CA Client Automation

Expand all | Collapse all

Software Delivery - "Job Execution postponed by user at the agent."

  • 1.  Software Delivery - "Job Execution postponed by user at the agent."

    Posted Jan 17, 2013 11:41 AM
    I am just setting up my CA ITSM Environment. When I push software to a Windows Workstation or Server I get the status message on the ITCM that "Job Execution postponed by user at the agent." . I can see the job running on the agent every five minutes but does not install the software. Thanks! Ed Roth


  • 2.  RE: Software Delivery - "Job Execution postponed by user at the agent."

    Broadcom Employee
    Posted Jan 21, 2013 05:07 AM
    Hi,

    What is the version of ITCM? If it is R12.5, please review the following published fix: RO38033

    https://support.ca.com/irj/portal/solncdndtls?aparno=RO38033&os=WINDOWS&docid=559144&actionID=5&fromKBResultsScreen=T

    Regards,
    Samad


  • 3.  RE: Software Delivery - "Job Execution postponed by user at the agent."

    Posted Jan 29, 2013 02:22 PM
    ITCM Version 12.5 SP1 - that fix was supposedly rolled in to this version. Still having the issue btw. I cannot push software at this point...


  • 4.  RE: Software Delivery - "Job Execution postponed by user at the agent."

    Posted Jan 30, 2013 06:46 AM

    ratfink wrote:

    ITCM Version 12.5 SP1 - that fix was supposedly rolled in to this version. Still having the issue btw. I cannot push software at this point...
    I have sometimes same problem as you....sometimes help me restart domain server( not not for all cases)


  • 5.  RE: Software Delivery - "Job Execution postponed by user at the agent."

    Posted Jan 30, 2013 07:06 AM
    It's fixed in SP1 but if the problem has already occured on a machine that was upgraded to SP1 you still need ot rmeove the additional certs


  • 6.  RE: Software Delivery - "Job Execution postponed by user at the agent."

    Posted Feb 14, 2013 05:57 AM
    Hi ratfink,

    As per my previous experiences, it is happening if the network bandwidth of the agent PC is low as required for the software job to deploy in it. Hence, try (test) to do this on a business off days or try this in office network. Also, I've observed this is mostly occurring on the home-business networks.

    So, please try to verify in this scenarios and let me know you thoughts on this.

    Regards,
    Rao.


  • 7.  RE: Software Delivery - "Job Execution postponed by user at the agent."

    Posted Feb 21, 2013 02:18 PM
    We found out it that port 4178 inbound needed to be opened up on the server. Fixed after that. Thanks for the suggestions/comments.


  • 8.  RE: Software Delivery - "Job Execution postponed by user at the agent."

    Posted Feb 21, 2013 05:48 PM

    ratfink wrote:

    We found out it that port 4178 inbound needed to be opened up on the server. Fixed after that. Thanks for the suggestions/comments.
    Dear ratfink

    Could you please tell me how can I modify that port on the server, because I have the same issue, and I am going to apply some patches to my domain server my CA ITCM version 12.5 .
    Note: that Issue happen with some of agent machine not all

    thanks best regards
    M.Sobh


  • 9.  RE: Software Delivery - "Job Execution postponed by user at the agent."

    Posted Feb 21, 2013 06:51 PM
    Actually now that I am looking at it - I don't see the 4178 open anywhere on the firewall:

    check these ports in Windows Firewall with Advanced Security on DSM and Agent:

    a. 4104 UDP
    b. 4105 TCP
    c. 7163 TCP

    Hope I didn't steer you down the wrong path...

    Ed


  • 10.  RE: Software Delivery - "Job Execution postponed by user at the agent."

    Posted Mar 22, 2013 10:11 AM
    Hi,

    This seems to be an certificate issue, Please follow the below steps and let me know if you are still facing an issue. Moreover its not related to an Network issue.

    Document ID: TEC557259
    Tech Document
    Title: In ITCM 12.5 there is a critical issue where a duplicate anonymous certificate gets created after one year, that prevents proper communication/authentication with other ITCM devices.

    Description:
    The problem is that after one year, usually if a machine has been renamed (at any point after the ITCM agent has been installed), a duplicate anonymous certificate will get created on the agent causing authentication to fail. Once this happens it prevents the agent from communicating properly with its Scalability Server and Domain Manager and thus does not allow Software Delivery, Asset Management, or Remote Control to function on the affected agent machines. This means it is critical to roll out the corrective fix immediately in order to prevent the problem from occurring while you can still use Software Delivery to push out the patch.
    Some of the common errors that you may see that will indicate you have this problem are listed below:

    For Software Delivery, you may see the error

    "Job execution postponed by user at the agent. Job is rescheduled until the next time the agent connects.
    [SDM228487]"

    For Remote Control, you may see the error below when trying to make a connection

    "Unable to establish a remote control session: The network connection was lost during negotiation of encryption."

    For asset management, you may not see updated w00000x.xml files in the "%sdroot%\..\Agent\units\00000001\uam" directory

    The key error message may be seen in the following logs, TRC_USD_SDAGENT, TRC_AMAGENT, or

    TRC_CF_CERT_UTIL logs...

    ERROR | CSecretStore::storeSecret: appTag: tag name: itcm-anonymous: duplicate item found
    ERROR | CCertStore::AssociateCertificate: can't save cert tag
    Solution:
    In order to address this problem the following patches have been published on Support.ca.com under the Published Solutions section for IT Client Manager.
    RO38033 is the Master Image fix, if you have not already installed 12.5 you can patch the 12.5 Install media with this to prevent the problem from ever happening.
    RO32103 (formerly TF6F616) is for patching existing Domain Managers, Scalability Servers and Agents.
    If you have not installed ITCM 12.5 with the patched master image, it is critical that RO32103 need to be applied to all machines as this corrects an issue where a duplicate anonymous certificate may get created after a year of installing ITCM 12.5.
    Once the problem occurs, you will no longer be able to send software, run asset scans, or remote control affected agents until the fix is applied. So this is critical to apply before the problem happens.
    If the problem has already occurred, you can use the following commands via login script or other methods as a temporary means to get the agents working again for one year.
    cacertutil remove -t:itcm-anonymous
    cacertutil list -v"
    Once these commands are run on the machine you should still work on packaging the fix RO32103 and deploying the fix out to ALL machines in your infrastructure.
    You can use the tech doc at the URL below to package the fix with ApplyPTF to apply the patch through software delivery.
    https://support.ca.com/irj/portal/anonymous/redirArticles?reqPage=search&searchID=TEC407128.
    Document ID: TEC557259
    Tech Document
    Title: In ITCM 12.5 there is a critical issue where a duplicate anonymous certificate gets created after one year, that prevents proper communication/authentication with other ITCM devices.

    Description:
    The problem is that after one year, usually if a machine has been renamed (at any point after the ITCM agent has been installed), a duplicate anonymous certificate will get created on the agent causing authentication to fail. Once this happens it prevents the agent from communicating properly with its Scalability Server and Domain Manager and thus does not allow Software Delivery, Asset Management, or Remote Control to function on the affected agent machines. This means it is critical to roll out the corrective fix immediately in order to prevent the problem from occurring while you can still use Software Delivery to push out the patch.
    Some of the common errors that you may see that will indicate you have this problem are listed below:

    For Software Delivery, you may see the error

    "Job execution postponed by user at the agent. Job is rescheduled until the next time the agent connects.
    [SDM228487]"

    For Remote Control, you may see the error below when trying to make a connection

    "Unable to establish a remote control session: The network connection was lost during negotiation of encryption."

    For asset management, you may not see updated w00000x.xml files in the "%sdroot%\..\Agent\units\00000001\uam" directory

    The key error message may be seen in the following logs, TRC_USD_SDAGENT, TRC_AMAGENT, or

    TRC_CF_CERT_UTIL logs...

    ERROR | CSecretStore::storeSecret: appTag: tag name: itcm-anonymous: duplicate item found
    ERROR | CCertStore::AssociateCertificate: can't save cert tag
    Solution:
    In order to address this problem the following patches have been published on Support.ca.com under the Published Solutions section for IT Client Manager.
    RO38033 is the Master Image fix, if you have not already installed 12.5 you can patch the 12.5 Install media with this to prevent the problem from ever happening.
    RO32103 (formerly TF6F616) is for patching existing Domain Managers, Scalability Servers and Agents.
    If you have not installed ITCM 12.5 with the patched master image, it is critical that RO32103 need to be applied to all machines as this corrects an issue where a duplicate anonymous certificate may get created after a year of installing ITCM 12.5.
    Once the problem occurs, you will no longer be able to send software, run asset scans, or remote control affected agents until the fix is applied. So this is critical to apply before the problem happens.
    If the problem has already occurred, you can use the following commands via login script or other methods as a temporary means to get the agents working again for one year.
    cacertutil remove -t:itcm-anonymous
    cacertutil list -v"
    Once these commands are run on the machine you should still work on packaging the fix RO32103 and deploying the fix out to ALL machines in your infrastructure.
    You can use the tech doc at the URL below to package the fix with ApplyPTF to apply the patch through software delivery.
    https://support.ca.com/irj/portal/anonymous/redirArticles?reqPage=search&searchID=TEC407128.

    Regards,
    Sreedhar


  • 11.  RE: Software Delivery - "Job Execution postponed by user at the agent."

    Broadcom Employee
    Posted Mar 26, 2013 07:46 PM
    The above document is applicable only to 12.5.

    If the problem persists, I recommend you to open a support issue.


  • 12.  RE: Software Delivery - "Job Execution postponed by user at the agent."

    Broadcom Employee
    Posted Apr 04, 2013 07:18 AM
    if you upgraded from 12.5 GA to SP1 and already had suffered the certificate problem then this would still be an issue after the upgrade