New WebUI Install

Recently installed webui on a remote Windows 2016 server. After installing waited 24 hours before attempting to login. Logging in was successful, but no devices are being displayed. Turned on debug logging, didn’t see any errors in the datasync or framework logs. No errors in the service app log. Check and Node js listening on port 5000, firewall rules allow communication on 52315 and 1433. Not sure why no devices are being displayed. Anyone seen tis before. Any ideas are appreciated.

Are you logging in as the admin user? Have you checked the user role/permissions from the Console?

Yes logging into the webui with a master operator account. Effective permissions are set to Allowed (Globally)

Is any other content like fixlets/tasks visible in the WebUI? Can the root server reach the WebUI on port 5000?
Also check if _WebUI_AppServer_Hostname is set to the WebUI host for the Root Server client.

I assume same operator can login to the Console and see the content and devices.

Can you please post a screenshot of the WebUI after logging in? Also please open a support ticket with HCL BigFix support.

Console connection is great, no issues. No devices or fixlets visable in WebUI. Is there a cache on the webui that could be deleted after stopping the webui server and then it would rebuild once the service was restarted?

What is the WebUI version you see if you go to Application Updates option from menu?

The information is stored in the WewbUI tables in the BFEnterprise database. Also try to clear your Browser cache or try another browser to make sure it’s not browser issue.

Thanks, yes TCP/UDP inbound and outbound port 5000 is open on both the bigfix server and the remote webui server and the _WebUI_AppServer_Hostname is set to the FQDN of the BigFix server.

the _WebUI_AppServer_Hostname is set to the FQDN of the BigFix server.

Can you please confirm if this is set to the WebUI server name or the Root Server name?

and
Server Settings Definitions may be helpful.

_WebUI_AppServer_Hostname should be applied on the root server, and the value should be the fully-qualified name of the WebUI server. If DNS Aliasing is used, the value here should match one of the hostnames in the WebUI certificate. From the first link,

If you are installing the WebUI on a remote server and configuring WebUI to work with SAML, set the _WebUI_AppServer_Hostname key of the BigFix server computer to the host name of the computer where the WebUI is installed.

…but that won’t cause the “invalid SSL” error you’re getting. A port conflict would do that, and I still think that’s the most likely issue here. From the second link, a couple of settings that you should check on the WebUI host are

_WebUIAppEnv_APP_PORT Configures the port to be used by the WebUI. If you are going to use SAML, remember to set the _WebUI_Monitor_Port key of the BigFix server computer to the very same port. (default value is 5000 )

_WebUIAppEnv_APP_PORT_MIN Sets the min port range to use for express apps (set by bfappmonitor). (default value is 5002)

_WebUIAppEnv_APP_PORT_MAX Sets the max port range to use for express apps (set by bfappmonitor). ( default value is 5999 )

In addition, there is one more port that I think is undocumented - 5001, that at one point was used for some internal WebUI loopback traffic. I’m not sure whether it’s even still used, but if so, that can be moved by setting _WebUIAppEnv_INT_PORT

_WebUIAppEnv_INT_PORT (default value 5001)

All of these ports are used only for loopback traffic (and you’ll see they’re listening on “IPv4 Loopback” in Resource monitor - except for _WebUIAppEnv_APP_PORT. That’s the only one accessed by the root server, and you’ll see it’s listening on both “IPv4 Unspecified” and “IPv6 Unspecified”, i.e. “listen on all IP addresses on the WebUI server”. If you move that port off of 5000, you’ll also need to update a setting on the Root Server itself so it can find WebUI, by applying the same port value to _WebUI_Monitor_Port client setting on the Root Server.

I think I may tackle building an Analysis/Healthcheck from this, since it was a bit involved to dig this up…here’s a query I think may be helpful in finding processes that conflict with WebUI. This is just looking at the default port range for now.
This needs to be run in the “Client Evaluation Mode” of the fixlet debugger, else you won’t be able to retrieve the process names and PIDs.

“good” results are that any of these ports are in use by node.exe. “bad” results are any other process listening, in which case you’ll need to stop the other process or move the WebUI port ranges. In my case below, if WebUI ever had to consume ports all the way up to 5985 I’d have some trouble with it as there is a SYSTEM process listening on that port (but I don’t have enough WebUI apps loaded to go that high yet)

q: (local port of it, (pid of it as string | "unknown", name of it | "unknown") of process of it | ("unknown", "unknown")) of sockets whose (listening of tcp state of it and tcp of it and local port of it >= 5000 and local port of it <= 5999) of network
A: 5005, ( 12244, node.exe )
A: 5985, ( 4, System )
A: 5006, ( 12244, node.exe )
A: 5010, ( 13700, node.exe )
A: 5011, ( 7548, node.exe )
A: 5012, ( 4520, node.exe )
A: 5013, ( 6360, node.exe )
A: 5014, ( 6040, node.exe )
A: 5015, ( 9348, node.exe )
A: 5016, ( 1412, node.exe )
A: 5017, ( 5676, node.exe )
A: 5018, ( 11052, node.exe )
A: 5019, ( 6012, node.exe )
A: 5020, ( 11024, node.exe )
A: 5021, ( 5640, node.exe )
A: 5022, ( 10816, node.exe )
A: 5023, ( 12472, node.exe )
A: 5024, ( 12784, node.exe )
A: 5025, ( 9080, node.exe )
A: 5026, ( 12256, node.exe )
A: 5027, ( 10092, node.exe )
A: 5005, ( 12244, node.exe )
A: 5985, ( 4, System )
1 Like

Thank you for the help. This issue has been resolved. Adding the setting _WebUI_AppServer_Hostname to the main BigFix server and setting the FQDN of the remote WebUI server resolved this issue.

Thank you Som and Jason very much.

1 Like