Is there a way to fix incorrect proxy information sent to endpoints

[Ufoto 14]

Hello,

Is there a way to revert a incorrect proxy configuration send to endpoints? During proxy configuration the new policy got merged with an old one configured lower in the group structure and a number of endpoints ended up having a mix of wrong certificate and proxy address which as a result stopped their communication with ESMC. Now we can't push a new policy because these systems are no longer communicating. 

Is there a way to fix this other than manually uninstalling the old agent locally on each device, and installing a new one with the correct configuration? Is there a config file that can be replaced, or amended in order to restore communication?

Thank you in advance!

[MartinK 378]

7 hours ago, Kostadin_k said:

Is there a way to fix this other than manually uninstalling the old agent locally on each device, and installing a new one with the correct configuration? Is there a config file that can be replaced, or amended in order to restore communication?

In case there will be no other possibility, so called "repair" mechanisms of installer can be used to correct communicate-relateted values. This can be achieved by manual running of standalone AGENT installer, or also executing other installer types on client machine. In case of repair, device identity should be retained, i.e. it will start connecting as if there was no interruption.

Could you also describe of how "wrong" is proxy configuration? Asking especially whether there is no possibility to somehow install proxy on place where it is expected, at least until new policy is delivered to AGENTs.

[Ufoto 14]

Hello Martin,

We were migrating the systems to a new ESMC which is reachable only through proxy. The policy with the new ESMC address, proxy settings and new agent certificate was assigned at the 'All' group, however further down the group structure there were couple of groups where a custom agent policy was assigned (with no proxy configuration) and both policies got merged together which seems to have resulted into a mixture of settings for both the old and the new ESMC server. On a side note, is there a way to disable policy merging and just apply the policy with most specific assignment and ignore all others?

I tried running a new agent installer, but it fails to install as the agent already present on the device is on the same version. How do I access this 'repair' mode as I didn't see such option?

 

Thank you in advance!

[MartinK 378]

1 hour ago, Kostadin_k said:

On a side note, is there a way to disable policy merging and just apply the policy with most specific assignment and ignore all others?

In this case, probably settings should have been forced instead of applied (this is done per-setting in configuration editor) and it impact order and priority of policies. But this will prevent just replacing settings, not merging different settings, so still it might not be proper solution for all settings.

Regarding connectivity problems, what is actually current problem of AGENT? They cannot reach wrongly configured HTTP proxy? Or they are not using any proxy and thus not able to connect? I was just thinking whether there might be some other solution than manually repairing AGENTs using installers or GPO/SCCM, but it is dependent on infrastructure and possibilities you have to at least temporarily adapt it to enable connections ...