Hi everyone, I am having problems with bigfix 9.5, premising that I have already checked for errors due to the compatibility of my bigfix server with the other components. My problem is that when I launch the installation of the disconnected scanners on the computers via fixlet, I get an error given by as if the bes agent could not get to the machines, I have already checked that oprta 52311 was open and I understand that the PCs are communicating with the server correctly. The question is what could the error be due to that is not letting me get the parts communicating?
I think we might need some more detail on what you’re trying to do. Which Disconnected Scanner are you talking about? Can you give us the fixlet site and fixlet ID?
I’m not sure I understand why one would run a Disconnected Scanner on a machine that has a connected BESClient (at least if you mean the BigFix Inventory disconnected scanner…)
fixlet ID is 00-229 - install disconnected Scanner on UNIX. . I launched the installation of disconnected scanners from a BFClient because after migration I have to make the computers communicate with bigfix and ilmt
yes, it is in IBM License Reporting (ILMT) V9 , i would install the disconnected scanned on unix 9.2.38 in the computers, but the status of the action is ‘not reported’. The UDP gate 52311 confirmed is enabled. how can I solve this unreported status?
Ok, and are you getting an error message, or they’re just staying ‘Not Reported’ ?
‘Not Reported’ usually means the client has not received the UDP notification and is not aware of the existence of the new action. That may be any firewall in between, or host-based firewall on the endpoint, blocking UDP. To workaround UDP notification blockages we’d normally suggest Command Polling or Persistent Connections. Otherwise you could restart the BESClient server on the endpoint, or wait for it to perform a relay selection (every 6 hours by default) and at that time it will see the new action.
If you’re actually getting an error (besides ‘Not Report’) for the action, we’ll need some more details. You may be better off opening a Support ticket to get live support.
Hi Jason,
Thanks for your time, we would update you regarding the issue in the topic.
The connection to UDP port 52311 is working and running (not block by firewall)
We are unable to launch the ‘install or upgrade scanner on Unix’ fixlets on the clients (sorry just a typo, not disconnected scan). As already indicated the clients at install time get stuck giving a string in the fixlet detail.
To give you more information we have migrated to the cloud (AWS) with a back-up of ILMT and BigFix (same masterhead, but with the new URL to the server). ILMT and BigFix console are installed on OS Microsoft and the clients are with OS Unix.
We observe from the client logs that the error <FAILED to Synchronize - BigFix could not verify the authenticity of the site content. - 21NoAuthorizedSignature (Digest Algorithm “sha1” not allowed or invalid) - gather url - "New server URL"> is reported. We have therefore followed the procedures from the reported link ‘’ “BigFix Client cannot verify digital signature for actionsite - Customer Support”, without resolving the problem.
Could you give us more support on this problem?
Strongly suggest you open a support ticket. And give them all the details. It sounds like you’ve made major changes in the deployment and the first thing to do is make sure your masthead and server are good.
One thing to note is that if your clients had a masthead where the server was set for Enhanced Security (sha256 signatures), the new server must also be configured the same. Check for that in the Security tab of the BESAdmin Tool.