Actions being reported by non-targeted non subscribed systems

Lifecycle 10.0.1 for the past 8 weeks.

I have a custom site “All Windows systems” relevance:
(if( name of operating system starts with “Win” ) then platform id of operating system != 3 else false) AND (if exists property “in proxy agent context” then ( not in proxy agent context ) else true )

I have a similar site with “All unix systems” relevance:
((name of it as lowercase contains “red hat” and version of it >= “5”) of operating system) or ((name of it as lowercase contains “oracle” and version of it >= “6”) of operating system) or ((name of it as lowercase contains “linux centos” and version of it >= “5”) of operating system)

I have been working on a few custom tasks, making a version for windows and linux systems. The initial tasks were created initially in each custom site. When run the tasks are dynamically targeted by device type only to servers, no OS limits in the task relevance - just limiting scope by presence in the Custom Site of Unix or Windows.

I noticed yesterday that after i started cleaning up the tasks and using a copy of the Windows task, edited and saved into the Linux site - that task run from Unix site same dynamic targeting is trying to be evaluated on the windows clients. I am also seeing the Unix task now including other non Linux unix clients appear to be attempted… aka 2 AIX servers are being checked… I am also seeing Unix systems being checked for the task in the “All Windows” task.

The console is reporting:
( the unix and windows actions when they are evaluated on systems which dont belong to the site which the fixlet was saved to)

Invalid site context. The Fixlet site may no longer exist.

Status
Start Time Not Executed
End Time Not Executed
Exit Code None

From the action info:

This action’s source is the Task “Collect Solarwinds NodeID [windows]” in the “All Windows Systems” site.

It pulled in all 227 Linux systems and is reporting the above error, and even though those systems are not subscribed to the “All Windows Systems” site

Anyone have a clue… I dont think the copy should have done this, and i may have copied these tasks a few times not keeping track of which platform was going to which?

I will try creating all new tasks from scratch and just cut/paste lines, but really odd behavior

Thank you

I’d suggest opening a Support Incident. I generally only see messages like that when I’ve performed masthead switches - moving clients from one BigFix deployment to another. Have you done any kind of cleanup on the clients, removed __BESData folders manually, or anything like that?

1 Like

No no major work like that in over 18 months.

Also i just created an new empty task, assigned to All windows, and Patch. Then created an action in ‘Patch’ and targeted just by device type and same results… it pulled in both unix and windows.

I will start the process now with support. Hopefully a quick fix as supposed to patch enterprise tomorrow.

I opened a ticket with HCL support and am also chasing AV exclusions internally, since @JasonWalker mentioned issues relayed to the __BESData folders…

It is very likely others may have changed Sophos AV management systems on the backend for these systems and not preserved any exclusions. Unfortunately i am blind to any AV logs, or the like.

Issue was:

Tasks were created with little relevance to support filtering the target system

Even though the task was saved in a custom site with only windows systems subscribed, when action is targeted to all systems it does not apply the custom site subscription filter until after the initial task relevance is evaluated, which is why it yielded the unable to access the site.

As usual this was a previous well known issue but not to me:

The same topic was also discussed in the following forum link: Fixlet running against PC's not in site

The resolution was to add the platform relevance and other relevance to the task itself and not expect the site subscription to perform the filtering.