Hi Experts,
Please help me understand how IEM clients choose its relay for content. We have about 10 clients which are part of the same subnet however 6 of them are pointing to its local relay and the rest going to the primary server. They are not roaming clients.
B/R,
Subh
As I understand it (and I could be wrong), the client picks its relay based on the number of hops it takes to get to all relays within the deployment that it can contact. The least number of hops determines the relay.
Thanks for getting back. I understood it to be working the same way…Thats what surprises me when i see some of the clients which are part of the same subnet going to the primary site and not the local relay… I will wait for a more inputs here
@IEMNoob
Here is a link that will go into how autoselection determines the best relay.
I know from a previous deployment I took part in the default setting for MaximumTTLToPing was not altered and it cause a lot of headache. That particular deployment had a smaller total number of clients, but a large number of relays. At any rate, the settings on this page helped line out some those issues.
Setting Name: _BESClient_RelaySelect_MaximumTTLToPing
Name in Task # 154: Maximum TTL
Default: 255 (Hops)
The root server should not advertize a relay auto selection group that clients will try to use. The root should specifically advertize a relay selection group of some kind that either no clients use at all, or only those that should use the root look for (top level relays)
Something like:
ROOT
Clients should not use a relay auto selection group setting of just “*” unless that is the very last entry.
Something like:
MyLocationRelays;NextLevelUp;DMZ;Failover;*Clients will always use try to use the primary bigfix server if they cannot ping a relay.
Your issue is that the clients feel they cannot contact a relay. The relay selection procedure is logged into the client log and you should be able to get a better idea of what is going on from that log.
There is a client variable called, “_BESClient_RelaySelect_FailoverRelay” that you can set as a last resort to try to make sure that clients wont talk to the BigFix server.
Another thing you can check is DNS, firewall and relay affiliation groups (relay), seek list (clients). If your relay advertises by name (which is default as opposed to IP) and the clients in question can’t resolve the advertised computer name of of the relay to IP, they will go off and look for another relay. Same goes for firewall. If the clients firewall, (or network based firewall) is blocking outbound TCP 52311 to that relay, then the client won’t be able to connect and will look for another relay. Also, if you are using relay affiliation groups and the relay in question is part of a relay affiliation group but those clients are not assigned a seek list to use that affiliation group, then those clients will go looking for another relay. Hope this helps!