Internet Connection Firewall is Blocking BES Traffic - BES Client (WSH disabled)
| 0 Votes |
Description
The BES Server and BES Relays send UDP packets to the BES Clients to notify them that there is new information available such as new Fixlet messages, actions, and computer refreshes. BES Clients on relevant computers will not receive UDP notification packets and therefore will not see new actions or new Fixlet messages until they gather the new actionsite, which is by default, once a day. After configuring Windows Firewall to allow inbound UDP traffic on the BES Listen Port, BES Clients will resume normal communication with the BES Server and BES Relays.
Note: After this action is applied, affected BES Clients will not report until they have performed their standard once-per-day gather or until the BES Client is restarted.
Note: Running the actions below may cause client machines to briefly display pop-up and command prompt windows.
Note: Windows Scripting Host is disabled for this computer and it will be temporarily enabled to run a script which will configure ICF to allow inbound UDP connections. WSH will be disabled immediately after the script has run.
Property Details
| 514 | |
| Internet Connection Firewall is Blocking BES Traffic - BES Client (WSH disabled) | |
| Support | |
| 0 | |
| BigFix | |
| <Unspecified> | |
| Important | |
| 4/15/2004 12:00:00 AM | |
| BES UDP Clients Firewall Note | |
| besSupport on 10/17/2012 1:16:00 PM | |
| danielheth on 10/17/2012 1:16:00 PM | |
| 4109 Views / 5 Downloads | |
* Average over 0 ratings.
** Log In or Register to add your rating.
|
Relevance
| Used in 223 fixlets | * Results in a true/false |
(if exists property "in proxy agent context" then ( not in proxy agent context ) else true )
version of client >= "5.1"
| Used in 24 fixlets | * Results in a true/false |
((if (version of client >= "8.0") then (windows of it) else (name of it starts with "Win")) AND platform id of it != 3) of operating system
| Used in 4 fixlets | * Results in a true/false |
(not exists module "inspect.dll") OR (exists module "inspect.dll" AND (version string "ProductVersion" of module "inspect.dll" as version != "4.1.8.05" as version) AND (version string "ProductVersion" of module "inspect.dll" as version != "4.1.8.04" as version))
| Used in 2 fixlets | * Results in a true/false |
(((name of it = "WinXP" or name of it = "WinXPe") AND (it = "" OR it ends with "1") of csd version of it) OR ((name of it = "Win2003" OR name of it = "WinXP-2003") AND csd version of it = "")) of operating system
| Used in 2 fixlets | * Results in a true/false |
not (exists relay server or exists main gather service)
| Used in 2 fixlets | * Results in a true/false |
exists internet connection firewall whose (enabled of it AND not exists port mapping whose (enabled of it AND protocol of it = "udp" AND internal port of it as string = (value "ListenPort" of key "HKLM\SOFTWARE\BigFix\EnterpriseClient\GlobalOptions" of registry) as string) of it) of adapters of network
| Used in 2 fixlets | * Results in a true/false |
(not exists application of file type ".vbs" of registry) OR (not exists file "cscript.exe" of system folder)
Actions
Action 1
Action Link Click
here for information on how to make this action a "policy" action that will automatically open the BES port on any computer that has this Fixlet message relevant.
Script Type
URL
http://support.bigfix.com/cgi-bin/kbdirect.pl?id=113
Action 2
Action Link Click
here to enable incoming traffic on the port reserved for BES.
Script Type
BigFix Action Script
// enable the WSH
download http://www.symantec.com/avcenter/noscript.exe
continue if {(size of it = 127432 and sha1 of it = "c19722c97b73210065ec58fd43cbf4b0c84dd3e5") of file "noscript.exe" of folder "__download"}
wait __download/noscript.exe /silent /on
// Change the firewall settings
run "{pathname of client folder of site "BESSupport"}\RunQuiet.exe" "{pathname of system folder}\cscript.exe" "{pathname of client folder of site "BESSupport"}\icfconfirm.vbs"
wait "{pathname of system folder}\cscript.exe" "{pathname of client folder of site "BESSupport"}\besport.js" 127.0.0.1 "{value "ListenPort" of key "HKEY_LOCAL_MACHINE\SOFTWARE\BigFix\EnterpriseClient\GlobalOptions" of registry}"
// disable WSH
wait __download/noscript.exe /silent
Success Criteria
This action will be considered successful when the applicability relevance evaluates to false.
Action 3
Action Link Click
here to disable the Internet Connection Firewall.
Script Type
BigFix Action Script
// enable the WSH
download http://www.symantec.com/avcenter/noscript.exe
continue if {(size of it = 127432 and sha1 of it = "c19722c97b73210065ec58fd43cbf4b0c84dd3e5") of file "noscript.exe" of folder "__download"}
wait __download/noscript.exe /silent /on
// Change the firewall settings
run "{pathname of client folder of site "BESSupport"}\RunQuiet.exe" "{pathname of system folder}\cscript.exe" "{pathname of client folder of site "BESSupport"}\icfconfirm.vbs"
wait "{pathname of client folder of site "BESSupport"}\RunQuiet.exe" "{pathname of system folder}\cscript.exe" "{pathname of client folder of site "BESSupport"}\icfdisable.vbs"
// disable WSH
wait __download/noscript.exe /silent
Success Criteria
This action will be considered successful when the applicability relevance evaluates to false.
Action 4
Action Link Click
here for more information about the Internet Connection Firewall from Microsoft.
Script Type
URL
http://technet.microsoft.com/en-us/library/bb457033.aspx
Sharing
| Social Media: |
