Troubleshooting Client Management

To send information to Tanium for troubleshooting, collect logs and other relevant information.

Collect logs

The information is saved as a ZIP file that you can download with your browser.

  1. From the Client Management home page, click Help , then the Troubleshooting tab.
  2. Click Download Debug Package.
    A tanium-client-management-support.zip file downloads to the local download directory.
  3. Attach the ZIP file to your Tanium Support case form or send it to your Technical Account Manager (TAM).

Tanium Client Management maintains logging information in the client-management.log file in the \Program Files\Tanium\Tanium Module Server\services\client-management-files directory.

Download deployment information

You can download a JSON file that includes deployment settings and endpoint details for a deployment.

  1. From the Client Management menu, click Deployments.

  2. In the Name column, click the name of a deployment.

  3. Click Download to download the JSON file.

Troubleshoot deployments

 

Problem: A new deployment instantly switches to the Completed status with no attempted deployments to endpoints

The Module Server is having trouble downloading the client binaries.

Solution

Check the TDownloader log for download errors. For information about where to find this log, see Tanium Core Platform Deployment Reference Guide: TDownloader logs.

 

Problem: Endpoint Install Status = ERROR_EXISTING_INSTALL

Log messages for the deployment contain the following message:

Existing Tanium Client installation detected.

Solution

The client might have been successfully installed during a previous deployment. If you are attempting to upgrade the client, follow the steps in Tanium Client User Guide: Upgrading Tanium Clients.

 

Problem: Endpoint Install Status = ERROR_ACQUIRE_LOGS_FAIL

Log messages for the deployment contain the following message:

Deployment Result Generated: Necessary file(s) missing on disk: C:\Program Files\Tanium\Tanium Module Server\services\client-management-files\deployment-runner-data\bc6bf6fd-0388-4f2d-9120-860cac75e8d4\tanium.pub

Solution

Upload the tanium.pub file. See (Tanium 7.2.x, 7.3.x only) Upload Tanium public key.

 

Problem: Endpoint Install Status = ERROR_CONNECTION_FAIL

Log messages for the deployment contain the following message:

Deployment Result Generated: All 1 connection attempt(s) resulted in no response from the target.

Solution

  • Check the user name provided with the credentials. Credentials must be active and not disabled. Check that the domain is added correctly, for example: domain\username for a domain account, or username for a local endpoint account.
  • Check the password provided with the credentials to ensure it is not disabled or expired.
  • Check both the target endpoint firewall and network device firewalls. The Module Server might be blocked from initiating a connection to the target endpoint by a firewall. SMB ports on 139 and 445 must be open. SSH port 22 must be open. Use the following testing techniques to check the ports: 
  • (Windows endpoints) If the client is non-domain joined, you must edit the Windows registry to allow remote installations.
    In most Active Directory environments, admin shares are already available. For standalone machines that have not joined the domain, you might have to enable admin shares so that a user can reach c$ with sufficient permissions. In Windows 7 and 8 machines, enable the admin shares of a standalone machine by adding the following registry key and restarting the computer:

    Hive: HKEY_LOCAL_MACHINE
    Key: Software\Microsoft\Windows\CurrentVersion\Policies\System
    Name: LocalAccountTokenFilterPolicy
    Data Type: REG_DWORD
    Value: 1

     

    Admin shares are not available in Home editions of Windows operating systems.

Problem: Endpoint Install Status = ERROR_CONNECTION_FAIL

Log messages for the deployment contain the following message:

Command resulted in error: Error: Connection to 'SSH Client for '192.168.24.11'' was not established

Solution

  • Verify the client configuration and deployment settings. You might be targeting a Windows endpoint with a deployment while only using SSH as a connection method.
  • Verify that the targeted Linux endpoint has SSH enabled and is configured on port 22.
  • Check the user name provided with the credentials. Credentials must be active and not disabled. Check that the domain is added correctly, for example: domain\username for a domain account, or username for a local endpoint account.
  • Check the password provided with the credentials to ensure it is not disabled or expired.

 

Problem: Endpoint Install Status = ERROR_ACQUIRE_LOGS_FAIL

Log messages for the deployment contain the following message:

SMB 'mkdir' command exited with exit code 1.

Solution

Verify that you are not trying to deploy to an endpoint that already has the Tanium Client installed. The endpoint could have a Tanium Client that was not fully removed, or a Tanium Client installation that points to a different Tanium Server.

Uninstall Client Management

  1. From the Main menu, click Administration > Configuration > Solutions.
  2. In the Content section, select the Client Management row.
  3. Click Delete Selected . Click Uninstall to complete the process.

Tanium as a Service is a self-monitored service, designed to detect failures before the failures surface to users.

Request support

If you notice issues with the service, notify [email protected] or contact your TAM for diagnostics and troubleshooting.