I’m setting up BigFix Compliance and run into issue when I create check list (=Custom Site). The site is shown perfectly in Console, however when I’m running import from BigFix Compliance Analytics I’m not able to see the site and cannot report on the compliance %. I’ve also opened case with HCL Support to further investigate on this.
Background: We used to have compliance installed few years ago and created then 1 custom site, decided not to pursue this any furhter until recently. I’m able to see the custom site created back then but any new site is not showing up.
I’ve got machines subscribed to the site, fixlets are applicable, I’ve tried creating site from External site CIS Windows 10/11 did not work. HCL Support suggested to create new site but only use CIS Win11, did that also but still no luck.
Anyone has any ideas suggestions what can be done to resolve this, might have encountered similar issue.
BigFIx Version 11.0.3.x
BIgFix Compliance 2.0
Thx!
I remember that in the past I had an issue duplicate site on the database and it caused the issues on the import procedure - I think the best thing is to work with the support team
If you can please explain which steps you made I can replicate it on my end and tell you and tell you if I have any issues
Hi, you right about the duplicates we run into that just when we re-installed Compliance Analytics, found article about how to detect these and eventually deleted the duplicate fixlets.
I’m create new Check Lists PC1-GPO Compliance based on CIS Win10/11 and approx 5k machines subscribed, added about 100 fixlets.
Feedback from support was to create new checklist only based on CIS Win11. I created new list PC1-GPO Compliance2, subscribed 5k machines but only added 10 checks. I’ve waited for some of these to become relevant for the machine.
We have automatic import enabled and that completes in 10-15 minutes, I’ve checked the import logs but they don’t show any error message regarding duplicates or something similar.
I’ve got troubleshooting session later this week with Support keep you posted.
Did you create the custom site using the Wizard?
A custom site vor SCA is not the same as a non-sca custom site.
In Addition: did you apply possible Updates for SCA application?
1 Like
Agree with @MatthiasW, this is a likely cause.
Compliance uses MIME field metadata on the fixlets, which is not visible in the Console view, to associate fixlets with checklists, scores, and associated Applicability fixlets. Some of those MIME values must be unique within a site, some must be unique within the whole deployment.
Using one of the ‘Custom Checklist’ Wizards is the way to ensure all the new fixlets have unique values assigned and are aligned with their ‘Applicability’ fixlets.
So If I want to recreate the issue:
- Create a Custom Checklist which will be relevant for WIndows 10 AND Windows 11 machines
- Add Checks from the CIS Windows 10 and CIS Windows 11 and enable Analysis
- Wait for machines to report back results
- Execute Import on the Compliance Server
Expect to See the Custom Checklist on the Web Interface of the Compliance Server and the Results
Right?
Just to be clear, I did create the site using the Wizard (through WebUI/SCM) I’m not creating custom sites manually and copy the fixlets.
Ok, thanks for letting us know here. I think we went down the “most-common” issue with Compliance sites but that doesn’t seem to be your issue. I think the right course is to keep working with Support on it, and please let us know what you find!
1 Like