Maintaining Certificate Manager

Perform regular maintenance tasks to ensure that Certificate Manager successfully performs scheduled activities on all the targeted endpoints and does not overuse endpoint or network resources. If Certificate Manager is not performing as expected, you might need to troubleshoot issues or change settings.

Perform monthly maintenance

1. From the Main menu, go to Modules > Certificate Manager > Overview.
2. In the Overview section, review the Certificate Manager Coverage panel for endpoints with the Needs Attention status.
3. To investigate issues, see Monitor and troubleshoot Certificate Manager Coverage.
4. To troubleshoot other Certificate Manager issues, see Troubleshooting Certificate Manager.

Perform as-needed maintenance

Check scheduled Connect connections

Verify that any recurring connections in Tanium Connect are running as expected.

1. From the Main menu, go to Modules > Connect > Connections.
2. Click on each of your connections to check the Run Status and Next Run details.
3. If the Owner is no longer an active user, click Actions > Edit Ownership to take ownership of the connection. For more information, see Tanium Connect User Guide: Scheduled connection owned by a deleted user no longer runs.
4. To troubleshoot other connection issues, see Tanium Connect User Guide: Troubleshoot issues.

Monitor and troubleshoot Certificate Manager Coverage

The following table lists contributing factors into why the Certificate Manager coverage metric might report endpoints as Needs Attention, and corrective actions you can make.

Contributing factor	Corrective action
Audit scan age over 30 days	Verify that the certificate audit packages are scheduled to run daily. For more information, see Create scheduled actions for Certificate Manager. Deploy a certificate audit package.
Audit scan timed out	Contact Tanium Support to determine why the audit scan timed out before completing successfully and if increasing the Certificate Audit [Windows] or Certificate Audit [Non-Windows] package parameterized timeout is needed.
Certificate Audit has not been run	Verify that a certificate audit completed successfully. Deploy a certificate audit package if needed.
Certificate Manager Tools missing	Verify that all endpoints have the latest version of the Certificate Manager Tools installed using the following sensor: Get Endpoint Configuration - Tools Status having Endpoint Configuration - Tools Status:Tool Name contains Certificate Manager from all machines Ensure that the Tanium Certificate Manager action group is configured to the targeted endpoints.
Error parsing the Audit Database	Contact Tanium Support to determine why the audit database could not be parsed and next steps to take.
Missing lsof command	Verify that lsof is installed on all Linux endpoints. For more information, see ERROR - lsof was not found.
TPython missing Tanium Python 3.8 missing	Verify that all endpoints have the latest version of the Tanium Python Tools installed using the following sensor: Get Python - Tools Version from all machines Deploy the Python - Tools [Linux] package to any endpoints that return Linux Package Required. Deploy the Python - Tools [Mac] package to any endpoints that return Mac Package Required. Deploy the Python - Tools [Windows] package to any endpoints that return Windows Package Required.