Deploy IBM BigFix Remote Control Target for Windows

Guys,
I’m encountering an issue with deploying the newest remote control target for windows.

If I deploy the Task by itself it completes no worries. If I try to wrap the task up into a baseline with other components the task fails with an , syntax error. The script execution detail is per below:

parameter “FixletName” = "Deploy IBM BigFix Remote Control Target for Windows"
parameter “logFile” = "…\rc_fixlet.log"
waithidden cmd.exe /C echo ================================================================================================================================================================= >> {parameter “logFile”} 2>&1
waithidden cmd.exe /C echo INFO : Started Fixlet ({parameter “FixletName”}) at {now} >> {parameter “logFile”} 2>&1
prefetch trc_target_win32_9.1.4_0052.bfa sha1:264d5198957ba2c8f85ad4d7007c63f8c318f77a size:10486206 http://software.bigfix.com/download/TRC/trc_9.1.4/trc-9.1.4-0052/trc_target_win32_9.1.4_0052.bfa sha256:3dcfd09ee90cf3a335558b08e66de7837f99b7d806459cdcac094ff1bea57a9c
extract trc_target_win32_9.1.4_0052.bfa
parameter “release”="9.1.4"
parameter “build”="0052"
waithidden cmd.exe /C echo INFO : Release: {parameter “release”} >> {parameter “logFile”} 2>&1
waithidden cmd.exe /C echo INFO : Build: {parameter “build”} >> {parameter “logFile”} 2>&1
Failed if {parameter “paramRegToken” != “”}
waithidden cmd.exe /C echo INFO : Using a token >> {parameter “logFile”} 2>&1
parameter “regTokenStr” = "REGISTRATIONTOKEN={parameter “paramRegToken”}"
else
waithidden cmd.exe /C echo INFO : Not using a token >> {parameter “logFile”} 2>&1
parameter “regTokenStr” = ""
endif
if {parameter “paramManaged” = “true”}
parameter “installOptions” = "AUDITTOSYSTEM=yes ALLOWP2P=no ALLUSERS=1 {parameter “RegTokenStr” of action}“
waithidden cmd.exe /C echo INFO : Target is Managed. >> {parameter “logFile”} 2>&1
regset “[HKEY_LOCAL_MACHINE\Software\IBM\Tivoli\Remote Control\Target]” “ServerURL”=”{parameter “paramServerURL” of action}"
else
parameter “installOptions” = "ALLOWP2P=yes AUDITTOSYSTEM=yes FORCESECURE=yes MANAGED=no ALLUSERS=1 {parameter “RegTokenStr” of action}"
waithidden cmd.exe /C echo INFO : Target is P2P. >> {parameter “logFile”} 2>&1
endif
// Create a directory in which to store the msi for any future modifications like Virtual Smart Card support
parameter “msiCacheDir” = "{pathname of csidl folder 35}\BigFix\MSICache\RemoteControl\Target{parameter “release”}.{parameter “build”}"
waithidden cmd.exe /C echo INFO : Using Cache directory {parameter “msiCacheDir”} >> {parameter “logFile”} 2>&1
wait cmd.exe /C if not exist “{parameter “msiCacheDir”}” mkdir "{parameter “msiCacheDir”}"
wait cmd.exe /C copy __Download\trc_target.msi “{parameter “msiCacheDir”}”
// To change the install folder add setup config option in next line (example: INSTALLDIR=C:\IBMTRC )
wait “{pathname of system folder & “\msiexec.exe”}” /I "{parameter “msiCacheDir”}\trc_target.msi " /QN {parameter “installOptions”}
parameter “ExitCode” = "{if exist exit code of action then exit code of action as string else “Not Set”}"
if {(parameter “ExitCode” = “0”) OR (parameter “ExitCode” = “3010”)}
waithidden cmd.exe /C echo INFO : Target was successfully installed. >> {parameter “logFile”} 2>&1
waithidden cmd.exe /C echo INFO : Configuring firewall … >> {parameter “logFile”} 2>&1
else
waithidden cmd.exe /C echo ERROR: Target was not properly installed. ExitCode={parameter “ExitCode”} >> {parameter “logFile”} 2>&1
exit {parameter “ExitCode”}
endif
continue if {(parameter “ExitCode” = “0”) OR (parameter “ExitCode” = “3010”)}
if {(name of it = “WinXP” OR name of it = “WinXP-2003” OR name of it = “Win2003”) of operating system}
if {x64 of operating system}
waithidden “{pathname of system x64 folder}\netsh.exe” firewall delete portopening protocol=TCP port={value “PorttoListen” of key “HKEY_LOCAL_MACHINE\SOFTWARE\IBM\Tivoli\Remote Control\Target” of registry} profile=ALL
waithidden “{pathname of system x64 folder}\netsh.exe” firewall add portopening protocol=TCP port={value “PorttoListen” of key “HKEY_LOCAL_MACHINE\SOFTWARE\IBM\Tivoli\Remote Control\Target” of registry} name=“Tivoli Remote Control” mode=ENABLE profile=ALL
else
waithidden “{pathname of system folder}\netsh.exe” firewall delete portopening protocol=TCP port={value “PorttoListen” of key “HKEY_LOCAL_MACHINE\SOFTWARE\IBM\Tivoli\Remote Control\Target” of registry} profile=ALL
waithidden “{pathname of system folder}\netsh.exe” firewall add portopening protocol=TCP port={value “PorttoListen” of key “HKEY_LOCAL_MACHINE\SOFTWARE\IBM\Tivoli\Remote Control\Target” of registry} name=“Tivoli Remote Control” mode=ENABLE profile=ALL
endif
else
if {x64 of operating system}
waithidden “{pathname of system x64 folder}\netsh.exe” advfirewall firewall delete rule name="Tivoli Remote Control"
waithidden “{pathname of system x64 folder}\netsh.exe” advfirewall firewall add rule name=“Tivoli Remote Control” dir=in action=allow protocol=TCP localport={value “PorttoListen” of key “HKEY_LOCAL_MACHINE\SOFTWARE\IBM\Tivoli\Remote Control\Target” of registry}
else
waithidden “{pathname of system folder}\netsh.exe” advfirewall firewall delete rule name="Tivoli Remote Control"
waithidden “{pathname of system folder}\netsh.exe” advfirewall firewall add rule name=“Tivoli Remote Control” dir=in action=allow protocol=TCP localport={value “PorttoListen” of key “HKEY_LOCAL_MACHINE\SOFTWARE\IBM\Tivoli\Remote Control\Target” of registry}
endif
endif
waithidden cmd.exe /C echo INFO : Done. >> {parameter “logFile”} 2>&1
waithidden net stop TRCTARGET >> {parameter “logFile”} 2>&1
waithidden net start TRCTARGET >> {parameter “logFile”} 2>&1
waithidden cmd.exe /C echo INFO : Finished Fixlet ({parameter “FixletName”}) at {now} >> {parameter “logFile”} 2>&1

This is a default bigfix action and I haven’t changed it in any way or form so not too sure where to look.

Hi, did you get a resolution to this?
Having the same issue when in a baseline but seems to run ok as a single item.

Hey Paco,
Nah unfortunately no resolution.

To get by we’re simply running the individual components of the baseline and as you said, they run fine.

What version of Bigfix are you using?

Thanks for your reply. 9.5.4 atm but scheduled for 9.5.5 in the next couple months.

Interesting, we’re back on 9.2.9 and it’s still doing the same thing.

Will be at least 6 months before upgrading. Hopefully the newer version resolves it.

I’ve actually just tried something different. I’ve added 3 TRC components to a separate baseline and linked that to our core MOE baseline. Will advise of outcome. Thanks.

I don’t have a BigFix TRC Environment, but from the action script, it seems it’s checking a parameter that doesn’t exist in execution time. If you run the Task as an individual action, does it ask for an input from the console user?

fermt is correct, it asks for parameters in the header of the action that are used during execution. The parameter names can be seen if you export the task and open it with an XML-capable file editor. These parameters set whether it is peer-to-peer or server, and the server properties. The previous installation tasks had separate actions for peer-to-peer and server, but this one is combined into one action. Because of this it can’t be run in a Baseline. Our solution was to create a new blank task and copy the Relevance and the Action Script over, but remove the lines that contain those parameters, and the lines relating to a TRC server as well since we run all peer-to-peer at this time. It could be edited for the server as well if needed.

It’s the version of TRC that matters, not the version of Bigfix. TRC is updated more frequently, and the tasks change. See my reply to “fermt” for a possible solution.

Thanks for the replies @fermt and @jkj1962 as this as pointed me in the right-direction. It appears we’re also using peer to peer (I was not the one who set it up have just inherited managing it).

@jkj1962 would you mind sharing your edited script so I can see how you’ve removed the parameters? From what I can tell it’s this section that needs editing.

if {parameter “paramRegToken” != “”}
waithidden cmd.exe /C echo INFO : Using a token >> {parameter “logFile”} 2>&1
parameter “regTokenStr” = "REGISTRATIONTOKEN={parameter “paramRegToken”}"
else
waithidden cmd.exe /C echo INFO : Not using a token >> {parameter “logFile”} 2>&1
parameter “regTokenStr” = ""
endif

if {parameter “paramManaged” = “true”}
parameter “installOptions” = "AUDITTOSYSTEM=yes ALLOWP2P=no ALLUSERS=1 {parameter “RegTokenStr” of action}“
waithidden cmd.exe /C echo INFO : Target is Managed. >> {parameter “logFile”} 2>&1
regset “[HKEY_LOCAL_MACHINE\Software\IBM\Tivoli\Remote Control\Target]” “ServerURL”=”{parameter “paramServerURL” of action}"
else
parameter “installOptions” = "ALLOWP2P=yes AUDITTOSYSTEM=yes FORCESECURE=yes MANAGED=no ALLUSERS=1 {parameter “RegTokenStr” of action}"
waithidden cmd.exe /C echo INFO : Target is P2P. >> {parameter “logFile”} 2>&1
endif

Furthermore if a new remote control target fixlet is released does that mean you’ll just copy it out again and recreate your custom version of it?

Yes, those sections need to be taken out, and you need to replace the “installOptions” parameter that is created in the second part of that section with the options you want. I ended up with this:

parameter “FixletName” = "Deploy IBM BigFix Remote Control Target for Windows"
parameter “logFile” = "…\rc_fixlet.log"
waithidden cmd.exe /C echo ================================================================================================================================================================= >> {parameter “logFile”} 2>&1
waithidden cmd.exe /C echo INFO : Started Fixlet ({parameter “FixletName”}) at {now} >> {parameter “logFile”} 2>&1

prefetch trc_target_win32_9.1.4_0052.bfa sha1:264d5198957ba2c8f85ad4d7007c63f8c318f77a size:10486206 http://software.bigfix.com/download/TRC/trc_9.1.4/trc-9.1.4-0052/trc_target_win32_9.1.4_0052.bfa sha256:3dcfd09ee90cf3a335558b08e66de7837f99b7d806459cdcac094ff1bea57a9c

extract trc_target_win32_9.1.4_0052.bfa

parameter “release”="9.1.4"
parameter “build”="0052"
waithidden cmd.exe /C echo INFO : Release: {parameter “release”} >> {parameter “logFile”} 2>&1
waithidden cmd.exe /C echo INFO : Build: {parameter “build”} >> {parameter “logFile”} 2>&1

// Create a directory in which to store the msi for any future modifications like Virtual Smart Card support

parameter “msiCacheDir” = “{pathname of csidl folder 35}\BigFix\MSICache\RemoteControl\Target{parameter “release”}.{parameter “build”}”

waithidden cmd.exe /C echo INFO : Using Cache directory {parameter “msiCacheDir”} >> {parameter “logFile”} 2>&1

wait cmd.exe /C if not exist “{parameter “msiCacheDir”}” mkdir “{parameter “msiCacheDir”}”

wait cmd.exe /C copy __Download\trc_target.msi “{parameter “msiCacheDir”}”

// To change the install folder add setup config option in next line (example: INSTALLDIR=C:\IBMTRC )

wait “{pathname of system folder & “\msiexec.exe”}” /I “{parameter “msiCacheDir”}\trc_target.msi” /QN /lv! “C:\TRC.log” ALLOWP2P=yes AUDITTOSYSTEM=yes FORCESECURE=yes MANAGED=no ALLUSERS=1

parameter “ExitCode” = “{if exist exit code of action then exit code of action as string else “Not Set”}”

if {(parameter “ExitCode” = “0”) OR (parameter “ExitCode” = “3010”)}
waithidden cmd.exe /C echo INFO : Target was successfully installed. >> {parameter “logFile”} 2>&1
waithidden cmd.exe /C echo INFO : Configuring firewall … >> {parameter “logFile”} 2>&1
else
waithidden cmd.exe /C echo ERROR: Target was not properly installed. ExitCode={parameter “ExitCode”} >> {parameter “logFile”} 2>&1
exit {parameter “ExitCode”}
endif

continue if {(parameter “ExitCode” = “0”) OR (parameter “ExitCode” = “3010”)}

if {(name of it = “WinXP” OR name of it = “WinXP-2003” OR name of it = “Win2003”) of operating system}
if {x64 of operating system}
waithidden “{pathname of system x64 folder}\netsh.exe” firewall delete portopening protocol=TCP port={value “PorttoListen” of key “HKEY_LOCAL_MACHINE\SOFTWARE\IBM\Tivoli\Remote Control\Target” of registry} profile=ALL
waithidden “{pathname of system x64 folder}\netsh.exe” firewall add portopening protocol=TCP port={value “PorttoListen” of key “HKEY_LOCAL_MACHINE\SOFTWARE\IBM\Tivoli\Remote Control\Target” of registry} name=“Tivoli Remote Control” mode=ENABLE profile=ALL
else
waithidden “{pathname of system folder}\netsh.exe” firewall delete portopening protocol=TCP port={value “PorttoListen” of key “HKEY_LOCAL_MACHINE\SOFTWARE\IBM\Tivoli\Remote Control\Target” of registry} profile=ALL
waithidden “{pathname of system folder}\netsh.exe” firewall add portopening protocol=TCP port={value “PorttoListen” of key “HKEY_LOCAL_MACHINE\SOFTWARE\IBM\Tivoli\Remote Control\Target” of registry} name=“Tivoli Remote Control” mode=ENABLE profile=ALL
endif
else
if {x64 of operating system}
waithidden “{pathname of system x64 folder}\netsh.exe” advfirewall firewall delete rule name="Tivoli Remote Control"
waithidden “{pathname of system x64 folder}\netsh.exe” advfirewall firewall add rule name=“Tivoli Remote Control” dir=in action=allow protocol=TCP localport={value “PorttoListen” of key “HKEY_LOCAL_MACHINE\SOFTWARE\IBM\Tivoli\Remote Control\Target” of registry}
else
waithidden “{pathname of system folder}\netsh.exe” advfirewall firewall delete rule name="Tivoli Remote Control"
waithidden “{pathname of system folder}\netsh.exe” advfirewall firewall add rule name=“Tivoli Remote Control” dir=in action=allow protocol=TCP localport={value “PorttoListen” of key “HKEY_LOCAL_MACHINE\SOFTWARE\IBM\Tivoli\Remote Control\Target” of registry}
endif
endif
waithidden cmd.exe /C echo INFO : Done. >> {parameter “logFile”} 2>&1
waithidden net stop TRCTARGET >> {parameter “logFile”} 2>&1
waithidden net start TRCTARGET >> {parameter “logFile”} 2>&1
waithidden cmd.exe /C echo INFO : Finished Fixlet ({parameter “FixletName”}) at {now} >> {parameter “logFile”} 2>&1

And you are correct, when TRC is updated again, I will copy the new script and edit it to update the custom task I created.

this is happening in our environment too. works fine individually, but errors if it’s in a baseline.

@jkj1962 thanks mate. I changed ours yesterday and it’s working fine, much appreciated for pointing me in the right direction.

Thank you for sharing!

I put in a service request for this issue and linked to this thread.

also noticed that the task no longer defaults to the last used option (we use managed mode, it used to default to that and save the server parameters, after being ran once). it’s defaulting to peer to peer. something to watch for, if you were used to otherwise.