cancel
Showing results for 
Search instead for 
Did you mean: 

LDAP server/secure agent traffic causes high connection/CPU overhead

Jump to solution

It appears that when I enabled secure agent communication (either when I opened port 443 to ePO, added a registered LDAP server or both...) in responseto a communication issue I found on newer agents a few days ago, it appeared to work fine at first, but became problematic.  Some time later there was a partial server outage –the ePO server itself was up, the console worked, but agents couldn’t check in. After reboot, the numer of ePO connections stayed maxed at 250.  It was as if the increased time it took for agents and epo to establish thesecure communication filled the available connections to the limit, and deniedcommunication to any additional agents.    (This in turn caused a 4.5 patch 1 agents’ known issue (McScript_InUse 100%CPU) to occur and processes consumed inordinateresources which is another story.)

So I couldn't get resources under control until I deleted the registered LDAP server.

Anyone else seen this issue in ePO 4.5 p3?

Sincerely,

Ron

1 Solution

Accepted Solutions

Re: LDAP server/secure agent traffic causes high connection/CPU overhead

Jump to solution

I can confirm that ePO 4.6.1 resolved this issue for us.  We now have an LDAP registered server and user-based policy application working without excess connection time/counts.

5 Replies
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 6

Re: LDAP server/secure agent traffic causes high connection/CPU overhead

Jump to solution

This could be an issue resolved in Patch 4 - see item 18 in the P4 release notes.

Regards -

Joe

Re: LDAP server/secure agent traffic causes high connection/CPU overhead

Jump to solution

Yes, that looks applicable.  And 16 is interesting, also.  Thanks for the info.  I'll try and reply.

Re: LDAP server/secure agent traffic causes high connection/CPU overhead

Jump to solution

Unfortunately, patch 4 did not do the trick.  It appears that it may be a simple matter of overhead on the single ePO server for 35000 nodes.  None of the standard top metrics (CPU, memory, disk queue length) seemed to be pegged when this was  happening, but the number of ePO connections was maxed at 250.  As soon as I deleted the LDAP server and restarted services, it began to recover.  it would attempt to connect to the LDAP server, fail and then disable signing for each node that checked in as shown:

2011-04-22 14:48:31    I    #7324    NAIMSRV     Received [Event] from <myhost>:{<myguid>}

2011-04-22 14:48:32    E    #6184    epo_ldap    Failed to get LDAP login information for domain <mydomain>.

2011-04-22 14:48:32    I    #6184    MCUPLOAD    Successfully disabled CA trust options.

And then the traffic returned to normal.  I'm going to drill down in the performance monitor to see if there is an upper limit being reached on the server (indicating a resource issue) or if the sheer number of nodes warrants additional agent handlers or ePO servers to deal with the signing overhead.

Re: LDAP server/secure agent traffic causes high connection/CPU overhead

Jump to solution

I can confirm that ePO 4.6.1 resolved this issue for us.  We now have an LDAP registered server and user-based policy application working without excess connection time/counts.

McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 6 of 6

Re: LDAP server/secure agent traffic causes high connection/CPU overhead

Jump to solution

Good to know, thanks

Regards -

Joe