I’m setting up BigFix Compliance and run into issue when I create check list (=Custom Site). The site is shown perfectly in Console, however when I’m running import from BigFix Compliance Analytics I’m not able to see the site and cannot report on the compliance %. I’ve also opened case with HCL Support to further investigate on this.
Background: We used to have compliance installed few years ago and created then 1 custom site, decided not to pursue this any furhter until recently. I’m able to see the custom site created back then but any new site is not showing up.
I’ve got machines subscribed to the site, fixlets are applicable, I’ve tried creating site from External site CIS Windows 10/11 did not work. HCL Support suggested to create new site but only use CIS Win11, did that also but still no luck.
Anyone has any ideas suggestions what can be done to resolve this, might have encountered similar issue.
BigFIx Version 11.0.3.x
BIgFix Compliance 2.0
I remember that in the past I had an issue duplicate site on the database and it caused the issues on the import procedure - I think the best thing is to work with the support team
If you can please explain which steps you made I can replicate it on my end and tell you and tell you if I have any issues
Hi, you right about the duplicates we run into that just when we re-installed Compliance Analytics, found article about how to detect these and eventually deleted the duplicate fixlets.
I’m create new Check Lists PC1-GPO Compliance based on CIS Win10/11 and approx 5k machines subscribed, added about 100 fixlets.
Feedback from support was to create new checklist only based on CIS Win11. I created new list PC1-GPO Compliance2, subscribed 5k machines but only added 10 checks. I’ve waited for some of these to become relevant for the machine.
We have automatic import enabled and that completes in 10-15 minutes, I’ve checked the import logs but they don’t show any error message regarding duplicates or something similar.
I’ve got troubleshooting session later this week with Support keep you posted.
Agree with @MatthiasW, this is a likely cause.
Compliance uses MIME field metadata on the fixlets, which is not visible in the Console view, to associate fixlets with checklists, scores, and associated Applicability fixlets. Some of those MIME values must be unique within a site, some must be unique within the whole deployment.
Using one of the ‘Custom Checklist’ Wizards is the way to ensure all the new fixlets have unique values assigned and are aligned with their ‘Applicability’ fixlets.
Ok, thanks for letting us know here. I think we went down the “most-common” issue with Compliance sites but that doesn’t seem to be your issue. I think the right course is to keep working with Support on it, and please let us know what you find!
I was wondering whether you guys found the solution to this issue because I’m also facing the same issue.
We created custom checks for AIX for a customer. But due to the desired value title issue, we had to discard them and create it from scratch. So I created all the checks again in my environment using the same script and naming and imported them in their environment, in the old SCM custom site (after removing the old fixlets and analysis, ofc).
Now the issue is when fetching the compliance report, this site is showing greyed out and not applicable. attaching the screenshot below.
I have tried creating a new custom site (via SCM wizard) and then importing the data but still facing the same issue. the fixlets are coming applicable on the console.
I think you should probably start a new thread and describe your issue from start to finish, including specifically which wizards you're using and what you're cloning as a source checklist.
I would guess it's likely that you either did not create an Applicability Fixlet (which the Wizard should do for you) or the fixlets are no longer linked with the Applicability fixlet - I'm not sure what script you're referencing but it may not be linking Applicability fixlets with Check fixlets correctly.
