Deploying BigFix Detect (Documentation)

BigFixNinja · April 5, 2017, 5:37pm

I wanted to point out the following helpful documentation resources in deploying BigFix Detect.

1. Upgrade the BigFix Platform to version 9.5.5
First, BigFix Detect requires that the BigFix platform components be upgraded to 9.5.5. Please see the following BigFix upgrade documentation to start to plan for that upgrade:

Upgrading

Upgrade Best Practices

Within the Upgrading guide are links to a couple of visual upgrade guides that will act as an additional help:

Windows Visual BigFix Upgrade Guide

Linux Visual BigFix Upgrade Guide

Note: The upgrade to version 9.5.5 is no different than the upgrade from and to any other version of BigFix

2. Deploy the BigFix WebUI

BigFix WebUI Deployment Requirements

WebUI Installation

3. Deploy BigFix Detect

The documentation for how to deploy and configure BigFix Detect can be found in the Administrator’s Guide:

BigFix Detect Administrator Guide

BigFix Detect Security Analyst Guide

dveiga · June 9, 2017, 3:27pm

I am deploying the BigFix Detect to my TEST env. … under the step to run the task “Generate BigFix Detect Agent
Deployment and Upgrade Tasks” it is failing with error 3 for this relevance:

   Command started - waithidden "C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Unrestricted -file "D:\Program Files (x86)\BigFix Enterprise\BES Client\__BESData\Detect/checkForFixlet.ps1" -fixletRelevance "(not exists bes fixlet whose (name of site of it = REPLACEQUOTEBigFix DetectREPLACEQUOTE and (name of mime field of it = REPLACEQUOTEEDR-IDREPLACEQUOTE and value of mime field of it = REPLACEQUOTEInstall-edr-us1700101-3.5.1906.89-64-bit WindowsREPLACEQUOTE)))" -encryptedPassword "XXXXXXX" -cryptoUtilityExecFile "D:\Program Files (x86)\BigFix Enterprise\BES Server\Applications\CryptoUtility.exe" -iemCLIFolder "D:\Program Files (x86)\BigFix Enterprise\BES Server\IEM CLI" -hostname "bftest9" -hostPortNumber "52311" -restUsername "YYYYYYY" -besClientFolder "D:\Program Files (x86)\BigFix Enterprise\BES Client" -customerDept "BigFix Detect" -logfile "None"  (action:45771)
At 08:08:58 -0700 - actionsite (http://bftest9.tivlab.austin.ibm.com:52311/cgi-bin/bfgather.exe/actionsite)
   Command succeeded (Exit Code=3) waithidden "C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy Unrestricted -file "D:\Program Files (x86)\BigFix Enterprise\BES Client\__BESData\Detect/checkForFixlet.ps1" -fixletRelevance "(not exists bes fixlet whose (name of site of it = REPLACEQUOTEBigFix DetectREPLACEQUOTE and (name of mime field of it = REPLACEQUOTEEDR-IDREPLACEQUOTE and value of mime field of it = REPLACEQUOTEInstall-edr-us1700101-3.5.1906.89-64-bit WindowsREPLACEQUOTE)))" -encryptedPassword "XXXXXXX" -cryptoUtilityExecFile "D:\Program Files (x86)\BigFix Enterprise\BES Server\Applications\CryptoUtility.exe" -iemCLIFolder "D:\Program Files (x86)\BigFix Enterprise\BES Server\IEM CLI" -hostname "bftest9" -hostPortNumber "52311" -restUsername "YYYYYYY" -besClientFolder "D:\Program Files (x86)\BigFix Enterprise\BES Client" -customerDept "BigFix Detect" -logfile "None"  (action:45771)

I am wondering if the failure is because of this REPLACEQUOTE in the relevance… isn’t it?

AlanM · June 9, 2017, 5:55pm

I’m not exactly sure what the PowerShell is doing but the “REPLACEQUOTE” items are going into the checkForFixlet function and I’m presuming that program is turning them back into real quotes.

The command does indicate it ran and an exit code of 3 indicates there was a REST API error

dveiga · June 9, 2017, 7:58pm

Hey Alan,

So I enabled the property _BESClient_EDR_Enable_Verbose_Logging and that created the file edrGenerateTaskVerbose.log under the BESClient folder from the root server.
Interesting is that the file doesn’t show any error, also looking at the server_audit.log it shows the REST API connection without any error, just the messages:

Fri, 09 Jun 2017 12:35:42 -0700 – YYYYYYY: Too many log in attempts. (API Connection)
Fri, 09 Jun 2017 12:35:44 -0700 – YYYYYYY: Too many log in attempts. (API Connection)
Fri, 09 Jun 2017 12:35:47 -0700 – YYYYYYY: Too many log in attempts. (API Connection)
Fri, 09 Jun 2017 12:35:48 -0700 – YYYYYYY: Too many log in attempts. (API Connection)
Fri, 09 Jun 2017 12:35:50 -0700 – YYYYYYY: Too many log in attempts. (API Connection)
Fri, 09 Jun 2017 12:35:54 -0700 – YYYYYYY: Too many log in attempts. (API Connection)
Fri, 09 Jun 2017 12:35:55 -0700 – YYYYYYY: Too many log in attempts. (API Connection)
Fri, 09 Jun 2017 12:35:57 -0700 – YYYYYYY: Too many log in attempts. (API Connection)

I already re-executed the task “Configure REST API credentials for BES Server Plugin Service” to set my correct master operator ID and password. Also executing a REST API command thru curl with the same credential that works correctly.

Trying to figure out what else I could be looking for to try to find out why the REST API isn’t connecting… any idea?

AlanM · June 9, 2017, 8:21pm

It sounds like the credentials aren’t right. Do the REST credentials you are using actually have permissions to use the REST API?

dveiga · June 9, 2017, 8:43pm

Hey Alan, in fact it is right … what I just saw is that the analysis “BigFix Detect Agent Deployment Information” wasn’t enabled. Somehow I missed that during the configuration steps.
After I enabled it and re-run the task it worked correctly.