Targets cannot contact the server

Symptom
Targets are not registering or updating their details on the IBM® BigFix® Remote Control Server.
Causes
  • The target does not have the correct URL for the server.
  • The host name part of the URL, that is used to contact the server, does not match the common name in the server's SSL certificate.
Solution

When you install the target software the target contacts the server by using http or https, and the server URL that is defined during the installation of the target. However, there are two important things to note to ensure that the connection between the server and target is successful.

  • The target must have the correct URL for the server.
  • The host name part of the URL must match the common name in the server's SSL certificate.

When the IBM BigFix Remote Control Server is installed with the installation program, you must ensure that you supply the correct values in the Web server parameters window. By default, the upload data to server field is populated with the computer name from the Windows® operating system settings. The server installer program uses the field value to generate the server URL. The URL is then saved in the trc.properties file, in the url property and is also saved in the SSL certificate. Therefore, make sure that you specify the correct computer name during the installation. If you specify an incorrect value, the following problem might occur.

When a target contacts the server for the first time, it uses the ServerURL property from the target registry or configuration file to contact the server. When the server responds to the target, it includes the server address that is assigned to the url property in the trc.properties file. The target uses this URL to contact the server. If the address that is sent to the target is incorrect, the target can register once and then is not able to contact the server again. After a while, the target is marked as being offline. You are also unable to start sessions with this target, because the target does not have a correct working URL with which to authenticate an incoming session.

The common name that is in the server's SSL certificate must be a host name that resolves to the IP address of the server. If the SSL certificate has, for example, mytrcserver, but on the target there is no way to translate mytrcserver to the IP address of the server, your environment is not correctly configured. The only names that are correctly supported are fully qualified domain names that are registered in the DNS. For example, mytrcserver.example.ibm.com. To use only mytrcserver, the server and target must be on the same local network and have WINS configured.

You can check that the DNS server is properly configured by using the nslookup command to query the full computer name and IP address.

For example: At a command prompt type, the following commands.

C:\>nslookup

Default Server:  dns.example.ibm.com
Address:  192.0.2.0



Type in the hostname of your server

> mytrcserver.example.ibm.com
Server:  dns.example.ibm.com
Address:  192.0.2.0

Name:    mytrcserver.example.ibm.com
Address:  192.0.2.1



Type in the ip address of your server

> 192.0.2.1
Server:  dns.example.ibm.com
Address:  192.0.2.0

Name:    mytrcserver.example.ibm.com
Address:  192.0.2.1
you can see that the server host name resolves to the correct IP address.