Relay tries to contact HCL

Hi!
I noticed recently in the BESRelay.log on a server not connected to internet, that attempts to connect to http://bfpublicationtest.prod.hclpnp.com/cgi-bin/bfgather/bessupport is done.
Seems to happen at every start of the server.
What is this?
I cannot find any description what it is supposed to do.
Some people, for good reasons, are very sensitive to any undocumented communication.

Any one who knows?

//Christer Borg

It appears to be attempting to pull the BES Support content site, but why it is pulling it from bfpublicationtest.prod.hclpnp.com and not sync.bigfix.com might be due to something in your license…

Expand out Sites -> External Sites -> BES Support in your console and look at the URL that is listed. Is it referencing this server address, or the sync.bigfix.com one?

What version of Relay are you running, and can you post the relevant lines of the log? There is a difference between “trying to connect to that URL” versus “trying to gather that Site” (the latter being a request that is sent to the Root Server, not a direct connection to that URL) and I’d like to see which it is trying.

The external site in the console says Gather URL is http://sync.bigfix.com/cgi-bin/bfgather/bessupport, as normal.

Here is from the BESRelay.log:
…
Wed, 15 Sep 2021 16:39:37 +0200 - Main Thread (3487164544) - Successfully connected to database
Wed, 15 Sep 2021 16:39:37 +0200 - Main Thread (3487164544) - Signature Algorithms: sha256, sha1
Wed, 15 Sep 2021 16:39:37 +0200 - Main Thread (3487164544) - Download Algorithms: sha256, sha1
Wed, 15 Sep 2021 16:39:37 +0200 - Main Thread (3487164544) - TLS Cipher List: HIGH:!ADH:!AECDH:!kDH:!kECDH:!PSK:!SRP
Wed, 15 Sep 2021 16:39:37 +0200 - Main Thread (3487164544) - Successfully read server signing key
Wed, 15 Sep 2021 16:39:37 +0200 - Main Thread (3487164544) - Successfully read client CA key
Wed, 15 Sep 2021 16:39:38 +0200 - Main Thread (3487164544) - Unable to find site id for URL: http://bfpublicationtest.prod.hclpnp.com/cgi-bin/bfgather/bessupportest
Wed, 15 Sep 2021 16:39:38 +0200 - LicenseUpdater (3056781056) - HTTPS connection to {https://gatherer.bigfix.com/cgi-bin/LicenseServerFrontend.pl} was unsuccessful due to {HTTP Error 6: Couldn’t resolve host name: Could not resolve host: gatherer.bigfix.com}
W
…

The bfpublications line seems just to be there once after every server start.
And the log complains about not being able to connect to the gather URL, but that is expected as there is no connection to internet.
I guess that on server with an internet connection you will not see that if tries to connect tobfpublicationtest.prod.hclpnp.com

I have also verified the same logging on other ILMT installations.
So what is going on?
What is HCL trying to do? Installing some PnP stuff?

The version is 10.0.2

I’m not sure what is going on with it. I’m following up internally but you should open a ticket yourself for tracking.

I can tell you that site is one of our QA/test sites. I wouldn’t expect your system to try to gather it unless you had been running a debug-build client or we had given you a masthead or updated your license to gather that site to deliver some debug Fixlets to you.

I would think it could possibly be related to our licensing key center site migration, but I think we’ll need a support ticket to lookup your license specifically. HCL is upgrading our BigFix License Key Center

1 Like

Reading a bit closer, it’s possible at least one client in your deployment is trying to gather the site, and your server’s error message is basically “that site doesn’t exist in my deployment”. Do you have any debug clients anywhere, or using any test content?

I started seeing the same in one of our BigFix instances, we haven’t enabled/disabled any external site recently. It seems like something in the HCL BigFix side is wrong

Actually, seems like it goes back to Thu, 22 Apr 2021

Thu, 22 Apr 2021 21:18:21 -0400 - Main Thread (1596) - Unable to find site id for URL: http://bfpublicationtest.prod.hclpnp.com/cgi-bin/bfgather/bessupportest

Could someone in HCL take a deeper look?

Please open up a support ticket so we can dig into your configuration a bit further. I’m afraid I don’t have much background on how the site publishing works, and I don’t know who does - but the support team will.

(It’s also not very useful for me to check my logs for that site, because it is (for me) a legitimate prerelease content site)

1 Like

Jason,
I will open a ticket, hopefully today.
It was my intention from the start, but just wanted to check if someone in this forum had any idea.

//Christer

1 Like

A support case is now opened!
TS007063000

//Christer

1 Like

It seems to be related to BigFix Plugin Portal.
https://help.hcltechsw.com/bigfix/10.0/platform/Platform/Config/c_pluginportal.html
The strange thing is that the Plugin Portal is not installed on any of the now 8 systems I have checked (plain BigFix Platform && ILMT), but still contact is tried to this hclpnp URL.

Case is on going …

//Christer

I had a similar/identical issue and never got a solution. Was told it’s really just cosmetic and not to worry about it. I woudl like to fix it, but have so many other things to do, it’s just been stashed on the deep backburner.

This issue was fixed in 10.0.3.

For those who run 10.0.2, I confirm the message may be safely ignored as it is the result of a superfluous but harmless check that the BES Server does at startup time on one of its local directories. Although the text of the message may lead one to think otherwise, there’s no underlying attempt of the BES Server to connect to http://bfpublicationtest.prod.hclpnp.com/cgi-bin/bfgather/bessupportest.

4 Likes

Thanks aginestr!
I have verified this, by upgrading one server to 10.0.4, and the message disappeared.
Will see how long it takes IBM Support to find out this.

//Christer