Location Mapping Troubleshooting

In the world where we work remotely from different locations and use various WiFi routers, virtual app servers, VPN services, and other technologies, the process of business location mapping has become more complex.

This table lists several common scenarios where further steps must be taken to show correct business location names in Aternity dashboards.
Attribute Values Definition What's wrong? Solution
Off-site

Aternity reports the business location as Off-site when the device is not connected to the Microsoft Active Directory.

A device is in the office, but not showing in Active Directory, and its location name displays Off-site.

For example, a device is connected to the guests WiFi network and appears in the same subnet as organization's network.

  • If the device is not connected to the organization's network, Aternity ignores the Subnet_to_Site.csv file, so that business location name displays Off-site (even if the file includes the correct data for that device).

  • If the device is connected to the organization's network, but appears as Off-site, check the Active Directory settings. You might find a bug in the settings.

    To check if the Active Directory is properly configured, open Windows PowerShell and run [System.DirectoryServices.ActiveDirectory.ActiveDirectorySite]::GetComputerSite().Name.

  • If the device is not showing in Active Directory, although its subnet and location name are properly set in the Subnet_to_Site.csv file, contact Aternity SaaS Administration. You might need the Legacy method for location mapping.

Not Mapped

Business location name on dashboards displays Not Mapped when Aternity checks in the Subnet_to_Site.csv file and the device is not mapped there.

This is valid in the following cases:
  • Aternity retrieves business location names from the Active Directory for Windows devices if they are connected to the organization's network and Active Directory.

  • Aternity retrieves business location names for any device type from the Subnet_to_Site.csv file.

Why business location is not mapped, although the Agent has reported the IP address and subnet?

  • Although, the selected location mapping method is Subnet_to_Site.csv file, and the file should be up-to-date, but the IP subnet does not exist in the file.

  • The device is connected to a VPN which allows connectivity to the organization's network (ON VPN shows True). However, because of split tunneling, the Agent reports your home IP address which does not exist in the Active Directory or in the Subnet_to_Site.csv file. So, the device's business location shows Not Mapped.

  • Check if the subnet and its respective site name exist in the Subnet_to_Site.csv file.

  • Check if the subnet and its respective site name in the Subnet_to_Site.csv file are correct. Fix if necessary. Learn more about the CSV file.

  • Check if your network router is configured to split tunneling. In this case, upgrade to the new Agent version which was developed to handle such cases. Contact Aternity SaaS Administration.

Business Location Name (vpn)

The Agent queries Windows for a virtual network adapter with an active connection and a common name in its description: AGN, Checkpoint, Cisco AnyConnect, Citrix VPN products, F5 Networks adapters, Juniper Networks, OpenVPN TAP, Palo Alto GlobalProtect, Pulse Secure, PureVPN, SonicWall, and VyprVPN.

If a user connects to the office via a known VPN utility (not necessarily corporate), then the On VPN field displays True and Aternity displays business location name as the office's name and adds the (VPN) suffix to show it is a remote connection.

In general, such device is connected to the organization’s network and Active Directory, and its subnet is mapped in the Subnet_to_Site.csv file.

Why the displayed business location name is wrong?

For example, a dashboard displays India as the device's location, but the device is in England.

  • Connected to a cloud that does not require VPN.

  • The wrong subnet used for location mapping (out of several network cards).

  • Connected to the router with split-tunneling.

  • Check whether the device is on VPN or not.

  • Check if the subnet and its respective site name in the Subnet_to_Site.csv file are correct. Fix if necessary. Learn more about the CSV file.

  • Wait for the new Agent for End User Devices that resolves the split-tunneling issue.

  • Route all the traffic through a VPN.

Business Location Name

Business Location is a text field that displays information about a site to which the device belongs and whether that device is connected through a VPN or not.

Learn more.

Why the displayed business location name is wrong?
  • Home Internet Service Provider IP is partially identical to the subnet of another business region.

    Aternity pulls location names from the file that maps subnets to locations. In rare cases, the subnet in that file might be identical to someone's home Internet Server Provider subnet. In that case, Aternity might display the wrong location name.

Route all the traffic through a VPN so as not to use the home Internet Service Provider IP.

On VPN

On Site

(Windows only) On Site is an attribute of a desktop or laptop and shows whether the device is connected to the Microsoft Active Directory.

(Windows only) Reported values depend on the existence of a Network Adapter that is identified as a VPN. Displays True when the device is connected to the corporate network through VPN. Displays False when none of the Network Adapters identified as a VPN. Displays N/A when the device cannot report the values.

Dashboards display wrong values for On VPN or On Site attributes.

These attributes refresh and their values may be updated in the following cases:
  • A network time-trigger happens

  • A change in the IP through which the Agent is connected to the Aternity server is detected

This means that as long as the Agent is connected through the same IP, the values will not be updated (until the time-trigger happens).

So, when a user is working remotely, and connecting and disconnecting from the VPN, the outdated values may be displayed for a considerable duration of time.

  • Update the Agent for End User Devices to 12.0.6. This Agent release can assure more sensitive behavior when network time-triggers happen and create higher accuracy of the On VPN and On Site values.

  • Reroute the Agent's traffic through the VPN. So, every time a user connects or disconnects from the VPN, the system rescans the network adapters and updates the values.

On VPN

On Site

Learn the terminology in our glossary.

Dashboards display wrong values for On VPN or On Site attributes.

When using a VPN with split-tunneling, the Agent may be connected to Aternity through the home internet service provider IP.

So, when a user is working remotely, and connecting and disconnecting from the VPN, the outdated values may be displayed for a considerably long period of time.

Reroute the Agent's traffic through the VPN. So, every time a user connects or disconnects from the VPN, the system rescans the network adapters and updates the values.

This also assures that the subnet used for the Business Location will be that of the VPN.

Business Location Name

The Agent queries Windows for a virtual network adapter with an active connection and a common name in its description: AGN, Checkpoint, Cisco AnyConnect, Citrix VPN products, F5 Networks adapters, Juniper Networks, OpenVPN TAP, Palo Alto GlobalProtect, Pulse Secure, PureVPN, SonicWall, and VyprVPN.

In very rare cases, Aternity might not be able to recognize a rare type of VPN, so that a business location name will appear without suffix.

N/A

Business Location Name

Business Location is a text field that displays information about a site to which the device belongs and whether that device is connected through a VPN or not.

Learn more.

All files used for location mapping are up-to-date and include all necessary names. Why the names in dashboards are still wrong?

The changes take effect when Agent connects and reports for the end user device next time after you uploaded the updated files. The changes in Location Mapping do not take effect retroactively. Business location names as they were reported by Agent before you moved to the new Location Mapping strategy, are kept in the database and will be displayed in dashboards depending on the timeframe view you selected.

We suggest you limit the timeframe of the dashboard, so that you view only new data collected after you made a change.

Off-site

Correlation between On Site values and business location names

Learn the terminology in our glossary.

Why monitored devices are correctly mapped to business locations for one data source, but not for others?

Aternity uses Serving Device attributes to define the On Site values (True or False).

Off-site

Correlation between On Site values and business location names

(Windows only) On Site is an attribute of a desktop or laptop and shows whether the device is connected to the Microsoft Active Directory.

Learn the terminology in our glossary.

Why in some cases when On Site displays True, Business Location displays Off-Site instead of location name?

And vice versa, why in some cases when On Site displays False, Business Location displays the correct location name instead of Off-Site?

First, SERVER connection details are used for defining the value of the On Site attribute. If the device is connected to the Microsoft Active Directory, Aternity reports True for the On Site attribute.

Then, to map Business Location, Aternity queries Active Directory or the Subnet_to_Site.csv file (depending on a device type and the method selected for location mapping).

For VDI, Aternity reports the business location name from the Subnet_to_Site.csv file and properly displays it on a dashboard. For client devices, Aternity