Clients connecting to unaffiliated Relays

Sraj · April 4, 2018, 12:15pm

Hi all,

I am facing a very strange issue where endpoints are connecting to Unaffiliated relays. Below checks have been performed so far, Please suggest if something is missed

Parsed to relays.dat to see if the relay entry is there
A: Relay entry is under unaffiliated list

Affiliation: Unaffiliated
Name:       relay.host.name
Port:        52311
Priority:    0
Weight:      100

Client setting for relay selection is Automatic.
Above relay of discussion is not in failover list as well.

There are many relays taking connections from clients which they are not supposed to. Any help on this issue is highly appreciated.

Arcader · April 4, 2018, 2:24pm

Are the clients at the same site as the relay? Also are there any host files set?

Sraj · April 4, 2018, 2:25pm

Clients are at different location. And this relay is supposed to take connections only from child relays.

Arcader · April 4, 2018, 2:29pm

If you right click a client machine and look at settings is the Registered Affiliation Seek set correct on the client machines? Also is it just some or all of the clients at this site?

Sraj · April 4, 2018, 2:34pm

yes client is configured properly and so is the relay (not in advertisement list). Clients from many sites are connecting to this relay.

Arcader · April 4, 2018, 2:41pm

Hmmm… The ones having the issue. Did they ever connect to the proper relay? Also try clearing the BES Local download cache?

ctan · April 4, 2018, 7:18pm

If you were to assign the unaffiliated relay to an advertisement list, does that change your results? I think there used to be a bug about the * included in a Relay Affiliation Group and it was causing us some trouble.

Are your relays serving over 1000 connections? Could this be BigFix attempting to self-regulate relay connections?

jgstew · April 4, 2018, 7:26pm

What is the client affiliation group seek list?
What is the relay affiliation group advertisement list?
Do either contain * ?

If the relay in question has a blank affiliation advertisement list, then it might help to set _BESRelay_Register_Affiliation_AdvertisementList to DO_NOT_SELECT_ME_OR_WHATEVER

If the relay in question is NEVER supposed to be automatically selected by any client (only through manual selection) then set it’s _BESRelay_Selection_AutoSelectableRelay to 0

https://www.ibm.com/developerworks/community/wikis/home?lang=en#!/wiki/Tivoli%20Endpoint%20Manager/page/Configuration%20Settings

Sraj · April 5, 2018, 12:19pm

Hi Jgstew,

What is the client affiliation group seek list?  --- US-Tier2;EMEA-Tier2;APAC-Tier2;LATAM-Tier2;DMZRelay
  What is the relay affiliation group advertisement list? --- None
Do either contain * ? None

Pushed this setting _BESRelay_Selection_AutoSelectableRelay to 0 yesterday, still I can see clients connected today to this relay.