Troubleshooting the deployment
This chapter covers procedures, settings, and logs that you can use to troubleshoot issues relating to the installation or upgrade of Tanium Core Platform servers.
Basic tips
- Ensure that all Tanium Core Platform servers are the same version. For example, make sure all have build number 7.5.4.1139.
- Ensure that your environment meets the host system and network requirements: see Requirements.
- Review any error messages reported to the user interface (see Tanium Core Platform Deployment Reference Guide: Tanium Console error log) or installation log file (see Tanium Core Platform Deployment Reference Guide: Logs).
Back up Tanium Core Platform servers and databases
Back up the Tanium Core Platform servers and Tanium databases so that you can restore your deployment to a known functional state in case of issues. For example, a system failure might make the host system of the Tanium Server unrecoverable.
Best practices for backups
The following are standard guidelines for backups. Your backup strategy might differ based on the specific needs of your organization.
- Define a disaster recovery (DR) plan early during the initial deployment phase. Define specific restore time objectives (RTO) and restore point objectives (RPO), which affect how frequently you back up your deployment.
- RPO: The expected point of recovery. For example, an RPO of 1 day means recovery point within 24 hours of the time of failure.
- RTO: The amount of downtime that is acceptable to recover the system.
Tanium data, such as question result strings, change frequently. Therefore, back up your deployment daily to ensure that you do not lose the latest state that critical operations require.
- Back up your deployment before any major changes, including upgrades to Tanium Core Platform servers or migrations to new servers.
- Archive, secure, and manage copies of the pki.db file (see Back up the root keys) and the SSL/TLS certificate and key files (see Tanium Core Platform Deployment Reference Guide: Securing Tanium Console, API, and Module Server access) according to the security policies of your organization as you would any other system-level security and credential files.
Back up the servers and database
- Copy the installation directories for Tanium Core Platform servers and their associated databases to a secure location. Ensure that you can access the backup location in the event that a disaster makes the server hosts inaccessible.
The following are the default installation directories for Tanium Core Platform servers:
Table 1: Default installation directories for Tanium Core Platform servers Target Server Installation directory 1Tanium Server \Program Files\Tanium\Tanium Server Tanium Module Server \Program Files\Tanium\Tanium Module Server
\Program Files\Tanium\Tanium Module Postgres2Tanium Zone Server \Program Files (x86)\Tanium\Tanium ZoneServer 3Tanium Zone Server Hub \Program Files (x86)\Tanium\Tanium ZoneServer 1 Back up this directory on each Tanium Server in an active-active deployment. You might also have to copy the Tanium Server Downloads directory if it was moved out of the installation directory using the instructions in the KB article Relocate Downloads Directory.
2Backing up the Zone Server and hub is not essential because their data comes from the Tanium Server. After restoring from backups, you would have to re-establish trust between a Tanium Server and Zone Server anyway. To recreate the Zone Server and hub, you can also reinstall them.
3 The Zone Server Hub can be on the same host as the Tanium Server or on a dedicated host.
- Back up the Windows registry keys for the Tanium Core Platform:
- Back up the tanium and tanium_archive databases.
To automate Microsoft SQL (MSSQL) database backups, see the Microsoft SQL documentation.
To manually back up an MSSQL database through Microsoft SQL Server Management Studio:
- Navigate to the database in the Object Explorer.
- Right-click the database name, select Tasks > Back Up, and follow the prompts.
Contact Tanium Support for the steps to back up Tanium databases on a PostgreSQL server.
Common errors and solutions
The following table lists errors that you might encounter when installing or upgrading Tanium Core Platform servers, as well as recommended troubleshooting steps:
Error | Troubleshooting steps |
---|---|
Failed access messages | If you encounter failed access messages when running an installer, examine the permissions for your user account. See Administrator account permissions. |
Service account lockouts | If passwords change for the service accounts that Tanium Core Platform servers use, lockout errors might occur until you update the passwords in the Windows Services program. See Tanium Console User Guide: Windows service accounts. |
Failed connections | Use standard tools like ping and traceroute to verify basic connectivity. If those checks fail, work with your network administrator to diagnose. If those checks pass, the connection failures might be due to:
|
Tanium Console is unavailable |
|
Installation verification fails | If you encounter verification failures while performing the steps under Verifying the Tanium Core Platform deployment, see Troubleshoot server installation issues. |
Disk space depletion due to file caching |
|
Installer files or other Tanium executables do not behave as expected | If a Tanium executable file that you manually downloaded does not behave as expected, you can verify the file hash as an integrity check. See Verify file integrity. |
Troubleshoot server installation issues
After you install Tanium Core Platform servers, perform the steps under Verifying the Tanium Core Platform deployment to confirm that the installations succeeded. If verification fails, perform the following steps:
- Check the status of the Windows service for the Tanium Server, Zone Server, Zone Server Hub, Module Server, and Tanium Client. Start any services that are not started. You can find the services in the Windows Services program.
- Check the Windows Registry on each server for typos or missing values: see Tanium Core Platform Deployment Reference Guide: Settings.
- Test connectivity from the Zone Server Hub to the Zone Server and from the Module Server to the Tanium Server. You can use whatever utility you like to test connectivity. The following example shows how to use Portqry at the CLI of the Zone Server Hub host to verify whether the Zone Server is listening on a specified port.
c:\> portqry -n zs1.tam.local -p tcp -e 17472
Querying target system called:
zs1.tam.local
Attempting to resolve name to IP address...
Name resolved to 10.10.10.15
querying...
TCP port 17472 (unknown service): LISTENING
c:\>If you can reach the server and get an answer (LISTENING), then basic connectivity is not the issue. If you cannot reach the server, you might need to work with your network and security administrators to resolve the issue.
- Verify that the server FQDNs resolve to an IP address through DNS. The preceding step uses Portqry as an example to show DNS resolution. You can also use nslookup at the CLI, as follows.
c:\> nslookup <server_FQDN>
Server: Unknown
Address: 10.10.10.10
Name: <server_FQDN>
Address: 10.10.10.15If DNS resolution fails, work with your network administrator to resolve it. If DNS resolution is not possible, you can reconfigure the connection settings using IP addresses instead of FQDNs.
- If the preceding steps do not resolve the issue, generate logs as follows and then contact Tanium Support (see Contact Tanium Support).
- Set the log verbosity level to 41 on the Tanium Client (see Tanium Client Management User Guide: Tanium Client settings) and on the Zone Server, Zone Server Hub, Module Server, and Tanium Server (see Tanium Core Platform Deployment Reference Guide: Settings).
- Reproduce the issue by re-asking the question you used to verify the deployment.
- Examine both the server and Tanium Client logs. Tanium Support can also analyze the logs.
Windows Registry
Many settings for Tanium Core Platform servers are added to the Windows Registry when you install the servers. If you encounter issues with an installation, you can review the registry entries for typos. For descriptions of the registry settings, see Tanium Core Platform Deployment Reference Guide: Settings.
Proxy server-related keys have entries only if you configured a proxy server. For details, see Tanium Console User Guide: Configuring proxy server settings.
Logs
Examine the following logs to troubleshoot issues. For details about the log locations and contents, see Tanium Core Platform logs.
Verify file integrity
If a Tanium executable file that you manually downloaded does not behave as expected, you can use the Tanium™ KeyUtility program to verify the file hash as an integrity check. For example, if you use a token to download the Tanium Server installer (SetupServer.exe), you can calculate the SHA‑256 digest of the installer and compare it to the digest that the tokens site provides for that file. KeyUtility and its associated files reside in the top-level installation directory of the Tanium Server. You can run the program from the installation directory or copy the files to a working directory on another system and run the program from that working directory.
- (Optional) To run KeyUtility from a working directory, set up the directory as follows:
- Copy the following files from the Tanium Server installation directory (such as \Program Files\Tanium\Tanium Server) or from the location where you unzipped the KeyUtility-<release>.zip file that Tanium Support provided:
- KeyUtility.exe
- libeay32.dll
- ssleay32.dll
- Paste the files into the working directory.
- Copy the following files from the Tanium Server installation directory (such as \Program Files\Tanium\Tanium Server) or from the location where you unzipped the KeyUtility-<release>.zip file that Tanium Support provided:
- Open the Windows Command Prompt (cmd.exe) and go to the directory where the KeyUtility and key files reside.
-
Run the following command, where <algorithm> is the hash algorithm. The supported algorithms are SHA-1, SHA-256, and SHA-512.
KeyUtility.exe calchash <algorithm> <file>
The following is an example of the command:
KeyUtility.exe calchash SHA-256 SetupServer.exe
The following digest is an example of the output:
214d00fc4c3d5d52fe0f7a58df566385bd6ad39f5457829e73ead26778e79caf
Contact Tanium Support
Tanium Support is your first contact for assistance with preparing for and performing an installation or upgrade, as well as verifying and troubleshooting the initial deployment. If you require further assistance from Tanium Support, please be sure to include version information for Tanium Core Platform components and specific details on dependencies, such as the host system hardware and OS details and database server version.
To contact Tanium Support for help, sign in to https://support.tanium.com.
Uninstall Tanium
Uninstall the Tanium Core Platform
If you no longer want to use the Tanium Core Platform, or you want to clean up completely before reinstalling:
- Uninstall the Tanium Core Platform servers: Tanium Server, Tanium Module Server, Tanium Zone Server, and Tanium Zone Server Hub. The order in which you uninstall the servers does not matter.
- Remove the Tanium databases (tanium and tanium_archive) from the Tanium database server. For the specific steps, see your database server documentation.
Uninstall a Tanium Core Platform server
- Open the Windows Control Panel and use the Uninstall a program feature to uninstall a Tanium Core Platform server.
The Windows program invokes the Tanium uninstaller, which stops and removes the Tanium service associated with the server and deletes Windows Registry entries (except the top entry for Tanium). Completely wiping the installation requires the following manual tasks that the installer does not perform.
- In the Windows Registry, go to HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ and delete Tanium.
- In Windows Explorer, go to the Tanium installation location and delete the Tanium directory.
- Empty the Windows Recycle Bin.
Remove Tanium databases
Sign in to the database server as a database administrator and delete the tanium and tanium.archive databases.
Uninstall a Tanium solution or Tanium Client
For information about uninstalling a Tanium solution or Tanium Client, see the user guide for that product:
Last updated: 4/29/2022 9:43 AM | Feedback