Troubleshooting scanner catalogs update

Scanner catalogs are used by the scanner to discover software on the endpoints. The catalogs are automatically updated after each import of the BigFix software catalog. Use this procedure only if the automatic update of the scanner catalogs fails or one of the Advanced Server Settings: enable_automatic_task_deployment or enable_automatic_catalog_download is set to false.

Procedure for BigFix Inventory Server 10.0.14 and higher

Procedure

Check whether the action that automatically updates scanner catalogs was created.
1. Log in to the BigFix console.
2. In the navigation bar, click Actions.
3. In the upper-right pane, locate the Scanner Catalog Distribution (Version version) [version 10.0.15 or higher] or Catalog Download (Version version) action.
  The source of the action should be Master Operator Site.
If the action not exists follow the procedure to create it manually: Procedure for BigFix Inventory Server 10.0.14 or higher
If the action exists, check whether it failed due to prefetch problems.
1. Select the Scanner Catalog Distribution (Version version) [version 10.0.15 or higher] or Catalog Download (Version version) action.
2. Open the Computers tab, and double-click a computer on which the status of the action is Failed.
3. Check whether the reason of the failure is a problem with prefetching the catalog.
```
Failed prefetch catalog.xml.bz2
```
If the status is Failed, BigFix server is not able to fetch the file. Possible reasons are:
1. Wrong DNS name of the server
2. File not available on the server
To troubleshoot the issue:
1. Locate the URL of the catalog file in BigFix Console. It would be in form:
  http://<BIGFIX PLATFROM SERVER DNS NAME>:52311/Upload/<SHA1 of file>/CIT_catalog_<OS CODE>.xml.gz, for example
  http://bigfix-server.acme.org:52311/Uploads/0153d037792dc39d31152797cb4f6a0346e1f1b9/CIT_catalog_UNIX.xml.gz
2. Open the URL in browser
  1. If you receive the 404 - Not Found response you can query /api/uploads or check BigFix Platform server installation dir \wwwrootbes\Uploads (for example, C:\Program Files (x86)\BigFix Enterprise\BES Server\wwwrootbes\Uploads) if path and file exists. If file not exsits follow the Procedure for BigFix Inventory Server 10.0.14 or higher for manual update of scanner catalog.
  2. If server DNS name cannot be resolved determine what DNS name is correct and check if URL works with corrected DNS name.
```
prefetch catalog.xml.bz2 sha1:24dcb13c743f2f92b0c5e9887e9df1d4491c4a66 size:398083 
http://host_name:52311/Uploads/24dcb13c743f2f92b0c5e9887e9df1d4491c4a66/CIT_catalog_WINDOWS.xml.bz2 
sha256:1e81c865d7fc96468649dbd5c334a2d77b12c5dd252671e22a7e5df0bd7ccbbe
```
    Important: Change the host_name for all catalogs.
    1. Having correct DNS name confirm that it will work in Action, by coping Catalog Download action and adjusting URL there.
    2. To use different DNS name for future catalog updates create server.env file on BigFix Inventory Server in \wlp\usr\servers\server1\ dir and define URL for all or selected Data Sources. Example entry for Data Source with ID 1. Remebere to include port at the end! BFI Server needs restart.
      
      BIGFIX_SERVER_URL_FOR_DATASOURCE_ID_1=http://correctbigfix.acme.org:52311

Results

Scanner catalogs are imported to the computers in your infrastructure and are used to discover the installed software.

Procedure for BigFix Inventory Server 10.0.13 and older

Before you begin

Before you force the update of scanner catalogs, ensure that the following requirements are met.

The BigFix Inventory server is visible to the BigFix server.
If Secure Socket Layer (SSL) is enabled in BigFix Inventory, the BigFix server recognizes SSL certificates of BigFix Inventory as valid.

Procedure

Check whether the action that automatically updates scanner catalogs was created.
1. Log in to the BigFix console.
2. In the navigation bar, click Actions.
3. In the upper-right pane, locate the Catalog Download (Version version) action.
  The source of the action should be Master Operator Site.
If the action exists, check whether it failed due to prefetch problems. If it does not exist, go to step 3.
1. Select the Catalog Download (Version version) action.
2. Open the Computers tab, and double-click a computer on which the status of the action is Failed.
3. Check whether the reason of the failure is a problem with prefetching the catalog.
```
Failed prefetch catalog.xml.bz2
```
If the status is Failed, communication between the BigFix server and the BigFix Inventory server is blocked. Ensure that the servers can communicate. Then, download the Catalog Download Fixlet to force the catalog update. If you cannot change the configuration to allow communication between servers, edit the fixlet so that the BigFix Inventory server can download catalogs from the BigFix server, and then run the fixlet.
Download the fixlet for forcing the update of scanner catalogs.
1. Log in to BigFix Inventory.
2. In the top navigation bar, click Management > Catalog Upload.
3. Click the question mark sign . Then, click Catalog Download Fixlet. Choose the location where you want to save the catalog_download.bes file, and click Save.
Optional: If the problem is caused by the lack of communication between servers, edit the catalog_download.bes file and substitute the host_name and port of the BigFix Inventory server with values that allow the server for downloading scanner catalogs from the BigFix server.
```
prefetch catalog.xml.bz2 sha1:24dcb13c743f2f92b0c5e9887e9df1d4491c4a66 
size:398083 http://host_name:port/sam/catalogs/CIT_catalog_WINDOWS.xml.bz2 
sha256:1e81c865d7fc96468649dbd5c334a2d77b12c5dd252671e22a7e5df0bd7ccbbe
```
Important: Change the host_name and port for all catalogs.
Upload the catalog_download.bes file to the BigFix console and run the Catalog Download (Version: version) fixlet.
1. Copy the file to the computer where the BigFix console is installed.
2. Log in to the BigFix console.
3. To import the file to the console, click File > Import.
4. Open the directory where you store the catalog_download.bes file, select the file, and click Open. The file is imported.
5. In the left pane, click Sites > Master Action Site > Fixlets and Tasks. The list of available fixlets opens in the upper right pane.
6. Select Catalog Download (Version: version), and click Take Action.
7. Select computers on which you want to run the fixlet, and click OK.
Wait for the next scheduled software scan and import of data or run these actions manually. For more information, see: Initiating software scans and Scheduling imports of data.
Optional: If the problem is not solved, manually copy the catalog files from the BigFix Inventory server to the BigFix server.
1. Log in to the computer where the BigFix Inventory server is installed and go to the following directory.
  - /opt/BFI/wlp/usr/servers/server1/data/sam/public/catalogs
  - C:\Program Files\IBM\BFI\wlp\usr\servers\server1\data\sam\public\catalogs
2. Copy the following files to a temporary folder on the computer where the BigFix server is installed.
  - CIT_catalog_AIX.xml.bz2
  - CIT_catalog_HPUX.xml.bz2
  - CIT_catalog_I5OS.xml.bz2
  - CIT_catalog_LINUX.xml.bz2
  - CIT_catalog_SUN.xml.bz2
  - CIT_catalog_WINDOWS.xml.bz2
3. Open the catalog_download.bes file that you downloaded in step 3 in a text editor, and check the sha1 value for each catalog file.
  For example, the sha1 value for the catalog on Windows is 24dcb13c743f2f92b0c5e9887e9df1d4491c4a66.
```
prefetch catalog.xml.bz2 sha1:24dcb13c743f2f92b0c5e9887e9df1d4491c4a66 
size:398083 http://host_name:port/sam/catalogs/CIT_catalog_WINDOWS.xml.bz2 
sha256:1e81c865d7fc96468649dbd5c334a2d77b12c5dd252671e22a7e5df0bd7ccbbe
```
  Change the names of all catalog files to their sha1 values.
4. Copy the renamed catalog files to the following directory.
  - /var/opt/BESServer/wwwrootbes/bfmirror/downloads/sha1
  - C:\Program Files (x86)\BigFix Enterprise\BES Server\wwwrootbes\bfmirror\downloads\sha1
5. Wait for the next scheduled software scan and import of data or run these actions manually.

Results

Scanner catalogs are imported to the computers in your infrastructure and are used to discover the installed software.

Install or Upgrade Scanner in private mode on windows (10.0.2 or lower)

About this task

Note: Applies to BigFix Inventory Server versions up to 10.0.2.0

If the catalog is not propagated to the scanner that is installed in the private mode, you have to run the 'Update Catalog Download fixlet templates on BFI server' fixlet. The templates will be regenerated after the next software catalog upload. The templates will be regenerated after the next software catalog upload.

In case you have already the newest catalog uploaded the BFI server and then you have installed agent in the private mode, the newest catalog may not be automatically propagated to the agent. In such case follow the steps:

Procedure

Download the fixlet for forcing the update of scanner catalogs.
1. Log in to BigFix Inventory.
2. In the top navigation bar, click Management > Catalog Upload.
3. Click the question mark sign Question mark sign. Then, click Catalog Download Fixlet. Choose the location where you want to save the catalog_download.bes file, and click Save.

Edit the catalog_download.bes file and substitute the relevance:

This:

<Relevance><![CDATA[if (name of operating system as lowercase starts with "win") 
then (exists (folder "cit" of folder (value of variable "windir" of environment)) 
whose (exists file "cit.ini" of it) and (exists folder ((key "CIT_HomeDirectory" of file "cit.ini" of folder "cit" 
of folder (value of variable "windir" of environment)) & "\bin") whose ((exists file "wscansw.exe" of it)
 and (exists file "wscanfs.exe" of it)))) else (exists (folder "/etc/cit") whose (exists file "cit.ini" of it)
 and (exists folder ((key "CIT_HomeDirectory" of file "cit.ini" of folder "/etc/cit") & "/bin") whose 
((exists file "wscansw" of it) and (exists file "wscanfs" of it))))]]></Relevance>

with the following:

<Relevance><![CDATA[if (name of operating system as lowercase starts with "win") then 
((exists (folder "cit" of folder (value of variable "windir" of environment)) whose (exists file "cit.ini" of it) 
and (exists folder ((key "CIT_HomeDirectory" of file "cit.ini" of folder "cit" of folder (value of variable "windir" 
of environment)) & "\bin") whose ((exists file "wscansw.exe" of it) and (exists file "wscanfs.exe" of it)))) 
OR (exists folder ((pathname of parent folder of data folder of client) & "\LMT\CIT\scanner\bin") whose 
((exists file "wscansw.exe" of it) and (exists file "wscanfs.exe" of it)))) else (exists (folder "/etc/cit") 
whose (exists file "cit.ini" of it) and (exists folder ((key "CIT_HomeDirectory" of file "cit.ini" of folder 
"/etc/cit") & "/bin") whose ((exists file "wscansw" of it) and (exists file "wscanfs" of it))))]]></Relevance>

This:

<Relevance>if (name of operating system as lowercase starts with "win") then ((exists (folder "cit" of folder 
(value of variable "windir" of environment)) whose (exists file "cit.ini" of it)) and ((key "CIT_Exploiters" of 
file "cit.ini" of folder "cit" of folder (value of variable "windir" of environment)) contains "SUA:")) else 
((exists (folder "/etc/cit") whose (exists file "cit.ini" of it)) and ((key "CIT_Exploiters" of file "cit.ini" 
of folder "/etc/cit") contains "SUA:"))</Relevance>

with the following:

<Relevance><![CDATA[if (name of operating system as lowercase starts with "win") then (((exists (folder "cit" of 
folder (value of variable "windir" of environment)) whose (exists file "cit.ini" of it)) and ((key "CIT_Exploiters" 
of file "cit.ini" of folder "cit" of folder (value of variable "windir" of environment)) contains "SUA:")) OR 
(exists folder ((pathname of parent folder of data folder of client) & "\LMT\CIT\scanner\config") whose 
(exists file "Cit.properties" of it))) else ((exists (folder "/etc/cit") whose (exists file "cit.ini" of it)) 
and ((key "CIT_Exploiters" of file "cit.ini" of folder "/etc/cit") contains "SUA:"))]]></Relevance>

Upload the catalog_download.bes file to the BigFix console and run the Catalog Download (Version: version) fixlet.
1. Copy the file to the computer where the BigFix console is installed.
2. Log in to the BigFix console.
3. To import the file to the console, click File > Import .
4. Open the directory where you store the catalog_download.bes file, select the file, and click Open. The file is imported.
5. In the left pane, click Sites > Master Action Site > Fixlets and Tasks. The list of available fixlets opens in the upper right pane.
6. Select Catalog Download (Version: version), and click Take Action.
7. Select computers on which you want to run the fixlet, and click OK.