Agent Host Name is IPv6?
After upgrading our Windows Unified Connectors, we've started to the Agent Host Name being presented as - what at least seems to be - an IPv6 address, when investigating the event in ESM.
I could look something like this: fe80:0:0:0:250:56ff:fe96:2748%2
Anyone else facing this problem - or maybe even been able to find the cause for it?
Hm, this is a link-local ipv6 address (at least up to the %2 at the end), which modern OSes often automagically assign to interfaces in addition to ipv4 (and always in addition to a routable ipv6 adddress if you are actually using ipv6).
My guess - the new connector version is ipv6 aware, thinks this is really an ipv6 enabled box (which it isn't if the interface has only a link-local address) and then tries to do a reverse lookup on this in order to find the agent hostname - which will obviously fail in an ipv4 only environment and also should fail always for link-local addresses:
RFC4472 Operational Considerations and Issues with IPv6 DNS, Page 4
2.1. Limited-Scope Addresses
The IPv6 addressing architecture [RFC4291] includes two kinds of
local-use addresses: link-local (fe80::/10) and site-local
(fec0::/10). The site-local addresses have been deprecated [RFC3879]
but are discussed with unique local addresses in Appendix A.
Link-local addresses should never be published in DNS (whether in
forward or reverse tree), because they have only local (to the
connected link) significance [WIP-DC2005].
I'd say - bug it. As a workaround in case you're not actually using ipv6 I'd try to disable dual-stack on the OS level and the problem should go away.