search cancel

How to use "Prefer Secure Gateway Connect" regkey for CEM machines


Article ID: 151144


Updated On:


IT Management Suite





What this "Prefer Secure Gateway Connect" regkey under HKEY_LOCAL_MACHINE\SOFTWARE\Altiris\Communications does?


There is a setting which controls how a client machine in CEM mode should try connecting first - ‘Prefer Secure Gateway Connect’ in HKEY_LOCAL_MACHINE\SOFTWARE\Altiris\Communications.

  • If a server is visible directly and through gateway and the setting is not zero, then the client machine will ping the SMP server via CEM first. If ping fails the client machine will try pinging the server directly.
  • If setting is zero then CEM ping goes the second. If one of the pings succeeds, then the other will not be performed and the next ping will use the last successful connection type.
  • CEM pings are not performed if connection type is HTTP. CEM is tried only if HTTPS connection can be established.

Now when HTTP transport mechanism on the client machine receives some URL that it needs to connect to, the transport mechanism uses client machine’s information about last good server connection state.

  • If last state shows that CEM connection should be alive then transport will try to connect via gateway first.
  • If CEM connection fail, it will try to connect directly. Even if client machine shows that server is completely disconnected, the transport mechanism on the client machine will try connecting anyway.
  • At the end of each connection, the transport mechanism notifies the client machine about the connection results, that’s how the client machine gets to know if some server needs to be pinged again.

Network Monitor logs a few events like "server up" and "server down" when some server’s connection state changes. All the network related events from lower level transport are logged on the trace level in the agent logs, there could be errors and successes because monitor’s ping can either fail or succeed.