There is a setting that controls how a client machine in CEM mode should try connecting first - ‘Prefer Secure Gateway Connect’ in HKEY_LOCAL_MACHINE\SOFTWARE\Altiris\Communications.
- If a server is visible directly and through the gateway and the setting is not zero, then the client machine will ping the SMP server via CEM first. If ping fails the client machine will try pinging the server directly.
- If the setting is zero then CEM ping goes the second. If one of the pings succeeds, then the other will not be performed and the next ping will use the last successful connection type.
- CEM pings are not performed if the connection type is HTTP. CEM is tried only if an HTTPS connection can be established.
Now when the HTTP transport mechanism on the client machine receives some URL that it needs to connect to, the transport mechanism uses the client machine’s information about the last good server connection state.
- If the last state shows that the CEM connection should be alive then the transport will try to connect via the gateway first.
- If the CEM connection fails, it will try to connect directly. Even if the client machine shows that the server is completely disconnected, the transport mechanism on the client machine will try connecting anyway.
- At the end of each connection, the transport mechanism notifies the client machine about the connection results, that’s how the client machine gets to know if some server needs to be pinged again.
Network Monitor logs a few events like "server up" and "server down" when some server’s connection state changes. All the network-related events from lower-level transport are logged on the trace level in the agent logs, there could be errors and successes because the monitor’s ping can either fail or succeed.