Hi Team,
Please could you help me as lot of endpoint action status is “evaluating” due to which we are unable to deploy the patches, if we are pushing any patch it is showing as evaluating only
We are using automatic relay selection method.
Thanks,
Ashutosh
Hi,
You may want to look at an endpoint with this issue and view its client log.
My initial guess is that the client cannot clean out a download folder and is thus stuck processing a fixlet that isn’t completing.
Bill
Pretty much the same advice here, but if you can’t easily get to the client logs, check for other actions on the stuck client. Chances are, that one or more other actions are “Running” on the same client. Either a process that’s hung waiting for user input (for which the dialog cannot be displayed because the client is running in the System account), or something else blocking the download folder.
Unfortunately, once the client is “stuck” on another action, you can’t use the client to fix itself (it cannot execute any corrective fixlets). I have an RFE out to create a “maximum execution time” for all actions, after which the client would give up and terminate the stuck action, I’ll try to find the link and post it back here next week.
We’ve had that experience too where clients are stuck ‘running’. It is helpful to have an alternative means of managing those endpoints. WinRM is handy (if it is enabled) for that. Use Powershell to iterate a list of stuck clients and cycle their agent.
+1 on the RFE for max execution time. It would be nice if it were added to the Execution tab of the Take Action dialog where the standard default would apply unless it was specifically set for a particular action.
@strawgate, @JasonWalker: I checked the __Download folder, it in empty state.
Please suggest further to troubleshoot this issue.
Are any other actions on this client in a “Running” state?
Deletion of Download folder resolving the issue however running action is getting failed.
Is there any way so that client will delete the download cache itself to run the other deployed actions.?
Thanks!!
That implies that there was a running process that had the download folder locked. Likely an earlier Action that executed an external program.
This is not normal behavior. Normally the download folder would take care of itself.
You will need to investigate the earlier action to determine what program was being executed, and why it did not terminate correctly.
I dig down the issue on more machines and got to know that one action is stucked in running state and other actions are in evaluating state.
And after restarted the besclient services it stated working…like actions started moving from running and evaluation status.
Is there any way to terminate the stucked running action?
Typically by cycling the agent via external means. Do you have any other management agent on these systems? Or if you have WinRM enabled, you can remotely script the service cycling in powershell.
Stopping a running action will cause the clients to abandon the action and continue (though this may cause stuck files in the download folders).
Find an endpoint that is stuck, check its action history for a, “Running” action, and if there isnt one check the client log.
Dose this issue resolved? How it had resolved?
Yes…there are a couple of solutions in the thread itself, but BigFix later added some automatic recovery options for stuck actions, in version 9.5.11. There are now several client settings you can configure to abandon stuck actions, and to kill the child process of the stuck action. See BigFix 9.5 Patch 11 is now available
If you do configure a global action timeout, be sure it’s long enough. This does not fix the root cause, which usually occurs because the admin did not configured “silent” options for an installer, but it does allow for recovery.
When I set the timeout globally, I usually use a really long value - like 24 hours.
I have seen this when custom content does not have a truly silent, no prompt, install. A prompt will come up but since it is under the “system” context, it will not be seen or answered by anyone, hanging the action
Actually i’m also facing the same issue my ep’s are stuck at evaluating state sine 2 to 3 days & my Bigfix veriosn is 9.2.13.7 is there any way I can resolve this.
Rishabh, you need to figure out what is causing long evaluation -
You can also query client db to check if there is any open/running action still there, using below client relevance query -
Q: if ((column 0 of it as string != "0") OF (row of statement "select COUNT(ActionName) from ACTION_HISTORY WHERE strftime('%25s', 'now')" of sqlite databases of files "ActionHistory.db" of folders "__Global" of data folders of clients)) then ((column 0 of it,column 1 of it, column 2 of it, preceding text of first ":" of following text of first ":s=" of (it as string) as string) of (rows of statements "SELECT datetime(IssuedTime, 'unixepoch', 'localtime'), IssuerName, ActionName, State FROM ACTION_HISTORY INNER JOIN ACTION_STATE_HISTORY ON ACTION_HISTORY.ActionId = ACTION_STATE_HISTORY.ActionID WHERE strftime('%25s', 'now')" of sqlite databases of files "ActionHistory.db" of folders "__Global" of data folders of clients) as string) else "No Actions"
A: 2023-04-23 21:12:41, BFXAdmin, Uninstall Flash Player For Windows, Executed
A: 2023-04-23 21:13:54, BFXAdmin, 5019178: Update for Windows 11 Version 22H2 - Windows 11 - KB5019178 (x64), Executed
A: 2023-04-23 21:13:43, BFXAdmin, 5003279: SQL Server 2016 Service Pack 3 Available (x64), Executed
A: 2023-04-23 22:02:36, BFXAdmin, Multiple Action Group - MS11-025: Vulnerability in Microsoft Foundation Class (MFC) Library Could Allow Remote Code Execution - Microsoft Visual C++ 2008 SP1 Redistributable Package (v2, re-released 6-14-2011), Executed
A: 2023-04-23 22:02:36, BFXAdmin, Multiple Action Group - MS11-025: Vulnerability in Microsoft Foundation Class (MFC) Library Could Allow Remote Code Execution - Microsoft Visual C++ 2008 SP1 Redistributable Package (x64) (v2, re-released 6-14-2011), Executed
A: 2023-04-23 22:02:36, BFXAdmin, Multiple Action Group - MS11-025: Vulnerability in Microsoft Foundation Class (MFC) Library Could Allow Remote Code Execution - Microsoft Visual C++ 2010 Redistributable Package SP1 (x64), Executed
A: 2023-04-23 22:02:57, BFXAdmin, MS23-FEB: Security Update for SQL Server 2016 SP3 CU - SQL Server 2016 SP3 - KB5021128 (x64), Executed
A: 2023-04-23 22:02:47, BFXAdmin, MS23-FEB: Security Update for SQL Server 2016 SP3 GDR - SQL Server 2016 SP3 - KB5021129 (x64), Executed
A: 2023-04-23 22:06:31, BFXAdmin, Multiple Action Group - Update: KeePass v2.53.1 - Windows (x64), Executed
A: 2023-04-23 22:06:31, BFXAdmin, Multiple Action Group - Update: Azure Data Studio v1.42.0 - Windows (x64), Executed
A: 2023-04-23 22:06:31, BFXAdmin, Multiple Action Group - Update: TeamViewer v15.40.8 - Windows (x64), Executed
A: 2023-04-23 22:06:31, BFXAdmin, Multiple Action Group - Update: VLC v3.0.18 - Windows (x64), Executed
A: 2023-04-23 22:06:31, BFXAdmin, Multiple Action Group - Update: WinRAR v6.21.0 - Windows (x64), Executed
A: 2023-04-23 22:06:13, BFXAdmin, Multiple Action Group - Notepad++ 8.5.2 Available, Executed
A: 2023-04-23 22:06:13, BFXAdmin, Multiple Action Group - .NET Runtime (x64) 3.1.32 Available, Executed
A: 2023-04-24 12:09:57, BFXAdmin, OpenSSL 3.0.0 - 3.0.6 Detection - YARA Scan - Windows x64, Executed
A: 2023-04-23 22:02:36, BFXAdmin, Multiple Action Group, Executed
A: 2023-04-23 22:06:31, BFXAdmin, Multiple Action Group, Failed
A: 2023-04-23 22:06:13, BFXAdmin, Multiple Action Group, Failed
A: 2023-05-05 13:17:31, BFXAdmin, Custom Action, Executed
**A: 2023-05-05 13:18:24, BFXAdmin, Custom Action, Running**
T: 3.109 ms