For starters, I’ve read the sticky post about auto relay selection, but I don’t think the KB article answers my question…
We have devices within a DMZ, but no external relay (yet). Looking at the firewall traffic, it looks like the clients determine which relay to use by pinging all known relays, and then making a determination based on the results. I thought I could force my clients to select a specific relay by blocking ICMP traffic to every other relay. The logic being that if the client could only see one relay, that would be the relay it associated with.
Apparently, this is not the case.
Can I get some details on how the relay selection actually works?
Do I need to allow ICMP to the BES Root servers as well?
It is supposed to work like you said… If the agent can resolve and ping a relay, then it should try to use that relay (as long as it can connect and register to the relay without issue).
Can you double-check that the DNS name of the relay is resolvable? And you might check to make sure that the agent can connect properly by temporarily making the agent manually connect to the relay and make sure it succeeds.
It looks like the clients are not including this server in their list of devices to ping. We’re using the besclient affiliation setting, and this is a newer relay. When a relay is installed, do we need to add it to one of the affiliation groups, and if so, how?
This could also include some internal behavior where clients are not automatically selecting their nearest relay - Again, a situation where this is a newly installed relay.
Every time the master operator sends an action, the relay list gets updated with the relays. If you haven’t sent an action after you installed the relay, then the agents wouldn’t know about it yet.
Also, if you are using relay affiliation, you will want to make sure you add your new relay to the appropriate relay affiliation groups. By default, the relay is included in the “*” group, but if you want the relay in other affiliation groups, you will need to add them. More info at:
Correct me if I’m wrong, but it looks like I need to set the appropriate values for _BESRelay_Register_Affiliation_AdvertisementList for my relay servers.
Yep… I am not sure the scheme you are using for your grouping, but you would need to group your agents and relays for relay affiliation to work properly.