Client Agent reporting only one time after PC restart

Hi Community.

I have the next problem.
I have ~500 machines connected to the BigFix Server for one of my clients.
Physically, they all in one country, and the Server is in the other.
They are spitted in groups of 2-3-4 machines and this group has one of them as a relay, so the structure is something like Server --> 150 Relays + 1-2-3 clients per relay.

We have an issue, when relay machines has “last report time” equal to the time of last machine restart.
Basically, there is no data from these machines until we reboot them.

What is more strange, is that data from normal clients coming to the server quickly (5-10 minutes).
So, if I create new analysis and applicability is “All computers”, all normal machines will become relevant in 5-10-15 minutes. All “relay” machines will not become applicable until we reboot this machine. These relay machines or “offline” relative to the Server and report only 1 time after machine restarted (or BigFix Service restart).

We had a 'fight" with our network team to double check if all ports and protocols available for “relay” machines.
We used this traffic network guide to create a list of needed ports/protocols to be open:
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0073040&sys_kb_id=278d471e1bd818d0c1f9759d1e4bcb7b

They swear that all “ports and protocols are allowed”.

Can you, please, help me to understand what is happening and how correctly investigate and fix this issue?

Best regards,
Anton Paradovskyi.

You may be best to open a support case but generally I would start looking from the clients up the chain. Pick a random client, enable debug logging, produce the issue and review what is going on in the logs - does it get stuck evaluating something; is the agent itself become hung; etc. I have seen similar issues where in my case it was wmi-based properties were not returning data and client would just get stuck trying to evaluate them and becomes unresponsive. I think that has since been corrected and clients have built-in wmi evaluation timeouts but technically if you have any sort of “sticky” relevance in a computer group, fixlet or property can cause something like this. If client is confirmed working fine (going OK through its entire cycle) then I would look into the relay (this is assuming you have ruled out any networking issue - intermittence, dropped traffic, etc - network connection errors on posting reports from clients) - again, some kind of debug logging may be required to see what is going on and whether the relays are accepting & processing posted reports, and forwarding them on ok. And continue all the way up the chain to the root server but as you can imagine it does become complex to review logs and such, so running those through Support might be the easiest option for you…