[ST OMU] opcagtw.vbs causes traffic congestion in customer firewall
An HP vb script is executing the following command line every time and it is causing a lot of outbound traffic.
The congestion in the firewall gets even worse during this transaction because it is being denied.
C:\Windows\System32\cscript //Nologo "C:\Program Files\HP OpenView\bin\win64\OpC\opcagtw.vbs" -type –verbose
Delay can happen during certificate validation.
After CryptoAPI starts validating the individual certificates in the presented certificate chain(s), the following checks are performed:
1. CryptoAPI determines whether the certificate is included in the Untrusted certificate store. All certificates in the Untrusted certificate store are explicitly designated as disallowed certificates.
2. If the certificate included a stapled OCSP response and the stapled response is time valid, use the stapled OCSP response to valid the revocation status of the certificate.
3. If a CRL with the matching issuer name and optionally the same IDP is already in the CA store, use that version of the CRL.
4. If a stapled response or previously downloaded CRL is not available, then CryptoAPI must attempt URL retrieval to determine the revocation status of the certificate.
5. The URLs for OCSP and CDP are built in the following order:
a. OCSP URLs from Group Policy
b. OCSP URLs from the authority information access extension
c. CRL URLs from the CDP extension
On the systems where there is no internet access, the delay can equal to URL retrieval timeout set on the system.
DNS settings and network settings can also add up to the effective total retrieval time.
The removal of the signature block for both opcagtw.vbs files stops the network traffic.
This is documented in the following KCS document: http://support.openview.hp.com/selfsolve/document/KM00956568
If you find that this or any post resolves your issue, please be sure to mark it as an accepted solution.
If you liked it I would appreciate KUDOs.
Re: [ST OMU] opcagtw.vbs causes traffic congestion in customer firewall
Not only does it delay the time the opcagt command takes to respond and return a result. It also uses a lot of CPU resources. This issue has been apparent since HP Operations Agent 11.04.
I have a post-install step that is to remove the signature block from the opcagtw.vbs file (located in bin and win64 directories), as well as the opctemplatew.vbs file (located in bin and win64 directories). As that experiences a similar result.