I’m looking to determine if there’s a ActionScript command we can issue to a client that will force the client to evaluate all properties on the Windows workstation. I’ve tried “notify client forcerefresh” but the property isn’t always updated in the database. The client shows it ran the refresh, but the property didn’t update.
Scenario:
During the build process of the PC, the BigFix client evaluates the workstation prior to the completion of the deployment process. As a result, some actions are not relevant as the property is no longer correct. The property has a 1 day refresh rate (evaluate every…).
Goal
After coming out of the build process, I’d like to trigger an automated full refresh of all properties and update the values to the DB.
Alternately, if there’s a command we can issue on the OSD side (e.g. Powershell command to trigger a refresh) that would also work.
Well it works on some clients but not others, and they don’t share too many common factors. I’ve reviewed the client logs, and they are posting successfully. I think the key here is how “Refresh” is defined. Is it:
A. The client will evaluate all properties and post the current data to the DB
of
B, The client collects the values from the last collection period and posts them the DB.
On a side note, I’ve cleared the cache on my console, and verified i have the same data as other console instances. The server logs don’t seem to show any issues with processing the data.
I believe it is “A”, the client re-evaluates all properties and sends a post. I’ve used this to update infrequently-evaluated Analyses (where I have a property set to “Evaluate every 7 days” or such, where I have an Action that may update the result I use the notify client forcerefresh so the Analysis result gets updated).
What OS and what agent version are you on? We were having a similar issue where QNA came back with the data, but the analysis was never refreshing. We still deal with it from time to time. Sometimes we have to delete the analysis and recreate it to get the fresh data.
Hi Masonje,
We only use BigFix on Windows workstations. We only have Windows 7 and Windows 10 running in the environment. BigFix is due for an update as we’re only running 9.2. However, I don’t see any related issues addressed by newer versions.
Here’s a question. Do you have duplicate analysis property names in different sites? That has also caused our client confusion. Cleaning up the duplicates also helped clear up some of our issues.
The pattern is A but the report is flagged as a “FullReport” and this causes the DB to flush all answers/state etc for that endpoint when it arrives so that the endpoint is the absolute source of the data in the DB.
Couple things here. Send Refresh would accomplish your problem but it is a bit of an overkill as everything about the client is refreshed as if the client was a fresh install. Also, if you send a full refresh to a lot of machines at the same time, you will most likely have a massive filldb backlog as your core server processes a large influx of very large client reports. In very large organizations with 10’s of 1000’s of systems, this could cause a denial of service for days as the core processes the client reports. Sending to no more than 50-100 systems at the same time would be a personal recommendation. Also, the right click option in the console may not work for all systems if TCP 52311 bidirectional is not allowed between core and top level relays and between relays. Also the clients in question that are targeted by the refresh, needs to be able to receive incoming UDP 52311 from it’s parent relay. If this traffic is blocked, the client won’t get the refresh command. You could make a fixlet with the action script “Notify Client ForceRefresh” (without the quotes) if you don’t think clients are getting the notification traffic triggered by the console right-click option.
A better option: If you don’t want to lower the evaluation of the property itself to evaluate more often, just restart the bes client service on the clients in question (fixlet available in the BES Support site). A client will evaluate all properties that are on a timed setting (ie once a day) every time you restart the computer, or restart the bes client service. This option is a MUCH better choice, (and less dangerous option) then a “Send refresh” option in console.
I want to emphasize how dangerous that option is and how it is not supposed to be used for things like “getting clients to run actions faster, forcing a client to check in or forcing a client to evaluate a property”. It is mostly used for fixing a client that has been deleted using the computer removal tool and audit cleanup and ends up coming back online and all it’s old data is gone from database.
Restarting the client service via a fixlet in the BES Support site or lowering the evaluation interval of the property itself are the two best options for this issue you are having
I am aware of the dangers of refreshing too many devices at once. We’re an environment of over 85,000 endpoints, and I never refresh more than 50-100 at once. In our scenario it would be conceivable that doing so would also cause a network storm.
I’ll try a client restart. We’ll see if that resolves it.
Just to be extra clear. If a client gets a “Send Refresh” UDP command OR an action with notify client forcerefresh then the client reevaluates everything fresh and sends a full report with all of the results. If that report goes up the chain properly and gets ingested by FillDB, then the property will be updated in the DB which will show up in the console after a slight delay.
If the result is not updated in the console, then something is wrong. Either the relevance is wrong, or something else is going wrong, like the report being rejected by FillDB or something else.
What is the property result before you send the refresh that doesn’t change?
What is the relevance doing?
If the result is or it might be the correct result or the relevance is having some sort of problem. This is more likely with WMI than most other things.
Have you tested this property using the Fixlet Debugger? Using both the client eval mode and the non-client eval mode?