Running Genian Agent is not Detected in WebUI

Symptom

The node is currently up, and the agent is running, but the agent is marked as down in the Web Console.

Cause

The Genian Agent sends a keep-alive packet to the Policy Server once every two minutes to let you know its operational status.

The policy server changes the agent's operation status to "no action" by default when it does not receive the keep-alive packet from the Genian Agent for 10 minutes.

The following situations can disrupt this keep-alive packet resulting in a false down status:

  1. Packet control in a firewall between Policy Server and Genian Agent.
  2. A PC's antivirus solution preventing Genian Agent process from sending data.
  3. The Agent is not properly generating the keepalive packet.

Resolution

Checking communication between Policy Server and Genian Agent

  • Using SSH on the Policy Sever and Network Sensor follow the steps below:
genian> en

genian# @shell

Genians$ tcpdump -i eth[interface number] host [Node IP address] [keep-alive port]

Example syntax: tcpdump -i eth0 host 10.10.10.245 24378

If no traffic keep-alive traffic is detected:

  • Verify communication path between policy server and agent on the keep-alive port. Ensure necessary exceptions on firewalls or other appliances.
  • (Windows) Enable local logging to determine that the agent is generating and sending the keepalive packet.
    • In the Registry, find HKEY_LOCAL_MACHINE\SOFTWARE\Geni\Genian\Option or HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Geni\Genian\Option
    • Set DWORD:DebugPrint (1)

If keep-alive traffic is detected:

  • There may be a problem with the Agent installation or Policy Server
  • Use the Syscollect function on the Policy Server to send info to Genians engineers.
  • Obtain logs from Agent and send to Genians engineers.

See: Genian NAC log collection method