Overview
The IP used by the Patch Agent Service does not choose the correct IP address to communicate the remediation progress.
The following error is logged in C:\Windows\Patches\PatchAgent.log:
2012-02-10,14:15:16,"error",Error WinSock/connect(). WSAGetLastError returned 10061. Sock 192.168.200.250:1169
In the case above, 192.168.200.250 is not the correct IP to be used for sending remediation status back to the LanGuard console.
This article outlines how to hard code the IP address used for remediation communication.
Root Cause
When LanGuard is installed on a machine with multiple network interface cards, there are cases where the internal logic can pick the incorrect interface to communicate with.
Resolution
- In the GFI LanGuard console go to Configuration > Agents Management > Agents Settings.
- Access the General tab and see Communications below. Choose the correct IP address from the drop-down list.
NOTE:
- The Default setting causes the Agents (for all communications) and the Patch AgentService (during remediations) to use the DNS name of the LanGuard server to communicate back to the LanGuard server.
- If DNS name resolution is slow or does not resolve the IP Address of the LanGuard server, the communication attempt fails. In this case, setting this to a fixed IP address causes Agents and the Patch Agent Service to connect directly to the LanGuard IP Address without having to resolve it first.
Confirmation
To confirm that this change has taken place, the following entry can be found within C:\ProgramData\GFI\LanGuard 12\toolcfg_simple.xml
<Item Name="FixedIPAddress"><![CDATA[192.168.100.29]]></Item>