I use VSA and the clients are Agent version 126.96.36.199
I want to use LANC Cache when I update my clients with Patch Management. I added a LAN Cache through Agent > Configure Agents > LAN Cache, I use a server with plenty space. The cache administrator was made automatically and the status was Successfully tested.
A policy assigned via Site specific policies the correct LAN Cache because we have multiple sites (locations) with there own LAN Cache server.
Now when I use a agent procedure I see that the file (if needed) is placed on the LC server.
Under Agent > Configure Agents > Assign LAN Cache I checked the status with the button "Test Assigned LAN Cache Functionality". Result: Passed
So far so good. But when I want to update the client via Patch Management and do a Patch Status test I get as a result:
Either the LAN Cache configuration is invalid or LAN Cache server was not available.
On the LC server I see that there is created a file with the name %server%\lancache$\VSAFileShare\PATCH\FileSource_Do_NOT_DELETE.txt
I looked at other directory's but there are no other document/files that indicate that the updates are being downloaded on the LC server.
The updates doesn't work
Can anybody help me, I'm stuck. Maybe there is a different way to do this.
If you need more info, please let me know.
It sounds like the agent cant access the share lancache created. By default, the VSA Agent operates as "NT Authority\System... an account which does not have authority to access the network. So LanCache creates an account, (FSAdminxxx...) a local administrator, with the same username and PW on the LC and any machine assigned to it. There are a number of use cases where this does not work or where the agent wants to connect using the set creds...
Try setting credentials on the agent with something with enough authority to access the share Lancache created. >>Agent>Agents>Manage Agents>Set Credentials...
If the set creds are already set, make sure that account has authority to access the lancache share.
its not recommended to allow the FSAdmin account to be created on a domain controller. Since a DC has no local accounts, it would be created as a domain admin. The issue is a known Microsoft weak spot... having a local admin (with easily accessible pw hashes in the local SAM) that are the exact same as the domain admin pw hashes (as would be the case when LanCach creates them the same), a threat could achieve elevated domain privileges by hacking a the local version of the user/pw, something commonly called a pass-the-hash attack. You never want a local admin account to be the same user and password as a domain admin.
You will find a setting in the VSA, >>System>Server Management>Default Settings>LAN Cache that turns off the FSAdmin creation so you can just use the set credentials.
Hope this helps...