Tanium as a Service is a self-monitored service, designed to detect failures before the failures surface to users. For more information, see Tanium as a Service Deployment Guide: Troubleshooting Tanium as a Service.
To collect and send information to Tanium for troubleshooting, collect logs and other relevant information.
The information is saved as a ZIP file that you can download with your browser.
- From the Impact Overview page, click Help , then the Troubleshooting tab.
- Click Download Support Package.
A impact-support.[timestamp].zip file downloads to the local download directory.
- Contact Tanium Support to determine the best option to send the ZIP file. For more information, see Contact Tanium Support.
If the domain for an endpoint is not configured in Impact, you might see assets with an [unresolved] state.
- To determine which domains are not configured, mouse over the [unresolved] asset to view the security identifier (SID).
The SID issuing authority, also known as the domain SID, is the portion of the SID before the RID (relative identifier, the digits after the last dash).
- In Interact, ask the question Get Impact - Computer Domain SID and AD Domain from all machines with Domain Member contains true and compare the results to the SID shown for the [unresolved] asset.
In the question results, find the SID that is associated with the [unresolved] assets in Impact.
- The AD Domain column of the question results shows the name of the domain for which Impact could not resolve assets.
- Verify the domain is configured in Impact. For more information, see Configure connections to domainsConfigure connections to domains.
- Verify that the specified account has sufficient permissions. For more information, see Active Directory user account.
- After all domains are configured and permissions are validated, verify that a successful data collection and sync completes. You can see the latest status in the Activity section of the Impact Overview page.
The following table lists contributing factors into why the Impact coverage metric might report endpoints as Needs Attention or Unsupported, and corrective actions you can make.
|Contributing factor||Corrective action|
|Domain is not configured properly||
|Python tools are not installed||
You can deploy an action to remove Impact tools from an endpoint or computer group. Separate actions are available for Windows and non-Windows endpoints.
- In Interact, target the computers from which you want to remove the tools. For example, ask a question that targets a specific operating system:
Get Endpoint Configuration - Tools Status from all machines with Is <OS> equals True , for example:
Get Endpoint Configuration - Tools Status from all machines with Is Windows equals True
- In the results, select the row for Impact, drill down as necessary, and select the targets from which you want to remove Impact tools. For more information, see Tanium Interact User Guide: Managing question results.
- Click Deploy Action.
- On the Deploy Action page, enter Endpoint Configuration - Uninstall in the Enter package name here box, and select Endpoint Configuration - Uninstall Tool [Windows] or Endpoint Configuration - Uninstall Tool [Non-Windows], depending on the endpoints you are targeting.
For Tool Name, select Impact.
(Optional) By default, after the tools are removed they cannot be reinstalled. To allow tools to be automatically reinstalled, clear the selection for Block reinstallation. Re-installation occurs almost immediately.
If reinstallation is blocked on an endpoint, you must deploy the Endpoint Configuration - Unblock Tool [Windows] or Endpoint Configuration - Unblock Tool [Non-Windows] package (depending on the targeted endpoints) before the tools can be reinstalled.
(Optional) To remove all Impact databases and logs from the endpoints, clear the selection for Soft uninstall.
(Optional) To also remove any tools that were dependencies of the Impact tools that are not dependencies for tools from other modules, select Remove unreferenced dependencies.
- Click Show preview to continue.
A results grid displays at the bottom of the page showing you the targeted endpoints for your action. If you are satisfied with the results, click Deploy Action.
If you have enabled Endpoint Configuration, tool removal must be approved in Endpoint Configuration before tools are removed from endpoints.
- From the Main menu, click Administration > Configuration > Solutions.
- In the Impact section, click Uninstall.
- Review the content that will be removed and click Uninstall.
- Depending on your configuration, enter your password or click Yes to start the uninstall process.
- Return to the Solutions page and verify that the Import button is available for Impact.
The uninstall process does not remove the Impact action group. If you are sure that this action group is not used by another solution, you can manually remove it. If you uninstall Impact, do not remove the computer group, and later reinstall Impact, the action group target remains set to the original computer group.
To contact Tanium Support for help, sign in to https://support.tanium.com.
Last updated: 4/13/2021 6:43 PM | Feedback