Hello Guys,
Can some one suggest how to deploy bigfix client using console CDT wizard or Fixlet in BigFix ver 9.5.9
Early response will be appreciated.
thank you,
Raj
Have you reviewed the documentation? Do you have any specific questions about the process or issues you are facing that we might help with?
Yes @Aram,
I checked this process but installing CDT on a machine within the domain and deploying clients on "HostName of Machines’ or IP addresses. it is getting failed. Might be user authentication does not work after providing the domain credentials.
Might be this issue because Assets are not yet discovered in Bigfix console.
Are these Windows systems?
Yes. I have tried as per the document for CDT. But failed.
I used machine Hostnames and rest of the process as suggested for CDT.
It sounds like you have an access issue on the targeted computers. According to the documentation, you need to ensure the following on the targets.
- You must be logged in with a domain administrator account with all necessary permissions (or any admin account with full local admin permissions on the computers you wish to deploy to)
- You must type in the domain administrator password after you choose to deploy the BigFix Clients
The remote computers you wish to deploy to must be Windows, 2000, XP, 2003 Server, Vista, 7, Server 2008, or Server 2008 R2 - The remote computers you wish to deploy to must have the following services running:
- Workstation
- Server
- Net Logon
- Remote Registry
- The remote computers you wish to deploy to must have ‘File and Print sharing’ enabled
Port 445 must not be blocked by a firewall. The predefined rule in the Windows firewall for this port is Netlogon Service (NP-In) - The remote computers you wish to deploy to must be reachable using windows RPC protocols. Note: The deploy tool will not work if there is a firewall blocking traffic between you and the remote computer or if the remote computer has a personal firewall blocking traffic. Also take note that by default, RPC utilizes port 135 as well as a random port above 1024. If you are using a firewall you may want to look into configuring the RPC port to a specific port number so that you can lock it down and allow traffic across that port without opening the firewall completely (see: http://support.microsoft.com/kb/154596). RPC can utilize TCP or UDP ports so you should allow for both. The IEM Client deploy tool itself does not make use of any other ports beyond what RPC utilizes. Once the IEM Client has been installed it will use whichever port you have specified for your license (TCP/UDP 52311 by default)
You cannot have any network or security policies in place that would prevent the application from connecting to the remote computer and running a service that will use the domain administrator credentials to copy files from a shared location and run them locally on the computer.
2 Likes
looks security concerns here. I have domain admin privilleges but that to through citrix.
Might be there some security concerns. I will check this above contents and will try again.
Thank you @TimRice.
It may have changed since we gave up on it, but the undocumented requirement used to be:
- Able to mount and drop files on remote C$
- Able to submit a scheduled task as administrator, remotely.
That may be a sticking point if you are security aware.
A little rusty and not official, but from what I remember being told by a 3rd party:
The remote installation service connects to the remote system as an Administrator, creates a temporary folder, uploads binaries, configurations and script files to the endpoint, and then creates a scheduled task to install BigFix.
If any of those are blocked, the install will fail. Which is what we were seeing.
Again, this was years ago. If there is an updated mechanism, I have not tried it.
-c