App Control: Agents are not able to connect to console when using VPN
search cancel

App Control: Agents are not able to connect to console when using VPN

book

Article ID: 286238

calendar_today

Updated On:

Products

Carbon Black App Control (formerly Cb Protection)

Issue/Introduction

  • A VPN client is used to connect App control Agents to the App Control Server.
  • App Control Server Active Directory / LDAP integration is enabled. 
  • App Control Agents not showing online in the App control Console.
  • Not able to find end point conection entires in the App Control Server verbose logs. 
  • the Agent trafic statistics report in  https://<yourcbprotectionserver>/support.php show a high Load % for the register's row information. 
  • Dascli status shows ok for the conection however the end point is never shown online in the console.  
    Client Information
Connection:        Connected (Ok)

Environment

  • App Control server: All Supported Versions 
  • App Control Agent: All Supported Versions

Cause

  • This is likely due to an issue around slow AD lookups occurring at agent registration time

Resolution

  1. Navigate your App Control console to https://<yourcbprotectionserver>/shepherd_config.php
  2. Change the below settings:
ADLookupThreads : 3 
ADLookupAsyncThresholdMS: 0
  1.  Once the changes have been made, a restart of the App Control Server Service is required
Powered by Wolken Software