Troubleshooting

Do not manually delete any Tanium content that includes “Comply” in the name for any reason. This can cause Comply to stop working correctly.

Issues with CIS-CAT for Comply 1.3.2 or older

Due to an expired CIS certificate, all CIS-CAT engines supported by Comply 1.3.2 or older will fail signature validation causing the engine not to run.

To resolve this issue, you must upgrade to Comply 1.3.3 or later. The tools in Comply 1.3.3 provide a work-around for this issue. After deploying these tools, all versions of CIS-CAT will work correctly. Comply 1.3.3 also adds support for CIS-CAT 3.0.43, which contains code signed with a valid certificate.

If you are unable to upgrade Comply, please contact your TAM.

Collect support bundle

You may need to collect a support bundle that includes logs associated with Comply for troubleshooting purposes when working with technical support or your TAM.

You must have the Comply Admin role to collect the support bundle. For more information about Comply roles, see User roles.

To collect the support bundle

  1. At the top right of the Home page, click Help .
  2. On the Troubleshooting tab, in the Support Request section, click Create Package to download a support bundle of files to provide to your TAM or technical support.

Locate log files

You may need to locate log files on your endpoint or on the Tanium Module Server for troubleshooting purposes when working with technical support or your TAM.

Endpoint log files

Comply log files are created on endpoints at the following path: C:\Program Files (x86)\Tanium\Tanium Client\Tools\Comply\logs

Log files for each scan are keyed by report hash. Only the most recent file is kept.

Tanium Module Server log files

Comply log files are created on the Tanium Module Server at the following path: C:\Program Files\Tanium\Tanium Module Server\services\comply-service\logs

Service log files are found here.

Recreate JRE encryption key

If a JRE encryption key is lost or overwritten, Comply allows you to recreate the JRE encryption key.

  1. At the top right of the Home page, click Settings .
  2. On the JRE Encryption Key tab, click Generate Random Key to generate a new JRE encryption key.


  3. You can provide your own encryption key; however, Tanium recommends that you generate a random key.

  4. Enter your credentials and click OK.
  5. If you have existing reports on endpoints with an encrypted JRE, those reports must be redeployed. In addition, all existing encrypted deployments must be redeployed so they are updated with the new key.

Last updated: 8/21/2018 5:17 PM | Feedback