Upload Software Scan Troubleshooting

dwilson 2018-10-17 17:02:12 UTC #1

I was wondering if someone could explain how to go about making sure an Upload Software Scan policy completed successfully. Currently we have 4 of these action policies running to divide up our endpoints, and all but one of them are reporting computers and completion percentages. I have checked the parent initiate software scan policy and it looks to have ran and completed successfully. It maybe nothing but it seems weird to me that all of them would have completion times except for one. See below.

rohit 2018-10-17 19:06:21 UTC #2

Do you have access to the endpoint inorder to run the relevances on QnA tool? That would pinpoint the exact problem.

If you want to troubleshoot on the console itself, you can run the task “Analyze the Relevance of a Fixlet or Task” and select “Upload Software Scan Results”. This will create an analysis using which you can check the endpoint group having issues.

dwilson 2018-10-17 20:28:53 UTC #3

I can do that I guess, but I was thinking more along the lines of there being a log file I could parse to maybe locate an “upload” entry, or maybe check the client itself for the actual files that the initiate software scan action gathered.

If the upload succeeded wouldnt those files be cleaned up once uploaded to the root server? Also is it normal not to see a percentage\device count for the open action itself? I would think if it ran then those entries would be there.

JasonWalker 2018-10-17 23:45:29 UTC #4

Not seeing a percentage / count for the results usually means that the action is dynamically-targetted and was not relevant to any computers.

The ‘Upload Scan Results’ fixlet is, I believe, only relevant if the endpoint has completed a scan and has new results (since the last ‘Upload Results’ executed). Have these endpoints finished a scan, and do they maybe overlap one of the other ‘Upload Scan Results’ groups?

dwilson 2018-10-18 12:34:42 UTC #5

It looks like an upload for the selected devices should be valid as the last scan date shows being on the 14th (we are -4 to UTC time) as it should be. I have verified that these devices are not in any other upload action group.

UpdateSoftwareScan

dwilson 2018-10-18 14:37:46 UTC #6

Ok, so I did some more testing and it looks like Relevance 2 from the Upload Software Scan Results action is returning False on this group of machines. Can anyone tell me what the below relevance language is looking for?

Relevance2

JasonWalker 2018-10-18 15:24:04 UTC #7

It’s checking for the presence of the file “software_scan_result.ready” in the results folder (which should be __BESData\LMT\CIT). This file is created by Task 2 “Initiate Software Scan” when the scan completes. Check whether the file is present, and if not there may be a problem with the last run of “Initiate Software Scan” (like the agent restarting or client rebooting during a scan before the results are stored)

rohit 2018-10-18 16:04:51 UTC #8

In addition to that, also activate and check the “Software Scan status” analysis. If will show whether the scan was successful or not. Do remember that Initiate Software Scan showing completed does not mean that the scan was successful. It just means that the scan was successfully initiated.
The analysis will show you more relevant information.

dwilson 2018-10-25 19:06:31 UTC #9

Sorry guys about not posting back sooner. Had some others things take priority. I am trying to troubleshoot further now confirming the Initiate Software Scan policy has ran successfully. I am now trying to run the Force Reupload of Software Scan Results task on a couple test devices, but every time I run the action the device show as Not Relevant. I used QnA to narrow down the issue and it looks like Relevance 5 is the culprit. Can someone shed some light on what it is looking for?

(exists ((folder (if (exists value of settings “CIT_Scanner_OutDir” of client) then (value of settings “CIT_Scanner_OutDir” of client) else (if (name of operating system as lowercase starts with “win”) then ((if (version of client >= “9” as version) then (pathname of parent folder of data folder of client) else (pathname of parent folder of regapp “besclient.exe”)) & “\LMT\CIT”) else ((if (version of client >= “9” as version) then (pathname of parent folder of data folder of client) else (pathname of parent folder of parent folder of client folder of site “actionsite”)) & “/LMT/CIT”)))) whose ((exists file (computer id as string & “_cit.xml.bz2”) of it) or (exists file (computer id as string & “.xml.bz2”) of it) or (exists file (computer id as string & “_isotag.zip”) of it) or (exists file (computer id as string & “_isotag.tar.gz”) of it) or (exists files whose (name of it ends with “slmtag.zip" or name of it ends with “slmtag.tar.gz") of folders “slmUploadDir” of it)))) OR (exists ((folders (if (exists value of settings “CIT_Scanner_OutDir” of client) then ((value of settings “CIT_Scanner_OutDir” of client) & “/shared”) else (((if (version of client >= “9” as version) then (pathname of parent folder of data folder of client) else (pathname of parent folder of parent folder of client folder of site “actionsite”))) & “/LMT/CIT/shared”))) whose ((exists files whose (name of it ends with ("” & computer id as string & “cit.xml.bz2")) of it) or (exists files whose (name of it ends with ("” & computer id as string & “.xml.bz2”)) of it) or (exists file whose (name of it ends with ("” & computer id as string & “_isotag.tar.gz”)) of it)))) OR (exists folders (if (exists value of settings “CIT_Scanner_OutDir” of client) then ((value of settings “CIT_Scanner_OutDir” of client) & “/shared”) else (((if (version of client >= “9” as version) then (pathname of parent folder of data folder of client) else (pathname of parent folder of parent folder of client folder of site “actionsite”))) & “/LMT/CIT/shared”)) whose (exists file (computer id as string & “_scanneddisks.csv.tar.gz”) of it))

rohit 2018-10-25 20:22:39 UTC #10

Did you check the “Software Scan status” analysis? Looks like there are no scan results to upload.