(imported topic written by chinlj)
Hi,
Read the V9 documentation mentioned to use the following command to configure SYSTEM account on a Windows server to access internet. Does this means we don’t have to change the service startup user anymore like V8?
BESAdmin /setproxy /user:
username
/pass:
password
How does one install the server to the stage where he can issue the above BESAdmin command if we do not create a new matching local Admin user to the proxy user/password?
(imported comment written by chinlj)
Managed to install the server as the installer will grab the proxy IP from IE and prompt for username and password.
However, after installation, server is not able to reach Internet, even after running BESAdmin /setproxy command and manually added proxy IP into the registry.
Received an error saying “407 Proxy Authentication Required” in the BESRelay log file.
(imported comment written by chinlj)
setup 2 VM with one installed with FreeProxy to test it out. Still the same error.
Looking through the proxy debug log and comparing with normal IE traffic, it appears to me that BES services never even send the authentication information.
Without authentication, BES services traffic can reach out to the internet as expected.
Has anyone successfully configure V9 to sync via proxy with authentication?
(imported comment written by chinlj)
Based on the page here
https://www.ibm.com/developerworks/community/wikis/home?lang=en#!/wiki/Tivoli%20Endpoint%20Manager/page/Proxy%20Server%20Settings
“… This method allows TEM to integrate with proxies that use
NT authentication
…”
Meaning TEM only can work with proxy servers using NT authentication? I’ve been trying to install & troubleshoot a setup with proxy which is NOT using NT authentication without any success.
Is there any expert able to confirm / comment?
Thank you.
(imported comment written by chinlj)
Anyone experienced setting up IEM with proxy care to share? Thanks a lot.
(imported comment written by p_wudthi)
Create the OS account
Log on with the created account, some permissions required to allow this account log on locally
Open Internet Explorer and set to proxy to make sure this account can access internet via proxy setting
Log off and re-log on with administrative account, use the created account to start the TEM/IEM services(TEM/IEM cannot use LocalSystem account to access internet via proxy), might need add permission on BFEnterprise database
Set registry key
BigFix\EnterpriseClient\Settings\Client_BESGather_Download_CheckInternetFlag\value = 1
BigFix\EnterpriseClient\Settings\Client_BESGather_Comm_UseDownloadService\value = 1
BigFix\EnterpriseClient\Settings\Client_BESGather_Comm_UseUrlMoniker\value = 1
Restart all TEM/IEM services
Verify with the diagnostics tool it should reported all Green
Cheers,
Wp.
(imported comment written by chinlj)
Thanks for the reply.
I’ve tried that without success. If the proxy server does not authenticate users against AD, does it still make sense to run the BES services using the newly created administrative account?
(imported comment written by chinlj)
After going through the installation on Linux platform, noticed the proxy configuration is following this format
:@:
So I went back to my Windows copy, ran the BESAdmin command to set the proxy username and password, manually updated the Proxy registry value using this format, IEM sync with bigfix.com immediately! Unfortunately, this also means the password is in clear text.
HKLM\SOFTWARE\Wow6432Node\BigFix\Enterprise Server\Proxy\Proxy
For the evaluation copy I’m having now, 9.0.649.0, there seems to be a bug where the BES services will not pick up the proxy username and password from the registry when the proxy is NOT authenticate with AD users. Otherwise, appreciate if someone can highlight where is my mistake.
Thank you
(imported comment written by p_wudthi)
Have you try with
http://www-01.ibm.com/support/docview.wss?uid=swg21505893
?
Cheers,
Wp.
(imported comment written by chinlj)
Yes. tried that but doesn’t make a difference.
So far the only workaround is to set the username and password using BESAdmin command and set the Proxy registry key value as :@<hostname/IP>:. Services can remain to run as SYSTEM and no other changes required.
Hi,
In BIGFIX server proxy exception list we have to add only IP address or IP address and PORT number as well ?