I have 2 computers that are grey in the console even after Send Refresh (1 is Windows7 and the other is W10). I also checked to make sure BESClient was running. It was, so I restarted it (also BESRelay). Then issued another Refresh and still they are grey in the Console. Any ideas of what to do next would be greatly appreciated. Thanks.
hi ,
please check “mark as offline after” value.
Hi
How long has thoose been grey? Restarting the BESClient would force the client to rapport inn to the bigfix server, if it is still grey ii would guess there is somthing wrong. I would check the BESClient log file to see if the client has trouble reaching the relay server.
Log file usually lies here: “C:\Program Files (x86)\BigFix Enterprise\BES Client__BESData__Global\Logs”
Send refresh uses UDP on port 52311 so check if it is open from relay to client if there is a firewall between. I don’t think this is the problem.
Thank you for your response. They have been grey for days now. I will check the log files and port, etc. and let you know what happens.
Thanks for your response. I have the Refresh set to 300 seconds, Heartbeat 15 mins, and Mark as Offline at 45 mins. Are these goodd values?
I’d check your client logs to see if there are any more details there.
Also the clients that are grayed out open a web browser and try to go to the relay diagnostics page to see if you can connect.
https://relayname.yourdomain.com/rd to see if you can connect. (you can also enter the name of your root server if it is accessible by your client)
Here is a log entry that looks like it might be the problem:
RegisterOnce: GetURL failed - General transport failure. - 'http://127.0.0.1:52311/cgi-bin/bfenterprise/clientregister.exe?
However, I don’t know what to do next. “General transport” seems to indicate a problem at the TCP/IP level. However, I was able to ping the server. Please HELP. Thanks.
Generally there are two basic problems.
-
Name resolution (can the client resolve the BES server or relay name)
-
Can the client communicate on port 52311. Best way to test this is using telnet. The command would be telnet servername 52311
I you connect you should be good. If not, then possibly a firewall error.
'http://127.0.0.1:52311/cgi-bin/bfenterprise/clientregister.exe sounds like it is trying to connect to the localhost. Could you open registry on these clients and navigate to
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BigFix\EnterpriseClient\Settings\Client__Relay_Control_Server1] and see if the value is the correct relay server?
I tried the telnet command in the Windows10 powershell but it said it does not recognize the command. Also, not sure how to check the name resolution you mentioned either. Thanks for any new ideas.
I checked the registry entry and it has the correct server name.
Run telnet from cmd window.
Resolution should be correct if you ping the server by hostname and it resolves the ip address, it could be via the DNS server or host files.
First of all, thank you all for your ideas and help. I tried the telnet command in the cmd window with the same result - says it is not a cmd. Now I am getting “host not reachable” msg when I ping the BigFix server. So I looked into the DNS server, but if I ping a website (e.g. Yahoo.com), I get a good response, so it looks like the DNS server is ok… I think I am going to try re-booting the PC and see what happens.
This means telnet client package is not installed on your machine.
So just try to open in a browser:
How can I get that package? But what I don’t understand why it happened all of a sudden, because it used to work fine. So, I must have had that package installed at some point in time.
I tried that link you sent me, but it cannot make a secure connection – it failed.
You can follow this video to enable the Telnet client. It is not a default command in both win7 and win10. The video shows windows 10, but I think it is the same way in windows 10.
You can also run this commands in CMD to enable it
Type in: pkgmgr /iu:”TelnetClient” , to enable the Client
You don’t need telnet for BigFix to work.
You do need a TCP network connection on port 52311 from your endpoint to either the root server or the relay.
The easiest ways to test that this is available is to:
- ping the root server using the name that’s in the masthead file (masthead.afxm on windows, actionsiste.afxm on *NIX).
- Try to reach the root server or your relay on its
relay diagnosticspage which is thehttps://server:52311/rd. Be aware this page can be disabled - so you do need to check if you can access it directly from the server/relay itself.
We see this kind of problem regularly on the forum, and by far the most common cause is a problem with the network configuration.
Thanks. I tried pinging the serve name, but it failed. I could, however ping the TCP/IP address. I went to the website you recommended - on the server itself – and it said the connection failed. I am now on the diagnostic page, but not sure what to do next. I would think that the 52311 port on the server isn’t working. Is there a way to test that (other than Telnet). Thanks in advance for your help.
if you can ping the server IP and not the server name, then there probably is no DNS resolution on the relay server. You can confirm it by typing “nslookup servername” in cmd and you should get the ip of the server.
if you type this in your URL on the clients what do you get
If you get a web page open the port 52311 is open and there is no DNS resolution
The best option is to make an DNS entry for the server inn the DNS server the clients are using.
If you still get the connection failed, 52311 port is probably closed in one or more of the firewalls between client and relay server. You should ask your network team to check this. You can also try disabling the local firewall on the relay server and the clients to see if that helps.
This may also be because the relay diagnostics page is turned off.