Hello – We have our UMS & ICG in the Azure cloud. We’ve been working to deploy our Custom Partition through the ICG. We have an external FTP site accessible by the device with the .inf & .bz2.
When the ICG is enabled, deploying the Custom Partition in the UMS “succeeds”. All looks well in the UMS except the device never receives the Custom Partition deployment.
When the ICG is disabled, deploying the Custom Partition in the UMS “fails” – “cannot connect to device”. However, manually rebooting the device triggers the deployment of the Custom Partition which is installed properly & runs well.
I’ve read the many threads on deploying a Custom Partition when an ICG is required. However, most mention referencing the externally accessible FTP site in the profile as the key (which we do). Can we deploy our Custom Partition through the ICG & if so, what are we missing? Thanks, Matthew
Hello Matthew, when you say ICG disabled, you mean the endpoint is out of reach of your UMS, right? No VPN or similar, correct?
Does it work if you push kb.igel.com/endpointmgmt-6.06/en/devices-37282032.html kb.igel.com/endpointmgmt-6.06/en/devices-37282032.html
Settings Ums>Device?
Is the device green or red in that case?
Hi Sebastien – Appreciate the quick response! When I say enabled/disabled I refer to toggling the _System > Registry > system > remotemanager > enable_icg_ on the device. The endpoint can reach the UMS when it initiates the exchange (e.g. when booting) as it’s behind a NAT. The UMS cannot reach the device with an unsolicited message when the ICG is disabled & shows RED. When the ICG is enabled, the UMS shows the device as GREEN.
The push you note (menu bar->Device) works if ICG is enabled (toggled on from device). We can reboot the device, etc. When ICG is disabled (toggled off in the device), all push communication from UMS fails.
_Settings Ums>Device?_ can you clarify?
Since the UMS isn‘t designed to speak to external devices actively, but retrieving setting on boot (device=>tcp 30001=>public UMS) works. I assume that a
telnet IpOfAnEndpoint 30005
doesn‘t work from UMS, correct?
i suspect not but no sure how to run telnet from UMS…from Windows Server hosting UMS?
It‘s just testing if you can access 30005 TCP from UMS -> Endpoint. Telnet is just one way, you can use Powershell instead:
Test-NetConnection 192.168.1.1 -Port <tel:30005|30005>
Ah. Yes, that fails, UMS cannot address device directly but had hoped ICG could & would relay Custom partition.
Then, you cannot push settings, I would let the ICG in between. That‘s the only supported way to get the devices managed properly👍
Yes, that was my hope for the ICG, but how to get it to relay the Custom Partition? Or must we disable the ICG, push the Custom Partition, reboot manually, the enable the ICG?
Sorry, mis read your post.
If you shadow the device, open a local Terminal (Profile, Accessories, Terminal, +, save, assign), login as root:
journalctl -f | grep igelrm_agent
and send your Custom partition config. What does the logs tell?
i’ve not shadowed a device before…i’ll need to dig around on how to do that…enabling on the device is the first step i assume…
Exactly: kb.igel.com/endpointmgmt-6.06/en/shadowing-vnc-37282419.html kb.igel.com/endpointmgmt-6.06/en/shadowing-vnc-37282419.html
With ICG enabled, the device address in UMS is the local address behind the NAT which ICG talks to. But shadowing fails on the UMS since it is trying to get through the NAT.
_The IGEL UMS Console allows you to observe the desktop of a device on your local PC via shadowing with VNC_
so it looks like shadowing will only work for local devices…
Shadowing is also available over ICG:
kb.igel.com/endpointmgmt-6.06/en/ums-and-devices-secure-shadowing-37281640.html kb.igel.com/endpointmgmt-6.06/en/ums-and-devices-secure-shadowing-37281640.html
ah, i’ll dig into how to do that approach…thanks, matthew
It will for sure give you more insights on where the device fails to get your CP. Keep my fingers crossed☺️
:thinking_face:
After tracing packet flows through the UMS->ICG->endpoint to double check on the proper ports being open. I scanned the various logs. On the endpoint after an attempt to deploy the Custom Partition, there is a log message: _ICG is not licensed, received settings are discarded_. I was unaware of the need to license the ICG, where can I find the necessary information? Thanks, Matthew
After tracing packet flows through the UMS->ICG->endpoint to double check on the proper ports being open. I scanned the various logs. On the endpoint after an attempt to deploy the Custom Partition, there is a log message: _ICG is not licensed, received settings are discarded_. I was unaware of the need to license the ICG, where can I find the necessary information? Thanks, Matthew
Do you have a valid EMP Subscription for that device?
EMP shows as unlicensed here but shows in activation.igel.com/#!home as “new”, “no end date yet”.
Then, your pack isn’t activated and not retrieved from your device. Please add the mac address to the EMP pack.
Added the mac address to the EMP in the IGEL License Portal. It now shows as “activated” with 1/5 volume. UMS still shows as unlicensed. Will dig into importing the new license. Any pointers would be most welcome.
How did you licensed the other device with Workspace Edition?
Download it there kb.igel.com/licensesmore-igelos11/en/manual-license-deployment-for-igel-os-without-ums-26029167.html kb.igel.com/licensesmore-igelos11/en/manual-license-deployment-for-igel-os-without-ums-26029167.html and upload it here:
kb.igel.com/endpointmgmt-6.06/en/device-licenses-37282548.html kb.igel.com/endpointmgmt-6.06/en/device-licenses-37282548.html
Reboot
Ah. We rcv’d 5 UD pockets when we joined the Ready Program. So the device is licensed as a Workspace Edition Maint. (which shows in UMS in the Device details. But it doesn’t show in the UMS->admin->Licenses->Device’s Licenses. However, the log message indicated the ICG was not licensed.
Then I would replace the Mac by the unit id of one of your UD Pockets and download the license as described above. Then import it as in the second link.
Sorry for being dense. In the licensing portal, I see 2 entries: one for WE & one for EMP. I believe when I installed UMS, I chose the WE installation. Do I need to convert the UMS to the EMP licensing? I added the MAC of the endpoint to the EMP & downloaded the .lic file.
Now re-reading your note, it seems that I create a device license using the UD pocket code. Download & then add that to the UMS. So no worry about WE or EMP licenses?
I appreciate your patience. From my reading, I need to update the UMS with the EMP license (currently it has the WE license):
• If you need to manage a thin client fleet that is external to your corporate firewall, then you need an EMP license in order for the thin client to register to UMS via ICG.
• igelcomarchive.wpengine.com/what-licenes-do-i-need-for-igel-icg/
◦ There are no ‘ICG’ licenses, just EMP (Enterprise Management Pack), which allows you to use ICG.
◦ So in your case, you need the addon license for EMP, and you are ready to roll
I tried the steps you originally forwarded:
kb.igel.com/licensesmore-igelos11/en/manual-license-deployment-for-igel-os-without-ums-26029167.html
However, when I registered the delivery token, it failed with msg: “Already consumed…” as I had registered them last year. Ummmm.
For a standard use case without ICG or wo SWP: you only need WE, if you can, with valid maintenance (for applying OS Updates)
For a standard use case WITH ICG or/and SWP: you need WE, valid maintenance AND a valid EMP Subscription.
Hope that helps.
Yes, it helps. I exported the UMS cert, used it in the IGEL license Portal to create a licensing id with both the WE & EMP packs. Then imported the device license key (MAC of exiting device).
The device shows in device licensing panel but the EMP subscription shows expired today. The device (formerly GREEN), now shows purple cross bar with little cloud icon
The UMS has no license for the device.
So your reply some time ago on using a UD “unit id” rather than MAC address still a good idea? or do I need to pay for a EMP subscription? If so, how do I proceed to subscribe? Thanks!
You donˋt seem to get all my responses… Sorry for that… Writing whole paragraphs that are gone now … Makes me really happy… :face_with_rolling_eyes: Slack hates me …
bummer!!
Was explaining that… Mac address in Product packs are needed of you use IGEL OS installed on an endpoint on its disk.
Unit ID is only meant for UD Pocket, where we cannot rely on MAC Addresses since the stick might roam.
Did you got the last two posts (mac and Unit ID)?
The EMP is a subscription, so if it says expired, you would need to buy a new Subscription OR register for a demo license on igel.com/downloads igel.com/downloads
please confirm the posts you got from me with a 👍, then I see which one fail😩
marked the ones rcv’d…
Switched to the laptop, seems to work there. Thx!
Makes sense with the UD pocket roaming…a colleague will need to add a device starting with a UD pocket but let’s leave that for now & get this working…
when i “register for a demo license on igel.com/downloads igel.com/downloads, can I “upgrade” my existing UMS or do i need to start from scratch?
The UMS stays the same, but i would delete all licenses from your UDP first.
• create a new profile
• copy the following one liner into: System, Firmware Customisation, Custom Commands, Desktop, Final Desktop Command
`mount -o remount,rw /license; find . | grep -iRl “.*lic” /license/dsa/licenses/ | xargs -I {} rm -rf {}; mount -o remount,ro /license`
kb.igel.com/igelos-11.04/en/desktop-32871543.html
Reboot, wait until it’s booted, remove the profile!
so the steps are: 1) register for a demo license
2) delete existing device licenses in existing UMS
3) run your special profile on the device
do i need to do anything to get the new EMP subscription recognized on my UMS?
between 1 and 2: copy your Unit ID and paste it in the link of the mail you will receive, download the lic file
between 2 and 3:
upload it to UMS – Device licenses
great, another question – what is the “Unit ID” again?
In my case it’s a MAC, because I don’t have a UD Pocket by hand, but it’s that one:
beautiful…MAC it is – waiting on the email…appreciate your help & perseverance!
Happy to help, hope this will sort the issue out. We are creating a new guide / tutorial for Licensing btw… It isn’t self explaining at all… 😞
Stay tuned
Good news, Sebastien. After registering the new delivery token & following your steps, the endpoint is successfully connected to ICG, Custom Partition deploys properly, all appears well! Greatly appreciate you sticking with me through the dark time. ;} Thanks, Matthew
Oh!! That‘s great to hear!! You are welcome, so happy that you got it it sorted out! Great job Matthew, really great🙏
Continue reading and comment on the thread ‘Can we deploy our Custom Partition through the IGEL ICG?’. Not a member? Join Here!
Learn more, search the IGEL Knowledge Base
Ask a question or comment on the above message thread?
Join or log in to the IGEL Community to ask us anything and meet other IGEL customers, partners, and EUC enthusiasts.Submit a question, or Join Today!