this might be a bug, but I'm not sure, so I'm first posting this as a question here, before raising a case with CA.
We are having a DMZ set up, where we have an execution server and an agent in a DMZ, the execution server is connected to another execution server outside the DMZ which is then connected to our management server.
It appears, that currently the agents have been offline for a while, but we didn't notice it, as the dashboard looked good. Only in ASAP the agents are listed as offline. This becomes weirder, when you check the "last connected" date in the dashboard, which is 10 days ago and still the agent appears as offline in RoC.
The Screenshots are from v5.5.2, but we're having the same issue with 6.2
Is this already a known issue ( JamesPanetti ; jaisa05 ; Jacky_Mahadab ; Keith-Puzey-CA ) ?
I checked internally and in my search I can't find any relevant bug already been reported for this issue. However as you mentioned it looks like a bug to me will request you to please open the case for the same and please provided Agent logs along with its NES and NAC.
Also let us know on the case if Health monitor is on/off.
If it is exactly as you describe and show - that an agent is disconnected from its NES - then NES<->NES connectivity shouldn't matter. The nimi logs show connectivity messages so this is where I would look (nes and nag) if I were reviewing logs. But some other things that cross my mind when it comes to nes<->nag connectivity issues are:
- has the nag hostname/ip changed (might be there is another nag object for the same system).
- not that your picture indicates this, but nes do have a configurable max number of agents. i think the default is 200. if the nes is managing more than this number then I believe it will use/connect as needed. but if this is the case then you may want to increase the number.
- bidirectional connectivity via TCP port 6600 is what's used (by default) for the nes<->nag to communicate.
But some other things that crossed my mind while reviewing this. It was not clear to me whether you're saying the NES are connected to each other, specifically as a proxy to get one NES connected to the NAC through another NES (a proxied NES connection to NAC so to speak). But if so then that isn't technically supported at this time. But maybe with more information we can make other suggestions.
The picture supports what you describe - that the agents are unreachable. But things about that picture make we wonder if it is a screenshot or a picture with parts combined from various sources. So I'll say, if all agents reporting to your execution server are showing as unreachable then it might be a NES disconnect from NAC issue in which case it could be related to firewall/dmz rules. The NAC does need access to the NES via 8080 and 61616. And the NES needs to be able to send messages back to the NAC once the connection is established.
even after over a year of using CA-RA I'm not used to these, because we never use it in our daily business, so, is this correct?
- NAC = Management Server
- NES = Execution Server
- NAG = Agent
Archer_Berryman do you mind put those "short names" on this wiki page? Infrastructure - CA Release Automation - 6.2 - CA Technologies Documentation , would help, thanks
now to your points in your post Gregg:
we encountered the 200 agent limit for the NES and I thought it was a license problem, we never heard of this configuration before, so we exceeded the 200 agent limit on one of the execution servers and yes, as you pointed out, randomely agents appeared offline (surprised though, that this wasn't accepted as a prio 1 ticket haha, but it was solved fast, after a mail to Julia and her great help with it). Anyhow, this limit shouldn't be a problem, because we currently have it like this:
NES (outside DMZ)
- connected to 171 Agents
- connected to 1 NES inside DMZ
NES (inside DMZ)
- connected to 3 Agents
The images I posted is are screenshots, not something put together.
But what I'm wondering now is, that you say, that a NES to NES connection is currently not technically supported? As we followed an instruction document from you guys, where it was pointed out, how to set up such a scenario.
Although, now that I think about it, how does a NAC know if agents are online or offline to show it in the UI? Because the NES inside the DMZ isn't allowed to communicate in the direction to the outside.
Now I'm confused, haha
Hi Michael, yes your guesses on the acronyms are correct, and I will consider your request.
The reason you don't see these acronyms in the official docs today is that they have been retired in favor of the current names that you are more familiar with. We wanted to avoid any confusion. However, these acronyms are still casually used in various forums. So perhaps it would be appropriate to add them in one place in the docs to help ease any confusion.
Maybe a reference on this page under Deprecated Abbreviations? Product Names and Abbreviations - CA Release Automation - 6.2 - CA Technologies Documentation
yes, this page would work even better.
something seems to have happen over the weekend as now the agents appear as offline in the RoC as well. so probably was really a connection issue maybe between NES<->NES or something with the agent itself, as I have mails, that something was installed manually on those machines