I am receiving an unexpected exception during gather of site BES Support: HTTP Error 8: Weird server reply: Header without colon in the gatherDB log.
The error comes directly from the curl library and itâs triggered by an HTML header malformed.
My best guess is something is tampering the data in transit, maybe an AV or IPS.
So where should I check or troubleshoot for the same?
Check network proxies, IDS, antivirus,.or firewalls at your site. Something is interfering with the HTTPS traffic.
I just uninstall the BigFix 11 version and install the 10 version now it working fine This is the second time we are facing an error with the BigFix 11 version.
Went from 11.0.1 to 11.0.2 now I have nothing but HTTP Error 8 errors. I can curl to the gather URL fine. Iâve even plugged in the sync URL into our Firewall rules as trusted. Still just a pile of errors. Iâve a ticket raised, as the upgrade went far from smoothly (errors in pretty much every log you can think), 3 relays didnât upgrade and stopped responding entirely been a nightmare. Still waiting for feedback after I supplied the logs.
Iâm not sure whether youâre asking for help, or just want to vent frustration.
The Support ticket sounds like the right way to go. Iâd be looking at your firewall and proxy, especially if you are doing TLS decryption. Iâd suspect they may not be completely compatible with TLS 1.3 or may require additional configuration for 1.3
Venting a bit to be honest. Worked on 11.0.1, doesnât on 11.0.2. I donât have TLS 1.3 required in my Bigfix Admin Tool, and I can run a curl on a GatherUrl from the command line and I canât see any issue. The URL is as Iâve mentioned trusted on the Firewall so wonât have IDS/IPS examination. It would be helpful if I was given a set of commands to run that would rule out the assumption that suddenly my firewall is to blame, and has nothing to do with the upgrade. If I pass the âitâs not the firewallâ then what are the next steps etc⌠just itâs gone a bit radio silent on the HCL side. Iâve raised the severity level of the ticket as I need this resolving quickly now.
There are some curl options to force TLS versionsâŚthey vary a bit depending upon your version of Curl though. Specifying minor TLS version when using curl - Super User
Assuming youâre running a current version (including the ones Microsoft distributes with Windows now), you can use
curl --tlsv1.3 https://sync.bigfix.com/cgi-bin/bfgather/bessupport
You can also check on you Root server, the value of the client setting _BESGather_Use_Https , A value of â2â allows it to try HTTPS but failback to plain HTTP if the HTTPS fails; a value of â0â uses whatever protocol is defined on the site (âhttpâ for BES Support); a value of â1â allows only https for gather. If it works for HTTP but not for HTTPS that also could make a firewall issue more likely.
There I was thinking it had worked added the attribute, and low and behold.
Mon, 08 Apr 2024 15:07:47 +0000 â Beginning DB import of version 2113 of site Updates for Windows Applications
Unfortunately immediately followed by
on, 08 Apr 2024 15:30:09 +0000 â Import of version 2113 of site Updates for Windows Applications completed successfully
Mon, 08 Apr 2024 15:30:09 +0000 â Unexpected exception during gather of site CIS Checklist for Debian Linux 10: HTTP Error 8: Weird server reply: Header without colon
Mon, 08 Apr 2024 15:30:09 +0000 â Unexpected exception during gather of site BESUEM: HTTP Error 8: Weird server reply: Header without colon
etc etc etc
Value set to 2âŚ
Hopefully meeting tomorrow will cure my issues.
On another customer the problem was caused by Antivirus. Disable it or put Server/Relay folders in the exclusion list.
After that you need a gather reset, as the downloaded content might be corrupted. Reach BigFix support for the Root Server gather reset steps; for the Relays there is a KB article as they are simpler: How to perform the Gather State Reset procedure on a BigFix Relay machine - Customer Support
1 Like
In my 11.0.2 environment, I was seeing this error on some BES sites but not all. The environment was newly built with new hostnames/IPâs and then the BigFix data was copied over from the existing servers.
We ran Wireshark and determined that on the BES sites that were failing gather there was a HTTP 500 error specifying class IllegalFileName. The headers looked fine with colons so we sent the logs to BigFix support.
Support had us do a gather state reset on the root server which resolved the issue.