Description
Users may see the following Errors under Install Information of Client Details:
Deployment service failed to connect to the remote task service
Deployment service failed to access the remote device registry
Upon receiving one of the above errors, FortiClient fails to install from FortiClient EMS
Upon receiving one of the above errors, FortiClient fails to install from FortiClient EMS
Solution
The deployment service error message may be caused by any of the following. Try eliminating them all, one at a time.
1. Wrong username or password in the EMS profile
Ensure that the right credentials are input in the Endpoint Profiles->EMS Profiles->Install Options->FortiClient Installer Settings page
- For AD installations, this should be a user on the AD with sufficient admin rights
- For non-AD installations, this should be a user with sufficient admin rights on the computer
2. Endpoint is unreachable over the network
This can be due to one of the following:
- Cannot ping endpoint by name (EMS only deploys by host name)
- Firewall on Windows or along the network path blocks network access to EMS
- Cannot create registry entry on the endpoint (See below)
3. Task Scheduler service is not running
This service is required to schedule the deployments
- For AD environments, ensure that the Task Scheduler service is enabled from Group Policy Management
- For non-AD environments, ensure the Task Scheduler service is set to enabled Automatically
Also refer to the FortiClient EMS Administration Guide for details
4. Remote Registry service is not running
This service is required to access and modify the Registry
- For AD environments, ensure that the Remote Registry service is enabled from Group Policy Management
(Refer to screenshot in 3)
- For non-AD environments, ensure the Remote Registry service is set to enabled Automatically
Also refer to the FortiClient EMS Administration Guide for details
5. Windows firewall is blocking connection
Ensure the proper Inbound Rules are configured to allow File & Print Sharing and Remote Scheduled Tasks Management
- For AD environments, use Group Policy Management to navigate to Computer Configuration > Policies > Windows Settings > Security Settings > Windows Firewall with Advanced Security > Inbound Rules
- Create a rule for File & Printer Sharing
- Create a rule for Remote Scheduled Tasks Management (RPC)
- For non-AD environments, ensure you allow File & Printer Sharing and Remote Scheduled Tasks Management (RPC) in your Windows Firewall Inbound Rules
Indications that an EMS deployment is started on an endpoint
If EMS deployment actually started on the endpoint, an installation log file is created in c:\Windows\FortiEMSInstaller. A FortiClient Installer can also be located in the directory.
For manual installations, the FortiClient installer creates a log file, FortiClient0000x.log in %temp% (usually: c:\users\<username>\appdata\local\temp)
Additional References:
