Server Automation Engine not able to process a plan properly

Usage and Config Server Automation
1

I have been working with the BigFix Server Automation REST API for the past two months. I have been able to produce python code that creates, deletes and pushes Server Automation Plans.
After passing some initial tests we were almost ready to complete an automation that schedules the deployment of these plans but I started seeing an strange situation.

The plans look perfectly fine in the console, and I am able to deploy them either via the API or manually.
Some of the actions were reported as failed and when I looked into the actions’ details I noticed that some of the Fixlets(Components of baselines) are being reported with the following error:

image

This fixlet looks perfectly fine, and it is an out-of-the-box fixlet not a custom one.
I have checked and different Fixlets are being reported in the GA with that error.
The only way to avoid that is removing the baseline from the plan and re-adding it manually. However, that is exactly what we are trying to automate.
I may be missing some parameters on the initial creation of the plans but I can’t figure it out since I am not getting any kind of errors when sending the requests to the API.
This is an example of what I am sending:

<?xml version='1.0' encoding='utf8'?>
<sa-rest
	xmlns="http://iemfsa.tivoli.ibm.com/REST"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
	<plan name="Dev_Plan" domain="ALL CONTENT" pending-restart="PausePlan" version="2.0" source-plan-id="undefined" prefetch="false" source-plan-site-url="undefined">
		<description>SA Plan created via API</description>
		<category />
		<source />
		<source-severity />
		<source-release-date />
		<plan-steps>
			<step id="101">
				<baseline fixlet-id="13932" site-type="custom" site-name="MyCustomSite" />
				
			</step>
			<step id="102">
				<baseline fixlet-id="13932" site-type="custom" site-name="MyCustomSite" />
				
			</step>
		</plan-steps>
		<execution-order>
			<step id="101" depends="">
				<on-failure action="StopPlan" targets="IncludeFailed" threshold="100" />
			</step>
			<step id="102" depends="101">
				<on-failure action="StopPlan" targets="IncludeFailed" threshold="100" />
			</step>
		</execution-order>
		<plan-settings>
			<boolean-setting name="exclude-non-reporting-endpoint">true</boolean-setting>
		</plan-settings>
	</plan>
</sa-rest>

The baseline with id=“13932” contains only two Fixlets:

MS25-MAY: Cumulative Update for Microsoft server operating system version 21H2 - Windows Server 2022 - KB5058385 (x64)
MS25-MAY: Cumulative Update for Windows Server 2019 - Windows Server 2019 - KB5058392 (x64)

I added the targets at the time of the execution, but I get the same error if I added them with the creation of the plans.

2

Removing the steps and re-adding them manually with the exact same settings and targets makes the problem to go away. Still working through this since the documentation for SA is the poorest and oldest I have found.

3

Presumably, there’s no difference in the XML produced from the manual re-creation process?

4

That is correct. No differences in the xml

5

I finally found the root cause of this issue.
When a Fixlet/Baseline contains special characters like &, <, and > in the action script, the BigFix Server Automation doesn’t properly parse the content and it returns an undefined result for any action that is taken using the plan action as source either via the console or the API.

This behavior doesn’t happen when I create the SA Plan manually with the exact baseline/fixlet and same settings.

I found an article from two years ago mentioning a similar issue but that was for an older version than the one we are running on and even though the proposed workaround is not clear.

Working on HCL on this hopefully there is a quick solution, if so I will come back and share.

2 Likes