Baseline Applicable That Should not Be

mbartosh 2023-01-23 23:09:28 UTC #1

Bigfix version is 10.0.7.52. I have a number of systems showing in two different baselines that are showing applicable, but when I look at the component applicability it is much lower. I have tried a send refresh on the systems in question, and resent the baseline but the same systems keep showing up as relevant. I cannot get the systems in question to drop out of applicability for the baseline even though I know they are not relevant.

When I resend the baseline, it reports “not relevant”, but the systems in question are still applicable.

DanieleColi 2023-01-24 09:13:58 UTC #2

Hi,
baselines have their own relevance; then, when deployed, each component is evaluated and deployed, if applicable.
So, you could have a baseline relevant on a computer (because, for instance, the baseline relevance is true) but very few components applicable.

Some documentation reference:
https://help.hcltechsw.com/bigfix/10.0/platform/Platform/Console/c_introducing_baselines.html
https://help.hcltechsw.com/bigfix/10.0/platform/Platform/Console/Dialogs/baseline_component_applicability_tab.html
https://help.hcltechsw.com/bigfix/10.0/platform/Platform/Console/Dialogs/edit_baseline.html

mbartosh 2023-01-24 17:49:53 UTC #3

I have opened a case with Bigfix Support. Let’s see where it goes.

It doesn’t make sense that I send the baseline to the systems reporting applicable, and the action comes back as not relevant for every system. These systems should be dropping out of applicability but they are not.

JasonWalker 2023-01-24 22:26:59 UTC #4

Is there at least one component of the baseline with “include in baseline relevance” checked?

mbartosh 2023-01-24 22:46:01 UTC #5

There are three components, and they are all checked to “include in baseline relevance”.

orbiton 2023-01-25 23:20:25 UTC #6

Hi @mbartosh

When I create a baseline - it has its own Relevance statement
When I add a component - Each one of the components has its own Relevance statement.

On the baseline, in the Components Tab, you can check/uncheck "Baseline will be relevant on applicable computers where this component is relevant"
You mentioned that all of the components have this option checked.

On the “Applicable Computers” Tab, you will see all of the Relevant Computers - even if they have one relevant component.
On the “Component Applicability” Tab, you will see all of the Relevant Components - what do you see in the “Applicable computer count”?

mbartosh 2023-01-25 23:55:01 UTC #7

I see one computer applicable for one component on the Component Applicability tab, but I see 13 computers applicable for the baseline.

orbiton 2023-01-26 09:54:00 UTC #8

At first, I created an Empty baseline with some relevance statement and without components. - It returned 2 applicable computers
Suuskf4g98
Then added 2 components to the baseline - each one of them is relevant to a specific computer. I’ve marked only one of them with the option "Baseline will be relevant on applicable computers where this component is relevant"

The change has been replicated to all of the Subscribed Computers, and then the “Applicable Computers” and “Component Applicability” changed accordingly.
yJwySrOPN7
hGYKTfE2Hu

As you can see at first when I created the Baseline without the components - It showed as relevant because of the Baseline’s relevance statements.
When I’ve added components with additional relevance statements and checked/unchecked “Baseline will be relevant on applicable computers where this component is relevant” option - The change should be replicated to all of the subscribed computers and then report back to the Root Server.

Please check that all of the computers are able to receive new content and report correctly.

mbartosh 2023-01-26 16:20:46 UTC #9

How do you check that the systems have received the new content? Support has me collecting usageprofiler logs and debug logs. What do you do if they are not receiving the new content? Do you reset the BES client using fixlet 1976 TROUBLESHOOTING: Reset the BES Client? I have sent a send refresh and resent the baseline.

trn 2023-01-26 16:31:18 UTC #10

Fixlet 1976 removes the KeyStorage folder - so the clients you target will reappear as new clients.

The old clients will remain in the cosole, still reporting themselves as relevant until housekeeping removes them (although that housekeeping culd be manual).

JasonWalker 2023-01-26 16:40:31 UTC #11

I think Support is going to be in a better position to give advice, given the debug and profiler logs.

I’d be checking under __BESData, under whichever site contains the baseline, that the .FXF file for this baseline is up to date (matches the copy on the Server site). If there is an older copy of the baseline there, the client may be failing to gather an updated version of the site.

If the content on the client is up to date, perhaps there’s a problem in the evaluation loop; that should be clear in the profiler log.

mbartosh 2023-01-26 23:46:51 UTC #12

The .FXF file on the client side is updating very quickly and the sha1s between the .FXF on the server and client are identical.

I have the BES client CPU usage set to 20% on all of the clients that should be evaluating out of the baseline.

I copied the baseline in question to see if any clients evaluate into it that are in the original baseline. Overnight none have.

What is the logic that is suppose to evaluate a client out of a baseline?

mbartosh 2023-02-02 22:30:43 UTC #13

I am being told this might have something to do with settings in the SQLite DB. Now I need to come up with some relevance that will uncover the issue.