Troubleshooting Client Management
To send information to Tanium for troubleshooting, collect logs and other relevant information.
Collect logs
The information is saved as a ZIP file that you can download with your browser.
- From the Client Management home page, click Help
, then the Troubleshooting tab.
- Click Download Debug Package.
A tanium-client-management-support.zip file downloads to the local download directory. - Attach the ZIP file to your Tanium Support case form or contact Tanium Support.
Tanium Client Management maintains logging information in the client-management.log file in the \Program Files\Tanium\Tanium Module Server\services\client-management-files directory.
Download deployment information
You can download a JSON file that includes deployment settings and endpoint details for a deployment.
-
From the Client Management menu, click Deployments.
-
In the Name column, click the name of a deployment.
- Click Download
to download the JSON file.
Troubleshoot deployments
Problem: A new deployment instantly switches to the Completed status with no attempted deployments to endpoints
The Module Server is having trouble downloading the client binaries.
Solution
Check the TDownloader log for download errors. For information about where to find this log, see Tanium Core Platform Deployment Reference Guide: TDownloader logs.
Problem: Endpoint Installation Status = ERROR_ACQUIRE_LOGS_FAIL
Log messages for the deployment contain the following message:
Deployment Result Generated: Necessary file(s) missing on disk: C:\Program Files\Tanium\Tanium Module Server\services\client-management-files\deployment-runner-data\bc6bf6fd-0388-4f2d-9120-860cac75e8d4\tanium.pub
Solution
Upload the tanium.pub file. See (Tanium 7.2.x, 7.3.x only) Upload Tanium public key.
Problem: Endpoint Installation Status = ERROR_ACQUIRE_LOGS_FAIL
Log messages for the deployment contain the following message:
Error creating/starting the installation bootstrap service on the target: Error: cli_rpc_pipe_open_noauth: rpc_pipe_bind for pipe svcctl failed with error NT_STATUS_CONNECTION_DISCONNECTED Could not initialise pipe svcctl. Error was NT_STATUS_CONNECTION_DISCONNECTED
Solution
Verify that the firewall allows WMI, RPC, and SMB traffic between Tanium servers and endpoints. For more information, see Host and network security requirements.
Firewalls with application-based control might not allow this traffic for Tanium by default.
Problem: Endpoint Installation Status = ERROR_CONNECTION_FAIL
Log messages for the deployment contain the following message:
Deployment Result Generated: All 1 connection attempt(s) resulted in no response from the target.
Solution
- Check the user name provided with the credentials. Credentials must be active and not disabled. Check that the domain is added correctly, for example: domain\username for a domain account, or username for a local endpoint account.
- Check the password provided with the credentials to ensure it is not disabled or expired.
- Check both the target endpoint firewall and network device firewalls. The Module Server might be blocked from initiating a connection to the target endpoint by a firewall. WMI port 135, SMB port 445, and SSH port 22 must be open. Use the following testing techniques to check the ports:
- Test Network connections:
- Windows PowerShell: Test-NetConnection -computer ip_address -port port_number
- Linux: telnet, nc / netcat
- Check TanOS network status: See Tanium Appliance Deployment Guide: Support menu.
- Test Network connections:
-
If you are using a non-default Administrator account and the machine is not joined to a domain, edit the Windows registry to disable User Account Control (UAC) remote restrictions, which normally prevent access to administrative shares and remote installations under these conditions. To disable UAC remote restrictions, add the following registry value and restart the machine:
Subkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System
Data type: REG_DWORD
Value name: LocalAccountTokenFilterPolicy
Value data: 1If you use the default local Administrator account, you do not need to make this registry change.
Administrative shares are not available in Home editions of Windows operating systems.
Problem: Endpoint Installation Status = ERROR_CONNECTION_FAIL
Log messages for the deployment contain the following message:
Command resulted in error: Error: Connection to 'SSH Client for '192.168.24.11'' was not established
Solution
- Verify the client configuration and deployment settings. You might be targeting a Windows endpoint with a deployment while only using SSH as a connection method.
- Verify that the targeted Linux endpoint has SSH enabled and is configured on port 22.
- Check the user name provided with the credentials. Credentials must be active and not disabled. Check that the domain is added correctly, for example: domain\username for a domain account, or username for a local endpoint account.
- Check the password provided with the credentials to ensure it is not disabled or expired.
Problem: Endpoint Installation Status = ERROR_ACQUIRE_LOGS_FAIL
Log messages for the deployment contain the following message:
SMB 'mkdir' command exited with exit code 1.
Solution
Verify that you are not trying to deploy to an endpoint that already has the Tanium Client installed. The endpoint could have a Tanium Client that was not fully removed, or a Tanium Client installation that points to a different Tanium Server.
Uninstall Client Management
- From the Main menu, click Administration > Configuration > Solutions.
- In the Content section, select the Client Management row.
- Click Delete Selected
. Click Uninstall to complete the process.
Contact Tanium Support
To contact Tanium Support for help, sign into https://support.tanium.com.
Tanium as a Service is a self-monitored service, designed to detect failures before the failures surface to users.
Contact Tanium Support
To contact Tanium Support for help, sign into https://support.tanium.com.
Last updated: 3/3/2021 9:37 AM | Feedback