This may be more of a nextgen-agent thing (ASG-side), but I figure the ACC team must have some responsiblity for that module:
Using ACC 2.880 with a test install of ASG 8.202 (Soft-Release), but this appears to be a bug present in 8.103 (or earlier, I guess) and ACC 2.202: We changed ISPs today, which led me to update the Public DNS host record for the ACC Server that all of our managed customer's ASGs (these are all running 8.103) contact (I had previously set the TTL for the record to 1 hour a few days ago in preparation for this change).
After 2 or 3 hours, I noted that none of the customer ASGs had "phoned in" and were still showing as down... I bounced into the remote test system that is running 8.202, updated the STATIC host record for the Beta ACC instance public IP here, and found that the device would not automatically reconnect to the Beta ACC instance here, even though the network object in the Webadmin reflected the correct IP of the ACC... I had to manually restart the nextgen-agent to get it to reconnect.
Apparently the ACC agent is not smart enough to realize the ACC IP has changed and pretends nothing has happened. I found that all of the production systems running ACC 2.202 and ASG 8.103 had the same issue; the network objects in the ASG systems all showed that they had queried DNS and found the new IP of the ACC server, but the ACC agents failed to recognize that the IP had changed... I just got through SSHing (could do it thru webadmin as well, by disabling the re-enabling ACC) into all these managed systems and manually ran /var/mdw/scripts/nextgen-agent restart to get them back online.
Is this a known bug, and when is there a fix planned?
Guest User!
You are not Sophos Staff.
