DSA Recovery

When recovering a lost DSA server, all top-level BigFix relays (and therefore the entire deployment) should already be pointing to the remaining DSA server.

It is recommended to leave all relays and clients reporting up to the working DSA server during this recovery procedure. If your existing relay settings do not allow this, isolate the server being restored on the network such that only the working DSA server can connect to it.

  1. If the master DSA server fails, run the following procedure on the BFEnterprise SQL database to promote the secondary DSA server to master during restoration and replication of the failed server.
    declare @ServerID varchar(32)
    select @ServerID = convert(varchar(32),ServerID) from DBINFO
    execute [BFEnterprise].[dbo].[update_adminfields] 'Z:masterDatabaseServerID',@ServerID 
    In this way you can install a new DSA server and you can run the Administration Tool on the secondary DSA server during the restoration of the failed server.
  2. On the existing DSA server delete the failed DSA server id from the database.
    1. First see what the existing DSA server id is by executing the following SQL statement.
      select ServerID from DBINFO 
    2. List the IDs of the DSA servers:
      select * from REPLICATION_SERVERS 
    3. After identifying the failed server ID, run the following procedure:
      execute BFEnterprise.dbo.delete_replication_server <ID> 
  3. Restore the server operating system and database software in a pristine state without any BigFix server or the BigFix database remnants.
  4. Restore the following items from backup:
    • [BigFix Server folder]\BESReportsServer\wwwroot\ReportFiles
    • [BigFix Server folder]\Encryption Keys (can be optionally restored by copying from the secondary server, or a new key generated by the Administration Tool)
    • [BigFix Server folder]\UploadManagerData (optional, for faster recovery of SUA data if lost server was the SUA Source)
    • [BigFix Server folder]\wwwrootbes\bfmirror\downloads\ActionURLs
    • [BigFix Server folder]\wwwrootbes\bfmirror\downloads\sha1 (optional, for faster recovery of cached files)
    • cert.pem file for Web Reports, if using HTTPS
    • BESReporting database in SQL Server
  5. Install BigFix server using the installer and the existing masthead. For additional information see Installing Additional Windows Servers (DSA).
  6. Set the following registry values:
    For 32-bit Windows systems, go to [HKLM\Software\BigFix\Enterprise Server\FillDB] or for 64-bit Windows systems, go to [HKLM\Software\Wow6432Node\BigFix\Enterprise Server\FillDB] and then set the following values:
    "PerformanceDataPath"[REG_SZ] = "[BigFix Server folder]\FillDB\FillDBperf.log"
    "UnInterruptibleReplicationSeconds"[DWORD] = 14400 (decimal)
    ReplicationDatabase=<DBName>
    ReplicationUser=<DBUser>
    ReplicationPassword=<DBPassword>
  7. Restart the BES FillDB service.
  8. Install BigFix client and console.
  9. After replication completes, run the following procedure on in the SQL database to promote this newly restored BigFix server to be the master server.
    declare @ServerID varchar(32)
    select @ServerID = convert(varchar(32),ServerID) from DBINFO
    execute [BFEnterprise].[dbo].[update_adminfields] 'Z:masterDatabaseServerID',@ServerID 
  10. Reinstall and reconfigure the Plugins. Configuration information can be gathered from the currently operating DSA server or from installation notes and configuration details kept by the Administrator.
  11. Set the following registry values and restart the BES FillDB service:

    Go to [HKLM\Software\Wow6432Node\BigFix\Enterprise Server\FillDB] and then set the following values:

    "PerformanceDataPath"[REG_SZ] = ""
    "UnInterruptibleReplicationSeconds"[DWORD] = 120 (decimal)
  12. Launch the Administration Tool and update the replication interval on this restored server to the desired level. Typically, this value should match the interval set on the other DSA Server.
    Note: Depending on the size of the deployment, the replication process might take multiple days to complete. To validate its completion, look for a Replication Completed message in the FillDBperf.log file. Connecting a separate BigFix console to each DSA server and comparing contents is another way to check that the data is synchronized in both deployments.
  13. Revalidate the datasource on the Web Reports, editing the existing one.
Note: When you switch the servers, you have to wait for the endpoints to register with the new master server before you can send mailbox actions to them. Endpoints register automatically and periodically to a server by default every 6 hours. In the meantime, if you need to run any actions, this can be accomplished by running them as Dynamically target by property.