Troubleshooting Client Management

To send information to Tanium for troubleshooting, collect logs and other relevant information.

Collect logs

The information is saved as a ZIP file that you can download with your browser.

  1. From the Client Management home page, click Help , then the Troubleshooting tab.
  2. Click Download Debug Package.
    A tanium-client-management-support.zip file downloads to the local download directory.
  3. Attach the ZIP file to your Tanium Support case form or contact Tanium Support.

Tanium Client Management maintains logging information in the client-management.log file in the \Program Files\Tanium\Tanium Module Server\services\client-management-files directory.

Download deployment information

You can download a JSON file that includes deployment settings and endpoint details for a deployment.

  1. From the Client Management menu, click Deployments.

  2. In the Name column, click the name of a deployment.

  3. Click Download to download the JSON file.

Troubleshoot deployments

 

Problem: A new deployment instantly switches to the Completed status with no attempted deployments to endpoints

The Module Server is having trouble downloading the client binaries.

Solution

Check the TDownloader log for download errors. For information about where to find this log, see Tanium Core Platform Deployment Reference Guide: TDownloader logs.

 

Problem: Endpoint Installation Status = ERROR_ACQUIRE_LOGS_FAIL

Log messages for the deployment contain the following message:

Deployment Result Generated: Necessary file(s) missing on disk: C:\Program Files\Tanium\Tanium Module Server\services\client-management-files\deployment-runner-data\bc6bf6fd-0388-4f2d-9120-860cac75e8d4\tanium.pub

Solution

Upload the tanium.pub file. See (Tanium 7.2.x, 7.3.x only) Upload Tanium public key.

 

Problem: Endpoint Installation Status = ERROR_ACQUIRE_LOGS_FAIL

Log messages for the deployment contain the following message:

Error creating/starting the installation bootstrap service on the target: Error: cli_rpc_pipe_open_noauth: rpc_pipe_bind for pipe svcctl failed with error NT_STATUS_CONNECTION_DISCONNECTED Could not initialise pipe svcctl. Error was NT_STATUS_CONNECTION_DISCONNECTED

Solution

Verify that the firewall allows WMI, RPC, and SMB traffic between Tanium servers and endpoints. For more information, see Host and network security requirements.

Firewalls with application-based control might not allow this traffic for Tanium by default.

 

Problem: Endpoint Installation Status = ERROR_CONNECTION_FAIL

Log messages for the deployment contain the following message:

Deployment Result Generated: All 1 connection attempt(s) resulted in no response from the target.

Solution

  • Check the user name provided with the credentials. Credentials must be active and not disabled. Check that the domain is added correctly, for example: domain\username for a domain account, or username for a local endpoint account.
  • Check the password provided with the credentials to ensure it is not disabled or expired.
  • Check both the target endpoint firewall and network device firewalls. The Module Server might be blocked from initiating a connection to the target endpoint by a firewall. WMI port 135, SMB port 445, and SSH port 22 must be open. Use the following testing techniques to check the ports: 

  • If you are using a non-default Administrator account and the machine is not joined to a domain, edit the Windows registry to disable User Account Control (UAC) remote restrictions, which normally prevent access to administrative shares and remote installations under these conditions. To disable UAC remote restrictions, add the following registry value and restart the machine:

    Subkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System
    Data type: REG_DWORD
    Value name: LocalAccountTokenFilterPolicy
    Value data: 1

    If you use the default local Administrator account, you do not need to make this registry change.

    Administrative shares are not available in Home editions of Windows operating systems.

 

Problem: Endpoint Installation Status = ERROR_CONNECTION_FAIL

Log messages for the deployment contain the following message:

Command resulted in error: Error: Connection to 'SSH Client for '192.168.24.11'' was not established

Solution

  • Verify the client configuration and deployment settings. You might be targeting a Windows endpoint with a deployment while only using SSH as a connection method.
  • Verify that the targeted Linux endpoint has SSH enabled and is configured on port 22.
  • Check the user name provided with the credentials. Credentials must be active and not disabled. Check that the domain is added correctly, for example: domain\username for a domain account, or username for a local endpoint account.
  • Check the password provided with the credentials to ensure it is not disabled or expired.

 

Problem: Endpoint Installation Status = ERROR_ACQUIRE_LOGS_FAIL

Log messages for the deployment contain the following message:

SMB 'mkdir' command exited with exit code 1.

Solution

Verify that you are not trying to deploy to an endpoint that already has the Tanium Client installed. The endpoint could have a Tanium Client that was not fully removed, or a Tanium Client installation that points to a different Tanium Server.

 

Uninstall Client Management

  1. From the Main menu, click Administration > Configuration > Solutions.
  2. In the Content section, select the Client Management row.
  3. Click Delete Selected . Click Uninstall to complete the process.

Contact Tanium Support

To contact Tanium Support for help, sign into https://support.tanium.com.

Tanium as a Service is a self-monitored service, designed to detect failures before the failures surface to users.

Contact Tanium Support

To contact Tanium Support for help, sign into https://support.tanium.com.