We replaced our 9.2.15.0 ILMT All-In-One server with a new 9…2.25.0 ILMT All-In-One server. I am testing with 2 of our BigFix endpoints to update them from 9.5.13.130 to 10.0.5 via the “Updated AIX Client - BigFix version 10.0.4 Now Available!” for AIX fixlet and the “Updated Windows Client - BigFix version 10.0.4 Now Available!” for Windows fixlet. I am finding that the fixlets are in the open, 0% complete state after an hour.
Is this a hopeless effort and I need to re-install the agents manually?
Thank you,
Karen
Did you install the new ILMT AIO server using a new masthead or did you migrate the database(s) to the new server?
Are the test endpoints reporting in to the new server?
This is a new ILMT server. I replaced the licensing file on the 2 test endpoints and they are reporting into BigFix. Although seen as ILMT computers, the ILTM scans are not reflected in the reports after import.
I am expecting that I need to update the BigFIx agent before I can update the ILMT scan fixlet on the endpoints.
As the fixlets were relevant, BigFix itsself should be fine. Did you check if they maybe stuck at “pending downloads”?
1 Like
The ILMT/BigFix AIO is in an AirGapped environment.
If I look at the information returned from:
http://myilmtservername:52311/cgi-bin/bfenterprise/besmirrorrequest.exe
I find:
Action: 53 Retry Mirror Request
url 1: http://software.bigfix.com/download/bes/100/BigFix-BES-Client-10.0.4.32.exe
Error Status: Error downloading {aid=53,index=1,sha1=9041151ab5da81648e917883e29482530f81ee35,size=null,url=http%3a%2f%2fsoftware.bigfix.com%2fdownload%2fbes%2f100%2fBigFix-BES-Client-10.0.4.32.exe}: HTTP Error 6: Couldn’t resolve host name: Could not resolve host: software.bigfix.com
Action: 59 Retry Mirror Request
url 1: http://software.bigfix.com/download/bes/100/BESAgent-10.0.4.32.ppc64_aix61.pkg
Error Status: Error downloading {aid=59,index=1,sha1=af35b8fcf6a0f44731e9069cfa9da438f198dff7,size=null,url=http%3a%2f%2fsoftware.bigfix.com%2fdownload%2fbes%2f100%2fBESAgent-10.0.4.32.ppc64_aix61.pkg}: HTTP Error 6: Couldn’t resolve host name: Could not resolve host: software.bigfix.com
Action: 72 Retry Mirror Request
url 1: http://software.bigfix.com/download/bes/100/BigFix-BES-Client-10.0.4.32.exe
Error Status: Error downloading {aid=72,index=1,sha1=9041151ab5da81648e917883e29482530f81ee35,size=null,url=http%3a%2f%2fsoftware.bigfix.com%2fdownload%2fbes%2f100%2fBigFix-BES-Client-10.0.4.32.exe}: HTTP Error 6: Couldn’t resolve host name: Could not resolve host: software.bigfix.com
Action: 73 Retry Mirror Request
url 1: http://software.bigfix.com/download/bes/100/BESAgent-10.0.4.32.ppc64_aix61.pkg
Error Status: Error downloading {aid=73,index=1,sha1=af35b8fcf6a0f44731e9069cfa9da438f198dff7,size=null,url=http%3a%2f%2fsoftware.bigfix.com%2fdownload%2fbes%2f100%2fBESAgent-10.0.4.32.ppc64_aix61.pkg}: HTTP Error 6: Couldn’t resolve host name: Could not resolve host: software.bigfix.com
I did NOT set the following environmental environmental variable prior to the install:
export tlm_debug_online_installation=false
So why is the server attempting to connect to the Internet? What do I need to set?
Thank you,
Karen
Oh, I see, if you’re not using BigFix for patching as well,you may not be familiar with using the Airgap Tool or BESDownloadCacher to download your patch content (or updated BES Clients) from the Internet and staging them on your server.
See https://help.hcltechsw.com/bigfix/10.0/platform/Platform/Config/c_airgap_tool_overview_new.html and
https://help.hcltechsw.com/bigfix/10.0/platform/Platform/Config/c_airgap_tool_NonExtr.html for instructions on using the Airgap Tool to update your site contents and to download the files for the site (you’ll need downloads from the “BES Support” site to get the client update installers)
Otherwise, if this is a one-time thing, you could manually download the files listed from those actions, rename them to match their sha1 value (with no file extension), and place them in the wwwrootbes/bfmirror/downloads/sha1 folder of your root server.
I think it is not very nice that the AIO did not include the agents especially since the Aiirgap process is not nice. I would prefer to directly load the fixlet to the sha1 folder but the BigFix site does not list the sha1 value for the Windows agent. I only find the sha1 one value for the AIX agent. Is there a utility that will give me the sha1 value for the Windows agent.
I’m actually not familiar with the “All-in-One” Server, I suppose that’s something IBM is distributing?
In any case I’d pull the information from the Upgrade fixlets themselves. In the BES Support site, the “Updated Windows Client - BigFix version 10.0.4 Now Available!” Fixlet action script contains the following download statement:
prefetch BESClientUpgrade.exe sha1:9041151ab5da81648e917883e29482530f81ee35 size:17118728 http://software.bigfix.com/download/bes/100/BigFix-BES-Client-10.0.4.32.exe sha256:7045796750d363e4abc44483841b0ebe3bf1d525ea8e251cf6ce88025d0b545a
So, download http://software.bigfix.com/download/bes/100/BigFix-BES-Client-10.0.4.32.exe via your browser, rename it to 9041151ab5da81648e917883e29482530f81ee35 , put it in your server’s wwwrootbes\bfmirror\downloads\sha1 folder, and the Fixlet should start working.
Thanks for the tip on how to find out the sha1 value for the fixlet. I will try this tomorrow then.
The All-in-One server is not a product per-se, it is a description of a small environment configuration, with BigFix, ILMT, and their databases installed on a single server.
In addition, for very small environments, starting with LMT 9.2.24, IBM supports installing the LMT server by itself, and up to 100 endpoints running a disconnected scanner configuration. The scan results have to be uploaded to the LMT server either manually, using NFS, or with some type of automation platform like Ansible.
1 Like
Thank you Jason for the reminder that I can get the SHA1 digest name for the required download file from the fixlet action script. I was able to download the 2 files the Agent upgrade required, rename them and upload them to the BESServer. The AIX and Windows upgrade for the BigFix agents to 10.0.0.4 proceeded without issue.
1 Like
Glad to hear it!
You can also get the hashes with the Fixlets Debugger (available standalone from the software.bigfix.com Components page, or installs with the Console) by querying
Q: (name of it, size of it, sha1 of it, sha256 of it) of file "c:\temp\downloaded file.exe"