Bigfix agent not connecting to relay

Hi,

We are getting winsocket-10 error when we are trying to add a new besagent. Please find the error below.

Current Date: November 2, 2016
Client version 9.2.7.53 built for Windows 5.1 i386 running on WinVer 6.3.9600
Current Balance Settings: Use CPU: True Entitlement: 0 WorkIdle: 10 SleepIdle: 480
ICU data directory: 'C:\Program Files (x86)\BigFix Enterprise\BES Client’
ICU init status: SUCCESS
ICU report character set: windows-1252
ICU fxf character set: windows-1252
ICU local character set: windows-1252
ICU transcoding between fxf and local character sets: DISABLED
ICU transcoding between report and local character sets: DISABLED
At 09:56:40 +0400 -
Starting client version 9.2.7.53
FIPS mode disabled by default.
Cryptographic module initialized successfully.
Using crypto library libBEScrypto - OpenSSL 1.0.1q-fips 3 Dec 2015
Restricted mode
Beginning Relay Select
RegisterOnce: Attempting secure registration with ‘https://realy ip:52311/cgi-bin/bfenterprise/clientregister.exe?RequestType=RegisterMe&ClientVersion=9.2.7.53&Body=0&SequenceNumber=0&MinRelayVersion=7.1.1.0&CanHandleMVPings=1&MaxHops=3&Root=http://Server%3a52311&AdapterInfo=00-50-56-99-2b-e8_172.22.128.0%2f23_172.22.128.46_0’ (https://172.22.0.21:52311/cgi-bin/bfenterprise/clientregister.exe?RequestType=RegisterMe&ClientVersion=9.2.7.53&Body=0&SequenceNumber=0&MinRelayVersion=7.1.1.0&CanHandleMVPings=1&MaxHops=3&Root=http://server%3A52311&AdapterInfo=00-50-56-99-2b-e8_172.22.128.0%2F23_172.22.128.46_0’)
At 09:56:41 +0400 -
Unrestricted mode
Scheduling client reset; Computer id changed to 12122427
Configuring listener without wake-on-lan
Registered with url ‘https://172.22.0.21:52311/cgi-bin/bfenterprise/clientregister.exe?RequestType=RegisterMe&ClientVersion=9.2.7.53&Body=0&SequenceNumber=0&MinRelayVersion=7.1.1.0&CanHandleMVPings=1&MaxHops=3&Root=http://server%3A52311&AdapterInfo=00-50-56-99-2b-e8_172.22.128.0%2F23_172.22.128.46_0’ (https://172.22.0.21:52311/cgi-bin/bfenterprise/clientregister.exe?RequestType=RegisterMe&ClientVersion=9.2.7.53&Body=0&SequenceNumber=0&MinRelayVersion=7.1.1.0&CanHandleMVPings=1&MaxHops=3&Root=http://server%3A52311&AdapterInfo=00-50-56-99-2b-e8_172.22.128.0%2F23_172.22.128.46_0’)
Registration Server version 9.2.7.53 , Relay version 9.2.7.53
Relay does not require authentication.
At 09:56:42 +0400 -
Completed automatic client authentication key exchange.
Client has an AuthenticationCertificate
Created mailboxsite and marking to gather
Relay selected: 172_22_0_21.mglbigfix.com. at: 172.22.0.21:52311 on: IPV4
Client resetting
Unrestricted mode
Created mailboxsite and marking to gather
At 09:56:43 +0400 -
PollForCommands: Requesting commands
At 09:57:02 +0400 -
PollForCommands: GetURL failed
Entering service loop
At 09:57:21 +0400 - actionsite (http://server:52311/cgi-bin/bfgather.exe/actionsite)
FAILED to Synchronize - General transport failure. - SOCKET RECEIVE (winsock error -10) - gather url - http://172.22.0.21:52311/cgi-bin/bfenterprise/BESGatherMirror.exe?url=http://Eerver:52311/cgi-bin/bfgather.exe/actionsite&Time=02Nov09:57:02&rand=53153375&ManyVersionSha1=da39a3ee5e6b4b0d3255bfef95601890afd80709
At 09:57:40 +0400 - mailboxsite (http://server:52311/cgi-bin/bfgather.exe/mailboxsite12122427)
FAILED to Synchronize - General transport failure. - SOCKET RECEIVE (winsock error -10) - gather url - http://172.22.0.21:52311/cgi-bin/bfenterprise/BESGatherMirror.exe?url=http://server:52311/cgi-bin/bfgather.exe/mailboxsite12122427&Time=02Nov09:57:21&rand=4138bd6c&ManyVersionSha1=da39a3ee5e6b4b0d3255bfef95601890afd80709

Any idea what would be the issue?

Regards,

Dilu

Winsock -10 - err_SOCKET_RECEIVE: A connection was made to the TEM Server/TEM Relay, but an error occurred when receiving data

Could there be an issue with your relay (or server) http://172.22.0.21:52311? Maybe restart the besrelay service?

–Mark

We are have restarted the relay. But it is still the same.
I have raised a PMR also for the same.

We are able to solve the issue. The issue was with network. Even thought port 52311 was open and we were able to telnet to relay from agent, there were some specific firewall rules which prevented BESAgent from making TCP connection. Once network team permitted that in firewall, it started working fine.

Is this a “new” relay? If so then it will need to grab the data the first time that a client requests it.

Relays do not “prefetch” data from sites but only when a client below them asks for it.

The Relay installation should have opened the local firewalls but if there were some intermediate issues I can understand that.

Application-layer firewalls (such as Palo Alto) will allow the initial SYN/ACK TCP handshake, which is needed to identify the application type, then terminate the connection by sending TCP RST packets after the application is identified (and rejected).
That can give weird connection states in lots of applications. From the description I think that fits the observation.

1 Like