BES Client with proxy without dns name resolution

(imported topic written by ebibibi91)

I have problem with BES Client.

not work

client that connected to the Internet only with proxy, no dns name resolution.

working fine ---- client that directly connected to the Internet with dns name resolution.

Network design is below.

BES Server(Relay)

INTERNET

proxy

BES Client

below is client log

At 15:53:37 +0900 -

RegisterOnce: Attempting to register with ‘http://xxx.xxx.xxx.xxx:52311/cgi-bin/bfenterprise/clientregister.exe?RequestType=RegisterMe60&ClientVersion=7.0.9.164&Body=0&SequenceNumber=67&MinRelayVersion=6.0.0.0&CanHandleMVPings=1&Root=http://xxx.xxx.xxx.xxx:52311’

At 15:53:39 +0900 -

RegisterOnce: GetURL failed

below is clientdiagnostics result

======= Network Tests ===========

• WARNING: Can’t contact http://xxx.xxx.xxx.xxx:52311/cgi-bin/bfgather.exe/actionsite: 500 Can’t connect to be

s.jbs.co.jp:52311 (Bad hostname ‘xxx.xxx.xxx.xxx’)

• WARNING: Can’t contact http://xxx.xxx.xxx.xxx:52311/cgi-bin/bfenterprise/clientregister.exe: 500 Can’t conne

ct to xxx.xxx.xxx.xxx:52311 (Bad hostname ‘xxx.xxx.xxx.xxx’)

• WARNING: Can’t contact http://xxx.xxx.xxx.xxx:52311/cgi-bin/bfenterprise/besgathermirror.exe: 500 Can’t conn

ect to xxx.xxx.xxx.xxx:52311 (Bad hostname ‘xxx.xxx.xxx.xxx’)

To use proxy, I configured UseUrlMoniker setting.

======= Other Settings ===========

• Setting: “_BESClient_Comm_UseUrlMoniker” = “1”

No problem with proxy setting. confirmed by proxycfg(windows XP) and netsh(windows vista).

Access by IE to the URLs is no problem.

Anyone have any idea about this?

(imported comment written by ebibibi91)

I captured packets and find client didn’t send dns packets.

Client try NETBIOS name resolution only.

Is this correct?

How can I configure it?

(imported comment written by BenKus)

Hi ebibibi,

Not a lot of our customers need BES Client proxy support (most only require proxy support for the BigFix Server and occasionally the BigFix Relay) so it isn’t a normal configuration… But here is some information regarding BigFix Client proxy support (before using these settings, change “_BESClient_Comm_UseUrlMoniker” = “0”):

As of version 6.0.10, you can configure the client to perform all http and https interactions via a proxy.

To enable proxy communications, set the following settings:

_BESClient_Comm_ProxyServer: dns name or ip address of proxy.

_BESClient_Comm_ProxyPort: port number to use.

_BESClient_Comm_ProxyUser: user name.

_BESClient_Comm_ProxyPass: passphrase.

The user and pass settings are required if the proxy requests basic authentication.

The client periodically refreshes its communications configuration from these settings so expect a delay of minutes in recognizing changes to the configuration.

The following set of communications pathways will not function in a proxy environment:

udp ping messages won’t pass through the proxy to the client.

automatic relay selection isn’t expected to work.

To improve responsiveness to changes in content and refresh requests, use command polling (available in 6.0) on clients that communicate via proxy.

And use manual relay selection.

(imported comment written by ebibibi91)

Hi Ben Kus.

Thank you for your kind reply.

I have changed clientsettings.cfg and reinstall BES Client.

clientdiagnostics.exe and registory shows configuration is correct, but it doen’t work.

It seems no packet send to my proxy server from BES Client(confirmed by wireshark).

======= Other Settings ===========

• Setting: “_BESClient_Comm_ProxyPort” = “80”
• Setting: “_BESClient_Comm_ProxyServer” = “172.16.1.16”
• Setting: “_BESClient_Comm_UseUrlMoniker” = “0”

======= Network Tests ===========

• WARNING: Can’t contact http://xxx.xxx.xxx.xxx:52311/cgi-bin/bf … ctionsite: 500 Can’t connect to be

s.jbs.co.jp:52311 (Bad hostname ‘xxx.xxx.xxx.xxx’)

• WARNING: Can’t contact http://xxx.xxx.xxx.xxx:52311/cgi-bin/bf … ister.exe: 500 Can’t conne

ct to xxx.xxx.xxx.xxx:52311 (Bad hostname ‘xxx.xxx.xxx.xxx’)

• WARNING: Can’t contact http://xxx.xxx.xxx.xxx:52311/cgi-bin/bf … irror.exe: 500 Can’t conn

ect to xxx.xxx.xxx.xxx:52311 (Bad hostname ‘xxx.xxx.xxx.xxx’)

Any ideas?

I’m very serious about this problem.

(imported comment written by BenKus)

Hi ebibibi,

I think we have isolated the issue. If an agent doesn’t have a current computerID or licenseID, the agent will skip the proxy when it registers. So if you have an agent that has registered previously, it should work with the proxy settings, but if there is a brand new agent, it won’t use the settings.

As a workaround, you do the following for new agents:

Set “HKEY_LOCAL_MACHINE\SOFTWARE\BigFix\EnterpriseClient\GlobalOptions” “ComputerId”=1 (REG_BINARY)

Set “HKEY_LOCAL_MACHINE\SOFTWARE\BigFix\EnterpriseClient\GlobalOptions” “LicenseId”=1 (REG_DWORD)

This will make the agent think it has registered before and so when it tries to register again, it will use the proxy settings. Upon its first connection, it will get a new computerID/licenseID and everything should work as expected.

Ben

(imported comment written by ebibibi91)

Hi Ben Kus.

In my case, problem about a brand new agent.

By your advice, I could connected.

Thank you very much!