Greetings all,
Odd issue:
I don’t believe relay auto select to be functional at all at the moment, and I think it may have to do with the 52311 port redirecting to https…
So, running the client diags with the -r flag gives me results:
DNS name IP Address Hops RelayVersion
IP IP 6 Not Reached //the IPs are correct I set them with name over ride to test.
correct name IP 5 Not Reached // all good except the not reached
correct name IP 3 Here is where it gets really odd: Not Reached Get Request Failed (http://DNSNAME:52311/cgi-bin/bfenterprise/clientregister.exe?requesttype=version) : 403 Forbidden.
correct name IP 2 Not Reached Get Request Failed (http://DNSNAME:52311/cgi-bin/bfenterprise/clientregister.exe?requesttype=version) : 500 Can’t connect to DNSNAME:52311 (connect: Unknown error).
Those are the 4 types of errors…
Then down further:
Based on these results, BES Client should have chosen (hopcount 1):relay1url or relay1url
BES Client last chose: relay2url
What caused me to start looking at this? I have machines talking to the main BES server and I was trying to move them. I have setup relay affiliation as well as we have some relays that should be used more that are not due to being more hops.
Couple of other things to add…
The relay affiliation seems to work, a small percentage of machines actually do move, very small though.
What kind of tracert dependence is there? I have some that doing a tracert from client to relay comes through clean, others… there are some time outs at certain hops. Is this a problem?
The main BES server has these set:
_WebReports_HTTPServer_HostName http://CORRECT NAME:52311
_WebReports_HTTPRedirect_PortNumber Blank
_WebUI_Redirect_Enable 1
_BESRelay_HTTPServer_PortNumber 52311
See why I think traffic on 52311 is going to https?.. more
notice above: the url for the register service…
http://RELAY:52311/cgi-bin/bfenterprise/clientregister.exe?RequestType=Version works…
http://RELAY:52311/cgi-bin/bfenterprise/clientregister.exe?requesttype=version does not…
on the main server both get redirected to https, and fail a cert check…
What else to try? Thoughts?
THANK YOU ALL, relatively new BigFix admin… So much to learn especially since it is inherited. The previous admin is great and works well with me still! Thanks Pete!
Edit to add, the main server has the autoselectable flag set to 0 and is in its own affiliation group that none of the clients are set to.