Many agents in the environment are showing an unknown connection status, and the list appears to be growing.
In the logs, we found
WARNING: Rejecting existing connection with AgentId 'XXXXXXXXX' since a new connection with the same AgentId has come in.
This indicates the agent is not able to complete its communication to the endpoint server.
If the server does not receive a completed communication it sets the agent status to unknown until the communication is completed.
In this case the agents are unable to complete the communication before the communication was being started over again.
The resolution has two parts.
* Please note, as of 15.8 much of the detection components have been moved to native memory, not Java heap. So the need to increase this value should not be as common, nor should the amount be as much. typically a max of 1 GB should be more than sufficient. Increasing this too much can take away from native memory and cause further issues. But do check for OOM errors in the file reader log, and if so the change can be done in the advanced settings of the detection server in the Enforce UI. A good test is to leave the minimum at the default of 128 MB and set the max very high, restart the services, and watch the actual memory consumption. You can then set the max value a little higher than the max you see taken by the service. Always be sure to leave enough for the OS, native memory function, and file reader.