How does the client locate the agent in windows logon solution?
In Windows Logon Implementation guide, there is a picture
However, you don't specify anything during the client installation. You may wonder how the client locates the agent?
Generally, it reads the registry HLM\SOFTWARE\\Deepnet Security\\Windows Logon\\agents to get where the agent is (see above image).
Obviously, this registry key is empty at the very beginning, so the client service tries tcp broadcasting to find the agent. if agent found, write the registry key for next use.
What if the broadcasting traffic is blocked in your network by firewall? The client service will try the luck to contact the DC machine to see if there is a dualshield windows logon agent installed on DC.
Apparently, locating the agent on DC will fail if you installed the agent on another machine (other than DC machine). In this worst scenario, you can ask your network administrator to add the following entry in the DNS server which each windows client uses (the host name dswagent is hardcoded).
192.168.120.2(replace it with your agent IP) dswagent.yourdomain.com
As you can imagine, it is an easy job for network administrator, compared to setting the registery on each client machine, especially when there are dozens of client machines in your organization.