Hey Gang!

We’re approaching Christmas, and what do people want at Christmas? They want to diagnose broken/misbehaving Automate role definitions!

Firstly – if you’re building your own role definition, know that you cannot use a { or } in a role definition. You may need to get creative in PowerShell if you want to do an if statement. Here is an example of how you can do this. This is a role definition for detecting if something is Azure AD Joined.

{%@powershell.exe -nologo -noprofile -command "$ErrorActionPreference='SilentlyContinue';$DSRegStatus = dsregcmd.exe /status;@('False','True')[($DSRegStatus -like '*AzureAdJoined : YES*') -and ($DSRegStatus -like '*EnterpriseJoined : NO*') -and ($DSRegStatus -like '*DomainJoined : NO*')]"@%}

Advanced Diagnostics

Strap in…. things are about to get wild. There’s virtually nothing easily or readily available to diagnose Role Definitions for you. Fortunately, there is a reliable method. First we need to go in to some, *cough* “Special Agent Debugging” mode.

  1. Remote to the agent you want to diagnose the Role Definition on
  2. Now we will verify the role is there (this rules out a lot of Automate Server side issues). Open the registry and navigate to HKEY_LOCAL_MACHINE\SOFTWARE\LabTech\Service\RoleDefinitions\
  3. You will see all the role definitions, if you’ve just created it, it will be the highest number ending (note those are not in number order but alphabetical)
  4. Verify your new role is there in the format that you expect

  6. If it is not, ensure you’ve done an update config on the agent in automate (Commands > Inventory >Update Config). To initialise the actual role detection you need to do (Commands > Inventory > Resend System Info)
  7. If your role is in the registry, and you’ve performed both steps in 6 then move on with Step 8
  8. Open notepad as an Administrator
  9. In the file type: 12345
  10. Save the file as c:\windows\ltsvc\agenttrace.txt
  11. It may take a minute or two, but this will spool up a webserver locally on http://localhost:12345
  12. If this doesn’t load, try restarting the Automate Monitoring Service on the agent.
  13. You will be prompted for a password – this is your “Automate System Password”. If you don’t know what this is you’ll find it in SQL 
    SELECT SystemPassword from config

  15. Once logged in you’ll be presented with a number of options. I would suggest not mucking about in here unless you know what you’re doing.
  16. Navigate to Tools > Expand Variable

  18. Anything you paste in here will expand exactly as Role Definitions would. Simply paste your role definition in here, and see what it is outputting. This will hopefully help you actually test/diagnose broken role definitions a lot easier. Example of a working role definition:

  20. Example of one with a Syntax Error:

  22. ENSURE YOU REMOVE agenttrace.txt TO REMOVE THE RMM Agent Diagnostic Service