As we’re carrying on with our deployment, we’re repeatedly getting cases of installation engineers not putting in the right IP addresses and/or hostnames when installing BigFix agents. As our environment is heavily segmented by several tiers of firewalls the clients must connect through a relay and can never speak to the BES Server directly. We’ve been using installation packages to prompt for the information, but this approach is clearly failing us. At the same time it’s not feasible (or maintainable) to have tens of different packages for all the different environments.
So - as we know that there’s a list of relays for autoselection we can either write a wrapper script to test the relay connectivity at install and then inject the correct pair into the install prior to first connect
or, and we’d much more prefer this ,
would it be possible to do autoselect on (actually prior to) the first connection being made?
If the agent can’t connect to the server then how will it know the list of relays available to autoselect?
Here is something you can try, but I am not sure if it will work:
Manually put the relays.dat from another agent into the folder “C:\Program Files\BigFix Enterprise\BES Client__BESData\actionsite” before installing the agent.
One of my clients put up a relay that handle 1800 to 1900 BES clients in branch office in overseas with a WAN connection.However , Not all the clients checking to the branch relay instead to the Main BES server in HQ , causing WAN traffic congestion. This problem happens when the PCs are configured as auto selection .
The Primary BES relay is configured as Branch relay and secondery BES relay is configured as BES root server in HQ
I have done the following troubleshooting but seem not getting the desired answer.
BESClient_relay_name override .
ICMP test shows TTL =126 to the relay and TTL= 125 to the Main root server.
What are the alternative tests I can perform in solving my client problem without uninstall every BES agent in every PC?
The primary and secondary relay settings don’t matter during the automatic selection process. Since your main server is “closer” than the relay (125 < 126), clients will chose the main server instead of the relay.
You have 3 primary options:
126 hops is a very long client to relay distance, particularly for 2000 clients. Can you put a relay closer? This is the best option.
Put machines in that area on manual selection
Give machines in that area a lower max TTL and set the relay you’d like them to use as their fail over.
I gained better understanding on the situation after reading your comment.
I would like to have quick check with you on the options you provided to me.
1.How do I put my relay closer for the 2000 clients? By means of physical movement or something else?
Can I set my MAX TTL to 120 ? My custom setting syntax is “Name”=_BESClient_RelaySelect_FailoverRelay and http://TheRelayIPaddress:port/bfmirror/download/ at “setting Value” row?
This is really something you should speak to your BigFix representative about because properly setting up relay infrastructure is very important to get right, and it requires detailed knowledge of your network. Typically it’s very easy to implement once you decide how it should be done.
But to answer just a little bit, you can make any Windows 2000 or newer machine a relay by running the install relay task in the BES Support site. Clients near that machine will then send all the traffic through that relay. Consider a network that has many branch locations and a single central office… You’d probably want a relay at each branch and then a few relays at the main office. However, you need to be careful in your design because you don’t want something like a client at one branch selecting a relay at another branch, or a client at the main office selecting a relay at the branch.
I highly recommend that you contact your BigFix representative to arrange consultation on setting up your relay infrastructure.
I have taken over our Bigifx environemnt and I’m trying to figure out how to set the external relay as the secondary. The external relay is only available if it is all ready looking to it. On machines where i want to set it; the option is not there. Am I missing something?
You mean in the dropdown box in the “Edit Computer Settings” dialog? If so, that list should show all active relays by their dns name. You don’t see the relay listed there?
,