Agents not reporting to BF console

DiegoL · December 14, 2020, 4:20pm

Hi team,

I have reinstalled BF from scratch and now I am facing a weired issue with some clients, as when installe BF agent on couple of devices they are not reporting to BF console and getting below error.

Registeronce :¨Register once Current deployment ’ x-bes-minimum-support-relay-level’ masthead setting now allow clear text registerition.

Please help me on this, why I am getting this error. I am not able to patch my infra since last 1 month, any leads on this is appreciated…

Regards,

Diego Ludeña

cmcannady · December 14, 2020, 4:26pm

@DiegoL, can you please post the Relay Registration log details to your forum post? Need more details from your endpoints in question that aren’t reporting. Thank you.

DiegoL · December 14, 2020, 4:30pm

Current Date: December 14, 2020
Client version 9.5.10.79 built for WINVER 6.0 i386 running on WINVER 10.0.14393 x86_64
Current Balance Settings: Use CPU: True Entitlement: 0 WorkIdle: 10 SleepIdle: 480
ICU 54.1 init status: SUCCESS
Agent internal character set: UTF-8
ICU report character set: UTF-8 - Transcoding Disabled
ICU fxf character set: windows-1252 (Latin 1 / Western European) - Transcoding Enabled
ICU local character set: windows-1252 (Latin 1 / Western European) - Transcoding Enabled
At 00:53:16 -0500 -
Beginning Relay Select
At 00:53:20 -0500 -
RegisterOnce: Attempting secure registration with 'https://BFServer.dominio.pe:52311/cgi-bin/bfenterprise/clientregister.exe?RequestType=RegisterMe60&ClientVersion=9.5.10.79&Body=12177417&SequenceNumber=4730&MinRelayVersion=7.1.1.0&CanHandleMVPings=1&MaxHops=4&Root=http://BFServer.dominio.pe%3A52311&AdapterInfo=e4-e7-49-4d-5c-d2_128.112.0.0%2F16_128.112.2.5_1’
RegisterOnce: Relay does not support secure registration.
RegisterOnce: Current deployment ‘x-bes-minimum-supported-relay-level’ masthead setting does not allow clear text registration.
At 00:53:54 -0500 -
RegisterOnce: Attempting secure registration with 'https://BFServer.dominio.pe:52311/cgi-bin/bfenterprise/clientregister.exe?RequestType=RegisterMe60&ClientVersion=9.5.10.79&Body=12177417&SequenceNumber=4731&MinRelayVersion=7.1.1.0&CanHandleMVPings=1&Root=http://BFServer.dominio.pe%3A52311&AdapterInfo=e4-e7-49-4d-5c-d2_128.112.0.0%2F16_128.112.2.5_1’
RegisterOnce: Relay does not support secure registration.
RegisterOnce: Current deployment ‘x-bes-minimum-supported-relay-level’ masthead setting does not allow clear text registration.
Unrestricted mode
Configuring listener failed to initialize as wake-on-lan forwarder(AdapterInfo=).
At 00:53:55 -0500 -
[ThreadTime:00:53:54] ShutdownListener
[ThreadTime:00:53:54] SetupListener success: IPV4/6
At 02:53:56 -0500 -
Beginning Relay Select
At 02:53:59 -0500 -
RegisterOnce: Attempting secure registration with 'https://BFServer.dominio.pe:52311/cgi-bin/bfenterprise/clientregister.exe?RequestType=RegisterMe60&ClientVersion=9.5.10.79&Body=12177417&SequenceNumber=4732&MinRelayVersion=7.1.1.0&CanHandleMVPings=1&MaxHops=4&Root=http://BFServer.dominio.pe%3A52311&AdapterInfo=e4-e7-49-4d-5c-d2_128.112.0.0%2F16_128.112.2.5_1’
RegisterOnce: Relay does not support secure registration.
RegisterOnce: Current deployment ‘x-bes-minimum-supported-relay-level’ masthead setting does not allow clear text registration.
At 02:54:33 -0500 -
RegisterOnce: Attempting secure registration with 'https://BFServer.dominio.pe:52311/cgi-bin/bfenterprise/clientregister.exe?RequestType=RegisterMe60&ClientVersion=9.5.10.79&Body=12177417&SequenceNumber=4733&MinRelayVersion=7.1.1.0&CanHandleMVPings=1&Root=http://BFServer.dominio.pe%3A52311&AdapterInfo=e4-e7-49-4d-5c-d2_128.112.0.0%2F16_128.112.2.5_1’
RegisterOnce: Relay does not support secure registration.
RegisterOnce: Current deployment ‘x-bes-minimum-supported-relay-level’ masthead setting does not allow clear text registration.
Unrestricted mode
Configuring listener failed to initialize as wake-on-lan forwarder(AdapterInfo=).
At 02:54:35 -0500 -
[ThreadTime:02:54:33] ShutdownListener
[ThreadTime:02:54:33] SetupListener success: IPV4/6
At 04:54:35 -0500 -
Beginning Relay Select
At 04:54:40 -0500 -
RegisterOnce: Attempting secure registration with 'https://BFServer.dominio.pe:52311/cgi-bin/bfenterprise/clientregister.exe?RequestType=RegisterMe60&ClientVersion=9.5.10.79&Body=12177417&SequenceNumber=4734&MinRelayVersion=7.1.1.0&CanHandleMVPings=1&MaxHops=4&Root=http://BFServer.dominio.pe%3A52311&AdapterInfo=e4-e7-49-4d-5c-d2_128.112.0.0%2F16_128.112.2.5_1’
RegisterOnce: Relay does not support secure registration.
RegisterOnce: Current deployment ‘x-bes-minimum-supported-relay-level’ masthead setting does not allow clear text registration.
At 04:55:18 -0500 -
RegisterOnce: Attempting secure registration with 'https://BFServer.dominio.pe:52311/cgi-bin/bfenterprise/clientregister.exe?RequestType=RegisterMe60&ClientVersion=9.5.10.79&Body=12177417&SequenceNumber=4735&MinRelayVersion=7.1.1.0&CanHandleMVPings=1&Root=http://BFServer.dominio.pe%3A52311&AdapterInfo=e4-e7-49-4d-5c-d2_128.112.0.0%2F16_128.112.2.5_1’
RegisterOnce: Relay does not support secure registration.
RegisterOnce: Current deployment ‘x-bes-minimum-supported-relay-level’ masthead setting does not allow clear text registration.
Unrestricted mode
Configuring listener failed to initialize as wake-on-lan forwarder(AdapterInfo=).
At 04:55:19 -0500 -
[ThreadTime:04:55:18] ShutdownListener
[ThreadTime:04:55:18] SetupListener success: IPV4/6
At 06:55:19 -0500 -
Beginning Relay Select
At 06:55:21 -0500 -
RegisterOnce: Attempting secure registration with 'https://BFServer.dominio.pe:52311/cgi-bin/bfenterprise/clientregister.exe?RequestType=RegisterMe60&ClientVersion=9.5.10.79&Body=12177417&SequenceNumber=4736&MinRelayVersion=7.1.1.0&CanHandleMVPings=1&MaxHops=4&Root=http://BFServer.dominio.pe%3A52311&AdapterInfo=e4-e7-49-4d-5c-d2_128.112.0.0%2F16_128.112.2.5_1’
RegisterOnce: Relay does not support secure registration.
RegisterOnce: Current deployment ‘x-bes-minimum-supported-relay-level’ masthead setting does not allow clear text registration.
At 06:55:56 -0500 -
RegisterOnce: Attempting secure registration with 'https://BFServer.dominio.pe:52311/cgi-bin/bfenterprise/clientregister.exe?RequestType=RegisterMe60&ClientVersion=9.5.10.79&Body=12177417&SequenceNumber=4737&MinRelayVersion=7.1.1.0&CanHandleMVPings=1&Root=http://BFServer.dominio.pe%3A52311&AdapterInfo=e4-e7-49-4d-5c-d2_128.112.0.0%2F16_128.112.2.5_1’
RegisterOnce: Relay does not support secure registration.
RegisterOnce: Current deployment ‘x-bes-minimum-supported-relay-level’ masthead setting does not allow clear text registration.
Unrestricted mode
Configuring listener failed to initialize as wake-on-lan forwarder(AdapterInfo=).
At 06:56:00 -0500 -
[ThreadTime:06:55:56] ShutdownListener
[ThreadTime:06:55:56] SetupListener success: IPV4/6
At 08:55:58 -0500 -
Beginning Relay Select
At 08:56:01 -0500 -
RegisterOnce: Attempting secure registration with 'https://BFServer.dominio.pe:52311/cgi-bin/bfenterprise/clientregister.exe?RequestType=RegisterMe60&ClientVersion=9.5.10.79&Body=12177417&SequenceNumber=4738&MinRelayVersion=7.1.1.0&CanHandleMVPings=1&MaxHops=4&Root=http://BFServer.dominio.pe%3A52311&AdapterInfo=e4-e7-49-4d-5c-d2_128.112.0.0%2F16_128.112.2.5_1’
RegisterOnce: Relay does not support secure registration.
RegisterOnce: Current deployment ‘x-bes-minimum-supported-relay-level’ masthead setting does not allow clear text registration.
At 08:56:42 -0500 -
RegisterOnce: Attempting secure registration with 'https://BFServer.dominio.pe:52311/cgi-bin/bfenterprise/clientregister.exe?RequestType=RegisterMe60&ClientVersion=9.5.10.79&Body=12177417&SequenceNumber=4739&MinRelayVersion=7.1.1.0&CanHandleMVPings=1&Root=http://BFServer.dominio.pe%3A52311&AdapterInfo=e4-e7-49-4d-5c-d2_128.112.0.0%2F16_128.112.2.5_1’
RegisterOnce: Relay does not support secure registration.
RegisterOnce: Current deployment ‘x-bes-minimum-supported-relay-level’ masthead setting does not allow clear text registration.
Unrestricted mode
Configuring listener failed to initialize as wake-on-lan forwarder(AdapterInfo=).
At 08:56:43 -0500 -
[ThreadTime:08:56:43] ShutdownListener
[ThreadTime:08:56:43] SetupListener success: IPV4/6
At 10:11:00 -0500 -
ActiveDirectory: Refreshed Computer Information - Domain: DOMINIO
At 10:56:46 -0500 -
Beginning Relay Select
At 10:56:48 -0500 -
RegisterOnce: Attempting secure registration with 'https://BFServer.dominio.pe:52311/cgi-bin/bfenterprise/clientregister.exe?RequestType=RegisterMe60&ClientVersion=9.5.10.79&Body=12177417&SequenceNumber=4740&MinRelayVersion=7.1.1.0&CanHandleMVPings=1&MaxHops=4&Root=http://BFServer.dominio.pe%3A52311&AdapterInfo=e4-e7-49-4d-5c-d2_128.112.0.0%2F16_128.112.2.5_1’
RegisterOnce: Relay does not support secure registration.
RegisterOnce: Current deployment ‘x-bes-minimum-supported-relay-level’ masthead setting does not allow clear text registration.
At 10:57:26 -0500 -
RegisterOnce: Attempting secure registration with 'https://BFServer.dominio.pe:52311/cgi-bin/bfenterprise/clientregister.exe?RequestType=RegisterMe60&ClientVersion=9.5.10.79&Body=12177417&SequenceNumber=4741&MinRelayVersion=7.1.1.0&CanHandleMVPings=1&Root=http://BFServer.dominio.pe%3A52311&AdapterInfo=e4-e7-49-4d-5c-d2_128.112.0.0%2F16_128.112.2.5_1’
RegisterOnce: Relay does not support secure registration.
RegisterOnce: Current deployment ‘x-bes-minimum-supported-relay-level’ masthead setting does not allow clear text registration.
Unrestricted mode
Configuring listener failed to initialize as wake-on-lan forwarder(AdapterInfo=).
At 10:57:30 -0500 -
[ThreadTime:10:57:26] ShutdownListener
[ThreadTime:10:57:26] SetupListener success: IPV4/6

jas.itpro · December 14, 2020, 4:34pm

Diego what version are you on for BF root server and relay and client, also it seems your are on 9.5.10 and if there is difference/variation in your clients and relay version you might get this issue.

Regards,
Jaspreet Singh

cmcannady · December 14, 2020, 4:38pm

Within the yyyyMMdd.log from your managed endpoint we can see that your implementation requires secure relay registration. However, the relay in question does not support this. Please review the following documentation and forum links for additional details.

I hope this helps.

jas.itpro · December 14, 2020, 4:52pm

@DiegoL do you have relay advertisement lis seeting and bes client affiliation seek list in place ??

DiegoL · December 14, 2020, 4:56pm

@cmcannady I have these settins in place for relay , I just enabled relay authentication but still facing this issue.

cmcannady · December 14, 2020, 5:37pm

@DiegoL, how are you handling the key exchange with authenticating relays enabled?

As per our documentation, “When you connect new agents to the authenticating relay they do not work, until the manual key exchange procedure is run on them.”

Can you confirm that you’ve performed the manual key exchange on the endpoints in question?

DiegoL · January 19, 2021, 10:14pm

@cmcannady

DiegoL · January 26, 2021, 5:05pm

Hi @cmcannady i tried to manual key exchange, but not working, please can you help me?

JasonWalker · January 26, 2021, 7:50pm

This all implies that HTTPS protocol traffic from your client to the relay is being interrupted or blocked. I’ve seen this with certain application-layer firewalls, if the Protocol is not defined properly (they don’t just allow “port 52311”, they allow “http protocol on port 52311”. Do you have anything like that between the client and the relay to which it’s attempting to register? I think this can also occur where a proxy was defined in the BigFix client settings and the proxy wasn’t passing the traffic correctly.

If it’s not that simple, you’ll probably need to open a Support Incident and have someone with our Support team help you. They may need you to capture some network traces to determine what’s going on.

jschafer · July 8, 2022, 2:46pm

Saw this post and wanted to provide another probable solution to this expanding on Jason’s response.

Many app aware security devices that are set to block http/https on non-standard ports can cause this error to occur. In this case, bigfix client is sending HTTP/HTTPS data over TCP 52311 and a app-aware security device or software in the middle of the communication chain could see that and block as it expects HTTP/HTTPS to only pass over 80/433.

An indication that this is the case is to try these steps:

Run a port check from a client system having issue. For example:
(In Powershell admin prompt):
Test-NetConnection -ComputerName relayname_or_IP -Port 52311 -InformationLevel Detailed
(or any command line test that tests if port 52311 is open)

In this case, with these errors people are reporting above related to masthead setting, this should work and show port is open (this is because the port test doesn’t actually use HTTP/HTTPS so it succeeds).

Note if you have a normal firewall blocking TCP 52311, you’ll get WINSOCK errors in client…not the errors you see above in the thread relating to masthead.

However if you try a CURL command from client system having issue, you may see it fail

curl -k http://relay.domain:52311/cgi-bin/bfenterprise/clientregister.exe?RequestType=Version

This is because the app aware security device detects actual HTTP/HTTPS over 52311 (instead of 80/443) and drops the connection.

Overall, this is a big clue that this is occurring. (Port tests succeed but actual connections using http/https over TCP 52311 fail.)

Solution is is to find the security device in question that is intercepting the client traffic and add/modify rule to allow http or https over 52311.

For example, in something like a Palo Alto, you don’t “enable tcp 52311”, you “enable https on tcp 52311” and “enable http on tcp 52311”.

The layer-4 firewall, when blocking HTTP/HTTPS over non-standard ports tend to allow every TCP SYN / ACK / SYN-ACK handshake to go through and then reset the connection after they detect the protocol that’s running on it.