Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
407
Views
0
Helpful
5
Replies

CSA 6.0.0.209 agent causing network communication/connectivity issues

toakes
Level 1
Level 1

‎12-02-2008 08:14 PM - edited ‎03-09-2019 09:51 PM

Hi. I have a new implementation of CSA 6 (no prior version). One one computer (so far), a Windows XP Pro system, when the CSA Agent is installed and running, the computer is essentially crippled. Logins to the network take minutes, some network shared drives are inaccessible, and the system performs sluggishly.

With the agent disabled, the symptoms usually go away, but not always. With the agent uninstalled, the symptoms are not present.

I have read a fair amount on this being an issue in older version, and that the Network Shim is at fault. I don't see that as an option in the CSA 6 deployment, to choose whether or not the Network Shim is installed.

I have the Windows Firewall disabled and there are no AV programs installed on the system (other than CSA's ClamAV component).

Any insight is greatly appreciated.

Labels:
0 Helpful
5 Replies 5

tsteger1
Level 8
Level 8

‎12-03-2008 05:39 PM

What is reported by the host on the MC?

0 Helpful

toakes
Level 1
Level 1
In response to tsteger1

‎12-04-2008 05:49 AM

Nothing significant. We have our configuration tuned way down at this point, almost to the point where all systems are in Audit Mode. They're not actually in Audit Mode, but most Priority Deny actions have been tuned out to Allow actions.

Our reasons for that are our own, I won't go into detail as to why we have done this. Suffice it to say, this host mainly has entries in the MC related to our stopping the CSA Agent on the host for testing, records of the installation of the Agent, and some UDP entries of my host trying to accept a connection as a server from another device (which was not blocked).

Thanks.

0 Helpful

tsteger1
Level 8
Level 8
In response to toakes

‎12-04-2008 10:54 AM

If the problems usually go away with the agent disabled, I would look at all the rules for the host that deny but don't log.

You could also remove the host from all groups and see if it persists.

Tom

0 Helpful

toakes
Level 1
Level 1
In response to tsteger1

‎12-04-2008 11:12 AM

The problems are usually gone when the Agent is disabled; I have seen issues with it installed but disabled though.

This is one system out of 366 systems that are all in the same group, the default Desktops 6.0 r209 Group.

It seems like the network shim is causing the problems, since the problem wasn't here before CSA was deployed, and does not occur when the Agent is uninstalled.

0 Helpful

tsteger1
Level 8
Level 8
In response to toakes

‎12-04-2008 02:00 PM

Since it isn't a problem on the other 365 machines, I'd look for what's different about this one.

Any clues in the system/application event logs?

Are you using AD/GP?

Tom

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents