1 of 1 people found this helpful
1. Why is the 'Connections Serviced" number so high when I believe there should be no where near this number of devices going through the CSA. The devices that I am seeing in the connection log that are in the inventory list should be connecting directly to the Core server and not going through the vCSA, What could be causing devices to be going through the vCSA when, in theory, they should just be connecting directly to the core server?
A: Few items here.
1. This is a record of each communication to the server - not the count of devices. So if a single device attempted to connect 10 times, it would log that as 10 connections serviced. The actual number of clients authenticated and connecting will be listed as "Client-Level Connections" at the top. Which shows as 2 systems currently connected. These are systems that have been given the Client Connectivity Agent Setting and have an approved certificate on the core server.
2. "Unpriviledged connections" are usually when a client is pending Remote Control services - it is not allowed past the CSA to the core, but is just pending a remote control session. These do not require the client certificate to be approved by the core server, nor does it require the Client Connectivity Agent Setting. This setting is actually controlled by the core servers .0 certificate file. When you add a "default" CSA to the core, it updates it .0 certificate with the CSAs information. This means that immediately once your clients begin to run their next vulscan, they will update to the new .0 file and automatically begin connecting to the CSA for remote control sessions even if they are internal.
2. Why are there records appearing in the 'CSA Connection Table' report for devices that don't exist in the inventory list and do not physically exist any more?
A: My assumption is that you named your server the same name as a previous CSA that you had, and clients that you believed did not exist anymore, or are running an old agent but not properly managed now are starting to do "Unpriviledged" attempts at connecting. Another thing to note: "LANDESK Remote Agent/8.6 or (mostly) LANDESK Remote Agent/9.5 as shown above" Some services do not actually update their version to match the main product version. So Remote Agent 9.5 may still be the latest version for 9.6 - I am not positive, but this does occur - 8.6 does seem pretty old though.
3. What are the 'Broker Service Requests' that are seemingly coming from (or going to) our core LDMS server?
A: Whenever a client requests a service (patch, inventory, etc) it will communicate it to the CSA and it will pend a connection from the Core server to establish a link. The core usually keeps atleast 8+ available service connections open at a time to immediately link a clients request to once its certificate is approved. These are probably what you are seeing being logged - that its "brokering" the requests.
Thanks Peter, that's a great help, much appreciated...