Hi, Does anyone know if there is a way to manually change the client relay settings locally on the endpoint itself without using the console?
Agents were accidentally deployed into a production DMZ which cannot communicate directly to the TEM server. We need to redirect those agents to a DMZ relay. Since they cannot connect to the TEM server directly, they obviously have not reported to the server and as such, I cannot take actions from the console.
Also, we prefer not to re-install the agent again with the proper clientsettings.cfg file as that will require a RFC and will take 1-2 days to complete. We are looking for a quicker solution.
OK… found the solution and it was actually one of the first things that I tried before posting but didn’t work…
You can just change the client settings and in particular, add “__RelaySelect1=IP/hostname” (note: double underscore).
It didn’t work the first time for me because the agent that I tested it on was already reporting directly to the TEM server and as such, doesn’t change its relay until the next relay select (or a force relay select which wouldn’t work in my case with the endpoints in the DMZ).
Yes, you can edit the plist manually, but it’s a binary plist owned by root so you’ll have to edit it with something that understands binary plists that has permission to edit the file. I use
TextWrangler
to edit a copy of the file, then replace the original plist file with the modified copy in Terminal as root.
I’ve following the instructions in the IBM article (changing the relay in the registry) but every time the client is restarted, it wipes out the modifications.
check the client logs. Can it connect to the relay or is it getting an error.
If it cannot get to the relay you’ve specified it’ll look elsewhere including the root server.
Thanks for the response. I discovered that the particular client is behind a firewall that is restricting port 52311. The root server was able to deploy the client, but it cannot reach the root server or any relay and does not appear in the console. It would appear that the default behavior for the client when it cannot reach the server/relay you configure it to use will revert to the settings it was configured for when deployed.
One more thing, the registry settings were not in the location described in the IBM article:
[HKEY_LOCAL_MACHINE\SOFTWARE\BigFix\EnterpriseClient\Settings\Client__RelaySelect_Automatic] “value”=“0”
Don’t know if you noticed, but you just resurrected a 2-year-old thread. You’d probably have better responses if you start a new one instead.
If the Relay values were set by an Action, there should be an “Effective Time” listed in the same registry key as the Value. You’d need to stop the BES client, update the “Value” value, and increment the “effective time” to be some point later (I usually increase it by 1 minute). That should stop the client from overwriting the registry with the last known value. After updating, restart the BES client.