BigFix 9.5.4 - Applicable Computers decrease

Dear all,

we upgraded our BigFix server and Relays to 9.5.4 about 2 weeks ago. Until then all our webreports and Applicable Computers were OK. During the last weekend we upgraded our Clients via SCCM to version 9.5.4 (therefore 9.5.3 was uninstalled and 9.5.4 newly installed). Therefore all machines reported back to BigFix with a new ID so we ran the cleanup tool.

And now the amount of all historic applicable Computers fell down.

Is there any chance to get them reporing back that patches are applicable also for them???

Thanks,
David

To be CLEAR you are looking for the “HISTORICAL” count of patches that are, where and those remediate against from the OLDER endpoints that you deleted, correct?

The new endpoints (same hardware and machines from before) but now have a NEW ID to BigFix and NEW OBJECTS (Endpoints) and will report the patches, applicable or not, but will no longer have any of the historical data because we removed that. Was there a reason you use SCCM to upgrade the BigFix client and not just use the BigFix Fixlet?

first answer: we use SCCM by default to upgrade all Windows computers in our company. BigFix is used for Linux Patching and reporting.

and to clear up what i mean with “historical” data let me give you an example:

on the week before the client upgrade we had patch MS17-004 applicable for 2231 computers, installed on 2101 and outstanding 130.

after the upgrade and cleanup of duplicate machines (as this happens when upgrading via SCCM) we have now: 190 applicable, 145 installed and 45 outstanding.

hope that brings some more background info

Hi,

This is likely due to the uninstall and reinstall of the agent (which is not the recommended upgrade path).

I’m not aware of any way to restore the historical data if all the endpoints have new IDs and have been completely reinstalled.

I’m sure you’ve seen this question, but why use SCCM to upgrade the client? That will break all historical information as you have seen already.

The client is perfectly capable of upgrading itself from the fixlets in BES Support

How are you viewing “installed”? If this is based on a BigFix action that was deployed prior to the upgrade to 9.5.4, then many systems could have run the action and installed the patch when at the 9.5.3 client. But now you have deleted those computers from BigFix due to the upgrade duplication, so the “new” clients won’t run the action again, but are not relevant because they are already patched.

There is no way to re-link this data between the old and new client entries, which is why it’s important to use BigFix to upgrade itself (or at least correct how you are driving the upgrade in SCCM so that it doesn’t create duplicates). So you will have to live with the gap during the upgrade, but you can still report on your overall compliance with the patch based on how many systems are still relevant vs the total number of systems you have.

thanks to all - your replies helped a lot