We are encountering “winsock error 4294967290” on multiple machines with newly installed BigFix Client.
We tried some commands to test connectivity between the DMZ relay and the client, and below are the result. Is this a firewall issue? What other tests can we do to determine the cause of the error?
The below commands are succeeding
Test-NetConnection <relay_name> -Port 52311
Test-NetConnection <relay_ip> -Port 52311
But the below commands returns this error: curl: (56) Recv failure: Connection was reset
curl -k http://relay.domain.com:52311/cgi-bin/bfenterprise/clientregister.exe?RequestType=Version
curl -k http://relayipaddress:52311/cgi-bin/bfenterprise/clientregister.exe?RequestType=Version
I’ve opened a web browser and entered the following URLS:
https://relay.domain.com:52311/cgi-bin/bfenterprise/clientregister.exe?RequestType=Version
https://relay.domain.com:52311/masthead/masthead.afxm
My Internet Relay configured as Authenticating Relay - I’ve received 403 Forbidden - this is expected behavior.
What the result you are seeing on the Browser?
This is almost certainly a Layer-4 firewall between your client and the Relay. Layer-4 firewalls such as Palo Alto, allow the TCP connection to get established (good results from Test-NetConnection) but then identify the Protocol being sent and will block the connection with a TCP RESET if the connection is not allowed.
The one I’m most experienced with is Palo Alto. On those, you don’t just define “TCP 52311 is allowed”, you also have to specify “https and http on TCP 52311 is allowed” - you have to get to the application level in the rule.
3 Likes