App Control: Disconnected Agents Due to Very Slow AD Policy Mappings Lookups
Article ID: 288557
Updated On:
Products
Carbon Black App Control (formerly Cb Protection)
Issue/Introduction
- Agents showing as Disconnected in the Console.
- Using dascli status locally shows:
Connection: Connected(Waiting) Session: Inactive
- Console generating Events with Subtype: AD lookups are slow
- ServerLog.bt9 has the messages similar to:
[1424] 2023-04-19 09:18:40 (3544 Register Thread 0) HostStorage::MapUsersToHostgroupUsingScript: AD query: 9442 ms
Environment
- App Control Agent: All Supported Versions
- Microsoft Windows: All Supported Versions
- Microsoft Active Directory
Cause
When Agents register with the Server they must be placed into the correct Policy. When Active Directory Policy Mapping has been configured, AD lookups must be completed to verify the correct membership.
When these LDAP queries made to Active Directory take very long time, the Server register threads get held up waiting on the results and cannot process Agent registrations
When these LDAP queries made to Active Directory take very long time, the Server register threads get held up waiting on the results and cannot process Agent registrations
Resolution
- Log in to the Console and navigate to https://ServerAddress/shepherd_config.php
- Locate and adjust the following Properties accordingly:
- ADLookupThreads: 3
- ADLookupAsyncThresholdMs: 0
- Restart the App Control Server service.
Additional Information
- Another possible symptom is high usage percentage for computer registrations in https://ServerAddress/support.php > Reports > Agent Traffic Stats.
- Currently there are no guidelines for ADLookupThreads per thousand Agents.
Feedback
Yes
No
Powered by
