Automatically updating your scanning servers

The auto-update feature was introduced in Lansweeper 8.3. If you are using an older Lansweeper release, you will need to update by following the instructions in this knowledge base article.

Introduced in Lansweeper 8.3, the auto-update feature allows your Lansweeper installation to automatically update itself to apply critical and non-critical patches. These patches are focused on the scanning service and their main goal is to add the ability to respond quickly to changes when needed. To ensure the integrity of your Lansweeper installation, a backup of all updated files is taken and an automatic revert can be performed in case anything goes wrong.

For now, all web console updates and scanning service updates that require database changes cannot be performed automatically. These updates will still need to be performed manually.

How to enable automatic updates

This feature is disabled by default. To manually enable the feature, browse to Configuration\Server Options and scroll down to the Auto-update Scan Servers section. In this section check the boxes to automatically install critical and non-critical updates across all scan servers.

When enabling this feature on an installation with multiple scan servers, you will need to assign one scan server as the "fetcher". Once enabled, the fetcher will check for new updates when the Lansweeper Server service starts on your Lansweeper server and automatically every 12 hours afterwards. The fetcher can be changed again using the Change Fetcher button.

It's not possible to automatically install non-critical updates only. When enabling non-critical updates, critical updates will also be enabled automatically.

Requirements

The scanning service must be able to reach the below URLs. Sub-links of these URLs are used by the auto-update feature:

  • The auto-update API: https://autoupdateapi.lansweeper.com
  • The license authentication API: https://authentication.lansweeper.com

TLS 1.2 needs to be enabled on the scan server that performs the auto-update checks.

Maintenance Period

Updates require the scanning service to be stopped. This prevents the service from performing scanning, deploying, emailing, and other jobs. Therefore, a Maintenance Period of your choosing needs to be configured during which updates will be installed automatically. When the auto-update feature is enabled for the first time, the Maintenance Period will automatically be set to the start of the next hour following the timestamp the feature was enabled on. For example, if you enable the feature at 12:37 the Maintenance Period will automatically be set to 13:00 - 14:00.

The Maintenance Period needs to span at least one hour and it uses the timezone of the database server hosting your Lansweeper database.
If you have multiple scan servers, you can configure a different Maintenance Period per scanning server.

Availability

Installing updates outside the Maintenance period can be done by hitting the Install Updates button. If you have multiple scanning servers, you will be asked if you wish to install the updates on all scanning servers.

Manually checking for updates outside the periodic 12-hourly check can be done by hitting the Check for updates button.

The Install Updates button is grayed out when there are no updates available.
To prevent abuse, the Check for updates button can only check for updates once every hour. When the button is clicked during this cooldown window the check will be performed afterwards.

Security

The auto-update and authentication API endpoints are managed by Lansweeper. Connections to the API endpoints are encrypted using supported TLS 1.2 algorithms. The fetcher validates the certificate of the endpoints before connecting to check for and download updates. Updates are stored on AWS S3 storage managed by Lansweeper.

More information on the steps we take to ensure the security of our product and endpoints can be found on this page.

Troubleshooting

Auto-updates require your fetcher to be able to access the internet either directly or via a proxy. You may receive the error below in your web console.

Update check cannot be performed because scan server <servername> does not have outbound access to https://autoupdateapi.lansweeper.com/check-for-update, https://autoupdateapi.lansweeper.com/is-alive, https://authentication.lansweeper.com/api/CreateLicenseToken

This may be caused by one of the following:

  • The fetcher has no internet access.
  • The fetcher requires proxy configuration.
  • Your firewall is blocking access to the URLs used by the auto-update feature.

Internet Access

Connect to your fetcher directly and test using a browser whether you can connect to the internet, e.g. www.google.com. If this fails, investigate and resolve your server's connection issue.

Proxy server

If your fetcher connects to the internet via a proxy, make sure to add your proxy details under Configuration\Server Options. Make sure these details are correct and that your proxy server is currently available. Do not fill in this configuration section if you do not use a proxy server.

Firewall

Your firewall or proxy may block certain outbound connections. In which case you'll need to white list the endpoints used by the auto-update feature. Make sure the Lansweeper service on your fetcher can connect to the URLs below. In a practical sense, this may mean for example allowing outbound traffic targeting port 443 on autoupdateapi.lansweeper.com. The specifics will differ based on the firewall or proxy system in use.

  • The auto-update endpoint: https://autoupdateapi.lansweeper.com/is-alive
  • The auto-update endpoint: https://autoupdateapi.lansweeper.com/check-for-update
  • The license authentication API: https://authentication.lansweeper.com/api/CreateLicenseToken

Related Articles

Get Started Right Away

Try Lansweeper for Free