BigFix Agent deployment issues

The MCM Deploy Agent action fails because of an incorrect path in the MDM Server Analysis.

Problem

Unable to deploy BigFix Agent, even though the BigFix Installer is pre-staged in MDM server.

  • While deploying BigFix Agent, the available packages list does not show the latest packages.
    BES Agent packages for macOS
  • Getting a warning when trying to deploy the BigFix agent, even after prestaging the BigFix Installer in MDM server.

Cause

Several issues may contribute to this problem:

  • Incorrectly uninstalling an old, but now unwanted, MDM server leaves residual files, causing the analysis (if active on that server) to falsely detect the presence of the uninstalled MDM server.
  • The BESAgent Packages Available analysis points to the incorrect directory - (/var/opt/BESUEM/packages) instead of the subdirectory (/var/opt/BESUEM/packages/macOS).
  • The WebUI is caching outdated information and not using the most recent analysis results.
  • If multiple MDM servers are present, the WebUI retrieves the package from the first server in the list rather than from the latest analysis result.

Workaround

Placing the required files in the right directory and ensuring the WebUI correctly identifies and utilizes the latest BigFix agent packages can resolve the above issue. To do that complete the following steps:

  1. Cleanup Residual Files:

    Manually delete any residual files from the uninstallation of any old, unused MDM server setup, while keeping the current active MDM server setup intact:
    • /var/opt/BESUEM/.env
    • /var/opt/BESUEM/apple
    • /var/opt/BESUEM/mac

  2. Verify Analysis Configuration:

    • For macOS deployments, manually copy any .plist and .pkg files from /var/opt/BESUEM/packages directory to the /var/opt/BESUEM/packages/macOS subdirectory.
    • Ensure the analysis Apple Modern Client Management MDM Servers is correctly configured to point to /var/opt/BESUEM/packages/macOS.

  3. Check Analysis Update:

    • The analysis runs every 15 minutes. After placing the files in the correct directory, wait up to 15 minutes for the WebUI to update.

  4. Verify WebUI Cache:

    1. Restart BESClient on the MDM Server to use the latest analysis results.
    2. Verify the WebUI health check at 
      https://<webUI Host>/mdm/next/healthcheck
      to ensure all MDM servers show a green light and the associated analyses are activated.
      Health Check Analysis
  5. Ensure Consistent Package Pre-staging
    • When pre-staging BES Agent installers, ensure all MDM servers have the same matching set of BES Agent packages.
    • Verify that the WebUI is using the correct and most recent analysis results from all MDM servers, especially if multiple servers are involved.
Note: The above is a temporary fix. For a permanent solution, BESUEM content update with enhanced analysis will be published soon.