Introduced in Lansweeper 8.3, the auto-update feature allows your Lansweeper installation to automatically update itself to apply critical and non-critical patches. These patches are focused on the scanning service and their main goal is to add the ability to respond quickly to changes when needed. To ensure the integrity of your Lansweeper installation, a backup of all updated files is taken and an automatic revert can be performed in case anything goes wrong.
How to enable automatic updates
This feature is disabled by default. To manually enable the feature, browse to
Configuration\Server Options and scroll down to the Auto-update Scan Servers section. In this section check the boxes to automatically install critical and non-critical updates across all scan servers.
When enabling this feature on an installation with multiple scan servers, you will need to assign one scan server as the "fetcher". Once enabled, the fetcher will check for new updates when the Lansweeper Server service starts on your Lansweeper server and automatically every 12 hours afterwards. The fetcher can be changed again using the
Change Fetcher button.
Outbound internet access
The scanning service must be able to reach the below URLs. Sub-links of these URLs are used by the auto-update feature:
- The auto-update API: https://autoupdateapi.lansweeper.com
- The license authentication API: https://authentication.lansweeper.com
TLS 1.2 needs to be enabled on the scan server that performs the auto-update checks.
File and registry access
The user that the Lansweeper Server service logs on as, which is Local System by default, needs full control access to the following on your Lansweeper server:
- The directory in which Lansweeper is installed, which by default is
C:\Program Files (x86)\Lansweeper\
- The uninstall registry entry for Lansweeper,
Updates require the scanning service to be stopped. This prevents the service from performing scanning, deploying, emailing, and other jobs. Therefore, a Maintenance Period of your choosing needs to be configured during which updates will be installed automatically. When the auto-update feature is enabled for the first time, the Maintenance Period will automatically be set to the start of the next hour following the timestamp the feature was enabled on. For example, if you enable the feature at 12:37 the Maintenance Period will automatically be set to 13:00 - 14:00.
Installing updates outside the Maintenance period can be done by hitting the
Install Updates button. If you have multiple scanning servers, you will be asked if you wish to install the updates on all scanning servers.
Manually checking for updates outside the periodic 12-hourly check can be done by hitting the
Check for updates button.
The auto-update and authentication API endpoints are managed by Lansweeper. Connections to the API endpoints are encrypted using supported TLS 1.2 algorithms. The fetcher validates the certificate of the endpoints before connecting to check for and download updates. Updates are stored on AWS S3 storage managed by Lansweeper.
More information on the steps we take to ensure the security of our product and endpoints can be found on this page.
Auto-updates require your fetcher to be able to access the internet either directly or via a proxy. You may receive the error below in your web console.
This may be caused by one of the following:
- The fetcher has no internet access.
- The fetcher requires proxy configuration.
- Your firewall is blocking access to the URLs used by the auto-update feature.
Connect to your fetcher directly and test using a browser whether you can connect to the internet, e.g.
www.google.com. If this fails, investigate and resolve your server's connection issue.
If your fetcher connects to the internet via a proxy, make sure to add your proxy details under
Configuration\Server Options. Make sure these details are correct and that your proxy server is currently available. Do not fill in this configuration section if you do not use a proxy server.
Your firewall or proxy may block certain outbound connections. In which case you'll need to white list the endpoints used by the auto-update feature. Make sure the Lansweeper service on your fetcher can connect to the URLs below. In a practical sense, this may mean for example allowing outbound traffic targeting port 443 on autoupdateapi.lansweeper.com. The specifics will differ based on the firewall or proxy system in use.
- The auto-update endpoint: https://autoupdateapi.lansweeper.com/is-alive
- The auto-update endpoint: https://autoupdateapi.lansweeper.com/check-for-update
- The license authentication API: https://authentication.lansweeper.com/api/CreateLicenseToken