Using TEM 8.2 with a Proxy Server
In Tivoli Endpoint Manager 8.2, the only component that can access the Internet directly (by default) is the BES Gather Service component of the server.
Note: The BES Gather Service component is deprecated in 9.x. The BES Root Server Service component is by default used starting from IEM version 9.0.
This article describes how to configure the BES Gather Service for TEM version 8.2 to connect out to the Internet through a proxy.
For related information, see the product documentation:
Configure TEM version 8.2 with a proxy server:
The TEM Windows services automatically run as the Windows LOCAL SYSTEM account, certain proxy or firewall configurations will not allow the BES Gather service to access the Internet.
To give the BES Gather Service access to the Internet, you will need to have the BES Gather Service login to Windows as a user that can access the Internet through the proxy.
To configure the BES Gather Service to run as a user that can access the Internet, follow these directions on the TEM Server computer (Note: This will work for most proxies, but if your proxy has special requirements, such as only allowing domain users to access the Internet, you will need to talk to your network administrator):
- Create a local Windows Administrator account.
- Log in as the local Windows Administrator account you just created and set up the account to access the Internet.
- Verify that you can access an external website (i.e. http://www.ibm.com).
- Ensure communication to local systems are not forwarded through the proxy server. To exclude local systems, in the Internet Connection settings, go into the proxy settings area and then click the "bypass proxy for local addresses".
In addition, under the Advanced proxy settings, type in the local domains that should not be sent through the proxy server. For example for systems on your foo.com internal company domain, you would put "*.foo.com" and "127.0.0.1" in the "Exclude" box. This will cause requests that are intended for anything.foo.com to be sent directly, rather than through the proxy server. If your system is set up to use an autoconfiguration script, you will need to configure the actual name of the proxy and the port instead of the script.
- Go to Control Panel > Administrative Tools > Services.
- Click BES Gather Service.
- Click the Log On account and set the service to log on as the user you just created.
- Restart the BES Gather Service.
You can verify that the BES Gather Service can access the Internet by opening up the TEM Diagnostics tool on the TEM Server (Start > All Programs > Tivoli Endpoint Manager > Tivoli Endpoint Manager Diagnostics Tool).
Note: If you modify the BES Gather service to run as an account other than the Windows SYSTEM account, several tests in the Service Permissions tab of TEM Diagnostics tool may fail. This is a known issue in the TEM Diagnostics tool. You can safely ignore these failures in this case.