Requirement: Deploy/configure Windows (2008R2 / 2012R2) BES client using BESClientDeploy and clientsettings.cfg.
Problem: Cannot add clientsettings.cfg to \Program Files (x86)\BigFix Enterprise\BES Installers\BESClientDeploy\BigFixInstallSource\ClientInstaller
BES Client Mgmt console is in a different Windows domain that the target. It is not a root/child Windows domain deployment. Massive firewall config to allow traffic between the domains. My domain is the ‘managing’ domain and the targets are in a ‘managed’ domain. I cannot deploy a separate BES console server in the target domain.
I copied the BESClientDeploy dir from the mgmt console to the Windows BES relay server in the target domain. Dir includes all subdirs/files. I dropped my clientsettings.cfg into ClientInstaller where setup.exe lives. Then deployed. Settings are not applied to clients.
Are clientsettings.cfg settings not applied using BESClientDeploy because the server I’m using is a BES relay and not the BES Mgmt Console server and I’m not using the Console installation directory? If yes, what options do I have?
If any of this is unclear please let me know and I will try to add more clarity.
What you described is almost exactly what I did and my clientsettings.cfg did apply.
What does the clientsettings.cfg file look like?
What are you seeing the in the client log file (or not seeing that you expect)?
Do you have a relay in the domain that you are trying to deploy to and that is in the client settings? If so, is the firewall open between that relay and the BES server (or another relay)?
I have two relays in the domain and those are __RelayServer1 & 2 in clientsettings.cfg. Massive firewall config has been completed to allow traffic between the BES server and these relays. Again, these relays are the deployment point for BESClientDeploy. I should mention, the BES client has been deployed to the targets one time already by another person. I am now wanting to redeploy the config to update __RelayServers. The part I’m struggling with is getting the new config to apply.
You SHOULD NOT redeploy bigfix to targets that already have bigfix installed on them in order to update the __RelayServer1 setting. If this is what you are doing, that might explain why it isn’t working.
If the clients already have BigFix installed, then you should manage those settings with BigFix itself.
Also, since those settings are actually stored in the windows registry, you could technically manipulate them with GPO, but, THIS IS A BAD IDEA if bigfix is already running on them and you can just change the setting with bigfix itself. If bigfix isn’t working due to these settings, only then would I consider changing them with GPO.
Thanks jgstew. I only wanted to redeploy the config, not the agent. I believe that jive with what you’re saying?
Due to firewall denies, the clients in question were not able to reach the environment’s bigfix relays. So they reverted to the __Relay_Control_RootServer server, which they also could not reach.
If you can control the DNS resolution for just the clients that are having the issue, you could actually make it so when they query for the DNS of whatever those settings are already set to, have it return the IP of a relay that functions. This would be enough to get it working in BigFix to then change those settings. (don’t change the hosts file… some people do this and I’d recommend against it as a good solution, though it can be useful as a temporary fix)
Since that won’t always be an option, you could use a GPO to change those settings.
I’m not sure that reinstalling the client would actually work for what you are trying to fix.
You could also consider opening up one of the relays to these clients so they can reach it.