execution. For the last one the execution must be set to Current logged-on user.

For applications that only work when installed under the user's own context, use the configuration Current user credentials and it will elevate the install session for that user to allow the install to proceed. Occasionally we've seen issues with this, so test before deployment.

User run conditions allow greater control over how and when the policy executes. The following options are available:

1. Task can run: - This option allows an administrator to control in what state the system is in for execution regarding user log on. Scenarios include:
   a. Only when user is logged on - This is the only option if you selected Current logged-on user under the Run As section, though if you selected another Run As you can still specify this to ensure someone is logged on when the execution occurs. This is important if your installation requires some sort of user interaction when it executes.
   b. Whether or not the user is logged on - This option is used to allow the install no matter what user state the system is running under. This one will allow the policy to execute the soonest.
   c. Only when no user is logged on - This allows an administrator to restrict resource intensive installs to run when no user is actively using the system.

   Option C can cause difficulties depending on how users manage the power state of their computers. For example if they log on quick enough after booting up the computer the execution may miss the small window of opportunity. Also if users don't typically log out, but shut down their systems at the end of the day, this can also delay the remediation.

2. Repeat this task for each logged on user - if the installation you are running requires to run under the user's profile to apply correctly, this option is very useful to ensure it runs for every user who uses the system.
3. Allow user to interact with installation software - To put it simply, this pipes the execution to the User's desktop, running in interactive mode. You can also select how the execution shows, from the following list:
   • Normal
   • Hidden
   • Maximized
   • Minimized
4. Prompt user before running - This setting allows the user to defer the execution. This helps mitigate any work the user is conducting when the installation begins to happen. Users can save their work before the installation to avoid any potential data loss.
   This screenshot shows a typical configuration of this tab:

   

Results-based actions

Outside of the actual execution of the Software Resource, these settings allow how the Symantec Management Agent and Plug-ins interact with the task.

• Upon success: This allows the Task to execute a Log off or reboot of the system after a successful completion.

  It is highly recommended to allow the Symantec Management Agent to initiate a reboot. This allows the Agent to properly handle all Agent processes so nothing is lost on the reboot. For example the progress of the Managed Software Delivery may be lost if the installer executes the reboot (stored in the file AeXSWDPolicy.xml). In the command-line suppress the reboot and select the Upon success option to initiated the reboot.

  • Allow user to defer action up to: Use this option to allow the user to save and make any other preparations for the reboot. This is highly recommended when configuring a reboot to minimize user disruption.
  • Force running applications to close - If an open application prevents the shutdown, this option will forcibly end the application to conduct the reboot. Use with caution.
• Terminate after: This option is a fail-safe to prevent hung or sluggish installs from locking up the Altiris Agent Policy queue. Generally putting in a value that is safely beyond the expected execution time, but not too long to paralyze the Agent, should be used.
• Upon failure: The following selections are available:
  • Abort - This will stop the MSD from continuing. If you've configured more than one resource or task in the MSD, any subsequent items will not be run.
  • Continue - this will instruct the MSD to continue on to subsequent items in the MSD.
  • Restart - This will retry the remediation execution. Max retries should be set to an appropriate number.

Walkthrough

The following process uses common settings to configure the Advanced options of a Managed Software Delivery Policy.

1. Select the Managed Software Delivery Policy to configure, or if you are still in the creation process, click the Advanced options button under the selected Software Resource.
2. Under the Download Options tab, under the Delete package from client computer settings, check the box labeled: If unused for:.
3. From the drop down select an appropriate length of time. For this example I set 7 days.

   This setting only comes into effect when the Managed Software Delivery Policy no longer applies to the targeted system. This means under normal circumstances the package will not be deleted. If you use a dynamic filter, or you disable the policy, then the setting will apply to the Package.

4. Click the Run tab.
5. Change the option to Symantec Management Agent credentials.
6. Leave the option checked: Allow user interaction. Since you can suppress visually the execution via the command line or by the setting of how it starts (choosing hidden), this option can remain checked. In few occasions we've found user-based installs to work using this option checked.
7. Check the option Prompt user before running.
8. Check the option Allow user to defer up to a total of.
9. Input an appropriate length of time, such as 30 minutes or 1 hour.
10. Click the Results-based actions tab.
11. Change the Terminate after: setting to 5 hours (in 7.1 this is the default).
12. Change the option Upon Failure to Abort. See this screenshot for an example:
    
13. Click OK to save the changes.
14. If newly creating a Managed Policy, Click OK to create it. If editing an existing Managed Policy, click Save changes to apply the new settings.

Task Settings

You can also add any Task Server Task to a Managed Delivery. The following example illustrates how to accomplish this:

1. In the Managed Software Delivery Policy, under the Policy Rules/Actions, Software tab, Click the + ADD button and select Task

   When adding a Task, do not have a Software Resource selected or the Task will replace it. If the Resource is selected you can deselect it by moving to another section such as Applied to.

2. Select the desired task from the list. Use the Search field to narrow the results if necessary.
3. The Task will be added to the list. For sequencing information, see the subsequent section. See this screenshot for an example:

   

4. You have the ability to override the policy settings for the task. The following walkthrough provides an example with use-case information explained.
   a. Check the box Override the policy settings for this task.
   b. Choose Continue from the dropdown next to the label Upon failure the Managed Delivery will.
   c. Change the Terminate after setting to 50 Minutes.
   d. Leave the other settings as is.
5. If you need to adjust the Task itself, you can click the Show Task button in the lower right.
6. Be sure to Save changes when you've completed the Task configuration.

Sequencing

Managed Software Delivery Policies allow a sequence of Software Resources and/or Tasks. This allows grouping of like executions or a string of executions to create a more comprehensive job. The following 2 primary use cases explain benefits of using a Managed Software Delivery in this manner:

1. Complex Software Management - For software that contain a base install and multiple updates, service packs, plug-ins, and/or add-ons creating one MSD to manage the rollout of all the components will simplify the rollout.
2. Core Software Management - Most companies have a core set of software that all Users should have available. This usually includes Microsoft Office, Cisco or other VPN client, Anti-virus Software (Symantec Endpoint Protection being one good example), branded version of Internet Explorer, etc.

Be selective when you add multiple Resources and Task to a Policy. The more action points in a job, the greater chance to run into issues. The greater the complexity will also factor in, creating more potential points of failure.

To illustrate how this can be used, I'll provide a walk through for each of the use cases listed above. This first example uses Microsoft Office for an example. Note that the steps are in the order the options appear (to avoid excessive scrolling back and forth).

Complex Software Management

1. Create Software Resources for the following components:
   a. Microsoft Office 2007 Enterprise Edition b. Microsoft Office Visio Professional 2008 c. Microsoft Office 2007 service pack 1 d. Microsoft Visual Studio 2008 Service Pack 1 e. Ribbon Customizer for Office 2007 - v4.0 f. Classic Menu for Office 2007 - v4.52
2. Create detection rules for each Resource. If the install has a MSI Product Code association, use this for the software detection. Other examples are registry keys. For example, for Office 2007 you can use the key:
   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\12.0\Common\ProductVersion, with a value name of Lastproduct. You can specify a specific value, or simply use the existence of that key.
3. Create the following Service Pack Associations within the associated Software Resources:
   a. Browse to the Software Resource for Microsoft Office 2007 Enterprise Edition.
   b. Click on the Associations tab.
   c. From the Association Type dropdown, select Updates (Service Packs).
   d. Under the caption, Software resources that update this software resource, click the + Add button.
   e. From the list, locate the Software Resource for Microsoft Office 2007 service pack 1.
   f. Select and click the > button to move the Resource over to the right-hand pane.
   g. Click OK to save the association.
   h. You should see the association now represented in the list, as shown in this screenshot:
   
   i. Click Save changes on the main Software Resource page to complete the process.
   j. Now go back through steps a through I except use Visio as the Parent Resource, and Visio SP1 in the association of the Visio Resource.
4. Create the following dependent associations:
   a. Browse to the Software Resource for Ribbon Customizer for Office 2007 4.0.
   b. Click on the Associations tab.
   c. From the Association Type dropdown, select Depends On.
   d. Under the field labeled Software Resources that this Software Resource depends on, click the Add + button.
   e. All Software Resources are shown on the resulting page, so use the search filter to find Microsoft Office 2007 Enterprise Edition.
   f. Select Office and use the > button to move it over to the selected right pane, as shown in this screenshot:
   
   g. Click OK to apply the new association.
   h. Click Save changes on the main Software Resource page to complete the process.
   i. Now go back through the steps, but choose the Software Resource Classic Menu for Office 2007 - v4.52 to add the 'depends on' association to.
5. Create a new Managed Software Delivery Policy (MSD).
6. In the Symantec Management Console, browse under Manage > Policies.
7. In the left-hand tree browse under Policies > Software > and select Managed Software Delivery.
8. In the resulting right-hand pane click the Add + button.
9. In the Name field, provide a name, such as: Office 2007 Bundle.
10. Turn the Policy On by clicking the red/green switch and clicking On.
11. Click the Add + button and choose Software resource.
12. Use the Search filter, if necessary, to locate and select Microsoft Office 2007 Enterprise Edition.
13. Click OK to add the resource to the MSD.
    a. Note that by default a command line and package will be selected. A Detection rule will also be selected, so ensure all settings are as you intend them. Normally this is not an issue unless you have multiples of any item.
    b. Check to ensure the Service Pack shows up under the Software Resource, as shown in this screenshot:

    

14. Click the Add + button and choose Software resource.
15. Use the Search filter, if necessary, to locate and select Microsoft Office Visio Professional 2008.
16. Click OK to add the resource to the MSD.
17. Click the Add + button and choose Software resource.
18. Use the Search filter, if necessary, to locate and select Ribbon Customizer for Office 2007 - v4.0.
19. Click OK to add the resource to the MSD.
20. Click the Add + button and choose Software resource.
21. Use the Search filter, if necessary, to locate and select Classic Menu for Office 2007 - v4.52.
22. Click OK to add the resource to the MSD.
23. Ensure the Software Resources are in the right order. Select and move entries using the up and down arrows. This screenshot shows the finished list:

    

24. For the Advanced options for each Software Resource, see the previous section labeled Advanced options.

    Ensure you go through the Advanced options for all resources added to a MSD. For example if an Office Add/on is only applicable per user, you may need to change the Execution environment to run as the Logged-on User in order to have a successful deployment.

25. Expand the Applied to section.
26. Add a filter to the Policy. For this example we'll apply it to all Windows Computers.
    a. Click the Applied to button, and choose Computers.
    b. Click the Add Rule button.
    c. Change the 1st option to Exclude all computers not in.
    NOTE: The double-negative usage may be confusing. To put it into perspective, note that the Filter starts including all computers, thus the wording, while not intuitive, is accurately labeled in the context.
    d. Leave the 2nd option on Filter.
    e. In the right field type Windows 2000, and click the dropdown arrow.
    f. Choose the filter Windows 2000/XP/2003/Vista/2008/7 Computers.
    g. Click the Update results button. You should see a list of applicable computers, as shown in example on this screenshot:
    
    h. Click OK to apply the filter.
27. Expand the Schedule section.
28. Add a schedule to the Compliance check for the MSD. The schedule in this example will be a reoccurring one that runs daily. This allows computer to check for compliance once a day.
    a. Click Add Schedule and select Scheduled Time.
    b. Input a time of day best suited to run the install. I this example I chose 18:00 (6:00pm).
    c. Click the hyperlink default label: No repeat.
    d. From the dropdown in the resulting prompt, choose daily, as shown in this screenshot:
    
    e. Click OK to add the repeat setting.
29. Check the Remediation schedule to ensure it is set as desired. For example immediately is default, but if you wish to wait until off production hours you can set a time after day hours.
30. Click Save changes at the bottom to complete the process!

Scheduling

There is a known situation that has been seen on occasion. Unfortunately we have not been able to reproduce the issue so that development can diagnose the issue, and it is rare enough that at this point it is only being documented as a possible issue.

• Set the Start window to something else besides 00:00, and 24:00. These two numbers are essentially the same number, and under rare circumstances the scheduled at the Agent can error when trying to evaluate the schedule, causing CPU issues on the target PC.

Core Software Management

This series will be a smaller subset of what was introduced under the Complex Software Management section previously covered. In this example I'm introducing a list of common software to deploy.

1. Create Software Resources for the following components:
   a. Symantec Endpoint Protection
   b. Microsoft Office 2007 Professional
   c. Company branded Internet Explorer
   d. Cisco VPN Client
   e. Adobe Acrobat Reader
   f. Adobe Flash Player
2. Create detection rules for each Resource.
3. Create a new Managed Software Delivery Policy (MSD).
4. In the Symantec Management Console, browse under Manage > Policies.
5. In the left-hand tree browse under Policies > Software > and select Managed Software Delivery.
6. In the resulting right-hand pane click the Add + button.
7. In the Name field, provide a name, such as: Common Software Suite.
8. Turn the Policy On by clicking the red/green switch and clicking On.
9. Go through the following process for each of the Software Resources to add to the Policy.
   a. Click the Add + button and choose Software resource.
   b. Use the Search filter, if necessary, to locate and select Microsoft Office 2007 Enterprise Edition.
   c. Click OK to add the resource to the MSD.
   d. Note that by default a command line and package will be selected. A Detection rule will also be selected, so ensure all settings are as you intend them. Normally this is not an issue unless you have multiples of any item.
   e. Click the Add + button and choose Software resource.
10. Ensure the Software Resources are in the right order. Select and move entries using the up and down arrows. In this example it is imperative to put Antivirus first!
11. For the Advanced options for each Software Resource, see the previous section labeled Advanced options.

    If one of the applications, such as Symantec Endpoint Protection, requires a reboot, suppress the reboot in the command-line and set a reboot as an after successful completion action within the Advanced options.

12. Add a filter to the Policy
13. Expand the Schedule section.
14. Add a schedule to the MSD.
15. Click Save changes at the bottom to complete the process!

As always, fully test your Managed Software Delivery Policy before attempting to roll it out on any medium or large scale. Tests will reveal issues and allow you to adjust the configuration to address them before full rollout.

Testing

Tracking the execution of an MSD on the client helps the testing and troubleshooting process. To access the UI and view the execution, follow these steps:

1. On the client computer double-click on the Symantec Management Agent icon. If the icon is not visible (hidden per policy), browse under C:\Program Files\Altiris\Altiris Agent\ and execute AeXAgentActivate.exe.
2. Select the Software Delivery tab.
3. From the list of available software, highlight the MSD to view (Office 2007 Bundle in this example).
4. The lower pane will show the progress of the MSD execution, as shown in this screenshot:

   

5. To see the details of a particular download or execution, double-click on a line in the bottom pane that has a blue package icon next to it. You can review the details of the execution, including the download and run histories.
6. The following screenshot shows an issue with a package download:

   

Rules

This section covers how Rules are executed within a Managed Software Delivery Policy.

• Detection Rules - Before anything else runs, the detection rules for an MSD runs. If an application is detected, the associated Software Resource will NOT be executed. The status will show as Detected.
  • Consider this rule one that ensures you aren't rolling the same software to a system that already has it.
• Applicability Rules - For those resources that were not detected, if an Applicability Rule exists it will be executed against the system. Unlike Detection Rules, only if the Applicability Rule is detected will the MSD execute!
  • A common Applicability Rule is Windows Version. The update or Software may not support Windows 7, for example, so the rule will only succeed on Windows systems that are not 7.
  • Another type of Applicability Rule is an update to software that has to exist on the target system. This helps stop those executions that will fail the prerequisite check from throwing an error. Better if it doesn't run when it doesn't need to.

Rules add intelligence to the Software Management Process. In version 6.1 of Software Delivery, all intelligence had to be handled at the server end. Inventory provided what we knew was already on the system, and the NS provided the SQL logic in a Collection to automatically roll out Software to those systems that needed it. This was far from real-time and sometimes resulted in machines executing Software it didn't need or already had. It didn't take much to be out of sync between the Server and the client as Inventory had to update so the NS would know what had changed.

Rules execute real time, so they will know the moment they run if a system is compliant or not. If not compliant, it runs remediation to resolve the compliance issue.

Manual Execution

By default Managed Software Delivery Policies can be executed locally at the Agent User interface. This helps when troubleshooting an MSD execution or if you simply need to run a compliance check ASAP. The following process details how to execute the MSD manually:

1. On the client computer double-click on the Symantec Management Agent icon. If the icon is not visible (hidden per policy), browse under C:\Program Files\Altiris\Altiris Agent\ and execute AeXAgentActivate.exe.
2. Select the Software Delivery tab.
3. From the list of available software, highlight the MSD to view (Office 2007 Bundle in this example).
4. Look under the Application Tasks heading. The link here will execute the MSD immediately.

When executing an MSD in this manner, it does not mean the applicable Software Resources will automatically install. The same Rules are applied as in a normally scheduled delivery. Detection and Applicability checks will occur and influence what items run or are skipped.

Software Publishing

Managed Software Delivery policies can be requested from the Software Portal. This allows users to add an application or suite of applications for automatic deployment and management. This will be covered in detail under the Software Portal section of this document.

Troubleshooting

This section covers troubleshooting for Managed Delivery Policies and functions surrounding it. While some of the items are similar to Quick Delivery, there is much more involved with a Managed Delivery Policy.

1. Client never receives the Policy
   1. When the client requests an updated configuration, does an error appear in the log? This would indicate a problem with the Policy. Search the knowledgebase on the error for a solution.
   2. You may be out of Software Management Solution licenses. Check your license count. If it shows you at the limit, this client might have not received a license, and thus the policy is disallowed from executing on it.
   3. Check Targeting. If you change the targeting display to computers, you can search for the one that didn't receive the policy. It's possible it is not applied due to filter criteria in the Target, or in the applied Filter.
2. Policy never finishes running
   1. This is often caused by a prompt within the execution. If you run the command-line outside of SMP, do you get any prompts that require user interaction? If so, make sure a silent switch or argument is added to the command-line. Any pop up, even one that only requires you to click OK, will "hang" a task.
   2. On rare occasions this is caused by a hang of the SMFAgent. Try restarting the Symantec Management Agent and running the Policy again.
3. Policy Errors out
   1. Check the Exit Code. These are passed back from the installer. Run a search on Google to see what the code means, and apply the resolution as applicable.
   2. Run the Command-line outside of SMP. If the same error occurs, this is an installer problem and not an issue with Software Management. If it won't run outside of Altiris, there's not much we can do.
   3. Does the Policy require network access? Run as a specified user with network access. The default account, System, does not have any rights outside of the local system.
   4. If the Exit Code is not typical, or does not get thrown from the installer, check our knowledgebase system to see if we have it documented.
4. Policy never executes due to Package Download Issues
   1. What Package Server options have you set in the Package Properties? Package Servers must be selected in one way or another in order for their clients to download the package.

      

   2. All Package Servers is the easiest option since they will all host the package as soon as they know about it. This removes any potential for delay.
   3. All Package Servers with manual prestaging will allow any package server to get the package, but only after a client who is serviced by it requests it. This adds a potential delay to the download process and may explain why a client is not getting a valid codebase when it first gets a policy or task with the package.
   4. If you select only specific Package Servers, ensure that all clients have good bandwidth to those locations, or that limited bandwidth is taken into account.
   5. Does the Package Server the client is communicating with have the package in a ready state?
   6. Check what Site Server the client is communicating with by opening the Agent user interface and clicking on the Task Status tab.

      

   7. Go to that Site Server and open the Agent user interface.
   8. Click on the Package Server tab to review the Status.

      

   9. The three step process to make sure everything is where it should is to:
      • Under Settings click Update Configuration.
      • Under the Package Server tab, click Refresh all packages.
      • Under the Package Server tab, click Resend all statuses.
   10. Is the client getting the Code bases (links to download) from the Notification Server?
   11. On the affected client, bring up the agent user interface.
   12. Click on the Software Delivery tab.
   13. Find the Policy that contains the package you need downloaded. Double-click on the package line down in the lower-right pane.
   14. Click on the Download History tab.

       

   15. If no Source location is shown, see concerning Package Servers having the package ready previous in this list. A second problem could stem from the client belonging to a site that does not have a Package Server assigned.
5. Scheduled but does not Execute
   1. Has this schedule been applied before? Every schedule has a GUID, and the local clients store schedules by GUID so it may think it's already run it, even if the schedule was modified. Delete and recreate the schedule to renew it.
   2. Have you set the advanced option "Only run at the exact schedule time"? If it misses this schedule, and it does not repeat, then it will not try again.
   3. Policies are queued up. Are other Policies running, stuck running, or the like?
6. Rule Issues
   1. Review the section outlined in the Process Flows Troubleshooting for Rules.
   2. Are too many detection rules scheduled at the same time? Certain defects have mostly been corrected, but if many are scheduled at the same time, the evaluation can cause problems with the local rule cache. Stagger the execution times to minimize this possibility.
   3. Detection but execution occurred anyway - If this occurs, change the command-line type from Custom to Install. Also check if the type was inadvertently set as uninstall.
7. Associations
   1. Please review the section outlined in the Process Flows Troubleshooting for Associations. Details are provided there.

Symantec Software Management 7.5 Troubleshooting and Best Practices: Part 1
Symantec Software Management 7.5 Troubleshooting and Best Practices: Part 2
Symantec Software Management 7.5 Troubleshooting and Best Practices: Part 3
Symantec Software Management 7.5 Troubleshooting and Best Practices: Part 4
Symantec Software Management 7.5 Troubleshooting and Best Practices: Part 5
Symantec Software Management 7.5 Troubleshooting and Best Practices: Part 7