Troubleshooting Direct Connect

Tanium Cloud is a self-monitored service, designed to detect failures before the failures surface to users. For more information, see Tanium Cloud Deployment Guide: Troubleshooting Tanium Cloud.

To collect and send information to Tanium for troubleshooting, collect logs and other relevant information.

Generate a support package

Collect information about the current state of the Direct Connect service to use for troubleshooting. The information is saved as a ZIP file that you can download with your browser.

  1. From the Direct Connect Overview page, click Help , then open the Troubleshooting tab.
  2. Click Generate Support Package.
  3. Click Download Support Package to download the ZIP file to the local download directory.
  4. Contact Tanium Support to determine the best option to send the ZIP file. For more information, see Contact Tanium Support.

Change the logging level

If you need greater verbosity in the logs, you can change the log level.

  1. From the Direct Connect Overview page, click Help , then open the Troubleshooting tab.
  2. Adjust the Log Level as needed.

This update changes the log level for future logging. It does not affect the data that is available in the support package for previously logged events.

Troubleshoot endpoint connection issues

When you attempt an endpoint connection, Direct Connect iterates through the configured Tanium Servers or Zone Serversconnections to Tanium Cloud for an endpoint in this order until a successful connection occurs:

  1. LastGoodServerName (if available)
  2. The last server Tanium Cloud instance used for a successful connection
  3. The server Tanium Cloud instance with the most successful connections
  4. ServerName (if specified)
  5. Any servers Tanium Cloud instances specified in ServerNameList

For more information about LastGoodServerName, ServerName, and ServerNameList, see Tanium Client Management User Guide: Settings for connections to Tanium Core Platform serversTanium Client Management User Guide: Settings for connections to Tanium Cloud.

If you are unable to establish an endpoint connection, check the status of the Deploy Direct Connect - Open Session - operating system - session ID action from the Action History page.

If the action ran, but was not successful, check the <Tanium Client>/Logs/extensions0.txt log on the endpoint. Make sure that the endpoint can connect to the Module Server using the Fully Qualified Domain Name and Port that you configured on the Endpoint Connection tab in the Direct Connect settingsTanium Cloud using its fully qualified domain name and port 17486.

If the action did not run on the endpoint, make sure that the endpoint is a member of the Direct Connect action group and has the latest tools installed.

Troubleshoot connection issues through a zone proxy

To use Direct Connect with endpoints that connect to the Module Server through a Zone Server, you must install and configure the Direct Connect Zone Proxy. For more information, see Configure Zone Proxies.

If you are unable to establish an endpoint connection after installing and configuring the Direct Connect Zone Proxy, check the Direct Connect Zone Proxy log for errors: <Tanium>/TaniumDirectConnectZoneProxy/logs/proxy.log.

Screen sharing buttons unavailable

Screen sharing buttons and related functionality might not be available in the Tanium Console while the system rotates ScreenMeet key information (by default, once every 30 days). Wait up to 30 minutes for this to complete, then try accessing screen sharing functionality. If you still cannot access screen sharing functionality, Contact Tanium Support.

Remove Direct Connect tools from endpoints

You can deploy an action to remove Direct Connect tools from an endpoint or computer group. Separate actions are available for Windows and non-Windows endpoints.

  1. In Interact, target the endpoints from which you want to remove the tools. For example, ask a question that targets a specific operating system:
    Get Endpoint Configuration - Tools Status from all machines with Is Windows equals true
  2. In the results, select the row for Direct Connect , drill down as necessary, and select the targets from which you want to remove Direct Connect tools. For more information, see Tanium Interact User Guide: Drill Down.
  3. Click Deploy Action.
  4. For the Deployment Package, select Endpoint Configuration - Uninstall Tool [Windows] or Endpoint Configuration - Uninstall Tool [Non-Windows], depending on the endpoints you are targeting.

  5. For Tool Name, select Direct Connect .

  6. (Optional) By default, after the tools are removed they cannot be reinstalled. To allow tools to be automatically reinstalled, clear the selection for Block reinstallation. Re-installation occurs almost immediately.

    If reinstallation is blocked, you must unblock it manually:

    • To allow Direct Connect to reinstall tools, deploy the Endpoint Configuration - Unblock Tool [Windows] or Endpoint Configuration - Unblock Tool [Non-Windows] package (depending on the targeted endpoints).

    • If you reinstall tools manually, select Unblock Tool when you deploy the Endpoint Configuration - Reinstall Tool [Windows] or Endpoint Configuration - Reinstall Tool [Non-Windows] package.

  7. (Optional) To remove all Direct Connect databases and logs from the endpoints, clear the selection for Soft uninstall.

    When you perform a hard uninstallation of some tools, the uninstallation also removes data that is associated with the tool from the endpoint. This data might include important historical or environmental data. If data that you want to keep is associated with the tool, make sure you perform only a soft uninstallation of the tool.

  8. (Optional) To also remove any tools that were dependencies of the Direct Connect tools that are not dependencies for tools from other solutions, select Remove unreferenced dependencies.

  9. (Optional) In the Deployment Schedule section, configure a schedule for the action.

    If some target endpoints might be offline when you initially deploy the action, select Recurring Deployment and set a reissue interval.

  10. Click Show preview to continue.

  11. A results grid appears at the bottom of the page showing you the targeted endpoints for your action. If you are satisfied with the results, click Deploy Action.

If you have enabled Endpoint Configuration approval, tool removal must be approved in Endpoint Configuration before tools are removed from endpoints.

Uninstall Direct Connect

Direct Connect is a shared service that is used by several Tanium solutions. If Direct Connect is in use by another Tanium solution, uninstalling Direct Connect or removing the tools from endpoints could have unintended consequences. Contact [email protected] to determine whether uninstalling Direct Connect is advisable in your environment.

  1. From the Main menu, go to Administration > Configuration > Solutions.
  2. In the Content section, select the Direct Connect row.
  3. Click Uninstall.

Uninstall the Direct Connect Zone Proxy (Windows)

A user with Local Administrator rights on the endpoint can remove the Tanium Client through either the Windows Control Panel Add/Remove Programs or Programs and Features applet.

For information about managing the Direct Connect Zone Proxy on TanOS, see Appliance Deployment Guide: Install the Direct Connect Zone Proxy.

Contact Tanium Support

To contact Tanium Support for help, sign in to https://support.tanium.com.