Since upgrading to version 9.5.7.90, We noticed the IEM/BigFix server has not received anything new from external sites, especially from BES Support site. From the logs (/var/opt/BESClient/__BESData/__Global/Logs/.log) it looks like it is successfully sync’ing with bigfix site:
Successful Synchronization with site ‘BES Support’ (version 1377) - ‘http://sync.bigfix.com/cgi-bin/bfgather/bessupport’.
Any advice on what to check?
Much thanks.
That log shows that the client is syncing with your server, but does not indicate whether your server is syncing from bigfix.com.
On the server, check the BES Server/GatherDBData/gatherdb.log file (at least that’s where I’d expect it, but I don’t have a Linux root server myself.) @cmcannady ?
As @JasonWalker indicates, I’d need to see the following BES logs to know for sure.
Depending on the log detail, it may be a proxy or other configuration issue.
Are all sites not updating post upgrade to 9.5.7?
Thank you @cmcannady and @JasonWalker for your responses. Much appreciated.
After checking the mentioned logs I do see connection/timeout entries:
Wed, 17 Jan 2018 17:37:34 +1100 - 1639929600 - 54: 17NotASignedMessage
Wed, 17 Jan 2018 17:37:39 +1100 - 1639929600 - 31: 17NotASignedMessage
Wed, 17 Jan 2018 17:37:45 +1100 - 1596671744 - 7: 17NotASignedMessage
Wed, 17 Jan 2018 17:37:48 +1100 - 1639929600 - 6: 17NotASignedMessage
Wed, 17 Jan 2018 17:37:54 +1100 - 1596671744 - 9: 17NotASignedMessage
Wed, 17 Jan 2018 17:37:57 +1100 - 1639929600 - 32: 17NotASignedMessage
Wed, 17 Jan 2018 17:38:06 +1100 - 1639929600 - 3: 17NotASignedMessage
Wed, 17 Jan 2018 17:38:10 +1100 - 1639929600 - 19: 17NotASignedMessage
Wed, 17 Jan 2018 17:38:15 +1100 - 1661703936 - 21: 17NotASignedMessage
Wed, 17 Jan 2018 17:38:19 +1100 - 1661703936 - 28: 17NotASignedMessage
Wed, 17 Jan 2018 17:38:24 +1100 - 1661703936 - 51: 17NotASignedMessage
Wed, 17 Jan 2018 17:38:30 +1100 - 1661703936 - 52: 17NotASignedMessage
Wed, 17 Jan 2018 17:38:42 +1100 - 1639929600 - 5: GetURL failure on http://sync.bigfix.com/cgi-bin/bfgather/bessupport?Time=1516171091: HTTP Error 28: Timeout was reached
I am checking with our firewall/proxy team if there were changes in the proxy side as there were no config changes in the bigfix server side. A manual proxy connection test appear to be good (was setup with no auth; actual hostnames removed)
[root@besserver ~]# /opt/BESServer/bin/BESAdmin.sh -testproxyconnection -proxyHost=http://proxy -proxyPort=8080
Test Connection completed with success
@cmcannady, Yes, all sites are affected post upgrade to 9.5.7.
The 17NotASignedMessage error is also indicative of a BigFix external site sync issue. See http://www-01.ibm.com/support/docview.wss?uid=swg21973746
You may want to try removing your proxy configuration via BESAdmin.sh tool and then re-inputting the proxy config. This will require the BESServer service to be restarted.
Can you curl/wget http://sync.bigfix.com/cgi-bin/bfgather/bessupport from your Linux root BES server and check that the version in the file is returned as 1382?
If you can curl/wget, but BESGather still isn’t working, you’ll have to remove your proxy config and then put it back into place via BESAdmin.
Thank you @cmcannady.
I did try pulling the file but I get disconnected. I worked with the team managing the company proxy and we can see our bigfix server is hitting sync.bigfix.com but connection times out:
[lopezh@besserver ~]$ wget http://sync.bigfix.com/cgi-bin/bfgather/bessupport
--2018-01-18 11:40:05-- http://sync.bigfix.com/cgi-bin/bfgather/bessupport
Resolving sync.bigfix.com... 174.36.239.140, 169.53.158.142
Connecting to sync.bigfix.com|174.36.239.140|:80... failed: Connection timed out.
It could be due to the timeout settings on the proxy and I am still working out if that setting can be checked and adjusted.
See if you have better luck with wget grabbing it over https. If that works better through your proxy, you could configure the root server to perform gathers over https using the instructions at https://www.ibm.com/support/knowledgecenter/en/SS63NW_9.5.0/com.ibm.bigfix.doc/Platform/Config/c_https_gathering.html
Thank you very much @cmcannady, @JasonWalker for your guides and tips. So this was by the way resolved. It was found out that the bigfix server was ‘dropped’ from the router as it was hogging bandwidth and no one can identify which system it was…until recently…when things are not working as before grin. But showing the logs and all to the team managing the network was enough to trace where everything was being cut. Thank you again for your time and efforts. Cheers! -H