Optimizing Agent Assignment: Understanding Package and Task Server Selection Logic
search cancel

Optimizing Agent Assignment: Understanding Package and Task Server Selection Logic

book

Article ID: 426743

calendar_today

Updated On:

Products

IT Management Suite

Issue/Introduction

Administrators often observe Symantec Management Agents (SMA) connecting to Site Servers that are geographically distant or already under high load. This results in slow package downloads, task execution delays, and inefficient bandwidth usage. To resolve this, it is necessary to understand how the "Best Server" is selected and how to enforce site-specific boundaries.

Environment

ITMS 8.7.x, 8.8

Cause

The Symantec Management Platform (SMP or  Notification Server (NS)) uses a tiered logic system to assign Package Servers (PS) and Task Servers (TS). Selection is primarily driven by Site Server Management definitions (Subnets and Sites). Issues arise when site boundaries are overlapped, improperly defined, or when "Constrain to Site" settings are disabled, allowing agents to "failover" to less-optimal servers.

The most common root causes for sub-optimal server selection include:

  1. Improper Site Assignment: The agent’s subnet is not assigned to a specific site, or is assigned to multiple sites.

  2. Resource Limits Reached: The target Task Server has reached its maximum connection limit (default 5,000), forcing the agent to find another available server (Ref: Task server can't register to a task server. Error description: The handler 'Register' is failed to process request. The count of registered clients has achieved the maximum limit).

  3. Connectivity Failures: The agent cannot reach the "closest" server over required ports (e.g., 80/443 or 50124), triggering a lookup for the next available resource.

  4. Self-Registration Logic: Task Servers may fail to prioritize themselves for tasking, leading to unnecessary cross-network traffic (Ref: Task Server is not registering to itself automatically).

 

Comparison of Manual vs. Automatic Selection

Feature Automatic Selection (Default) Manual/Constrained Assignment
Resiliency High (Fails over to any available server) Low (Agent stays offline if Site TS is down)
Bandwidth Control Moderate (Relies on correct Subnet mapping) Maximum (Zero WAN traffic for Task/Package)
Admin Overhead Low High (Requires manual site management)
Use Case Standard branch offices Critical low-bandwidth sites / Compliance silos

Resolution

Table of Contents

The selection process isn't just a random choice; it is a prioritized "ranking" system that triggers whenever an agent initializes, changes its IP address, or loses connectivity to its current server.

Things to Know: The "Best Server" Algorithm

1. The Request for Site Services

When an agent needs a Task or Package server, it sends a GetClientPolicies request to the Notification Server (NS). The NS evaluates the agent’s current IP address against the Subnets defined in the vSubnet table and returns a list of available Site Servers.

2. Selection Priority Levels (The Hierarchy)

The agent sorts the returned list using the following technical priority (from highest to lowest):

  1. Local Subnet: Servers sharing the same subnet mask and network ID as the agent.

  2. Same Site: Servers associated with the same "Site" object in the console, even if on different subnets.

  3. Constrained Site (Force Site): If "Constrain to Site" is enabled, the agent cannot look past this level, even if all servers in the site are offline.

  4. Site Linkage: If "Use Site Linkage" is enabled, the agent looks at adjacent sites based on "cost" (defined by bandwidth or administrative preference).

  5. Forest/Domain: Servers within the same Active Directory Forest.

  6. Global Pool / NS: If no local or site-based servers are available (and constraints are off), the agent falls back to the Notification Server itself or the "Default Site."

3. Package Server Selection (Download Logic)

For Package Servers (PS), the selection is further influenced by the speed and protocol:

  • Protocol Support: The agent checks if the PS supports the required protocol (UNC, HTTP, or HTTPS) defined in the package resource.

  • Randomization & Load Balancing: If multiple servers exist at the same priority level (e.g., three servers in the same subnet), the agent uses a random seed to pick one. This prevents "Thundering Herd" syndrome where every agent hits PS-01 simply because it appears first in the list.

  • Status Verification: The agent checks the snapshot.xml of the PS to ensure the package is "Ready." If the PS hasn't finished downloading the package from the NS, the agent moves to the next available server.

4. Task Server Selection (Registration Logic)

Task Server (TS) selection is more "sticky" than Package selection. An agent stays registered to a TS until a "re-selection" event occurs.

  • Heartbeat Mechanism: The agent maintains a persistent connection (or frequent heartbeat). If it misses a set number of heartbeats, it triggers a "re-selection."

  • Load Rating: The Task Server reports its "current load" to the NS. If a TS is at 90% capacity, the NS may omit it from the list sent to new agents to preserve performance.

  • WebSockets vs. Persistent Connection: Modern ITMS versions prefer WebSockets. If the agent cannot establish a WebSocket connection to the "best" TS, it may downgrade to a "less ideal" TS that allows standard polling.

 

 

Tune Load Balancing settings to prevent server saturation

Tuning load balancing in ITMS is the difference between a responsive infrastructure and a "Task Server Storm" where the Notification Server (NS) becomes overwhelmed by redirected traffic. When a Task Server (TS) reaches its saturation point, it stops accepting new registrations, forcing clients to hunt for the next available server—often leading them straight to your NS.

To prevent this, we focus on these common areas: 

1. Task Service Load Settings

The most direct way to prevent saturation is by defining the "hard ceiling" for each Task Server.

2. Tuning the "Best Server" Logic (Load-Based)

ITMS doesn't just look at location; it can also consider server health.

  • Load Balancing via Site Membership: Instead of one massive site, break your infrastructure into logical sites. If "Site A" has 10,000 agents, ensure it has at least three Task Servers assigned.

  • Randomized Delay: To prevent all agents from hitting the "Best" server at the exact same second (e.g., after a reboot), use the "Tickle" or "Registration Delay" settings. This staggers the registration requests over a period of 1–5 minutes.

3. Package Server Throttling & Bandwidth

Saturation isn't just about CPU/RAM; it’s about the network pipe.

  • Package Download Throttling: Under Package Service Settings, you can limit the number of simultaneous package downloads from the NS to the PS.

  • Agent Side Throttling: You can configure the Bandwidth Throttling policy for the Symantec Management Agent.

    • Technical Tip: Set the "Limit bandwidth when the network is busy" to a specific percentage (e.g., 40%) to ensure the Package Server doesn't saturate the local site's switch.


Support Guidance

Step 1: Validate Site and Subnet Bindings

Ensure the agent is correctly mapped to the intended site.

  • Navigate to: Settings > All Settings > Notification Server > Site Server Settings.

  • Verify that the client's subnet is assigned to only one Site.

Step 2: Enforce "Assign to Site"

To prevent agents from communicating with servers outside their physical location:

  1. Go to Settings > All Settings > Notification Server > Site Server Settings.

  2. Select the Site in question.

  3. Click the icon: "Assign to Site". Select the desired "Site"

    • Note: If this is enabled and no Site Servers are available within that site, the agent will not failover to the SMP, which prevents WAN saturation.


Step 3: Analyze "Best Server" Selection Logic

When an agent requests a server, the SMP evaluates candidates in this order:

Priority Criteria Description
1 Manual Assignment If a specific server is manually assigned via policy.
2 Site Affinity Servers located within the same Site as the Agent.
3 Connection Speed (Package Server only) The agent performs a speed test/ping to find the fastest response.
4 Current Load Task Servers report their connection counts; SMP avoids servers at 100% capacity.

Step 4: "Manually Assigned Agents" Approach

If someone wants to specifically select a Task Server to register to itself, the manual assignment will be the best method and this can be done by following these steps:

  1. Go to Settings>Notification Server>Site Server Settings>Site Servers

  2. Select the desired Site Server

  3. Select "Manually Assigned Agents">New

  4. Select a pre-existing target that contains the Site Server itself or create one




  5. After assigning/creating the desired target, that specified client machines or Task Server will be registering to that Task Server itself



The manual assignment should help to tie the agent to the specific Task Server (but if the agent won't be able to register to this Task Server then it will stay in not-registered state).

 

Step 5: Troubleshooting Connectivity and Registration

If agents are not registering to the correct Task Server, check the local agent logs:

Diagnostic Tooling:

Report Name Path in SMP Console Purpose
Task Server Summary Reports > All Reports > Task Server > Status > Task Server Summary Provides a high-level view of how many clients are registered to each TS.


Validation Steps

  1. On the Client: Open the Symantec Management Agent GUI.

  2. Click the Task Status tab and verify the "Registered to:" field.

  3. Click the Software Delivery tab, double-click a package, and click Download History tab to see which server is being used.


 

Additional Information

 

Powered by Wolken Software