Change relay manually

system · April 17, 2013, 7:22pm

(imported topic written by vincent.h)

Hi, Does anyone know if there is a way to manually change the client relay settings locally on the endpoint itself without using the console?

Agents were accidentally deployed into a production DMZ which cannot communicate directly to the TEM server. We need to redirect those agents to a DMZ relay. Since they cannot connect to the TEM server directly, they obviously have not reported to the server and as such, I cannot take actions from the console.

Also, we prefer not to re-install the agent again with the proper clientsettings.cfg file as that will require a RFC and will take 1-2 days to complete. We are looking for a quicker solution.

Thanks in advance!

system · April 18, 2013, 4:43am

(imported comment written by vincent.h)

OK… found the solution and it was actually one of the first things that I tried before posting but didn’t work…

You can just change the client settings and in particular, add “__RelaySelect1=IP/hostname” (note: double underscore).

It didn’t work the first time for me because the agent that I tested it on was already reporting directly to the TEM server and as such, doesn’t change its relay until the next relay select (or a force relay select which wouldn’t work in my case with the endpoints in the DMZ).

system · April 18, 2013, 1:01pm

(imported comment written by ToshikiMatsui)

You need to specify the relay like below.

http://relay_server_name:52311/bfmirror/downloads/

See the link for the further instruction.

How to manually point TEM Clients to a TEM Relay without using TEM
http://www-01.ibm.com/support/docview.wss?uid=swg21505844

Thanks.

system · May 2, 2013, 10:03pm

(imported comment written by jpeppers91)

What is the process for a MAC client, or could you tell me which file the settings are located for the relay.

amelgares · May 2, 2013, 11:51pm

(imported comment written by amelgares)

The client settings on a Mac are in a plist at:

/Library/Preferences/com.bigfix.BESAgent.plist

edit the key " Settings > Client > __RelayServer1" using the defaults command.

I think you may need to stop the BESClient to make changes to the file.

system · May 3, 2013, 7:02pm

(imported comment written by jpeppers91)

Can I manually change them there?

amelgares · May 3, 2013, 7:11pm

(imported comment written by amelgares)

Yes, you can edit the plist manually, but it’s a binary plist owned by root so you’ll have to edit it with something that understands binary plists that has permission to edit the file. I use
TextWrangler
to edit a copy of the file, then replace the original plist file with the modified copy in Terminal as root.

system · May 7, 2013, 6:15pm

(imported comment written by jpeppers91)

Do you know of way to report on this value in the file…

__RelayServer1

        <dict>


            <key>Date</key>


            <date>2013-05-02T12:05:28Z</date>


            <key>Value</key>


            <string>http://.

servername:24439/bfmirror/downloads
/

tlogsdon · July 31, 2015, 3:08pm

I’ve following the instructions in the IBM article (changing the relay in the registry) but every time the client is restarted, it wipes out the modifications.

gearoid · July 31, 2015, 5:56pm

check the client logs. Can it connect to the relay or is it getting an error.
If it cannot get to the relay you’ve specified it’ll look elsewhere including the root server.

tlogsdon · July 31, 2015, 6:25pm

Thanks for the response. I discovered that the particular client is behind a firewall that is restricting port 52311. The root server was able to deploy the client, but it cannot reach the root server or any relay and does not appear in the console. It would appear that the default behavior for the client when it cannot reach the server/relay you configure it to use will revert to the settings it was configured for when deployed.

tlogsdon · July 31, 2015, 6:28pm

One more thing, the registry settings were not in the location described in the IBM article:
[HKEY_LOCAL_MACHINE\SOFTWARE\BigFix\EnterpriseClient\Settings\Client__RelaySelect_Automatic] “value”=“0”

[HKEY_LOCAL_MACHINE\SOFTWARE\BigFix\EnterpriseClient\Settings\Client__RelayServer1] “value”=“http://relay_server_name:52311/bfmirror/downloads/”

[HKEY_LOCAL_MACHINE\SOFTWARE\BigFix\EnterpriseClient\Settings\Client__RelayServer2] “value”=“http://relay_server_name:52311/bfmirror/downloads/”

They turned out to be located under HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BigFix

JasonWalker · August 3, 2015, 12:22am

Don’t know if you noticed, but you just resurrected a 2-year-old thread. You’d probably have better responses if you start a new one instead.

If the Relay values were set by an Action, there should be an “Effective Time” listed in the same registry key as the Value. You’d need to stop the BES client, update the “Value” value, and increment the “effective time” to be some point later (I usually increase it by 1 minute). That should stop the client from overwriting the registry with the last known value. After updating, restart the BES client.

TimRice · August 3, 2015, 11:00am

The difference in Registry locations is the result of the architecture of your system. A 32bit system would use the original documented location.

Remember that the BES Client is a 32 bit application, so 64bit Windows OS’s redirect both file and Registry items.