BigFix Platform 7.2.5 Now Available!

Release Announcements Platform (Release Announcements)
21

(imported comment written by Marty23)

Then why when i look at the “Task: Install BES Relay 7.2.5.22” i don’t see the system listed. When i look at the running services on the system, I don’t see the relay service running and when i look at the “Applicable tasks” i don’t see the relay install listed.

I do see other 2008 systems listed in the install relay task, but not the one i need it on. The one thing that does seem to stand right off the top is the on the ones i do see, the OS shows “Win2008 6.0.6002” the one that doesn’t show is reporting an OS of “Win2008R2 6.1.7600”

I believe the problem is that the Relevance 3 for the install task reads:

…OR name of operating system = “Win2008”…

so this system does not become relevant because it’s name of operating system = “Win2008R2”.

So if that is the case, is the relay tested and approved to run on R2?

I see from the link you provided, the agent works with the “R2” but it doesn’t say anything about the relay running on the “R2”

22

(imported comment written by SystemAdmin)

In addition Marty’s question regarding qualification to run as a relay, is 2008 R2 qualified to be used for the central app or SQL server? If not, when do you expect it to be certified?

23

(imported comment written by BenKus)

Hey Jon/Marty,

You are correct and Win2008 R2 is not yet certified for the relay (although I think we expect it to work).

I will see if I can find the expected certification date and get back to you…

Ben

24

(imported comment written by Marty23)

Ben;

Any update on when the BES Relay is going to be certified to work on Server 2008R2?

25

(imported comment written by BenKus)

Hey Marty,

We are planning for official support in the next released version of BigFix… But I don’t think there are any known issues with running the current relay with Win2008R2 (it is simply that we haven’t verified it yet).

I will check with the product team and figure out the feasibility of officially supporting it in the current 7.2 release.

In the meantime, if you are interested in testing it, you can manually install the relay on Win2008R2 either by installing by hand or by modifying the Fixlet relevance… I personally would expect this to work fine given what I know about the new OS and the relay (but I haven’t tried it myself and we haven’t declared official support yet).

Ben

26

(imported comment written by SystemAdmin)

Ben,

In the change log for 7.2.5, it notes “Fixed the Operating System inspector to return the correct value for Windows 2008 R2 and Windows XP Embedded.” There are several flavors of XP Embedded. Does the inspector now return XP Embedded for all variations? Specifically, we use WEPOS (XP Embedded for POS). On a WEPOS machine would the OS inspector evaluate to WinXP, WinXPEmbedded, or some other value? If it is embedded, would it still evaluate to true for WinXP since it is a subset of XP Pro? This is a huge question in our environment where we have thousands of WEPOS machines.

27

(imported comment written by BenKus)

Hey Jon,

I believe all the XP Embedded variants you mentioned are considered a subclass of the overall category “XP Embedded”… I think in each case, you will see the agent return the operating system string as “WinXPE” and you could probably make another property to get the sub-type… These are not considered WinXP anymore… But I don’t have an XP Embedded machine to test with so you might want to try it on a couple and verify what I just said…

Ben

28

(imported comment written by SystemAdmin)

Ben,

I took your advice and upgrade several WEPOS machines in our lab to 7.2.5. The OS inspector does indeed return WinXPe.

While I understand the rationale of correctly identifying the OS sub-type, I’m not sure that the implications of the change were completely evaluated. What happens in practice is that hundreds of both Bigfix-supplied fixlets and in-house developed content with (name of operating system = “WinXP”) in them ceased to be applicable.

This is a HUGE issue for us because we have over 5000 WEPOS machines. There are hundreds of custom fixlets targeting these machines, many of which include “WinXP” in their relevance. These machines have been running prior builds of the Bigfix client (up to 7.2.4) for 4+ years without OS-related issues.

Here is what I suggest (and beg) you to consider: Continuing to have the OS inspector return WinXPe is ok, however, many many issues would be resolved if XP Embedded machines would ALSO evaluate (name of operating system = “WinXP”) to true. In that way a machine would not ‘volunteer’ that is WinXP, but if specifically queried it would respond true. Then all the security patches would continue to work and all of our custom content would continue to evaluate correctly.

Thanks,

Jon

29

(imported comment written by BenKus)

Hey Jon,

I don’t think it is actually possible to change the inspector to return true for your relevance clause AND return WinXPE without changingh the underlying relevance engine and that would be a pretty significant change… The reason we made this change was because everyone asked us separate WinXPE OS string from WinXP…

But I understand your issue… perhaps this can help fix it in a way that is not too painful:

  • In the console, select all the Fixlets for WinXPE.
  • Right-click and export all the Fixlets to a single file.
  • Do a search/replace in a text editor for the resulting .bes file for ‘(name of operating system = “WinXP”)’ and change it to ‘(name of operating system = “WinXPE”)’
  • Reimport the file and all the modified Fixlets will be imported.
  • You will probably want to delete the old Fixlets too…

Note that you might want to be more sophisticated and check the client version so that you can properly identify WinXPE for old and newer agents… maybe something like:

((version of client < " AND name of operating system = “WinXP”) OR (version of client >= “7.2.5” AND name of operating system = “WinXPE”))

You should play around with the exact expression that you want before you go through the trouble of exporting/importing…

Hope that helps,

Ben

30

(imported comment written by ggerling91)

Any update on the use of 2008 R2 as a relay?

31

(imported comment written by BenKus)

Win2008 R2 will be officially supported for relays in our next release… as far as I know, it will work fine if you use it in the current release, but we haven’t done the full set of tests on this OS…

Ben

32

(imported comment written by Mike.Schaefer91)

We, too, have many XPe machines no longer relevant for fixlets. Are you suggesting that all past and future fixlets be modified as you mention above:

  • In the console, select all the Fixlets for WinXPE.
  • Right-click and export all the Fixlets to a single file.
  • Do a search/replace in a text editor for the resulting .bes file for ‘(name of operating system = “WinXP”)’ and change it to ‘(name of operating system = “WinXPE”)’
  • Reimport the file and all the modified Fixlets will be imported.
  • You will probably want to delete the old Fixlets too…

I can understand this for custom material, but what about the BigFix supplied fixlets in the future, are you suggesting we take all WinXP fixlets export, change, import?

JonL, wondering how you have faired on this since your last post 12-28.

Mike

33

(imported comment written by SystemAdmin)

After some discussion from our team regarding the WinXPe issue, we decided to remove, where possible, OS as a relevance criteria in our custom tasks for our stores environment (5000+ WEPOS machines). Instead we are focusing relevance on machine roles via a regex of the naming convention that we use in our stores. This has been a bit painful since we have several hundred custom tasks, fixlets, and analyses.

The suggestion to mass export, edit, and import turned out to over-simplify the remediation effort. Each custom item needed to be evaluated as there was not a one-size-fits-all approach. There are circumstances, albeit few, where OS truly does matter. Those needed to be updated to include WinXPe.

Since relevance within action scripts only appear to support a sub-set of relevance options, it further complicated matters. For example, in a custom task that is applicable to mulitple OS types and machine roles, it is easy to do a regex for the machine name/role in the task relevance. However that same task’s action script may (and frequently does) have section(s) that are only applicable to particular roles/names. Since action script apparently doesn’t evaluate a regex (say in an “if” statement), I have to use alternative and less sophisticated relevance. A bit clumsy, but it works.

The end result is that we are becoming largely OS independent from a custom development perspective in our stores environment. This will serve us well in the future when we go to, say, Win7 embedded. At that time we would update the handful of OS-dependent tasks and be ready to go.

We are having the same issue now as Mike has reported. The XP security patches and canned fixlets for Adobe products, etc. are now not relevant.

Bigfix, since you started down this road by changing the OS inspector, can you please update your properties, fixlets, analyses, etc. to account for WinXPe? If it isn’t possible for everything (for example old security patch fixlets), can you at least adapt canned properties and fixlets/analyses from a reference point forward (such as the start of 2010)? If so, I could patch our WEPOS machines up to that reference point prior to upgrading to 7.2.5.22 in our production environment so as not to “orphan” them patch-wise.

Since 99.5% of things for XP also work on XPe and WEPOS/POSREADY, please ensure the developers and fixlet engineers are aware of the differences so they can create correct relevance.

34

(imported comment written by junyoure91)

Any additional word on relay support for Win7? I noticed this morning that Task ID 650 is still not relevant for Win7 OS-based machines.

-jr.

35

(imported comment written by BenKus)

I have tried Win7 on relays myself and it seemed to work, but we haven’t done the work to qualify 7.2.5 for relays and thus we don’t officially support them. We will have Win7 officially qualified for the relays in the next version.

Ben

36

(imported comment written by doubleminus91)

When can we expect the next version?

37

(imported comment written by BenKus)

We are in the beginning phases of the testing now and it is expected to last a few months… But no official date yet… (sorry)…

38

(imported comment written by doubleminus91)

Thanks for the reply!

39

(imported comment written by USMC175)

Any update on the use of 2008 R2 as a relay? When is the next release?

I downloaded the BES Relay 7.2.5.22 binary from the BigFix website but when ran against a 2008 R2 box, it does not prompt for install location and defaults to C:\Program Files\BigFix Enterprise. Considering 2008 R2 is not certified, is there another 7.2.5.22 relay binary available that allows you to specify install location for the BES Relay?

40

(imported comment written by BenKus)

Hey Mike,

There is not an updated relay and unfortunately the QA team is very busy qualifying all the software for 8.0, so we will need to wait until 8.0 for official 2008 R2 relay support. I am not sure why the installer didn’t prompt you for the location (as far as we know the 2008 R2 relay works the same as any other OS).

Ben