Knowledge Base

Yes

Environment

App Control Agent: All Supported Versions
Microsoft Windows: All Supported Versions
Microsoft Active Directory

Symptoms

Agents showing as Disconnected in the Console.

Connection:        Connected(Waiting)
Session:           Inactive

Console generating Events with Subtype: AD lookups are slow

ServerLog.bt9 has the messages similar to:

[1424] 2023-04-19 09:18:40 (3544 Register Thread 0)   HostStorage::MapUsersToHostgroupUsingScript: AD query: 9442 ms

Cause

When Agents register with the Server they must be placed into the correct Policy. When Active Directory Policy Mapping has been configured, AD lookups must be completed to verify the correct membership.

When these LDAP queries made to Active Directory take very long time, the Server register threads get held up waiting on the results and cannot process Agent registrations

Resolution

Log in to the Console and navigate to https://ServerAddress/shepherd_config.php
Locate and adjust the following Properties accordingly:
- ADLookupThreads: 3
- ADLookupAsyncThresholdMs: 0
Restart the App Control Server service.

Additional Notes

Another possible symptom is high usage percentage for computer registrations in https://ServerAddress/support.php > Reports > Agent Traffic Stats.
Currently there are no guidelines for ADLookupThreads per thousand Agents.

Knowledge Base

App Control: Disconnected Agents Due to Very Slow AD Policy Mappings Lookups

App Control: Disconnected Agents Due to Very Slow AD Policy Mappings Lookups

Environment

Symptoms

Cause

Resolution

Additional Notes

Related Content

App Control

Knowledge Base

App Control: Disconnected Agents Due to Very Slow AD Policy Mappings Lookups

App Control: Disconnected Agents Due to Very Slow AD Policy Mappings Lookups

Environment

Symptoms

Cause

Resolution

Additional Notes

Related Content

App Control

Thank you for your feedback.

Thank you for your feedback.