Hi all …
I set up a RHEL Linux 6.7 client according to the instructions here: http://www-01.ibm.com/support/knowledgecenter/SSQL82_9.2.0/com.ibm.tivoli.tem.doc_9.2/Platform/Adm/c_red_hat_installation_instructi.html
I am using BigFix 9.2.6.94.
I want to assign this client to a relay on first use of the BigFix client. So I created the following besclient.config
file and placed it in /var/opt/BESClient
:
[Software\BigFix\EnterpriseClient]
EnterpriseClientFolder = /opt/BESClient
[Software\BigFix\EnterpriseClient\GlobalOptions]
StoragePath = /var/opt/BESClient
LibPath = /opt/BESClient/BESLib
[Software\BigFix\EnterpriseClient\Settings\Client\__RelayServer1]
effective date = Sun,%2004%20Dec%202016%2016:31:01%20+0900
value = http://myrelay.myserver.com:52311/bfmirror/downloads/
[Software\BigFix\EnterpriseClient\Settings\Client\__RelayServer2]
effective date = Sun,%2004%20Dec%202016%2016:31:01%20+0900
value = http://myrelay.myserver.com:52311/bfmirror/downloads/
[Software\BigFix\EnterpriseClient\Settings\Client\__RelaySelect_Automatic]
effective date = Sun,%2004%20Dec%202016%2016:31:01%20+0900
value = 0
[Software\BigFix\EnterpriseClient\Settings\Client\_BESClient_EMsg_File]
effective date = Sun,%2004%20Dec%202016%2016:31:01%20+0900
value = /var/log/BESClient/besclient.log
[Software\BigFix\EnterpriseClient\Settings\Client\_BESClient_EMsg_Detail]
effective date = Sun,%2004%20Dec%202016%2016:31:01%20+0900
value = 10000
[Software\BigFix\EnterpriseClient\Settings\Client\_BESClient_EMsg_EvalLog]
effective date = Sun,%2004%20Dec%202016%2016:31:01%20+0900
value = 1
(Yes, I wanted the extended debugging.)
I created the /var/log/BESClient
directory for the extended debugging log.
As part of my setup, this client can’t connect to the BigFix server directly. I don’t want it to; I am simulating a firewall between my client and the BigFix server by not defining the IP address of my BigFix server in the /etc/hosts
file.
When I start the client for the first time, it gets stuck trying to find the relay. There is a 7 minute delay while this communication is attempted and then it tries to connect to the BigFix server directly, which it won’t; therefore this connection will fail. The relay is not being found even though I have the IP address of myrelay.myserver.com
defined in /etc/hosts
, I can ping it and I can telnet to myrelay.myserver.com on port 52311.
The BESClient log:
ICU local character set: UTF-8
ICU transcoding between fxf and local character sets: DISABLED
ICU transcoding between report and local character sets: DISABLED
At 16:29:27 -0500 -
Starting client version 9.2.6.94
FIPS mode disabled by default.
Cryptographic module initialized successfully.
Using crypto library libBEScrypto - OpenSSL 1.0.1p-fips 9 Jul 2015
Restricted mode
Beginning Relay Select
At 16:37:28 -0500 -
RegisterOnce: Attempting secure registration with 'https://mybigfix.server.com:52311/cgi-bin/bfenterprise/clientregister.exe?RequestType=RegisterMe&ClientVersion=9.2.6.94&Body=0&SequenceNumber=0&MinRelayVersion=7.1.1.0&CanHandleMVPings=1&Root=http://mybigfix.server.com%3a52311&AdapterInfo=00-50-56-9e-57-4c_192.168.40.0%2f24_192.168.40.194_0&AdapterIpv6=00-50-56-9e-57-4c%5efe80%3a%3a250%3a56ff%3afe9e%3a574c%2f64_0'
RegisterOnce: GetURL failed - General transport failure. - winsock error -6 - registration url - http://mybigfix.server.com:52311/cgi-bin/bfenterprise/clientregister.exe?RequestType=RegisterMe&ClientVersion=9.2.6.94&Body=0&SequenceNumber=0&MinRelayVersion=7.1.1.0&CanHandleMVPings=1&Root=http://mybigfix.server.com%3a52311&AdapterInfo=00-50-56-9e-57-4c_192.168.40.0%2f24_192.168.40.194_0&AdapterIpv6=00-50-56-9e-57-4c%5efe80%3a%3a250%3a56ff%3afe9e%3a574c%2f64_0
At 16:39:29 -0500 -
RegisterOnce: Attempting secure registration with 'https://mybigfix.server.com:52311/cgi-bin/bfenterprise/clientregister.exe?RequestType=RegisterMe&ClientVersion=9.2.6.94&Body=0&SequenceNumber=1&MinRelayVersion=7.1.1.0&CanHandleMVPings=1&Root=http://mybigfix.server.com%3a52311&AdapterInfo=00-50-56-9e-57-4c_192.168.40.0%2f24_192.168.40.194_0&AdapterIpv6=00-50-56-9e-57-4c%5efe80%3a%3a250%3a56ff%3afe9e%3a574c%2f64_0'
RegisterOnce: GetURL failed - General transport failure. - winsock error -6 - registration url - http://mybigfix.server.com:52311/cgi-bin/bfenterprise/clientregister.exe?RequestType=RegisterMe&ClientVersion=9.2.6.94&Body=0&SequenceNumber=1&MinRelayVersion=7.1.1.0&CanHandleMVPings=1&Root=http://mybigfix.server.com%3a52311&AdapterInfo=00-50-56-9e-57-4c_192.168.40.0%2f24_192.168.40.194_0&AdapterIpv6=00-50-56-9e-57-4c%5efe80%3a%3a250%3a56ff%3afe9e%3a574c%2f64_0
The extended debug log pretty much says the same thing so I’m not including it here.
If I use the relay’s IP address in besclient.config
instead of the hostname defined in my hosts file, the connection is made. The relevant lines in besclient.config
are changed to:
[Software\BigFix\EnterpriseClient\Settings\Client\__RelayServer1]
effective date = Sun,%2004%20Dec%202016%2016:31:01%20+0900
value = http://192.168.40.187:52311/bfmirror/downloads/
[Software\BigFix\EnterpriseClient\Settings\Client\__RelayServer2]
effective date = Sun,%2004%20Dec%202016%2016:31:01%20+0900
value = http://192.168.40.187:52311/bfmirror/downloads/
The besclient log file when I use IP address shows the connection to the relay was made:
Current Date: January 8, 2016
Client version 9.2.6.94 built for RedHat 5 x86_64
Current Balance Settings: Use CPU: True Entitlement: 0 WorkIdle: 10 SleepIdle : 480
ICU data directory: '/var/opt/BESClient'
ICU init status: SUCCESS
ICU report character set: UTF-8
ICU fxf character set: UTF-8
ICU local character set: UTF-8
ICU transcoding between fxf and local character sets: DISABLED
ICU transcoding between report and local character sets: DISABLED
At 16:49:28 -0500 -
Starting client version 9.2.6.94
FIPS mode disabled by default.
Cryptographic module initialized successfully.
Using crypto library libBEScrypto - OpenSSL 1.0.1p-fips 9 Jul 2015
Restricted mode
Beginning Relay Select
At 16:49:29 -0500 -
RegisterOnce: Attempting secure registration with 'https://192.168.40.187:52311/cgi-bin/bfenterprise/clientregister.exe?RequestType=RegisterMe&ClientVersion=9.2.6.94&Body=0&SequenceNumber=0&MinRelayVersion=7.1.1.0&CanHandleMVPings=1&Root=http://mybigfix.server.com%3a52311&AdapterInfo=00-50-56-9e-57-4c_192.168.40.0%2f24_192.168.40.194_0&AdapterIpv6=00-50-56-9e-57-4c%5efe80%3a%3a250%3a56ff%3afe9e%3a574c%2f64_0'
Unrestricted mode
Scheduling client reset; Computer id changed to 4789552
Configuring listener without wake-on-lan
Registered with url 'https://192.168.40.187:52311/cgi-bin/bfenterprise/clientregister.exe?RequestType=RegisterMe&ClientVersion=9.2.6.94&Body=0&SequenceNumber=0&MinRelayVersion=7.1.1.0&CanHandleMVPings=1&Root=http://mybigfix.server.com%3a52311&AdapterInfo=00-50-56-9e-57-4c_192.168.40.0%2f24_192.168.40.194_0&AdapterIpv6=00-50-56-9e-57-4c%5efe80%3a%3a250%3a56ff%3afe9e%3a574c%2f64_0'
Registration Server version 9.2.6.94 , Relay version 9.2.6.94
Relay does not require authentication.
At 16:49:30 -0500 -
Completed automatic client authentication key exchange.
Client has an AuthenticationCertificate
Created mailboxsite and marking to gather
Relay selected: 192_168_40_187.mycompany.com. at: 192.168.40.187:52311 on: IPV4
[...]
Did I miss something with my attempt to assign a relay on first use of the BigFix client in Linux? If not, does anyone have an explanation as to why it appears to work if I specify the relay’s IP address but not with the relay’s hostname? It’s almost like the hosts file is being ignored by the BigFix client.
Also, once the connection is made, if I try to reassign the relay from 192.168.40.187:52311
to myrelay.myserver.com:52311
with the BigFix console, that fails, too. I am not a Linux expert by any means but I know enough to navigate my way through the command prompt .
Any enlightenment is appreciated!
–Mark