Location Mapping Troubleshooting

In the world where we work remotely from different locations and use various WiFi routers, virtual app servers, VPN services, and other technologies, the process of business location mapping has become more complex.

This table lists several common scenarios where further steps must be taken to show correct business location names in Aternity dashboards.
Attribute Values Definition What's wrong? Solution
Off-site

Aternity reports the business location as Off-site when the device is not connected to the Microsoft Active Directory.

The device is in the office but not showing in Active Directory and its location name displays Off-site.

For example, the device is connected to the guests WiFi network and appears in the same subnet as organization's network. But when a device is not connected to the organization's network, Aternity ignores the Subnet_to_Site.csv file, so that business location name displays Off Site (even if the file includes the correct data for that device).

  • If the device is in the office and connected to the organization's network, but appears as off-site, check the Active Directory settings. You might find a bug in the settings.

    To check if the Active Directory is properly configured, open Windows PowerShell and run [System.DirectoryServices.ActiveDirectory.ActiveDirectorySite]::GetComputerSite().Name.

  • If the device is not showing in Active Directory, although its subnet and location name are properly set in the Subnet_to_Site.csv file, contact Aternity SaaS Administration. You might need the Legacy method for location mapping.

Not Mapped

Business location name on dashboards displays Not Mapped if Aternity checks in the Subnet_to_Site.csv file and the device is not mapped there.

This is valid in the following cases:
  • Aternity retrieves business location names from the Active Directory for Windows devices if they are connected to the organization's network and Active Directory.

  • Aternity retrieves business location names for any device type from the Subnet_to_Site.csv file.

Why the business location is not mapped, although the Agent reported the IP address and subnet?

Although, the selected location mapping method is Subnet_to_Site.csv file, and the file should be up-to-date, but the IP subnet does not exist in the file.

The device is connected to a VPN which allows connectivity to the organization's network (ON VPN shows True). However, because of split tunneling, the Agent reports your home IP address which does not exist in the Active Directory or in the Subnet_to_Site.csv file. So, the device's business location shows Not Mapped.

  • Check if the subnet and its respective site name exist in the Subnet_to_Site.csv file.

  • Check if the subnet and its respective site name in the Subnet_to_Site.csv file are correct. Fix if necessary. Learn more about the CSV file.

  • Check if your network router is configured to split tunneling. In this case, upgrade to the new Agent version which was developed to handle such cases. Contact Aternity SaaS Administration.

Business Location Name (vpn)

If a user connects to the office via a known VPN utility, Aternity displays the location name as the office's name and adds (VPN) to show it is a remote connection.

The Agent queries Windows for a virtual network adapter with an active connection and a common name in its description: AGN, Checkpoint, Cisco AnyConnect, Citrix VPN products, F5 Networks adapters, Juniper Networks, OpenVPN TAP, Palo Alto GlobalProtect, Pulse Secure, PureVPN, SonicWall, and VyprVPN.

Business Location includes (VPN) suffix when the On VPN field displays True (meaning the device is connected to a network through VPN, not necessarily corporate).

In general, such device is connected to the organization’s network and Active Directory, and its subnet is mapped in the Subnet_to_Site.csv file.

Why the displayed business location name is wrong?

For example, a dashboard displays India as the device's location, but the device is in England.

  • Connected to a cloud that does not require VPN.

  • The wrong subnet used for location mapping (out of several network cards).

  • Connected to the router with split-tunneling.

  • Check whether the device is on VPN or not.

  • Check if the subnet and its respective site name in the Subnet_to_Site.csv file are correct. Fix if necessary. Learn more about the CSV file.

  • Wait for the new Agent for End User Devices that resolves the split-tunneling issue.

  • Route all the traffic through a VPN.

Business Location Name
Why the displayed business location name is wrong?
  • Home Internet Service Provider IP is partially identical to the subnet of another business region.

    Aternity pulls location names from the file that maps subnets to locations. In rare cases, the subnet in that file might be identical to someone's home Internet Server Provider subnet. In that case, Aternity might display the wrong location name.

Route all the traffic through a VPN so as not to use the home Internet Service Provider IP.

On VPN

On Site

(Windows only) On Site is an attribute of a desktop or laptop and shows whether the device is connected to the Microsoft Active Directory.

(Windows only) Reported values depend on the existence of a Network Adapter that is identified as a VPN. Displays True when the device is connected to the corporate network through VPN. Displays False when none of the Network Adapters identified as a VPN. Displays N/A when the device cannot report the values.

Dashboards display wrong values for On VPN or On Site attributes.

These attributes refresh and their values may be updated in the following cases:
  • A network time-trigger happens

  • A change in the IP through which the Agent is connected to the Aternity server is detected

This means that as long as the Agent is connected through the same IP, the values will not be updated (until the time-trigger happens).

So, when a user is working remotely, and connecting and disconnecting from the VPN, the outdated values may be displayed for a considerable duration of time.

  • Update the Agent for End User Devices to 12.0.6. This Agent release can assure more sensitive behavior when network time-triggers happen and create higher accuracy of the On VPN and On Site values.

  • Reroute the Agent's traffic through the VPN. So, every time a user connects or disconnects from the VPN, the system rescans the network adapters and updates the values.

On VPN

On Site

Dashboards display wrong values for On VPN or On Site attributes.

When using a VPN with split-tunneling, the Agent may be connected to Aternity through the home internet service provider IP.

So, when a user is working remotely, and connecting and disconnecting from the VPN, the outdated values may be displayed for a considerable duration of time.

Reroute the Agent's traffic through the VPN. So, every time a user connects or disconnects from the VPN, the system rescans the network adapters and updates the values.

This also assures that the subnet used for the Business Location will be that of the VPN.

Business Location Name

The Agent queries Windows for a virtual network adapter with an active connection and a common name in its description: AGN, Checkpoint, Cisco AnyConnect, Citrix VPN products, F5 Networks adapters, Juniper Networks, OpenVPN TAP, Palo Alto GlobalProtect, Pulse Secure, PureVPN, SonicWall, and VyprVPN.

In very rare cases, Aternity might not be able to recognize a rare type of VPN, so that a business location name will appear without suffix.

N/A

All files are up-to-date and include all necessary names. Why the names in dashboards are still wrong?

The changes take effect when Agent connects and reports for the end user device next time after you uploaded the updated files. The changes in Location Mapping do not take effect retroactively. Business location names as they were reported by Agent before you moved to the new Location Mapping strategy, are kept in the database and will be displayed in dashboards depending on the timeframe view you selected.

Therefore, we recommend reducing the timeframe of the dashboard to view only new data gathered since you made the change.