cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
363
Views
0
Helpful
5
Replies

CSA Agent Kits

chickman
Level 1
Level 1

Hey,

I'm using CSA 5.1 MC and deploying agent kits that are 0.69. I've stumbled over an issue that has me kind of puzzled. After deploying an agent kit, I would assign additional groups to the host. Sounds easy, but now I have a few hosts that are shedding these added groups on restart, reverting back to the initial agent kit install groups. This isn't happening to all hosts, just a few. I'm still trying to find a common cause. Anyone have any ideas as to a resolution, besides adjusting agent kits and redeploying?

Thanks,

Christopher

5 Replies 5

tsteger1
Level 8
Level 8

Do the hosts have errors in their Windows event logs? I see this problem when hosts experience system problems (app crash, bluescreen, etc..) and unregister from the CSAMC.

They show a new registration date and revert to whatever groups were assigned to the agent kit.

I had it happen after a batch of Windows updates failed last week because I had the host in a restrictive test group. The machine blue-screened and removed itself from the CSAMC.

Not sure what causes it though... I'm using 5.1.079.

You may need to adjust the agent kits as a workaround but I think a TAC may be in order.

Tom

They do change registration date to when they come back online. I'll pull the event logs in the mean time, but I was thinking 88 might assist. Right now I'm holding out on the TAC till I can exclude all non-cisco possibilities. The situation though is happening on a semi consistent basis. Also, these are servers that aren't really bugging out.

Thanks Tom!

Christopher

Hi Christopher, I went ahead and opened a case (605425941) since I'm having the problem too (thanks for reminding me!).

We also have this problem on a number of our 4.0.3 agents and I've seen others in here with similar experiences.

Tom

Great! I really appreciate you opening the TAC. I have the few systems scheduled to be updated tonight on the 88. I still have to read the text file associated to that release a little more in depth though, which I'll do tonight. I'll post the results in the thread.

Thanks,

Christopher

Ok, so all questionable hosts are upgraded to .88. We've seen the following alert on one of the upgraded hosts after it rebooted:

Critical No security policies are being enforced on this agent. This could be due to an incompatible software version (the agent is running version 5.1.0.88) or the agent has re-registered and the original installation kit has been removed. This agent should be added into the correct group(s) and the rules regenerated as soon as possible. If the agent software is not current, then it should be updated.

Now, the other servers didn't respond this way after upgrade. Also, we are still holding steady with these hosts not dropping their groups after the upgrade. I'll give it another few days and give an update on the situation.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: