Troubleshooting Deploy

If Deploy is not performing as expected, you might need to do some troubleshooting or change settings. You can also contact your TAM for assistance.

Collect a troubleshooting package

For your own review or to assist support, you can compile Deploy logs and files that are relevant for troubleshooting.

  1. Get the Deploy log.
    1. On the Deploy home page, click Help .
    2. Click the Support tab and click Collect.
    3. When the Status: is updated, click Download.

    The log zip file might take a few moments to download. The files have a timestamp with a deploy-support-YYYY-MM-DDTHH-MM-SS.mmmZ  format.

  2. (Optional) On the endpoint, copy the Tanium\Tanium Client\Tools\Deploy folder.

End user notifications are not displayed

If end user notifications are not being displayed on the endpoints:

  1. Verify that the Tanium End-User Notifications solution is installed. For more information, see Install the Tanium End-User Notifications solution.
  2. Ask the question: Get Has End User Notification Tools from all machines with Is Windows = "true" to check if your endpoints have the end user notification tools.
  3. Verify that any security software exclusions include the \Tanium\Tanium End User Notification Tools directory. For more information, see Security exclusions.

No applicability information for software packages

Software package applicability is calculated on the endpoints by using the applicability rules in the package definition, which is stored in the software package catalog and distributed to the endpoints.

If the applicability information for software packages is not available:

  1. Ensure the Deploy process is running on the target endpoint by:
    • asking the question: Get Deploy - Is Process Running from all machines
    • checking locally for the \Tanium\Tanium Client\python27\TPython.exe on the endpoint
  2. Ensure that the \Tanium\Tanium Client\Tools\Deploy\software-package-catalog.json file is present and updated.
  3. Ensure that the \Tanium\Tanium Client\Tools\Deploy\settings.json file is present and updated.
  4. Review the \Tanium\Tanium Client\Tools\Deploy\software-package-applicability.json file to verify the package id, applicability, and updatedAt values. If the package id is not present, a new scan may not have occurred or the software package catalog might be out of date. When a new software package catalog file is received, the scan should happen within a few minutes.
  5. Load the saved question: Deploy - Software Packages Applicability 0 to display the package id and the applicability state of the first 200 packages. This saved question runs on a scheduled that is defined by the Deploy service. Review Deploy settings to adjust these settings as needed. To load the saved question:
    1. From the Main menu, click Authoring > Saved Questions.
    2. Select the Deploy - Software Packages Applicability 0 row and click Load.

No software in the Packages Gallery page

After you import Deploy 1.1, you must Set the service account and Initialize endpoints again. After the endpoints are initialized, it might take up to one hour to see the software in the Packages Gallery page. You can also restart the Tanium Deploy service to reduce this time constraint.

If you still do not see any software in the Packages Gallery page:

  1. From the Main menu, click Content > Packages.
  2. Search for the Deploy - Software Package Gallery package.
  3. Ensure that this package is cached.
    1. Verify that the Size column does not list Pending.
    2. If the size stays at Pending for more than one hour, contact your TAM for assistance.
  4. Check to see if the Tanium Deploy service is attempting to gather the Deploy package gallery file.
    1. Collect a troubleshooting package.
    2. Open the downloaded support bundle and open the deploy-files\logs\Deploy.log file.
    3. Search for Ensuring software package gallery zip package.
    4. If the Deploy.log file does not have that text, Set the service account again, wait 10-15 minutes, and then repeat the previous steps to recheck the log file.
  5. Check to see if the Tanium Server configuration needs to be reconfigured.
    1. Collect a troubleshooting package again and open the deploy-service\utils\tdownloader\win32\TDL_Logs\log0.txt file.
    2. Search for Peer certificate cannot be authenticated with given CA certificates (error code 60): SSL certificate problem: self signed certificate.
    3. If the log0.txt file does have that text, verify that the Tanium Server(s) are added to the Tanium Module Server: TrustedHostList setting, and restart the Tanium Deploy service on the Tanium Module Server. For more information, see Table 2 of the Tanium Appliance Installation Guide: Change a Tanium server configuration and Table 3 of the Tanium Core Platform Installation Guide: Windows Registry.
  6. If you still do not see any software in the Packages Gallery page after completing the previous steps, contact your TAM for assistance.

Uninstall Deploy

If you need to uninstall Deploy, first clean up the Deploy artifacts on the endpoint and then uninstall Deploy from the server.

  1. Clean up deployment artifacts from the endpoints.
    1. Use Interact to target endpoints. To get a list of endpoints that have Deploy, you can ask the Get Deploy - Is Process Running from all machines question.
    2. Click Deploy Action. Choose the Clean Deploy Tools Folder package.
    3. Check the status of the action on the Actions > Action History page.
  2. Remove the Deploy solution from the Tanium Module Server. From the Main menu, click Tanium Solutions.
    1. In the Deploy section, click Uninstall and follow the process.
    2. Click Proceed with Uninstall.
    3. The uninstaller disables any actions and reissues saved questions.
    4. Return to the Tanium Solutions page and verify that the Import button is available for Deploy.

      If the Deploy module has not updated in the console, refresh your browser.

Last updated: 11/13/2018 3:10 PM | Feedback