tier1 relays not propitiating actionsite

Occasionally (and actually right now), I have an issue where I push a policy action as a master operator to all computers, and only clients connected directly to my Root server run the action. I find out that client/relay using my Tier1 relays don’t run the action. When I look at the Deployment Health Checks dashboard, the actionsite version is out of date for my Tier1 Relays and all Tier2 Relays.

I then push a blank action as a Master Operator to all Root & Relay servers to try and force a propagation, and that blank action does runs, but all the relays still have an old actionsite version and don’t run the former action against all computers.

What is the best way to fix this when it happens?

I’ve updated some analysis and fixlets and now everything seems to be propagating. No idea what happened.

The most common causes I’ve seen is a communications interrupt between the servers and relays. Some things to check for include

  • a router or firewall between server and relay, blocking ICMP, UDP 52311, or TCP 52311 in either direction.
    -Windows Firewall or IPCHAINS / IPTABLES blocking one if these protocols at the OS level.
  • No Port Reservation for 52311 at the server or relay, and another process grabs the port before the Server or Relay process starts (there is a Fixlet for this on Windows in the BES Support site. This is most often seen on DNS servers, as the DNS process grabs thousands of ephemeral ports at startup)
  • check the log files, including the Client logs and Relay logs on the relay, and Relay log and Server log on the server.
1 Like