Greetings - We have installed BigFix 9.5.9.62 server on RHEL6 server and proxy server is configured in our network which blocks everything except the IBM public sites (sync.bigfix.com, software.bigfix.com etc.). We have configured the BigFix server to work with proxy server, but we’re continuously getting below error.
GatherDB.log
Fri, 15 Jun 2018 09:04:56 +0300 – Unexpected exception during gather of site BES Support: Unexpected HTTP response: 404
BESRelay.log
Fri, 15 Jun 2018 08:20:08 +0300 - 1422366464 - 2: Unable to get site content (failed to pass sha1 hash value checks). Fri, 15 Jun 2018 09:04:56 +0300 - 1422366464 - 2: GetURL failure on HTTP Error 18: An unknown error occurred while transferring data from the server: transfer closed with 746562 bytes remaining to read
Error Message: 2: GetURL failure on HTTP Error 18: An unknown error occurred while transferring data from the server: transfer closed with 746562 bytes remaining to read
I would recommend checking with your firewall/proxy team to ensure that data/packets being returned from the IBM/BigFix sites aren’t being tagged or modified in any way as this would cause SHA1/SHA256 validation errors.
For example, BlueCoat has a HTTP packet tagging option within the proxy configuration that will absolutely cause the “Unable to get site content (failed to pass sha1 hash value checks)” errors you’re seeing in the BESRelay.log file.
Based on the logs you’ve posted, there’s some sort of packet manipulation occurring that causing the downloaded data from the BigFix sites to fail the hash validation. This is likely the root cause of the proxy issues you’re experiencing with BigFix.
@cmcannady, we have confirmed with Proxy team and they are saying they don’t have such kind of validation which will make the issue you have mentioned.
Will you suggest any other ways to find the root cause for the issue.
Given the "Unable to get site content (failed to pass sha1 hash value checks)” errors you’re seeing in the BESRelay.log, I would recommend leveraging WireShark to identify what’s potentially manipulating the data coming from the BigFix sites.
Specifically look at the HTTP header details for those BigFix sites to see if anything is being injected as that’s the likely culprit of the above errors.
I’m not exactly sure if the document has changed recently but If I remember correctly then there was only 2 options at that time i.e 0 for HTTP gathering and 1 for HTTPS gathering and we are using BigFix version 9.5.9.62.