I have some computers that are missing a valid secure registration token for BigFix remote control. Unfortunately I can only identify them when they are reported to me by our service desk. I would like to find them and fix them proactively. To that end I have put together relevance that I think identifies them by only looking at the most recent trc_base file and then checking if it has a line in it that contains “Invalid secure registration token”. This seems to work via a WebUI query however no computers including one I identified earlier today as having the issue are relevant to the fixlet.
(exists line whose (it contains "Invalid secure registration token") of it) of items 1 of (maximum of modification times of files whose(name of it as lowercase starts with "trc_base_") of it, files whose(name of it as lowercase starts with "trc_base_" of it) of it) whose (item 0 of it = modification time of item 1 of it) of folder "C:\ProgramData\BigFix\Remote Control"
1 Like
I’m away from computer, but I suspect the RC client has the log file locked.
Try querying for ‘locked lines’ rather than ‘line’ and see whether that helps?
I figured it out. I just added “pathnames of it” to the file and put that in parentheses and referenced it as a file. Seems kind of convoluted though but it works.
(exists lines whose (it contains "Invalid secure registration token") of it) of file ((pathnames of it) of items 1 of (maximum of modification times of files whose(name of it as lowercase starts with "trc_base_") of it, files whose(name of it as lowercase starts with "trc_base_" of it) of it) whose (item 0 of it = modification time of item 1 of it) of folder "C:\ProgramData\BigFix\Remote Control")
I also added additional relevance to determine that the registration token was added successfully by the fixlet:
NOT (exists lines whose (it contains "RegistrationToken") of it) of file ((pathnames of it) of items 1 of (maximum of modification times of files whose(name of it as lowercase starts with "trc_base_") of it, files whose(name of it as lowercase starts with "trc_base_" of it) of it) whose (item 0 of it = modification time of item 1 of it) of folder "C:\ProgramData\BigFix\Remote Control")
Hi jgallas,
I’m not sure that checking the log would work. The RegistrationToken property is dumped when the service starts or during a log rollover so the presence or not of this in the log is not useful. Also note that the RegistrationToken is blanked just after the Target registration as reported in this doc:
https://help.hcltechsw.com/bigfix/10.0/lifecycle/Lifecycle/Remote_Control/RC_Admin_Guide/rcadm_914_token_callhome_process.html
You can also check in the tgt_info.properties file (stored along with the Target logs) the presence of the following keys; HWKey and RegisteredWith.
If these properties are not present the Target is not registered correctly to to the server.
So you need to deal with the following cases:
-
The RegistrationToken is present but the Target has not registered to the server yet (network issues, server issues etc …)
-
The RegistrationToken is blank and the Target is correctly registered to the server (token provided and used correctly)
-
The RegistrationToken is blank and the Target is not registered to the server (token missing )
Federico
HCL BigFix Lifecycle Team
1 Like
What about if these properties ARE present and the target is still not registered correctly? I have 4 clients that are in that state now.
Hello jgallas,
I suggest you to check the HWKey in the tgt_info.properties file on each Target then search for this HWKey in the RC server using this procedure:
- Click on Targets -> All Targets
- Click on Edit SQL on the top right corner
- Click again on edit SQL then before the statement “ORDER BY A.HWKEY” add this statement:
WHERE A.HWKEY = <hwkey_value> OR A.HWKEY = <hwkey_value> …
For example:
WHERE A.HWKEY = 10 OR A.HWKEY = 11 ORDER BY A.HWKEY
- Click on Update then Submit
NOTE: Don’t worry about the original SQL because this will create just a temporary page with the results. When you will refresh the page the original SQL will be used.
If the HWKey are present they will be shown in the results along with the related information. If any HWKey is missing you need to check the Target log. You can manually trigger a call home by right-clicking on the Target system tray icon then click on “Report status to the server” then check the trc_base_xxx.log file. If a problem is found during the call home it will be reported there.
Federico
HCL BigFix
Lifecycle Team
They were not found and the target logs indicate “Invalid secure registration token”.
Did you check the RegistrationToken property on the Target ?
Is the registration token expired ? By default it has a one month validity period.
In this case you should fall in the case 1:
The RegistrationToken is present but the Target has not registered to the server yet (network issues, server issues etc …)
(… or I would say token invalid or expired)
Federico
HCL BigFix
Lifecycle Team