Correct, i used the public name and public ip.
i also have checked off 'use internal address' - configured the internal name and internal IP of the CSA. still doesn't work.
a few items of interest here are:
1. i removed dns on the network card and still have the same result.
2. i added a hosts file and still have the same result.
this means that changes to public dns or our public IPs will require a re-deployment of the agents?
why even have the public dns name then? might as well configure it all with IP and not advertise the IP/service to the internet.