6 Replies Latest reply on Aug 2, 2017 2:22 PM by Thad Esser

    Host node on consolidator not aging out

    Thad Esser

      ADDM 11.1.0.5

      TKU-2017-06-1-ADDM-11.1+

       

      I have a situation where a Host node that should be aging out, isn't.  The host itself has been long removed from our infrastructure.  I've looked through the docs, and searched the community, but didn't find what I was looking for.

       

      On the consolidator:

      • A Host node exists and displays the "WARNING: This Host is approaching its removal threshold" message.  It has had this for long enough that the node should have been destroyed.
      • The Host node shows daily, current, discovery accesses, with the result message: "Skipped (Desktop host discovery has been disabled)".  Note that this was a VMware Linux server, not a desktop.  We do have desktop discovery disabled.
      • The discovery accesses show that the source data is coming from the scanning appliance.

       

      On the scanning appliance:

      • There is no Host node.  The only place I can find a reference to the IP address is in the daily "Dropped Endpoints" nodes.
      • The Dropped Endpoint nodes have a reason of "No Response from these IPs".
      • There are no discovery access nodes for this IP address.
      • The data here is what I would expect since the host doesn't exist anymore.

       

      My questions:

      1. Why are there new/daily discovery accesses for this IP address on the consolidator?  It says its coming from the scanning appliance, but there isn't a corresponding discovery access on the scanner.  There's no DDD on the scanner to get sent to the consolidator.  The consolidator does not have any scheduled scans.
      2. Why does the consolidator think this IP address is a desktop?  The answer to the first question will probably inform this question.
      3. Why isn't the Host node aging out?  My presumption is that the presence of the discovery access is keeping it there, so that's why those were my first questions.  If there are other reasons, I'm all ears.

       

      I have about 40 Host nodes in this situation, so I'd like to understand the situation better before manually destroying them.

       

      Thanks in advance,

      Thad