I have two airgapped BigFix 9.5.13 servers running on Windows 2012R2 both with SQL standard installed locally. We have been running the airgap process on them for 3.5 years, We run the airgap process once every two weeks. Starting in the beginning of June one of the servers has not updated the BigFix support site. The site version on one of them is at version 1424, the other server is at support site version 1436. Other sites such a Enterprise security update just fine and patching support update just fine. We use the same airgap response file on each server. Running the airgap files on both server is not producing any errors. Looking in SQL we can see the different versions as well as when you check the version level in the respective consoles.
Given that this is the BES Support site there isn’t a way that I am aware of to unsubscribe the site, let the various system sync and then resubscribe the site. I did see at the database level where I could change the value from a 1 to a 0 but I am not sure if this would break the entire deployment.
Looking for any ideas to correct this issue. Has anyone running the airgap process run into this before?
Sorry I have been out sick for the last two weeks. When I run the airgap process and I check the gatherdb log, I can see where it starts and completes the gather process of various sites. However I don’t see where the gather process even begins for the bes support site.
If it is allowed in the operation process of your organization, I’d suggest to do following to make sure your AirgapResponse contains BES Support.
On the internet facing computer, run Airgap tool with -verbose option to check BES Support site is gathered and included in AirgapResponse file, and also to know the version of BES Support site gathered.
(If you are using non extraction usage, set R flag to BES Support site in the site list file to force, or if you are using extraction usage, you may want to edit the version for BES Support in AirgapRequest.xml to force)
Then run Airgap tool with -verbose option on your BigFix server to verify BES Support site contents is transferred from AirgapResponse to the import service of the BigFix server.
And then check GatherDB.log again to see any messages for BES Support site.
And if the gathered version of BES Support is newer than the one in another BigFix server, run Airgap on that server and compare GatherDB.log of both servers.
Thank you for this suggestion. I will enable verbose mode and let you know what I learn. I am pretty certian we are gathering the bes support site because the site version updates on our Dev and Preproduction boxes and all are updated using the same airgap file
I work with Pete on these systems. We have not yet tried this but I believe it looks like the answer. Relay Diagnostics is reporting different site versions from the Console. I’m seeing the “NotASignedMessage” error in logs. Some things just don’t look right in the \bfsites directories. So we plan to give this a try but have a couple of questions first.
Will clients be forced to do a new, full gather? Will this cause clients to re-register? Is there any negative impact or concern for custom sites? The tech note instructions seem to be written for connected servers. Will the same process work for our airgapped server or will we need to modify any of the steps? (Like “trigger gather all sites”?)
Are you using the non-extract form of airgap request, or are you generating a request from one of the servers? You might try, at least once, generating the request file specifically from the server that’s running behind.
(my thinking being, that if you are generating a request from one of the servers that is already up-to-date, it may not be asking for a newer BES Support to begin with)
Jason - I cannot take any files off of the airgapped network (this is the reason non-extract mode was added, isn’t it?). I did generate a request file and went through it to verify that my non-extract sitelist file is requesting the same sites. Our issue is not limited to BES Support, though.
This morning I verified the following:
BES Console shows BES Support site version 1435
Airgap Request file shows BES Support version 1435
Relay Diagnostics page shows BES Support version 1437
BES Console shows IBM BigFix Inventory v9 (ibmforsua) version 133
Airgap request file shows ibmforsua version 133
Relay Diagnostics page shows ibmforsua version 134
All 3 sources show bessecurity (Patches for Windows) version 3585. Most sites are fine. I have not gone through the entire list but we have had problems with others in the past.
I should also note that our last airgap import should have brought BES Support to version 1437 and Inventory to 134. It did so on our other two servers.
What does the Relay Diagnostics application look at for its data that is different from what the console is looking at? It seems they’re using different sources.