Temporary Recommendation: BigFix Administration Tool Setting (Updated - 06 Sept. 2023)

Aram · August 23, 2023, 1:21pm

Update (06 Sept. 2023):
As we work to continue to better understand the issue, we’ve updated the ‘Actions to Take’ section below to include a newly published technote with guidance and recommendations around enabling Enhanced Security within BigFix. Additionally, we are investigating approaches to address potential issues within the product as well (likely to be included in future releases).

We’ve identified that enabling Enhanced Security within BigFix, under certain circumstances, can lead to unexpected and long delays on BigFix root servers while enhanced security is being enabled, which can lead to downtime. We are working to provide utilities which will enable our customers to understand the potential impact and how their unique environments might be affected, after which we can help you determine how best to proceed.

Rest assured; our experts are actively working on a comprehensive solution to address this concern.

Actions to Take (Updated 06 Sept. 2023):

(If you currently have Enhanced Security enabled, no action is required.)

For BigFix customers looking to enable Enhanced Security, please review the following technote for further guidance and recommendations:

To determine if you have already enabled Enhance Security, you can check by opening the BigFix Administration Tool and checking the status of the capability on the Security tab as noted below.

For Linux-based Root servers, please see Running the BigFix Administration Tool.

We appreciate your cooperation and understanding while we work to further correct this issue within the product. Please contact support if you have any additional questions.

Further updates will be posted here as they become available.

Edit: links to the BESAdmin tool instructions above have been updated. @JasonWalker 2023-09-13

atlauren · August 23, 2023, 6:27pm

Am I correct in assuming that the delay when activating Enhanced Security is due to resigning all of the internal content? (or just custom content?)

-Andrew

JasonWalker · August 23, 2023, 7:26pm

It’s mostly custom content, including Fixlets, tasks, sitefiles, and actions.
The External Content is already signed (by us)

JasonWalker · September 6, 2023, 12:28am

The BigFix team has published a KB article describing the issue, with database queries to help determine whether you may experience an extended time for enabling Enhanced Security at https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0107321

ageorgiev · September 6, 2023, 11:29am

I would change the wording of this sentence “A general “rule of thumb” is if any of the above queries return a value higher than 100,000, the enablement of the “Enhanced Security” feature may take up to several hours, and it is recommended to size the maintenance window accordingly.” cause it really depends HOW much bigger than 100k it is… Just for example, ours was ~1.5m and it took 4+ days (113 hours), so as stated is a bit misleading and doesn’t paint the full picture what people should expect!

Also, please note that ServiceNow Data Flows is contributing factor to make things worse/take longer.

pcpeteusa · September 13, 2023, 12:09pm

The Link to running the besadmin tool on Linux is broken. https://help.hcltechsw.com/bigfix/10.0/platform/Platform/Installation/c_running_the_tivoli_endpoint_ma_onlinux.html

JasonWalker · September 13, 2023, 12:28pm

Thank you for pointing this out. Instructions for running the BESAdmin tool for both operating systems is at https://help.hcltechsw.com/bigfix/10.0/platform/Platform/Installation/c_bigfix_administration_tool.html
I will correct the links in the original post shortly.

Aram · September 22, 2023, 1:21pm

This topic was automatically closed after 30 days. New replies are no longer allowed.