Troubleshooting Endpoint Configuration

Collect logs

The information is saved as a ZIP file that you can download with your browser.

  1. From the Endpoint Configuration home page, click Help , then the Troubleshooting tab.
  2. Click Download Support Package.

    A tanium-endpoint-configuration-support-[timestamp].zip file downloads to the local download directory.

  3. Attach the ZIP file to your Tanium Support case form or contact Tanium Support.

Tanium Client Management maintains logging information in the tanium-config.log file in the <Module Server>/services/endpoint-configuration-files directory.

Identify and resolve issues with endpoint tools or client extensions

You might become aware of issues with endpoint tools or client extensions through solution-specific errors or through Overview pages for modules or shared services that indicate endpoints that need attention.

Use the following steps to troubleshoot issues with endpoint tools or client extensions. During troubleshooting, consider environmental factors such as security exclusions, file locks, CPU usage, RAM usage, and disk failures.

  1. To actively review the health of endpoint tools and client extensions or to start an investigation into an existing error, ask a question using the Endpoint Configuration - Tools Status, Client Extensions - Status, or [Module] - Tools Version sensor.

    The results of these questions help to identify endpoints with errors and provide a starting point to deploy actions that might help correct the issue. Drill down as necessary to investigate results that indicate errors.

    Consider whether endpoints with errors share common characteristics, such as operating system, domain or organization unit, or the antivirus software that is installed.

  2. Target one or more endpoints with errors, and uninstall tools that report errors without blocking reinstallation: see Uninstall a tool installed by Endpoint Configuration.

    When you perform a hard uninstallation of some tools, such as Recorder or Index, the uninstallation also removes data that is associated with the tool from the endpoint. This data might include important historical or environmental data, such as recorded events (in the case of Recorder) or file indexes (in the case of Index). If data that you want to keep is associated with the tool, make sure you perform only a soft uninstallation of the tool. To help determine what data a tool stores on endpoints, go to https://docs.tanium.com/ and review the documentation for the tool or for the Tanium solution that installed it , and contact Tanium Support for additional help.

    Wait for automatic reinstallation of the tool. If the reinstallation does not resolve the issue, continue to the next step.

  3. Ask a question using the Endpoint Configuration - Tools Status Details sensor, and include filters to limit the results to the tool that you are investigating. For example:

    Get Endpoint Configuration - Tools Status Details having Endpoint Configuration - Tools Status Details:Tool Name contains Deploy from all machines with Endpoint Configuration - Tools Status:Tool Name contains Deploy

    Review the columns in the results for specific information about errors. The following table provides guidance for some common error conditions:

    Error ConditionPossible Resolution
    No error appears, but an available new version has not been installed

    Review the Targeted Version column to make sure that the endpoint has received the latest manifest. If the targeted version does not yet show the updated version, the manifest has not updated on the endpoint, usually for one of the following reasons:

    • The manifest update is still pending. Either wait for the manifest to update and then review the results again, or follow the steps in Verify and manually update the Endpoint Configuration manifest.
    • The solution that installs the tool is no longer installed, or it is no longer targeting the endpoint. In some cases, a solution might stop targeting an endpoint because it no longer needs the endpoint for a particular workload. For example, if an endpoint is being used in a level 4 distributed scan in Discover, and peer endpoints appear with adjacent IP addresses, Discover no longer needs the original endpoint for the level 4 scan and no longer targets it. Consider whether the solution that installs the tool should still target the endpoint:
      • If it is expected or intentional that the solution no longer targets the endpoint, you can optionally uninstall the tool: see Uninstall a tool installed by Endpoint Configuration.
      • If the solution should still target the endpoint, make sure that the action group for the solution that installs the tool includes the endpoint, and make sure the solution targets the endpoint in any expected configurations or profiles. Then, either wait for the manifest to update and then review the results again, or follow the steps in Verify and manually update the Endpoint Configuration manifest.
    Installation Blocker: Unmet Dependencies: [Tool name]If no Failure Message or Failure Step appears, the endpoint might be waiting for the dependencies to install. Wait to see if the condition resolves on its own. If this condition remains for an extended period, ask the question again and review any error information in other columns, especially the Failing Dependency column.
    Failing Dependency: [Tool name]

    Ask the question: Endpoint Configuration - Tools Status Details having Endpoint Configuration - Tools Status Details:Tool Name contains [Tool name] from all machines with Endpoint Configuration - Tools Status:Tool Name contains [Tool name]

    Investigate further errors with the tool.

    Manually Blocked: blockedThe tool was previously blocked, either manually or during a previous uninstallation. Unblock the tool: see Block or unblock tools from installing on an endpoint.
  4. Review the Extensions logs on the endpoint. Take note of entries that include fail or error: see Review the Extensions log for an endpoint.

For additional help, collect all logs for Tanium Endpoint Configuration, and contact Tanium Support.

Verify and manually update the Endpoint Configuration manifest

Check the manifest version in Tanium Cloudon the Tanium Server

  1. From the Main menu, go to Administration > Content > Packages.

  2. In the Filter items box, enter manifest.

  3. In the results, the version of the manifest appears at the end of the Display Name for the Endpoint Configuration - Manifest packages. For example: Endpoint Configuration - Manifest [Windows] (v.44211)

Check the manifest version on endpoints

  1. In Interact, ask the question: Get Endpoint Configuration - Manifest Metadata?maxAge=60 from all machines

    Optionally add filters to the question to check the manifest version on specific endpoints.

    Use the maxAge=60 option for this question to return the latest results that are available.

  2. Review the Revision column and note versions that are different from the manifest in Tanium Cloudon the server. Drill down as necessary.

Manually update the manifest on endpoints

  1. Ask a question to target endpoints that require a manifest update, or start from the results that the steps in Check the manifest version on endpoints returned.

  2. Select the results for the endpoints you want to target, and click Deploy Action.
  3. For the Deployment Package, select Endpoint Configuration - Manifest [Windows] or Endpoint Configuration - Manifest [Non-Windows], depending on the endpoints you are targeting.

  4. Click Show preview to continue
  5. A results grid appears at the bottom of the page showing you the targeted endpoints for your action. If you are satisfied with the results, click Deploy Action.

If the manifest update fails, investigate environmental factors, such as security exclusions, file locks, CPU usage, RAM usage, and disk failures. For additional help, contact Tanium Support.

Review the Extensions log for an endpoint

Use Client Management to directly connect to an endpoint and view and download extension logs.

  1. From the Main menu, go to Administration > Shared Services > Client Management.

  2. From the Client Management menu, click Client Health.

  3. In the Direct Connect search box, enter all or part of an IP address or a computer name.

    Matching results are displayed after the search completes.

  4. From the search results, click the computer name to connect to the endpoint.
  5. Click the Logs tab, and select an extensions[#].log file.

  6. (Optional) To download the log, click Download.

For additional help, collect all logs for Tanium Endpoint Configuration, and contact Tanium Support.

Block or unblock tools from installing on an endpoint

Blocking a tool prevents the tool from installing on an endpoint if it is not already installed, or upgrading if it is installed.

Blocking a tool does not prevent the tool from running if it is already installed.

  1. In Interact, ask a question that targets the endpoints on which you want to block or unblock the installation of a tool.
  2. Select the results for the endpoints you want to target, and click Deploy Action.
  3. For the Deployment Package, select one of the following packages:

    • To block installation, select Endpoint Configuration - Block Tool [Windows] or Endpoint Configuration - Block Tool [Non-Windows], depending on the endpoints you are targeting.
    • To unblock installation, select Endpoint Configuration - Unblock Tool [Windows] or Endpoint Configuration - Unblock Tool [Non-Windows], depending on the endpoints you are targeting.
  4. Select a Tool Name.
  5. (Optional) In the Deployment Schedule section, configure a schedule for the action.

    If some target endpoints might be offline when you initially deploy the action, select Recurring Deployment and set a reissue interval.

  6. Click Show preview to continue.
  7. A results grid appears at the bottom of the page showing you the targeted endpoints for your action. If you are satisfied with the results, click Deploy Action.

Uninstall a tool installed by Endpoint Configuration

  1. In Interact, target the endpoints from which you want to remove the tools. For example, ask a question that targets a specific operating system:
    Get Endpoint Configuration - Tools Status from all machines with Is <OS> equals true
  2. In the results, select the row for the tool you want to uninstall, drill down as necessary, and select the targets from which you want to remove Endpoint Configuration tools. For more information, see Tanium Interact User Guide: Drill Down.
  3. Click Deploy Action.
  4. For the Deployment Package, select Endpoint Configuration - Uninstall Tool [Windows] or Endpoint Configuration - Uninstall Tool [Non-Windows], depending on the endpoints you are targeting.
  5. For Tool Name, select the tool to uninstall.

  6. (Optional) By default, after the tools are removed they cannot be reinstalled. To allow tools to be automatically reinstalled, clear the selection for Block reinstallation. Re-installation occurs almost immediately.

    If reinstallation was blocked manually or during a previous uninstallation, you must unblock it manually:

    • To allow Endpoint Configuration to reinstall tools, deploy the Endpoint Configuration - Unblock Tool [Windows] or Endpoint Configuration - Unblock Tool [Non-Windows] package (depending on the targeted endpoints).

    • If you reinstall tools manually, select Unblock Tool when you deploy the Endpoint Configuration - Reinstall Tool [Windows] or Endpoint Configuration - Reinstall Tool [Non-Windows] package.

  7. (Optional) To remove all Endpoint Configuration databases and logs from the endpoints, clear the selection for Soft uninstall.

    When you perform a hard uninstallation of some tools, such as Recorder or Index, the uninstallation also removes data that is associated with the tool from the endpoint. This data might include important historical or environmental data, such as recorded events (in the case of Recorder) or file indexes (in the case of Index). If data that you want to keep is associated with the tool, make sure you perform only a soft uninstallation of the tool. To help determine what data a tool stores on endpoints, go to https://docs.tanium.com/ and review the documentation for the tool or for the Tanium solution that installed it , and contact Tanium Support for additional help.

  8. (Optional) To also remove any tools that were dependencies of the Endpoint Configuration tools that are not dependencies for tools from other solutions, select Remove unreferenced dependencies.

  9. (Optional) In the Deployment Schedule section, configure a schedule for the action.

    If some target endpoints might be offline when you initially deploy the action, select Recurring Deployment and set a reissue interval.

  10. Click Show preview to continue.
  11. A results grid appears at the bottom of the page showing you the targeted endpoints for your action. If you are satisfied with the results, click Deploy Action.

Reinstall a tool installed by Endpoint Configuration

  1. In Interact, ask a question that targets the endpoints on which you want to reinstall a tool.
  2. Select the results for the endpoints you want to target, and click Deploy Action.
  3. For the Deployment Package, select Endpoint Configuration - Reinstall Tool [Windows] or Endpoint Configuration - Reinstall Tool [Non-Windows], depending on the endpoints you are targeting.

  4. For Tool Name, select the tool to uninstall.

  5. (Optional) To reinstall any dependencies of the tool being installed, select Reinstall Dependencies.
  6. If reinstallation of the tool was previously blocked, select Unblock Tool.
  7. (Optional) In the Deployment Schedule section, configure a schedule for the action.

    If some target endpoints might be offline when you initially deploy the action, select Recurring Deployment and set a reissue interval.

  8. Click Show preview to continue
  9. A results grid appears at the bottom of the page showing you the targeted endpoints for your action. If you are satisfied with the results, click Deploy Action.

  • If you deploy the Endpoint Configuration - Reinstall Tool [Windows] or Endpoint Configuration - Reinstall Tool [Non-Windows] package, it overrides the Distribute Over Time setting for tools installation: see Tools installation settings.
  • Each Tanium solution includes one or more Endpoint Tooling Cache - Tool name [#] packages. Do not manually deploy these packages to endpoints.

Uninstall Endpoint Configuration

Uninstalling Endpoint Configuration affects all Tanium solutions. Contact Tanium support before you uninstall Endpoint Configuration.

Endpoint Configuration is uninstalled with Client Management. For more information, see Uninstall Client Management.

Contact Tanium Support

To contact Tanium Support for help, send an email to [email protected].