Hi,

I have configured the IBM bigfix Remote control server web portal, I have successfully install the target and managed the target like monitor, chat , etc,… option,but I can manage only my local network,

Also I have configured the remote control broker for outside (internet) user, also when I start the “start broker” session in web portal the following error shown,

Pasted image676×569 73.2 KB

Also I had upload the certificate in the samwe web portal, please find the certificate ipload detail inmy portal,

Pasted image748×596 55.8 KB

how do I resolve this certificate issue from my web portal?

Thanks,
Nagaraj.

Hi Nagaraj,

Can you show me the list of brokers (Admin -> All Remote Control Brokers) and certificates (Admin -> All Trusted Certificates)?

With kind regards,
Chris

Hi,

Please find the below screenshot for your referanse,

Pasted image947×286 8.63 KB

Pasted image947×261 8.59 KB

Thanks,
Nagaraj.

Hi,

Those look correct to me. Can you following the instructions on this support document to enable the debug log of the Controller, try to start a broker session again and send me the controller log?

Thanks,
Chris

Hi,

Please find the below log of remote control application log

10-Feb-2016,23:33:00 [Queue Processor1] [INFO ] - Deleting 0 expired access requests
11-Feb-2016,00:32:59 [Scheduler] [INFO ] - Scheduler awake
11-Feb-2016,00:33:00 [Scheduler] [INFO ] - Running scheduled tasks
11-Feb-2016,00:33:02 [Scheduler] [INFO ] - Scheduler: Sleeping for 60 minute(s)
11-Feb-2016,00:33:02 [Queue Processor2] [INFO ] - Deleting expired access requests
11-Feb-2016,00:33:04 [Queue Processor2] [INFO ] - Deleting 0 expired access requests
11-Feb-2016,01:33:02 [Scheduler] [INFO ] - Scheduler awake
11-Feb-2016,01:33:03 [Scheduler] [INFO ] - Running scheduled tasks
11-Feb-2016,01:33:03 [Scheduler] [INFO ] - Scheduler: Sleeping for 60 minute(s)
11-Feb-2016,01:33:03 [Queue Processor2] [INFO ] - Deleting expired access requests
11-Feb-2016,01:33:03 [Queue Processor2] [INFO ] - Deleting 0 expired access requests
11-Feb-2016,02:33:03 [Scheduler] [INFO ] - Scheduler awake
11-Feb-2016,02:33:04 [Scheduler] [INFO ] - Running scheduled tasks
11-Feb-2016,02:33:06 [Scheduler] [INFO ] - Scheduler: Sleeping for 60 minute(s)
11-Feb-2016,02:33:06 [Queue Processor1] [INFO ] - Deleting expired access requests
11-Feb-2016,02:33:08 [Queue Processor1] [INFO ] - Deleting 0 expired access requests
11-Feb-2016,03:33:06 [Scheduler] [INFO ] - Scheduler awake
11-Feb-2016,03:33:07 [Scheduler] [INFO ] - Running scheduled tasks
11-Feb-2016,03:33:08 [Scheduler] [INFO ] - Scheduler: Sleeping for 60 minute(s)
11-Feb-2016,03:33:08 [Queue Processor2] [INFO ] - Deleting expired access requests
11-Feb-2016,03:33:09 [Queue Processor2] [INFO ] - Deleting 0 expired access requests
11-Feb-2016,04:33:08 [Scheduler] [INFO ] - Scheduler awake
11-Feb-2016,04:33:09 [Scheduler] [INFO ] - Running scheduled tasks
11-Feb-2016,04:33:10 [Scheduler] [INFO ] - Scheduler: Sleeping for 60 minute(s)
11-Feb-2016,04:33:10 [Queue Processor1] [INFO ] - Deleting expired access requests
11-Feb-2016,04:33:11 [Queue Processor1] [INFO ] - Deleting 0 expired access requests
11-Feb-2016,05:33:10 [Scheduler] [INFO ] - Scheduler awake
11-Feb-2016,05:33:12 [Scheduler] [INFO ] - Running scheduled tasks
11-Feb-2016,05:33:16 [Scheduler] [INFO ] - Scheduler: Sleeping for 60 minute(s)
11-Feb-2016,05:33:16 [Queue Processor2] [INFO ] - Deleting expired access requests
11-Feb-2016,05:33:17 [Queue Processor2] [INFO ] - Deleting 0 expired access requests
11-Feb-2016,06:33:16 [Scheduler] [INFO ] - Scheduler awake
11-Feb-2016,06:33:16 [Scheduler] [INFO ] - Running scheduled tasks
11-Feb-2016,06:33:17 [Scheduler] [INFO ] - Scheduler: Sleeping for 60 minute(s)
11-Feb-2016,06:33:17 [Queue Processor2] [INFO ] - Deleting expired access requests
11-Feb-2016,06:33:19 [Queue Processor2] [INFO ] - Deleting 0 expired access requests
11-Feb-2016,07:33:17 [Scheduler] [INFO ] - Scheduler awake
11-Feb-2016,07:33:18 [Scheduler] [INFO ] - Running scheduled tasks
11-Feb-2016,07:33:19 [Scheduler] [INFO ] - Scheduler: Sleeping for 60 minute(s)
11-Feb-2016,07:33:19 [Queue Processor1] [INFO ] - Deleting expired access requests
11-Feb-2016,07:33:20 [Queue Processor1] [INFO ] - Deleting 0 expired access requests
11-Feb-2016,08:33:19 [Scheduler] [INFO ] - Scheduler awake
11-Feb-2016,08:33:20 [Scheduler] [INFO ] - Running scheduled tasks
11-Feb-2016,08:33:20 [Scheduler] [INFO ] - Scheduler: Sleeping for 60 minute(s)
11-Feb-2016,08:33:20 [Queue Processor1] [INFO ] - Deleting expired access requests
11-Feb-2016,08:33:21 [Queue Processor1] [INFO ] - Deleting 0 expired access requests
11-Feb-2016,09:33:20 [Scheduler] [INFO ] - Scheduler awake
11-Feb-2016,09:33:21 [Scheduler] [INFO ] - Running scheduled tasks
11-Feb-2016,09:33:22 [Scheduler] [INFO ] - Scheduler: Sleeping for 60 minute(s)
11-Feb-2016,09:33:22 [Queue Processor1] [INFO ] - Deleting expired access requests
11-Feb-2016,09:33:22 [Queue Processor1] [INFO ] - Deleting 0 expired access requests
11-Feb-2016,10:12:54 [Default Executor-thread-21612] [INFO ] - CallHomeDAO::processCallHome: Received update for target with hwKey[3]
11-Feb-2016,10:13:34 [Default Executor-thread-21349] [INFO ] - Logon: auto invalidating session
11-Feb-2016,10:13:35 [Default Executor-thread-21349] [INFO ] - LogonAction: User [admin] Authority [A] Session [5e8mUse8YQ-Fuka0VhXUgQx]
11-Feb-2016,10:13:36 [Queue Processor2] [INFO ] - Processing report[All Targets]
11-Feb-2016,10:13:36 [Queue Processor2] [INFO ] - Processed report[All Targets] in [171] milliseconds
11-Feb-2016,10:20:01 [Default Executor-thread-21495] [INFO ] - CallHomeDAO::processCallHome: Received update for target with hwKey[4]
11-Feb-2016,10:33:22 [Scheduler] [INFO ] - Scheduler awake
11-Feb-2016,10:33:22 [Scheduler] [INFO ] - Running scheduled tasks
11-Feb-2016,10:33:22 [Scheduler] [INFO ] - Scheduler: Sleeping for 60 minute(s)
11-Feb-2016,10:33:22 [Queue Processor1] [INFO ] - Deleting expired access requests
11-Feb-2016,10:33:22 [Queue Processor1] [INFO ] - Deleting 0 expired access requests
11-Feb-2016,10:35:55 [ReportManager] [INFO ] - Removing aged report [All Targets] at index [0]
11-Feb-2016,11:00:10 [Default Executor-thread-22136] [INFO ] - Logon: auto invalidating session
11-Feb-2016,11:00:13 [Default Executor-thread-22136] [INFO ] - LogonAction: User [admin] Authority [A] Session [MuE7eKb-gW9mtD3PN7zNYF7]
11-Feb-2016,11:00:15 [Queue Processor2] [INFO ] - Processing report[All Targets]
11-Feb-2016,11:00:15 [Queue Processor2] [INFO ] - Processed report[All Targets] in [343] milliseconds
11-Feb-2016,11:20:56 [ReportManager] [INFO ] - Removing aged report [All Targets] at index [0]

Is this right?

Thanks,
Nagaraj.

Hi,

I’m afraid I need the log of the controller, not the log of the server. See the 3rd section in http://www-01.ibm.com/support/docview.wss?uid=swg21640296. Also, close all browser windows to make sure the log setting becomes effective before trying to recreate the problem.

With kind regards,
Chris

Hi,

Sorry for my previous post, because i am the new of this remote control feature in bigfix,
also i did not installed the controller in any machines from my network, i have only using the web portal page,

also now please find the below error shown in broker log FYR,

2016.02.12-10:09:52.249 (GMT) ERROR [ 6552] comm: failed to connect to 'localhost' port 80
2016.02.12-10:09:52.259 (GMT) INFO  [ 6552] comm: retrying heartbeat in 120 seconds
2016.02.12-10:11:52.268 (GMT) INFO  [ 6552] comm: doing heartbeat
2016.02.12-10:11:52.278 (GMT) INFO  [ 6552] Connection to Server: 'localhost' (127.0.0.1) on port 80
2016.02.12-10:11:53.289 (GMT) ERROR [ 6552] Connection FAILED!!
2016.02.12-10:11:53.298 (GMT) ERROR [ 6552] comm: failed to connect to 'localhost' port 80
2016.02.12-10:11:53.308 (GMT) INFO  [ 6552] comm: retrying heartbeat in 120 seconds
2016.02.12-10:13:53.317 (GMT) INFO  [ 6552] comm: doing heartbeat

Also I will send the controller log which you guide the link in your previous post soon,

Thanks,
Nagaraj.

Hi,

I have all the log file, but I did not upload the text file from here, if you have any other source I will send the required log file

excepted the log like 1. C:\Program Files\ibm\tivoli\TRC\server\PROFILES\TRCPROFILE\logs\TRCSERVER\SystemOut.log

because this location is not there in the TRC server,

Thanks,
Nagaraj.

Hi,

Please find the below some error shown in TRC.log file,

09-Feb-2016,19:18:48 [Default Executor-thread-232] [ERROR] - Running SQL[INSERT INTO ASSET.TRUSTED_CERTS ( SUBJECT , PEM_DATA ) VALUES ( 'CN=IBMSCCD1.rakshatest.com,OU=IT,O=Raksha Technologies Pvt Ltd,L=Chennai,ST=TN,C=IN' , '-----BEGIN CERTIFICATE-----
MIIE6zCCA9OgAwIBAgIQfCer37pNimi2t/aEcJ+0STANBgkqhkiG9w0BAQsFADCB
jTELMAkGA1UEBhMCVVMxHTAbBgNVBAoTFFN5bWFudGVjIENvcnBvcmF0aW9uMTAw
LgYDVQQLEydGb3IgVGVzdCBQdXJwb3NlcyBPbmx5LiAgTm8gYXNzdXJhbmNlcy4x
LTArBgNVBAMTJFN5bWFudGVjIFRyaWFsIFNlY3VyZSBTZXJ2ZXIgQ0EgLSBHMzAe
Fw0xNjAyMDkwMDAwMDBaFw0xNjAzMTAyMzU5NTlaMIGBMQswCQYDVQQGEwJJTjEL
MAkGA1UECAwCVE4xEDAOBgNVBAcMB0NoZW5uYWkxJDAiBgNVBAoMG1Jha3NoYSBU
ZWNobm9sb2dpZXMgUHZ0IEx0ZDELMAkGA1UECwwCSVQxIDAeBgNVBAMMF0lCTVND
Q0QxLnJha3NoYXRlc3QuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAyJ83BPZetHAlEpf27FTuyIx9yeUVn3J8vYr7OU3KBdYOCXcXUM6EzGjBkAqB
gTuBIS4oTqJDUjA0GN9ikmhQe0Qhu+lODfejvfbvcxRELyhZtJ+rfaQHH+qimhHv
FEZRDB9jk9wZf+EDdVVSr7pN+I8J5+DyrG9VIFPLkgMjWhBXALKCvFjMQ9R8VCDZ
qVividovZ8uw8Yel2V7p3yP5L6PH/pwWHO+hsQXuJmCsarOC0MN3MDafu26VZq5T
h0jgaiMV5rViwK0zcHROulyo31Q8K08pH2CinkHeE+8zkdj9mqmFSdEqPveWEEk2
mnI0rozDPGS3p5qWW3Xc4xWr4wIDAQABo4IBTzCCAUswIgYDVR0RBBswGYIXSUJN
U0NDRDEucmFrc2hhdGVzdC5jb20wCQYDVR0TBAIwADAOBgNVHQ8BAf8EBAMCBaAw
KwYDVR0fBCQwIjAgoB6gHIYaaHR0cDovL3JlLnN5bWNiLmNvbS9yZS5jcmwwZQYD
VR0gBF4wXDBaBgpghkgBhvhFAQcVMEwwIwYIKwYBBQUHAgEWF2h0dHBzOi8vZC5z
eW1jYi5jb20vY3BzMCUGCCsGAQUFBwICMBkMF2h0dHBzOi8vZC5zeW1jYi5jb20v
cnBhMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAfBgNVHSMEGDAWgBSp
8EYB+q89iUDnFiFocUQ1XSrQvjA2BggrBgEFBQcBAQQqMCgwJgYIKwYBBQUHMAKG
Gmh0dHA6Ly9yZS5zeW1jYi5jb20vcmUuY3J0MA0GCSqGSIb3DQEBCwUAA4IBAQBA
a92azZdtUWbCE0sbbrtxSfHzRJwsqSjXrOHAbUrSTpkVG1fJRlShX2fvjiPjfOpd
QYeumpxxKbO0ql9ZxXk+aiytS6Cil7U4bljM7OWLuR4NEWnz/E5yhpY22fI+Tale
sfEM54EmBKsRl+YPdSm6Wr4DIvUNEHmGIlTNYaua4wZN99HUI752QxyD9OeHDXlC
qKQvRV0nWEEBNMPuCyIBGQwSP8VWVSydG14Oh28eK09PxzA+RD62kVXragmnc/6X
msp5zCj9AIbcDiXz69ox0LjcmFzW/JKcZe9WFDLs7iFUrdOIg9mEldXDbgkd8V74
Jy2B2YY5lGE3nMyU/3zv
-----END CERTIFICATE-----' )] caused error [String or binary data would be truncated.]
09-Feb-2016,19:18:48 [Default Executor-thread-232] [INFO ] - Changing the width of table [ASSET.TRUSTED_CERTS] column [PEM_DATA] from [1500] to [1792]
09-Feb-2016,19:18:50 [Default Executor-thread-232] [INFO ] - DBInfo(): Adding DB information for table[ASSET.TRUSTED_CERTS]
09-Feb-2016,19:18:50 [Default Executor-thread-232] [INFO ] - DBInfo(): Reading column information for table[93]
09-Feb-2016,19:18:51 [Default Executor-thread-232] [INFO ] - DBInfo(): Reading primary key information for table[93]
09-Feb-2016,19:18:51 [Default Executor-thread-232] [INFO ] - DBInfo(): Reading foreign key information for table[93]
09-Feb-2016,19:18:52 [Default Executor-thread-232] [INFO ] - DBInfo(): Reading index information for table[93]
09-Feb-2016,19:18:52 [Default Executor-thread-232] [INFO ] - Running recompiled SQL
09-Feb-2016,19:18:52 [Default Executor-thread-232] [INFO ] - Added new trusted certificate with subject [CN=IBMSCCD1.rakshatest.com,OU=IT,O=Raksha Technologies Pvt Ltd,L=Chennai,ST=TN,C=IN]
09-Feb-2016,19:18:52 [Default Executor-thread-232] [INFO ] - Query: Aliasing Table name [TRUSTED_CERTS]
09-Feb-2016,19:18:52 [Queue Processor2] [INFO ] - Processing report[All Trusted Certificates]
09-Feb-2016,19:18:52 [Queue Processor2] [INFO ] - Processed report[All Trusted Certificates] in [343] milliseconds
09-Feb-2016,19:20:43 [Default Executor-thread-243] [ERROR] - Running SQL[INSERT INTO ASSET.LIVEPOINTS ( PORT , LAST_UPDATE , IP_ADDRESSES , DOMAIN_NAME , OS_NAME , USER_LANGUAGE , TIMEZONE , LOGGED_USER , RC_STATE , TARGET_ID , TARGET_VERSION , HWKEY ) VALUES ( 888 , '2016-02-09 19:20:43.348' , '0:0:0:0:0:0:0:1;192.168.100.183' , 'rakshatest.com' , 'Microsoft Windows Server 2008 R2, Version 6.1.7601 (SP 1)' , 'en' , '-5:30' , '' , 1 , '5f2782617d1b382aff9d5bc1a3c5f839' , '9.1.2.20' , 1 )] caused error [String or binary data would be truncated.]
09-Feb-2016,19:20:43 [Default Executor-thread-243] [INFO ] - Changing the width of table [ASSET.LIVEPOINTS] column [OS_NAME] from [50] to [57]

Thanks,
Nagaraj.

Hi,

Now the remote control has been successfully working in my environment,

Thanks,
Nagaraj,

Can you please share us, how was the issue actually resolved?

Hi,

I have installed TRC server in my environment and installed the broker component in another machine using IBM Bigfix console,

I have generated the two certificate using ikeyman too from JAVA , one for main server (jks format), and another one is broker certificate (.p12) format,
The broker certificate .p12 and .cerm generated the broker fully domain name, after paste the cerm certificate in TRC server console–>admin–>new certificate–>paste the cert file content and submit,

Then the broker.property file need to change some entry, the file is located the broker machine installed directory–>program data–>tivoli–>broker–>broker.property file,

Public address and port for this broker

PublicBrokerURL =test.testdomain.com:443

Server configuration

ServerURL =https://test1.testdomain.com/trc

DefaultPortToListen = 443

DefaultSourcePort = 0

DefaultBindTo = 0.0.0.0conform

DefaultBindTo6 = ::

DefaultRetryDelay = 45
DefaultKeepAlive = 900
DefaultTLSCertificateFile = key.p12
DefaultTLSCertificatePassphrase = certificate password

Inbound connections

prefix.ConnectionType = Inbound
prefix.PortToListen = 443

prefix.BindTo = see DefaultBindTo

prefix.RetryDelay = 45
prefix.TLSCertificateFile = key.p12
prefix.TLSCertificatePassphrase = certificate password

prefix.TLSCipherList = see DefaultTLSCipherList

prefix.AllowEndpoints = yes

prefix.AllowBrokers =

Reverse proxy connection
prefix1.ConnectionType = InboundHTTPS
prefix1.PortToListen = 443

the above is broker property change content file format,

after change the property file using the start broker session link–>from TRC admin console home page,

the link has been generated from the TRC web console,

The link has been accessible from outside of the network mean , we need to enable the NAT policy from the gateway ,

The host broker name, also need Global DNS record for resolving the broker host name, the port number is 443 ,

If you need more details please revert back the same,

Thanks,
Nagaraj,

Thanks for taking your time to explain the solution.
This might help someone in the future.

Note: Can you please mark this thread as Solved.
Solved: IBM BigFix Remote Control Broker session error.

Done:

Would be nice if Discourse (the forum software) had a way to do this already, marking as done/solved/completed through a UI element and icon. This is one of the few things that is actually lacking from the switch from DevWorks to here, but I would never want to go back, that is for sure.

As a forum, those options should be available by default to the thread creator.
Not sure why this portal is missing those.

Might be a Admin or Mod should check with discourse and see if a plugin is already available.

<------

Anyone can talk to Discourse about feature requests here: feature - Discourse Meta

Seems there is an official plugin: Discourse Solved - plugin - Discourse Meta

Related:

• GitHub - discourse/discourse-solved: Allow accepted answers on topics
• Discourse Solved - plugin - Discourse Meta