search

Ylianst / MeshCentral

A complete web-based remote monitoring and management web site. Once setup you can install agents and perform remote desktop session to devices on the local network or over the Internet.
https://meshcentral.com
Apache License 2.0
4.19k stars 563 forks source link

CIRA connection issues... unknown node #3229

Open Matt-CyberGuy opened 3 years ago

Matt-CyberGuy commented 3 years ago

Hey guys,

Not sure what this means, but I'm seeing the below in the docker logs from our meshcentral server. I'm also including a screenshot of a trace of the connections

image image

Ylianst commented 3 years ago

Hi. I have a good idea what is going on here. A device group managed with agents (not Intel AMT only) was created, an agent was installed on a device, CIRA was setup and then, the MeshAgent was removed and the device was deleted from the server. As a result, a CIRA connection is coming to the server for a known device group, but not matching device exist within that device group anymore. The server will close the CIRA connection which will cause Intel AMT to connect back again later on... so you get this loop of connections and disconnections.

First, can you confirm this seem correct? If this is right, you could reinstall the agent on these computers and the problem should fix itself... however, if this is not possible, I need to figure out what to do with these connections.

Ylianst commented 3 years ago

Note that MeshCentral will look for a computer is the device group that matched the UUID identifier. You can see it here in the details section:

image

Of course, if the device group exists and there is a device that matches the identifier, that that is a different issue.

Matt-CyberGuy commented 3 years ago

I won’t be able to look at this until later in the day, I have multiple meetings, but I think what kickstarted this was I did a major server version change, and then did a force update agent to all of the endpoints in our portal.

Get Outlook for iOShttps://aka.ms/o0ukef

From: Ylian Saint-Hilaire @.> Sent: Friday, October 29, 2021 6:06:22 AM To: Ylianst/MeshCentral @.> Cc: Matthew Kent @.>; Author @.> Subject: Re: [Ylianst/MeshCentral] CIRA connection issues... unknown node (Issue #3229)

Note that MeshCentral will look for a computer is the device group that matched the UUID identifier. You can see it here in the details section:

[image]https://user-images.githubusercontent.com/1319013/139467249-83aa04e5-397c-463c-8c8f-69f1eb109d06.png

Of course, if the device group exists and there is a device that matches the identifier, that that is a different issue.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHubhttps://github.com/Ylianst/MeshCentral/issues/3229#issuecomment-954864535, or unsubscribehttps://github.com/notifications/unsubscribe-auth/APTU67VTJL45QR4B7HITF4LUJLA75ANCNFSM5G6LBSFQ. Triage notifications on the go with GitHub Mobile for iOShttps://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Androidhttps://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.

Ylianst commented 3 years ago

Updating agents should not cause this, but if a device was removed from the server and a CIRA connection is still coming in, that would cause it. I did no think of this situation before. If a agent connects again, it will cause the device to be created again on the server... but if CIRA connects in a agent managed device group, the device is not auto-created.

I could accept the CIRA connection and hold it, so there is no re-connection loop. Another option is that I would create a new device group that is "Intel AMT only" with the same permissions as the agent managed device group and add the device there.