Setting TEM to manage remote endpoint across firewall

system · November 5, 2011, 12:29pm

(imported topic written by GhufranShah)

Hi all,

I’m setting up a TEM environment to manage a device across the internet.

This is the setup:

TEM in DMZ (hostname “tem”)

| (1 firewall with 52311 open)

|

Relay in (Customer Network) (172.x)

TEM Client (Customer Network) (172.x)

Scenario 1: Without any relay, the TEM client can register to the TEM server successfully when TEM can be DNS resolved by the client.

Scenario 2: A relay is installed. The relay has been configured to connect to the TEM server, with besrelay.cfg containing:

__RelayServer1=http://:52311/bfmirror/downloads/

The relay connects to the TEM, and the relay logfile contains:

Sat, 05 Nov 2011 06:58:38 +0000 - BES Relay version 8.1.617.0 starting

Sat, 05 Nov 2011 06:58:38 +0000 - OpenSSL Initialized (Non-FIPS Mode)

The relay appears in the TEM console.

The client is configured to connect to the relay, with clientsettings.cfg containing :

__RelayServer1=http://172.16.101.148:52311/bfmirror/downloads/

_BESClient_Comm_CommandPollEnable=1

_BESClient_Comm_CommandPollIntervalSeconds=600

Now that the client cannot resolve DNS name of the TEM server, there is a registration error in the logfile.

RegisterOnce: Attempting to register with ‘http://tem:52311/cgi-bin/bfenterprise/clientregister.exe?RequestType=RegisterMe&ClientVersion=8.1.617.0&Body=0&SequenceNumber=9&MinRelayVersion=6.0.0.0&CanHandleMVPings=1&Root=http://tem%3A52311&AdapterInfo=44-45-53-54-42-00_0.0.0.0%2F0_0.0.0.0_0&AdapterInfo=00-0c-29-ff-a8-a3_172.16.101.0%2F24_172.16.101.129_0’

At 06:44:03 +0000 -

RegisterOnce: GetURL failed - General transport failure. - winsock error -8 - registration url - http://tem:52311/cgi-bin/bfenterprise/clientregister.exe?RequestType=RegisterMe&ClientVersion=8.1.617.0&Body=0&SequenceNumber=9&MinRelayVersion=6.0.0.0&CanHandleMVPings=1&Root=http://tem%3A52311&AdapterInfo=44-45-53-54-42-00_0.0.0.0%2F0_0.0.0.0_0&AdapterInfo=00-0c-29-ff-a8-a3_172.16.101.0%2F24_172.16.101.129_0

At 06:46:04 +0000

Any ideas on how to fix this?

BenKus · November 6, 2011, 1:17am

(imported comment written by BenKus)

It looks like the agent is saying that it can resolve the tem:52311 relay, but when it tries to connect to the relay, it can’t register. The -8 error indicates a connection error (not a DNS issue). This could be because the agent can’t connect to the relay for some reason OR that the relay can’t forward the registration request to the server for some reason.

You might double-check that the agent on the relay is working to verify if the relay can actually connect to its parent.

Ben

system · November 7, 2011, 1:32am

(imported comment written by GhufranShah)

Thanks for your reply Ben.

The agent on the relay is connected successfully to the TEM.

The agent machine can ping and telnet on 52311 to the relay IP. I’ve removed the DNS settings from this agent so that is does not resolve the hostname “tem” to an IP. It was resolving “tem” to another internet IP.

The error is now a -6. I cannot see any reference to the Relay IP address that the agent should connect to, in the this agent log file? Should we see such an entry?

At 22:26:42 +0000 -

RegisterOnce: Attempting to register with ‘http://tem:52311/cgi-bin/bfenterprise/clientregister.exe?RequestType=RegisterMe&ClientVersion=8.1.617.0&Body=0&SequenceNumber=450&MinRelayVersion=6.0.0.0&CanHandleMVPings=1&Root=http://tem%3A52311&AdapterInfo=44-45-53-54-42-00_0.0.0.0%2F0_0.0.0.0_0&AdapterInfo=00-0c-29-ff-a8-a3_172.16.101.0%2F24_172.16.101.129_0’

At 22:26:44 +0000 -

RegisterOnce: GetURL failed - General transport failure. - winsock error -6 - registration url - http://tem:52311/cgi-bin/bfenterprise/clientregister.exe?RequestType=RegisterMe&ClientVersion=8.1.617.0&Body=0&SequenceNumber=450&MinRelayVersion=6.0.0.0&CanHandleMVPings=1&Root=http://tem%3A52311&AdapterInfo=44-45-53-54-42-00_0.0.0.0%2F0_0.0.0.0_0&AdapterInfo=00-0c-29-ff-a8-a3_172.16.101.0%2F24_172.16.101.129_0

system · November 7, 2011, 1:45am

(imported comment written by GhufranShah)

On the relay, which I enter the registration URL in a browser, I get the output:

Success

7382157

8

52311

8.1.617.0

0

No WakeOnLAN adapter selected.

However, there is no sign of the agent appearing in the console.