I am receiving an unexpected exception during gather of site BES Support: HTTP Error 8: Weird server reply: Header without colon in the gatherDB log.
The error comes directly from the curl library and it’s triggered by an HTML header malformed.
My best guess is something is tampering the data in transit, maybe an AV or IPS.
So where should I check or troubleshoot for the same?
Check network proxies, IDS, antivirus,.or firewalls at your site. Something is interfering with the HTTPS traffic.
I just uninstall the BigFix 11 version and install the 10 version now it working fine This is the second time we are facing an error with the BigFix 11 version.
Went from 11.0.1 to 11.0.2 now I have nothing but HTTP Error 8 errors. I can curl to the gather URL fine. I’ve even plugged in the sync URL into our Firewall rules as trusted. Still just a pile of errors. I’ve a ticket raised, as the upgrade went far from smoothly (errors in pretty much every log you can think), 3 relays didn’t upgrade and stopped responding entirely been a nightmare. Still waiting for feedback after I supplied the logs.
I’m not sure whether you’re asking for help, or just want to vent frustration.
The Support ticket sounds like the right way to go. I’d be looking at your firewall and proxy, especially if you are doing TLS decryption. I’d suspect they may not be completely compatible with TLS 1.3 or may require additional configuration for 1.3
Venting a bit to be honest. Worked on 11.0.1, doesn’t on 11.0.2. I don’t have TLS 1.3 required in my Bigfix Admin Tool, and I can run a curl on a GatherUrl from the command line and I can’t see any issue. The URL is as I’ve mentioned trusted on the Firewall so won’t have IDS/IPS examination. It would be helpful if I was given a set of commands to run that would rule out the assumption that suddenly my firewall is to blame, and has nothing to do with the upgrade. If I pass the “it’s not the firewall” then what are the next steps etc… just it’s gone a bit radio silent on the HCL side. I’ve raised the severity level of the ticket as I need this resolving quickly now.
There are some curl options to force TLS versions…they vary a bit depending upon your version of Curl though. Specifying minor TLS version when using curl - Super User
Assuming you’re running a current version (including the ones Microsoft distributes with Windows now), you can use
curl --tlsv1.3 https://sync.bigfix.com/cgi-bin/bfgather/bessupport
You can also check on you Root server, the value of the client setting _BESGather_Use_Https , A value of ‘2’ allows it to try HTTPS but failback to plain HTTP if the HTTPS fails; a value of ‘0’ uses whatever protocol is defined on the site (‘http’ for BES Support); a value of ‘1’ allows only https for gather. If it works for HTTP but not for HTTPS that also could make a firewall issue more likely.
There I was thinking it had worked added the attribute, and low and behold.
Mon, 08 Apr 2024 15:07:47 +0000 – Beginning DB import of version 2113 of site Updates for Windows Applications
Unfortunately immediately followed by
on, 08 Apr 2024 15:30:09 +0000 – Import of version 2113 of site Updates for Windows Applications completed successfully
Mon, 08 Apr 2024 15:30:09 +0000 – Unexpected exception during gather of site CIS Checklist for Debian Linux 10: HTTP Error 8: Weird server reply: Header without colon
Mon, 08 Apr 2024 15:30:09 +0000 – Unexpected exception during gather of site BESUEM: HTTP Error 8: Weird server reply: Header without colon
etc etc etc
Value set to 2…
Hopefully meeting tomorrow will cure my issues.
On another customer the problem was caused by Antivirus. Disable it or put Server/Relay folders in the exclusion list.
After that you need a gather reset, as the downloaded content might be corrupted. Reach BigFix support for the Root Server gather reset steps; for the Relays there is a KB article as they are simpler: How to perform the Gather State Reset procedure on a BigFix Relay machine - Customer Support
1 Like