Agent receives a licensing error message when attempting to start Cisco Agent Desktop

From DocWiki

Revision as of 19:37, 15 August 2011 by Nakamins (Talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Agent receives a licensing error message when attempting to start Cisco Agent Desktop

Problem Summary When agents start Agent Desktop, they see a licensing error message. Telnet tests from the agent PC to the LRM service on the Agent Desktop server (port 65432) fail. The LRM service is running and agents are able to connect some of the time. Cisco Security Agent (CSA) is installed and running on the Agent Desktop server.

CSA log reports the following: “Event: Possible SYN Flood detected. Source addresses include 10.X.X.X. TCP ports, including port 59004, SYN Flood protection has been enabled.”

Error Message A licensing error has occurred. Please try again in five minutes. If the problem persists, please see your log file or the System Administrator for details.
Possible Cause CSA is in SYN Flood detection mode. Agent PCs have the firewall enabled and are blocking packets, and CSA thinks the PC is non-responsive.
Recommended Action Short-term solution: Restart CSA on the Agent Desktop servers.

Long term solution options include:

  • Option 1: Leave the systems as is. Risk: SYN Flood detection mode might become enabled, which can prevent agents from logging in. If not discovered immediately, the problem can persist until SYN F turns off by itself (approximately two hours).
  • Option 2: Turn off SYN Flood detection mode. Risk: Leaves the server open to SYN Flood.
  • Option 3: Turn off Agent PC firewall. Risk: Could leave agent PCs vulnerable to viruses.

Recommendation: Option 2. SYN Flood is generally not effective against modern networks..

Release CAD Unified CCX 8.5
Associated CDETS # None.

Rating: 5.0/5 (1 vote cast)

Personal tools