Whenever I troubleshoot a com issue the network services person wants to know the Public IP address of the endpoint, which is often remotely located and I don’t have a straightforward way to report that.
We treat our office networks like an internet cafe, meaning you can get to the internet and that’s it. Everything is behind VPN and a series of other walls with MFA at every step. No one is on the VPN all day long. So when I troubleshoot a com issue the endpoint has (most often) a different address from the perspective of the relay than from the perspective of the endpoint. The IP addresses reported in the console are the ones the endpoint knows about. If I want the address that the relay sees, I need to ask an outside source like whatismyip.com
This makes com troubleshooting really hard.
Would it be possible to enhance client or relay reporting so that the console has recent information about the endpoint’s Public IP address if there is one?
I definitely have this problem as well. It would be great if at least the relay would tell the client at registration time what IP address the relay is getting from the client when it registers. If the relay and client were both on the same local lan, then the relay will still get the local IP address, not the Public IP address, but that would also tell you where the client is since this would only ever happen when they are in the same place.
I do have some solutions that involve running an action on all endpoints to record the public IP address of the client and then read that back using relevance. The big problem with this approach is that you have to run the action periodically in case the client moves from one network to another.
would probably be the idea. The same as the apparent registration server time gives you the time that the server thinks it is, this would give you the IP that the parent relay thinks the client is. Some of this is known due to the fact the relay needs to try and send messages back to the client so it should be just exposing it during registration to the client
I like the use of apparent in this case since it can change in reality before it is updated from a new relay selection.
It might be nice if was a little more clear that the value is coming from the registration server / relay, but I don’t know how to indicate that in a simple and not awkward way so I think apparent registration address of client is as good as it gets.
I would ask that either this value persist, or there be a persistent option like last apparent registration address of client that would always contain the most recent value even directly after a reboot and before relay selection has occurred. The reason for this is that I really care what the most recent one is when there is otherwise no better information available, especially when using it in client relevance to configure something or make changes, like if I wanted to configure a printer based upon the location of the device using this value. I’d rather the value never be null or empty so that the current configuration that depends on it would continue to be valid until it changes.
Given that the Agent’s parent Relay might have this information, and for investigative purposes, one trick might be to leverage BigFix Query to inspect the Relay’s registrationlist with something like the following (this assumes a Windows-based Relay, but a variation of this should work on non-Windows Relays too):
((name of column 0 of it, name of column 1 of it, name of column 2 of it, name of column 3 of it, name of column 4 of it, name of column 5 of it, name of column 6 of it, name of column 7 of it, name of column 8 of it, name of column 9 of it, name of column 10 of it) as string;(it as string)) of rows of statement "select * from COMPUTER_REGISTRATIONS where computerid = <<computerid>>" of sqlite database of file (value "EnterpriseServerFolder" of key "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BigFix\Enterprise Server" of registry as string & "ClientRegisterData\registrationlist.db")
Among other things, this should return the IP address that the Relay saw during registration for the given endpoint.