BigFix v9.5.5
We are suffering from occasional problems where Console Operators will “lose control” of managed systems.
Consider this Example:
Role : Workstations
AD Group : WorkstationOps
BigFix Group : WorkstationComputers
Computers join the “WorkstationComputers” group based on Relevance. Assume there are 5000 computers in this group.
AD Users are added to the “WorkstationOps” AD Group. Assume that there are 5 members of this group.
The Role “Workstations” associates “WorkstationOps” with “WorkstationComputers”.
All 5 Console Operators can launch their Consoles and manage all 5000 computers. No problems.
Suddenly, 3 of the Console Operators are no longer seeing all 5000 of their computers. They see 250 computers in their Consoles. The other two Console Operators can still see and manage all 5000 computers.
Looking at the Roles as a Master Operator shows that 2 of the Operators in the Role are managing 5000 computers (normal mix of online and offline). 3 of them show that they are managing 250, mostly offline computers. All 5 Console Operators are members of the same Role, using the same Active Directory group. But only 2 are able to actively manage their computers.
It appears that the computers have simply decided to stop trusting 3 of the Console Operators.
To resolve the issue, I have to remove the 3 users from the “WorkstationOps” AD group, send a blank action to all the computers in the “WorkstationComputers” group. Wait for the 3 Console Operators to no longer show as being members of the Role, then add them back to the AD group and repeat the Blank Action.
My questions …
- Why are only 3 of the Console Operators losing control of their computers?
- What process do Endpoints use to determine who their Console Operators are?
- Which system is actually querying Active Directory and not getting the correct information?
- Why don’t the computers eventually discover on their own that they are supposed to trust all 5 Console Operators?