CSA Agent Kits

Unanswered Question

Hey,

I'm using CSA 5.1 MC and deploying agent kits that are 0.69. I've stumbled over an issue that has me kind of puzzled. After deploying an agent kit, I would assign additional groups to the host. Sounds easy, but now I have a few hosts that are shedding these added groups on restart, reverting back to the initial agent kit install groups. This isn't happening to all hosts, just a few. I'm still trying to find a common cause. Anyone have any ideas as to a resolution, besides adjusting agent kits and redeploying?

Thanks,

Christopher

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
tsteger1 Tue, 02/20/2007 - 13:08

Do the hosts have errors in their Windows event logs? I see this problem when hosts experience system problems (app crash, bluescreen, etc..) and unregister from the CSAMC.

They show a new registration date and revert to whatever groups were assigned to the agent kit.

I had it happen after a batch of Windows updates failed last week because I had the host in a restrictive test group. The machine blue-screened and removed itself from the CSAMC.

Not sure what causes it though... I'm using 5.1.079.

You may need to adjust the agent kits as a workaround but I think a TAC may be in order.

Tom

They do change registration date to when they come back online. I'll pull the event logs in the mean time, but I was thinking 88 might assist. Right now I'm holding out on the TAC till I can exclude all non-cisco possibilities. The situation though is happening on a semi consistent basis. Also, these are servers that aren't really bugging out.

Thanks Tom!

Christopher

tsteger1 Tue, 02/20/2007 - 14:58

Hi Christopher, I went ahead and opened a case (605425941) since I'm having the problem too (thanks for reminding me!).

We also have this problem on a number of our 4.0.3 agents and I've seen others in here with similar experiences.

Tom

Ok, so all questionable hosts are upgraded to .88. We've seen the following alert on one of the upgraded hosts after it rebooted:

Critical No security policies are being enforced on this agent. This could be due to an incompatible software version (the agent is running version 5.1.0.88) or the agent has re-registered and the original installation kit has been removed. This agent should be added into the correct group(s) and the rules regenerated as soon as possible. If the agent software is not current, then it should be updated.

Now, the other servers didn't respond this way after upgrade. Also, we are still holding steady with these hosts not dropping their groups after the upgrade. I'll give it another few days and give an update on the situation.

Actions

This Discussion