I have a couple of clients that don’t seem to want to take any actions or commands from the sites they are subscribed but they post their report after the evaluation cycle has completed so it looks like the client is functioning as far as analyzing and sending results. If we restart the client it takes the actions that are open and continues normally for a time then after a while it stops taking actions again. Without having log in access to this device and without having to go to our SAs to restart the BESClient service, what is solution for this? The next chance I get I plan to implement the command polling setting but until it gets the newest version of the site, it won’t take the action to set it.
You should definitely enable command polling. I am enabling command polling for once every 6 hours for all clients and once an hour for all clients that are not receiving the UDP notifications. Command polling primarily impacts the Parent Relay of the client, which I am not concerned about putting more load on.
This does sound like the clients are not getting the UDP notifications from their parent relay, which should mean firewall/network related problems.
I’m not sure of any firewall issues. The image this server was built from doesn’t show the same issue with other servers built from the same image so there shouldn’t be any additional local rules rejecting the UDP commands.
I wouldn’t be able to implement this until it starts responding again
Nothing. The log doesn’t show it received the ping.
None that I’m aware of. No other servers of this OS/image have this issue that I can see.
( this will work as a policy action applied to all clients, but you should test it. You might want to tweak some of the days of delay thresholds in the relevance, or have another task that automatically increases the command polling time if UDP commands start getting through. )
You should also investigate firewall issues of the client itself and any NAT or firewalls between it and it’s parent relay. In this case it is UDP traffic from the Relay to the Client that is not getting through.
Does the client have a public or private IP address? Is it behind a NAT? Is it behind a Hardware Firewall?
Just be aware it will show none if the client has just started. But if the client has been running a while and you have sent new sites or a Refresh then it definitely should show something if UDP is getting in
It’s less the relevance and more the statistics. They are stored client side and when a client is restarted, the statiistics wipe and report in with nothing.
Actually you’re right (I forgot I serialized that out)
What I was more meaning to mention is that you should always check the last command time against the last registration time to see if THAT relay can send you anything.
A bit of a long shot, but is it possible you have another application grabbing port 52311?
You’d see that in the results of netstat -anob
Depending on whether you’ve customized the ephemeral port range, you may need to reserve 52311 to prevent the OS from allocating that to applications randomly.
There’s a fixlet for that in the BES Support site.
Usually when I see clients that are responding, but not picking up actions, it can be one of the other causes already discussed or it can be that part of the site metadata on the client is corrupt. If the client takes an action from one site, but not another site, that is a good clue. Sometimes that actionsite itself on the client becomes corrupt.
Chkdsk sometimes resolves these. Sometimes stopping the client and moving (not copy or delete) the offending site to another part of the file system (make a folder outside of the client folder structure). Sometimes the site signature gets corrupt on the client. When content in the site is altered and a new signature is generated, that can also cause clients to suddenly start working again.
I would like to understand how I can upload “http://bigfix.me/fixlet/details/3798” BES file in my iLMT Server.
My ILMT Server is not connected to internet. I have downloaded the file "Configuration-BES_Client-Automatically_enable_Command_Polling-_Universal.bes"
I would like to know
1- how to upload this file to my ILMT 9.2 Windows Server ?
2- How to apply this Configuration to on limited Servers … Not in all Server.
The .BES file needs to be imported into your IEM Environment.
There are two possible ways to do this …
Double Click the ,BES file from a computer with the Console installed.
or from an open Console, open the File menu and select Import… and select the .BES file.
Once you have done one of the above activities, you will see a “Create Fixlet” dialog.
Select the site where you want to save the Fixlet and click OK.
The Console will save the new Fixlet.
Since you have systems that are not receiving their UDP messages, it will take a while for them to discover the new Fixlet and report their status. If you want to force the process, restart the BESClient service on a few of the machines you want to test with. Otherwise it will take up to 24 hours for clients to report their Applicability.
Once you have systems reporting as “Applicable” to the new Fixlet you can deploy an Action based on the Fixlet and select the Target Computers you want it to apply to, just like any other Fixlet content.