BigFix secondary server setup help!

Usage and Config Platform
1

I’m looking to clear up something that I’m not sure of. I am following document on setting up DSA server. Following on authenticating additional server document here Authenticating Additional Servers

Using : Using NT Authentication with domain users and user groups
I have completed step 1 and 2, but step 3 i’m not sure of.

On the Master Server, change the LogOn settings for the FillDB, BES Root, and Web Reports services to the domain user or member of the user group created in step 2, and restart the services.

So this logOn in the services correct?

Screenshot 2025-04-30 at 9.05.13 PM
Screenshot 2025-04-30 at 9.05.13 PM924×988 152 KB

If not, where would it be?

Just wants to make sure there isn’t another place I need to change the logOn credentials.

2

Yes, that’s correct. You need to provide your service account, which has access to both the infrastructure and configure the FillDB services on both the Master and DSA servers. Ensure that the service account is configured with the necessary permissions.

3

@vk.khurava thank you for clearing that. One more thing, in the document only stated that this needed for master servers. Do I need to do the same for the DSA server? or not needed?

4

That needs to be configured on both servers in the same way. Ensure that whatever permissions you have configured on the database are completely identical on both servers.

5

In case you hadn’t seen it, we’ve introduced some newer mechanisms (alternatives to DSA) for HA/DR as of 11.0.4: HA and DR configurations

Just something to consider…

2 Likes
6

Thanks again! this does help clear some issue I’m seeing as well.

7

awesome, I did not see that option when I was researching, I will have a look at it as well. thanks!

8

@Aram @vk.khurava wonder if you guy can help with this one last step here with the relay failed over.

In order for the failover process to successfully occur set the DSA server as the secondary relay in client settings using __RelayServer2 for the top-level relays (or via the console Computer right-click settings user interface).

When I did that on my secondary server I get an error message that custom setting already exist.

Screenshot 2025-05-01 at 10.52.33 AM
Screenshot 2025-05-01 at 10.52.33 AM1898×936 228 KB

Screenshot 2025-05-01 at 10.53.29 AM
Screenshot 2025-05-01 at 10.53.29 AM790×318 30.3 KB

I look in the dropdown list for the add custom setting and I do not see it anywhere. Where else can this setting be?

and this setting is in the DSA server correct? not the Relay server?

9

NVM I have found it in the registry setting and add value of 1 to _relayserver2. for whatever odds reason it is not showing the list I mentioned above.

10

This setting (__RelayServer2) is essentially the Secondary Relay, so, rather than appear as a Custom Setting, it should be in the section above for Relay assignment.

11

So is the value of 1 correct? or it has to be the host name of my secondary server? also I’m doing this in my DSA server not the relay?

12

You do not need to configure any failover settings on either the BigFix Master (Primary or Secondary). However, your DSA must have a host file entry of the primary server against the FQDN of your BigFix infrastructure.

Note: Whenever new BigFix infrastructure is configured, it is recommended to use a DNS alias instead of a server hostname. There are many benefits to this approach, including easier management and flexibility.

Your top-level relay must know which BigFix master to reach when there is an issue with the primary master. You can configure this under the client setting _BESClient_RelaySelect_FailoverRelay.

1 Like