Yesterday Afternoon I made some changes on our ACC -- mainly adding a new network to the allowed Gateway Manager Access Networks list. All appeared to be well...
This morning, I noted one or two units that were still running 8.103 (most of our managed clients still run that version per our recommendations) that had lost connectivity to ACC (they showed as disconnected in ACC Gateway Manager)... thinking that they had gone down, I tracerouted, etc. to them and found them up and working, and their Webadmins were responding, etc. I looked at the logs on the ACC and the Devices, and they indicated IO errors centered around a bad password -- thinking they were just "flipping out", as I did not change the Gateway Secret in ACC the previous day, and only the 8.103 instances appeared to be affected, I restarted the ACC and the nextgen-agent on the affected ASG units.
After the reboot, all of the ASGs showed as disconnected (including the ones running 8.300)... what to do? So I manually reset the ACC Gateway Manager Secret on the ACC, and everything started working again.
We had no system outages, etc. yesterday, so I was really curious about what could have corrupted my ACC configuration that would require such a reset.
Looking at the management log (screenshot attached, redacted as necessary) I found the answer. When I hit Apply in the Gateway Manager / Access tab, apparently it re-applies settings in the Device Security tab somehow -- I don't recall even clicking on the Device Security tab at all, as my changes weren't necessary there -- at the worst, I may clicked it and then clicked back (miscue with the mouse). Anyway, as the managment log shows, the ACC Webadmin looked at the password (which is hidden) and decided that the & in the middle of it needed to have a 'amp;' injected next to it (HTML). When it saved, it saved this new invalid password.
For some reason, the 8.103 ASGs apparently did not auto-update to the new gateway secret (that box is checked) but the 8.300 units did, hence why things happened the way they did.
So... it looks like there's an issue with the parsing of that gateway secret (what's funny is manually pasting it back in and hitting apply in the device security tab does work correctly) in this particular scenario, and apparently 8.103 gateway secret auto-update does not work (which is not a big deal, as 8.300 does appear to have this working).
Note that, again, I did not enter anything into the gateway secret blank at all to cause this... changing another setting and hitting apply (in another tab), caused the node change listed in the attached screenshot. Worst case, if my memory is "fuzzy" I might have just hit apply in Device Control if I tabbed to it accidentally -- I certainly didn't add 'amp;' to the password. Oh... and this was using Firefox 9.0.1 on Windows Vista 32 Bit, all patches and SPs applied.
This thread was automatically locked due to age.
