CAM process attempts to connect to the agents using an invalid IP Address resulting in huge outbound traffic detected on corporate firewall

Document ID : KB000019562
Last Modified Date : 14/02/2018
Show Technical Document Details

Issue:

CAM process is found using invalid IP Address, for example 169.254.*.*, or non corporate IP Addresses while attempting to connect to the Agents. CAMSTAT output lists these IP addresses with excessive amount of retries. This sometimes get recorded in the corporate firewall showing a heavy outbound traffic of CAM.

Environment:

All Supported version of CA Client Automation

 

Workaround:

  1. The ITCM component reports all of the IP Addresses found on its host at the time when the ITCM Agent connects to its reporting server.
  2. If there is an incident where the agent tries to connect to the DHCP server for a valid IP address and does not get one on time, it auto configures itself using the Auto Configuration IP address, i.e. 169.254.*.*
  3. Later, when it gets the valid IP address, it assigns the valid IP Address to itself but retains the information related to the Auto Configuration IP in its inventory.
  4. This information is passed on to the server as part of the inventory update by the ITCM Agent.
  5. The CAM component on the DM and SS is made aware of this IP Address too.
  6. When CAM attempts to communicate with this agent and does get a response back, it attempts to communicate with all of the IP Addresses associated with this particular Agent, hoping to make contact with the agent with at least one of the known IP addresses related to this.
  7. In case of 169.254.*.* IP Address, the connection is never made by the Agent to the Scalability server using the 169.254.*.* IP, but you find these address because they have been reported to the server as part of the Agent inventory and CAM is making an attempt to establish connection with the Agent using all of the IP addresses it is aware off. This is as per product design.

    As a work around, enable the configuration policy 'Don't use agent IP Address' found under 'Control Panel - Configuration Policy - Default Computer Policy - DSM - Scalability Server -Common Configuration'

    Below are the screenshots for reference.

    Figure 1

    Note: When this configuration policy is enabled, CAM depends predominantly on DNS Hostname to IP Address resolution. This requires the DNS records, forward and reverse lookup, be updated with the correct information. Without which, there is a possibility that CAM communication might fail resulting in the Agent being unreachable.

 

 

Additional Information:

For a list of supported versions of CA Client Automation please see the product Matrix please review this website:

https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID={5388D4CA-E235-4113-9EE5-CC5C038AB99E}