(imported topic written by jawed91)
I have upgraded the BES Server and Agents to 7.1.1.315. Earlier today I generated a new certificate and Enbaled Report Encryption from the Admin Tool. How do I know that the BES Client are posting encrypted reports or no. Is there any logs? I checked the logs under Drive:\Program Files\BigFix Enterprise\BES Client__BESData__Global\Logs<current_date>.log but I don’t see anything related to encryption. Is there specific thing I should look for?
Thanks
(imported comment written by SystemAdmin)
Jawed,
Be sure to enable encryption on the BES Client side too using Task #543 ‘BES Client Setting: Encrypted Reports’ in the BES Support site.
To test if the client is encrypting documents, you can add the following two registry keys:
HKEY_LOCAL_MACHINE\SOFTWARE\BigFix\EnterpriseClient\GlobalOptions
CarbonCopyPath (String) - Path to a directory (example: “C:\clientCarbonCopy”)
EncryptedCarbonCopyPath (String) - Path to a directory (example: “C:\clientEncryptedCarbonCopy”)
Once these are in place, when the client posts a report it will put a copy of the report in the CarbonCopyPath directory. If encryption is enabled, it will also put a copy in the EncryptedCarbonCopyPath directory. You can open the two docs in a text editor to verify that the encrypted docs are encrypted.
I also noticed that the client compresses its reports in addition to encrypting them, so there is a little bit of a win there too. Normally, the client doesn’t compress its reports since it assumes the BES Relay will do that at a greater savings but since we think most BES Relays won’t have decrypting abilities and thus can’t compress client reports together, it makes sense to have the BES Client compress its documents before posting them to the BES Relay.
(imported comment written by jawed91)
Tyler:
Thanks for the info. I tried these settings and put in the registry key. I see that BES client is not putting anything on the encrypted folder. Also since yesterday all BES Clients have stopped reporting to the BES Server. Any Idea what should I do now?
Thanks
(imported comment written by BenKus)
Hey jawed,
It is very important that all your relays are upgraded to 7.1 before you enable message level encryption. Can you verify that you have upgraded your relays? Also, you should check your FillDB log in the “FillDBData” folder in the BES Server folder.
You might also want to start up a support call.
Ben