Hello,
I’m setting up a new Relay to point to another Relay (which talks to the Root Server). Where can I download the masthead that would now allow the new Relay to only point to the existing Relay?
Thank you,
Jennifer
The ActionSite.afxm file in the root folder of the BES Server.
If you want it to point to a specific relay, use manual relay assignments…
Right click on the relay, click “Edit computer settings…”
The select and choose your relays…
The ActionSite.afxm file points to the Root Server. But I want the new Relay (not reporting to the console yet) to point to another Relay.
Eventually a Relay is a Client.
So first you need to install the BigFix client of the right environment and on the client settings.cfg assign the Parent Relay.
After that you will need to install the Relay Service
1 Like
What is the OS? For windows you can use a “clientsettings.cfg” file in the folder the installer is ran from.
It would look like this…
IP:http://myhapppyurl:52311/bfmirror/downloads/
__RelaySelect_Automatic=0
__RelayServer1=http://172.25.36.71:52311/bfmirror/downloads/
__RelayServer2=http://172.25.1.158:52311/bfmirror/downloads/Multi-tenancy is a beast! We have 130+ customers.1000+ subnets, 400 relays, 30,000 endpoints.
Many customers have security between networks so setting up a common clientsettings.cfg in a GPO to install the client is not possible. I wrote a batch file that reads a list of the customer’s assigned relays and the batch will ping each relay, check to ensure port 52311 is listening, and if all is good, it will add that relay to a “known good” variable, then places those relays in the clientsettings.cfg file that is builds on the fly.
Also, in multi-tenancy, I highly recommend you use relay affiliation lists.
For most tenants, yes.
I updated the clientsettings.cfg to point to the Relay but the issue still stands that the masthead points to the RootServer and overrides the info in the clientsettings.cfg . In our logs, I see this client reaching out to the RootServer and getting blocked (because our firewall is blocking it, as it should).
Do we need to generate a new masthead that points to the Relay? How can we do this?
You probably want to look at using failover relay in your masthead and client setting _BESClient_RelaySelect_FailoverRelayList
If you set the relays in the clientsettings.cfg correctly (see below), and the installer did not use them, it is most likely because they are not accessible from that endpoint. Make sure the IPs to the correct Relays are correct in the lines and make sure the port is the port you used in your implementation.
__RelayServer1=http://172.25.36.71:52311/bfmirror/downloads/
__RelayServer2=http://172.25.1.158:52311/bfmirror/downloads/
You can also test connectivity by going to the relay diagnostics from that system.
or
http://172.25.1.158:52311/rd
EDIT:
Check the logs, when it first tries to register, is it using the relays from the clientsettings.cfg file?
If it is, what error is it returning when it does?
If it is not, then make sure the file name and the Properties are names correctly.
Also, is the relay you are connecting to an authenticating relay?
1 Like
- Is the same masthead distributed to all the clients even though they may talk to different Relays? The masthead would point to the one RootServer.
2.Do all the clients need TCP 52311 to the RootServer connectivity as well? Or just to the Relay is enough?
Yes, the same masthead is distributed to all the Clients. Client to Relay (and Relay to Relay) configuration is separate from the masthead (though the masthead is the fallback if no configuration is provided).
Clients do not need TCP 52311 to the Root Server…only to their intended parent/Relay.
Are you using authenticating relays?
The masthead does not contain any relays as far as I know. It only has the URL to your root server.
No, the port does not have to be available back to the root server, only to a relay (multiple relays are best).
Port 52311 (The default port). Bidirectional, TCP, UDP is highly recommended between relays and endpoints. ICMP is also highly recommended. ICMP is used during the automatic relay selection process.
It’s not entirely accurate; if “last fallback relay” is set, the masthead does contain a relay. 
We did have that setting for a while but had to remove it. Currently it is not in the masthead at all, since we removed it from with the BES Admin tool.
Multi-tenancy is my passion. BigFix has been a great tool to use to manage all of our customers.
2 Likes