Urgent, what is the network requirements for IEM server and client

terry902 · June 29, 2015, 9:53am

I know the requirements as follows:

Both clients and server open port 52311, bidirectionally for TCP/UDP.

Anything else

Thank you,all

Aram · June 29, 2015, 1:32pm

If you haven’t seen it already, I would suggest reviewing the following:

https://www.ibm.com/developerworks/community/wikis/home?lang=en#/wiki/Tivoli%20Endpoint%20Manager/page/Network%20Traffic%20Guide

For basic IEM/BigFix communication between a Server/Relay and a Client, the Agent initiates the majority of the communication (via TCP on the BigFix port, by default 52311). However, there are also instances where notifications are sent/initiated by the Server/Relay to the Clients, and that is via UDP on the BigFix port.

terry902 · June 29, 2015, 3:11pm

hi,aram
In my situation, the server is not connected to the internet. There are no relays configured. And use the default port 52311. So I think the requirements which I described are quite enough. Am I right

Aram · June 29, 2015, 3:17pm

Yes, but really all you’d need then is:

Client initiated to Server: TCP - 52311
Server initiated to Client: UDP - 52311

terry902 · June 29, 2015, 3:39pm

IEM server platform: win 2012R2
IEM client platform: win7 32bit
The network colleague told me that he had finished the requirements which I post.
But still when I use software distribution to send files to clients, the action’s status was not reported for several hours. It seems that the client did not receive the UDP notification when the action is sent.

Is there any way to check the network. I knowI can use telnet tool to check “Client initiated to Server: TCP - 52311”, how to check “Server initiated to Client: UDP - 52311”.

Aram · June 29, 2015, 3:48pm

This can be verified via the Client log. If the Agent is receiving UDP notifications, you will see lines containing “command received” such as the following in the logs:

GatherActionMV command received
GatherHash command received
DownloadPing command received

Additionally, if you send the Client a refresh (right-click the computer in the Console and select ‘send refresh’), if the Agent is able to receive UDP notifications, you should see a line including:

ForceRefresh command received

Note that aside from hardware firewalls, oftentimes the software firewalls associated with many newer OSes may block the UDP notification (Win7 has the Windows Firewall). We have a number of Fixlets in BES Support that might assist in identifying such cases as well as potentially re-configuring the firewall as needed to allow the traffic.

terry902 · June 30, 2015, 6:50am

Aram, thank you for your help.

Kanik07 · June 30, 2015, 1:15pm

You can restart the BES client service on the Client machine and from The logs at client end we can check that the client is able to contact the primary server or not.