If a Policy Configuration in Environment Manager doesn’t seem to be applying correctly, here’s a quick checklist of simple first steps you can take to help troubleshoot the issue. Whether a user is simply missing a certain part of the configuration or nothing is happening at all, this should help you narrow down the issue if it isn’t something misconfigured in the Policy itself.
Is any part of the policy working when deployed? If it’s only certain bits that are missing, checking the Conditions and Actions around the parts that are missing for errors is a good starting point.
Check in the Management Console if the installation of the agent and configuration has actually completed successfully and the endpoint is checking in without errors.
The system account is used by default if the Computer Startup trigger is used, this account may not have the permissions granted to allow successful mapping or copying across the network. Consider using Run As for these actions or using a user based trigger.
Check that GPOs in your company’s Active Directory are not overriding any settings deployed through Environment Manager. Generally AppSense recommend only using Computer policy objects in Active Directory and deploying the User objects through Environment Manager itself. Remember that GPOs can come from the domain, site and local computer as well as through OUs.
Are licenses correctly installed in both the Management Center and on the target machine?
Is your endpoint in the correct Deployment Group? Sometimes they can be erroneously moved or the membership rules are misconfigured.
Has the configuration been successfully updated on the client machine? Check for deployment errors through the Management Console.
Sometimes the agent or configuration can be downloaded to the endpoint but isn’t installed successfully. Check in Add/Remove Programs to see if it is reporting as successfully installed, or use a tool like psinfo.exe to check this remotely.
Is the EMAgent.exe process actually running on the endpoint? If it isn’t, check that AV or other software hasn’t blocked or interfered with it. (v8.0.959 and earlier) The 8.1 and later equivalent is EMCoreService.exe.
Is the EMNotify.exe process running and communicating properly with the Winlogon process? (v8.0.959 and earlier) The 8.1 and later equivalent would be EMUserLogon.exe.
Are the EMAgentAssist.exe processes being correctly spawned for each user? (v8.0.959 and earlier) In v8.1 and later, this is roughly equivalent to the single EMuser.exe process.
Are all the AppSense agent services running correctly? Check that all of the Automatic ones have started successfully and have not crashed or been stopped for any reason. If no valid license is detected, AppSense services will still start but will not function, so be aware of this also.
Audit events may be generated to alert you of problems depending on the configuration. Ensure that the correct events are set to be audited under the Auditing settings in the Management Console and review these events in the Alerts section of the same console.
If there are errors, they use standard Win32 error codes to identify themselves (e.g. code 5 for Access Denied). These error codes can give you a clue as to the nature of the error or misconfiguration. You can use a few tools to look up the various error codes. Net helpmsg is a well-known native command line tool, there are also online references such as http://msdn.microsoft.com/en-us/library/ms681381(VS.85).aspx
Check Task Manager whilst logged on as the user exhibiting the problems.There should be at least two EMAgentAssist.exe processes running – one for the system, one per session, although it is worth noting there will be two EMAgentAssist.exe processes per session on a 64bit OS. (v8.0.959 and earlier) In 8.1 and later, you should see an EMSystem.exe (for the system) and EMUser.exe (for the user)
Another thing perhaps worth checking is that NTFS 8.3 file name creation is not disabled, whether through fsutil.exe, Group Policy or another method. This article describes the various behaviours configurable for this setting. It has been reported that this can interfere with Environment Manager Policy application, but it’s not clear whether this is just in certain situations or globally.
Finally, in scenarios where there appears to be no definite reason why the Policy Configuration is not applying or applying correctly, a reinstallation of the Environment Manager agent may help (manually, or through a scripted or software-based install).
Share
