RE: Imaging Computers Offsite - Any adjustments needed?

@theopenem_admin I apologize for the delay. I was able to get the autodiscover and everything to work now seemingly. It registers the computers and gets up to the point where I can just about deploy an image... I can see the task in the webgui... I can see the computer listed with the custom name I gave it under imageonly under computers... yet I cannot see any of our images to be able to deploy them to this offsite computer. Any idea why? It just says no images instead of the 5 or 6 we have present.

@theopenem_admin I'll load one up in a few minutes and post a screenshot. Supposing I load one in a location that doesn't have a dhcp server.. could I run a portable one like the one you use in your tutorial videos without screwing anything else up on the network... perhaps create a little subnetwork at this location just for imaging purposes? Is there one that's better than others? (dhcp server)

@theopenem_admin

Seems to be set correctly. I just can't seem to image from an offsite location via usb.. It tells me the imaging client isn't available and it doesn't auto assign an ip. Maybe i'll double check my boot iso?

@theopenem_admin Can you tell me specifically what I need to set within our firewall? Port numbers or special forwarding of any kind? Sorry for the novice request.. I have a network guy that I rely on, I'm more on the server/data integrity end of things. I appreciate you.

Hello,

I am wanting to allow a team member who is off site in another state to utilize our already uploaded images to deploy windows images to computers at that location. They can be connected via cat cable to a fiber connection but they will not be on the same lan. Is there anything special that I need to adjust to allow this? My instance of the open em is already accessible to the outside and this person uses it to manage our endpoints occasionally.. what about opening any ports? Will she need a dhcp server at her location or can ip addresses be assigned manually? What’s the best way to go about this… it’s also my understanding that she cannot upload images unless she’s on the same lan… only deploy them. Thank you I’m advance for the assistance.

@theopenem_admin Excellent. Thank you again for your response and assistance!

@theopenem_admin Would the same apply for endpoints marked as archived? Safe to delete these as well? Seems like they are duplicates and there are computers with the same name also listed as endpoints with a status of Provisioned.

@theopenem_admin Found a reference to the image already exists on com server two log. I logged on to the secondary server at 4.40 and renamed the folder that contained the images. Added a .old to the name of the folder. Images were recreated on this server and all is replicating normally now. Thank you!

Hello, I was hoping you can tell me if some of my settings are incorrect which may be causing my images to fail to replicate to my second server. I took your advice and just shared the toems storage from the first server and used that as the SMB share rather than utilizing an external hard drive. So I have one Toems server at 4.39 and another at 4.40. As you suggested, I have them both running within the same cluster to harness both resources but it seems the images aren't replicating consistently... maybe I have one of these settings wrong. I will post pictures. Also, any suggestions on a how to share the database so that if the first server fails, the second server will automatically pickup as a failover without any downtime both for communicating with endpoints/deploying packages and imaging computers? Thanks for the help as always. TheOpenEM is really a fantastic product! Keep up the great work.

Lastly... when I look at all my endpoints... I see a ton listed as image only with provision dates of 1/1/0001 and 12:00AM... can I just delete all these or is there a way to prevent these to have a more true number of endpoints so I don't have a bunch of empties/blanks? Thanks!

@theopenem_admin Ahh I see. Ok which should they be for my WinPE images? One image has it set to dynamic, one has standard. I may have changed one during troubleshooting. Thanks.

@theopenem_admin The Default LIE Block has it set to dynamic but the WIE says standard. Should I adjust this setting? Thank you for your time.

@theopenem_admin

Thank you for taking the time to reply to these. I took your suggestion about simply sharing the local storage from one of the two servers. So I have the two local storage locations as well as the SMB which is the toems local storage from the original server shared as an SMB. I'll get rid of the external hard drive that I was using as the SMB originally. I also deleted the secondary com server cluster and have both the primary toems server and the second toems server in the one main cluster, both as active and all features checked.

I take regular images of the entire primary server and the secondary server so included in that image should be the database. So as long as I maintain this backup process, I should always be able to restore communication with my endpoints should anything happen correct?

Since I have the two seperate servers utilizing the same database both turned on, I suppose this acts as like a load balancer since we have double the resources then? If I could figure out a way to replicate the database to both like you said, whats the benefit... just easier more automatic failover vs restoring the original server from my backup image if it goes down?

I went ahead and uploaded those files and the WinPE module as well as the new deploy through toec feature worked very well. Off the top of your head, any reason we can upload images just fine when booting from the flash drive into the new windows imaging environment but when we try to deploy an image we get an error determining minimum hard drive size? Thanks again!

Hello,

I've been using TOEM for a little over a year and had a few setbacks here and there with endpoints communicating from time to time, had to rebuild once also. It's been working very well for the most part. Yesterday, I upgraded us to the latest version and have a few questions that maybe you can clear up.

Failover:

My primary TOEM server is at an ip address ending in .39 so I built a second TOEM server at .40 to be used as a failover in case anything happens to the main .39 server. It's up and running, it's accessible and looks great. While it may seem obvious for some, I just want to clarify what the settings should be for a failover type situation. The same credentials seem to work for both .39 and .40 so it doesn't appear that they are two separate servers. The endpoints are all listed there just like the primary also. My few questions where this is concerned are...

Do I leave the com server at .40:8888 and just change it 39 should there be any issue with the primary server?

Or would that even matter since theres a unique ID that all the endpoints use to communicate and check in which would probably be different on the second server right?

Sorry to complicate this just want to be sure... should I have the upload interface and the com server address the same on both the primary and failover or should they be different on both? I'm not using it for load balancing or anything unless you recommend it this way. My primary reason for building the second one was for failover I suppose.

Should I have a primary com server cluster with both com servers and then a secondary com server cluster with just the failover com server? Should they be set to active active or active passive?

Replication:

During one of the previous upgrades, I interpreted the wording in the documentation to indicate that I now need to have a SMB share since I have more than one server. I added an external hard drive and titled it EMS_SMB. It's connected to one of my administrative systems and shared on the network. So now I have toems_local storage on the c drive on the primary server, toems_local storage on the c drive of the failover server and the external hard drive which is a network share. We have 4 or 5 images that we captured and use regularly. They took a while but finally replicated after that upgrade (two upgrades ago) now its really taking its time replicating so I just want to make sure of what these settings should be...

Do I need to use the external hard drive or is there a better way to do this? If so, should I be utilizing the direct to smb function that I see in the settings?

WinPE

Lastly, I was able to successfully create an image and deploy it using the new Windows Imaging Environment and the new "Super ISO" that works well... a couple of questions though..

I will have to recapture the other images that I previously made with the linux environment correct? If I want to use the new Windows 11 UEFI/Legacy friendly WIE method?

When trying to follow the documentation for building the WIE, that all went fine but I couldn't figure out how to take advantage of the new feature where you can deploy an image to a computer directly through the TOEM web gui using the Toec Client on that machine. I adjusted the image settings for a particular endpoint, then I saw a section for a WinPE module so figured I had to create this module. I went to modules and created a default WinPE module but wasn't sure exactly which file to upload... I uploaded the Super ISO but when trying to deploy the image via toec to an endpoint in the webgui, it said files were missing. Do I need to upload different files? Perhaps other boot files that were creating during the WIE build?

Sorry for all these questions at once. Answer only when time allows. I appreciate all of the hard work you put into this product.

Thanks!

• Novice TOEM user.

@anx98049 So even though the new server shows all my endpoints... it's just grabbing that from the original server right? The endpoints are still primarily communicating with the original server right now then? Also, before I go down a rabbit hole.. Doesn't the time zone appear off here? I'm on eastern and it's 9:55PM. Check out these logs of recent functions on the original server.

@theopenem_admin Ok got it. I exported the existing certs and installed them on the new server in the proper locations. I configured an smb like in your video tutorial and got that all set in the storage location under admin settings also. No here's the thing.. If I set the old server as passive... and the endpoints start communicating with the new server like you said... the end goal is to get rid of the problematic server I assume... Wouldn't I have to migrate the database over to the new server? Because the new server just has the app server/com server right now.

@anx98049 I grabbed the connection string from the main server config file, grabbed the db encryption key from there also, then just updated the ip address in the connection string to point to the primary database/server. I did get the com server unique ID from the new com server entry and updated that within the new config file as well.

@theopenem_admin Ok new VM is up and running. TheOpenEM 4.8 installed on Server 2019. I've done just about everything except the certificates... I kind of expected to have to log in with toemsadmin and toemsadmin but it carried over my login credentials from the primary server... all endpoints are listed. I have this secondary server listed as passive right now within the com server settings of the main server. Where do I go from here? Did I do something wrong that it doesn't have it's own seperate credentials for this seperate server? Do I log into this new server, log in to toems and generate,export and install the certificates on the new server now? Then should I test sending a message to one of the endpoints? They are all there but I feel like this is more of a duplicate or mirroring. Thanks for your guidance.

@theopenem_admin Building new vm with server 19 now, Will report back. Thanks again!

@theopenem_admin I really do appreciate your help on this as I'm not sure where to go with it. Let me ask you this... I have this TOEMS server running on a VM, before I installed the latest update to 4.8 and clicked on prepare toec clients to push out the 4.5 version of toec on all my endpoints, I took a snapshot... If I restore the vm to that snapshot, which will bring me back to 4.4 I believe (and of course it wouldn't restore the toec clients) will I still be able to communicate with my endpoints? (And is this even worth it since some of these errors predate the update) I'm not sure why because I just pushed a software/policy module in september with no issues whatsoever... the message feature never worked for me but just about everything else did. Should I maybe build a new vm with a fresh install of theopenem and use the current server ID and fingerprint etc? just a fresh IP?

@theopenem_admin

Should I try deleting the certificates from the server and generating new ones and adding them back? Should I try to maybe restore my server from a backup? I am really concerned with losing all of these endpoints though. It's weird because we've pushed some policies without issue within the last few months but if you look at some of the logs on the server... these api errors and certificates errors go far back to even april. So confused.