Hello, I hate to ask this but the downloads between my main BigFix server and my relays never completes and as a consequence the target always reports "pending downloads. The Bigfix version is 10.0.2 the main BigFix server and the relays are all Windows 2019 boxes. Relay cache size is set to 87GB. If I manually copy the download from the main BigFix server to the relay the actions run correctly. The main BigFix server has no issues downloading the initial patch, it never gets to the relay. If I run a blank action or send a force refresh command to the relay or the targets they get the action or the refresh command when I look in the logs. Windows firewall rules allow for communication on port 52311. Any ideas why the download to the relay never occurs. Using default settings.
Hey Pete! Any other actions with downloads working or is it all actions that are problematic? Anything interesting in the relay server log files (logfile.txt)? I’m thinking this might be an issue with the whitelist but that message would not be “Pending Downloads”. It would be something like “Failed to process download due to whitelist.”
EDIT: I think the whitelist would prevent the download to the root server completely, so I might be wrong there. I’d have to double check.
If I run a job to set a client setting or a job that does NOT require a download the job runs fine. In the relay log I am seeing a number of CURL 28 errors
Is the root server overloaded?
no only 4 relay and 300 clients. Client are in different cities and are reporting to thier respective relay. No errors clients reporting to main BigFix server
Strange. Probably time to enable some verbose logging on the relay and root server and see if that uncovers anything useful.
Just to double check to make sure nothing was overlooked, and I know you stated the file downloaded, but can you double check the downloads section of action summary itself? You should see “Cached on Server” for the Downloads.
Yes it caches on the server very quickly. I see the file on the server in the sha1 folder but it never gets to the relay and the taget reports pending downloads, but the download never gets to the target or to the relay
Ok. Then yeah I would get the verbose logging going on a relay. The HTTP 28’s are timeouts though so that’s why I was asking about the root server being overloaded. Are those spurious or are they showing up all the time? Anything else in there that looks suspect?
I know that you stated 52311 is open, but I would check to be sure. The way I would do that is with telnet (can use powershell too) from the BES Server to the relay and from the relay to the BES server and then test from the client to the Relay (can’t test from the relay to the client).
Also try moving the client directly to the BES Server and try, see if It is a relay issue.
Not sure if you have seen this, but gives a good layout https://help.hcltechsw.com/bigfix/9.5/inventory/Inventory/security/c_data_interaction.html
Thanks Love the Data Flow graph. Yes TCP is open that why I don’t understand why the downloads from the server to the relay fail. Turning on verbose logging in the relay log I can find the action ID the download and then a message http response 503 resource unavailable. However the download in question is in the cache on the server