Good Day
Hope someone can help me
I created and deployed a scan point successfully, I then ran a map scan and it finished successfully
But for some reason i do not see the results in the unmanaged tab
I have made sure all the services are running.
Please assist
Have you taken action on “Task 14: Install Nmap Asset Discovery Import Service - BES >= 7.0” ?
It is scheduled to automatically run every 5 minutes. It may take some time for the data to show up.
From the documentation:
I started a scan - where are the results?
When first installed, Asset Discovery might take several minutes to initially scan the system and report on your unmanaged assets. If you still do not see anything in the BigFix console after 20 minutes, press F5 on your keyboard to force a full refresh.
Hi itsmpro92
I did run task 14, to my Bes Root Server, i failed to mention that previous Nmap tasks ran successfully. Now it doesn’t show anything.
Is there any data in the <BFServerInstallFolder>\BES Server\AssetDiscovery\NMAP_ArchiveFolder?
Yes sir
But only the older scans that have been done last year nothing from my scans now
If I check on a scan point, it shows the XML file is created.
I just seems like it is not importing.
Restart the BES NMAP Unmanaged Asset Importer service. If that doesn’t generate a new file in the NMAP_ArchiveFolder, I recommend that you open a case with HCL for deeper troubleshooting support.
Good Day itsmpro92
I restarted the service, logged onto the scan point and found the XML file created, and around the right size, it looks like the XML file is not loaded onto the Bigfix root server and not being populated in the unmanaged assets page
I have logged a ticket with support.
Update for today
We cleaned out all the old data and started afresh
Things is saw :
The scan runs no problems, the Nmap file gets created on the scan point, the files in uploadmangerdata folder is present, the service for asset importer is running: the archive folder in asset discovery stays empty.
This makes me think that the UAI importer is not Pharsing the data.
What I usually see is that the detection for “whether a BESClient is installed already” does not work on newer operating systems. That’s a limitation in NMAP itself, I haven’t found a way to work around that.
Based on lack of ICMP port-unreachable responses (the OS doesn’t send them anymore), NMAP believes the client is present.
There’s a task in the Asset Scanning site that can configure whether the Importer includes endpoints that already have a client installed. I believe you need to configure the import mode to include systems that have the client.
That does end up duplicating all of your known endpoints, so you get both a “real computer” and an unmanaged Asset for everything. You can use the “Possible BES Client” property of the unmanaged Asset to find whether we match the asset to a BES Client. That works in most cases but it can have some gaps still.
This is the Task I referenced. “Change Nmap Asset Discovery Server Settings”. Send an action on it with parameter “0” to include BES clients in the import.
After setting that, you may also want to configure the “Change UAImporter Delete Mode”. If you set it to “Delete”, when you delete an Unmanaged Asset from the Console, it is totally removed from the database - and if it is discovered again on a later scan, it is re-added and shows up again as an unmanaged asset. If you configure “Ignore” mode, it is marked as removed, and is hidden from the Console, but still exists in the database; and if it is discovered again in a later scan, it will remain hidden and marked as deleted.
If you run a scan, find the Unmanaged Assets that actually do have a BES Client installed, delete those Unmanaged Asset entries from the Console, and want them to stay gone, you’ll need to configure the Delete Mode to “Ignore”.
Hey JasonWalker
Thank you will make the changes and revert back to you
Support was also online and check , and it seems like the upload manager has a problem as the files in the sha1 folder is not in folders seems to be missing files , so its not parsing the data so no output
I have uploaded some more file to them
will keep updating till we find out what happened
I would check what account the Import service is running under. If I am not mistaken, the account needs to have DB access.
Hey MattMangan
What service are you referring to , the UAI asset importer service ?
On the Root server you should have this running:
In my environment, I have this running as the same user as the BES Root Server service.
Hey MattMangan
So an update, Support and I have been busy during the day to find out what is going on.
We found that it seems to be related to the Unmanaged asset scan, but rather to do with the Bigfix upload process, something is going wrong with that process
We ran Client diagnostics on one machine and uploaded it to the root server, the file arrives in sha1 but never as a readable file or a folder.
The same happens to the scan results, they get uploaded to the folder but in sha1 format and not in the folder with the index files and so forth.
this is from support:
'Hello Pierre,
the BigFix server behaviour when uploading files is the same when deploying the Client Diagnostics task.
The reported problem looks not related to Asset Discovery but to the BigFix uploads process.
We enabled the BESRelay verbose logging on the root server and tried an upload. The Post file uploaded the sha1 file with no error, but into the BufferDir\sha1 folder, the file is still named as “sha1” value.
We reproduced the problem while running procmon and saved .pml file
I have just received the created logs.
I will update you by tomorrow with my findings.’
Good Day All
This has now been resolved, a registry key was missing __BesRelay_Perant_relay
We replaced the Key and the uploads started working and loading
Thanks for your insight on this. This solved our issue.
