Hi all,

hopefully you will be able to help me with the following problem:

We decided that we need to rebuild the KACE box.
The old one was first setup ca 2013 and was updated to 8.1
Also all clients were on 8.1 agents.
But since the the box was so old and we wanted to get rid off of old crap (and maybe database corruptions) we setup a new box (8.0 and updated to 8.1)
We imported the Managed Installs and scripts and stuff as we wanted to keep them.
We set also the IP and the DNS and Webservername to the same settings as it were before, assuming the agents will check in.

But this is not the case.
We found out, that the check in produced a BAD_MAC_IP.
On a few test systems we deleted in c:\programdata\quest\kace\ all except the amp.conf and restarted the machines (or the KONEA)
This let the device check in.

But since most of the devices are offsite and not part of the domain GPO to clean the folder out is not an option.
Also not going onsite to each of the clients and/or let them come into the office.

Is there an option to "fix" all of the clients? (the users should not know how to manage the agent because they don't have admin rights and also should not disable it)
0 Comments   [ - ] Hide Comments


Please log in to comment

Community Chosen Answer


The Agent won't start talking to the newly built server(having the same hostname, DNS) as the Agent verifies the SSL cert with the server before establishing a connection. This is the security which agent has so it cannot start communicating with any other K1 even with the same name.  You will need to replace the SSL cert on the new K1 with the old one in order for the agents to start communicating back(if you still have the old K1).
Answered 03/12/2018 by: AbhayR
Sixth Degree Black Belt

Please log in to comment
Answer this question or Comment on this question for clarity


you can use a loginscript GPO running a batch file calling amptools.exe -retrust 
this will reset cert informations and agents will get new certificate informations and check in again to your new kbox
Answered 03/13/2018 by: n1md4
Senior Purple Belt

Please log in to comment
write a little batch file with 
c:\program files (x86)\quest\kace\amptools.exe retrust

Then you can send this file to the users or publish them on the service desk user downloads so they can run it.

It is a pity that the systems are not in a domain since so you will have the users do this by themselves.
Answered 03/13/2018 by: Nico_K
Red Belt

Please log in to comment