How do I troubleshoot agent-collector connectivity issues?

Article ID: 307
Category: Collector Service
Applies to: 3.2 and newer
Created: 2016-04-22

If you go into the Windows event viewer on your EventSentry server, select the Application log, and look for event 117, 118, or 119 from EventSentry Collector as the source. If these events exist, here are the steps you can take to resolve these error events and allow the agent(s) to connect:

Event 117 - This error is generated because the DNS lookup for the remote agent's host name either failed or returned a different IP address than the agent is currently connected with. Update the DNS records for this agent or change your collector security level from High to Medium.

Event 118 - This error is generated because the remote agent's host name in its operating system does not match any hosts listed in EventSentry. If you have any IP addresses specified for your hosts in EventSentry, neither the host names nor the host IP addresses in EventSentry match the host name and IP address currently being used by the remote agent. Add/Update the host name or IP address in EventSentry or change the collector security level to Basic.

Event 119 - Try restarting the remote agent. If this event still returns you can click Reset Shared Secrets in the collector security settings and then restart the remote agent again to clear the error.

If you change the collector security settings in any of these steps, you would need to save the new settings and then click Restart in the collector settings to apply the change.

It is possible that you will not find any of these events on the EventSentry server because the remote agent cannot find the collector to attempt a connection. In that case go into the Windows event viewer on your remote agent server, select the Application log, and look for event 905 from EventSentry as the source. The text of this event will have details of which collector name or IP the agent is attempting to connect to, as well as the port number that the collector connection would use. Please ensure that the agent can resolve the collector name if an IP is not being used for the collector, and please ensure that the agent can access the specified port number for the collector's IP address.