Troubleshooting the installation
This chapter includes information on the location of the settings and logs you can use to troubleshoot installation issues.
Basic tips
- Check with your technical account manager (TAM) to ensure the Tanium™ software version is a recommended version.
- Ensure your environment meets the host system and network requirements.
- Review any error messages reported to the user interface or installation log files.
- If you encounter failed access messages when running an installer, examine the privileges for the logged in user.
- If you encounter failed connections, use standard tools like ping and traceroute to verify basic connectivity. If those checks fail, work with your network administrator to diagnose. If those pass, it might be a certificate problem or firewall issue.
- If the Tanium™ Console is unavailable, check the status of the Tanium™ Server Windows Service and the Tanium databases on the database server.
Windows Registry
Many installation settings get populated to the Windows Registry. If you encounter issues with the installation, you can review the registry entries for typos.
Proxy server-related keys have entries only if you configured a proxy server (see Reference: Proxy server settings).
Tanium Server
The Windows Registry entry for Tanium Server is found in the following location:
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Tanium\Tanium Server
Tanium Server settings that are stored in the Windows Registry are not automatically synced between high availability peers. If you change these settings in an active-active deployment, be sure to change them on both Tanium Servers.
| Name | Type | Data |
|---|---|---|
| AddressMask | REG_DWORD | Hexadecimal value of a subnet CIDR that delineates the |
| AddressPrefixIPv6 | REG_DWORD | IPv6 prefix represented as a decimal number between 0 and 128 inclusive that delineates the clients belonging to a linear chain. The default 0 specifies no peering. Consult your TAM to determine the optimum value for peering in IPv6 networks. |
| BypassCRLCheckHostList | REG_SZ | Servers that the Tanium Server trusts without checking a certificate revocation list (CRL). The Tanium Server performs a CRL check on all servers that are not in this list, and does not download files from a server that fails the check. Specify the servers by FQDN or IP address. |
| BypassProxyHostList | REG_SZ | Hosts that bypass the proxy server. For example, do not use a proxy server for traffic between Tanium Servers in an active-active cluster. A proxy server can cause problems with other traffic to a destination Tanium Server. For example, a package configuration can specify file URIs that are local to the Tanium Server to download content. It is important to bypass the proxy server for these URIs, or else the download will fail. Enter the exceptions as FQDNs or IP addresses. ts1.example.com, ts2.example.com,localhost,127.0.0.1, Specify literal values. Tanium Core Platform 7.0.314.6242 and later supports wildcards. |
| ConsoleSettingsJSON | REG_SZ | Path to the console settings file. |
| DBUserDomain | REG_SZ | FQDN of the domain for the service account that connects to the database server. Specified when you completed the installation wizard. |
| DBUserName | REG_SZ | Username for the service account that connects to the database server. Specified when you completed the installation wizard. |
| LogPath | REG_SZ | Path to Tanium Server logs. |
| LogVerbosityLevel | REG_DWORD |
Log verbosity level:
|
| ModuleServer | REG_SZ | FQDN of the Module Server. |
| ModuleServerPort | REG_DWORD | Module Server Port. The default is 17477. |
| Path | REG_SZ | Installation path. |
| PGDLLPath | REG_SZ | Path to the PostgreSQL Server libraries. |
| PGRoot | REG_SZ | Path to the Postgres installation directory. |
| ProxyPassword | REG_SZ |
For a basic proxy server that requires authentication, this setting is the account password used when establishing a connection with the proxy server. The password is stored in clear text within the registry.
This setting does not apply NTLM proxies, which use the credentials of the user context that runs the Tanium Server service. |
| ProxyPort | REG_SZ | Proxy server listening port. |
| ProxyType | REG_SZ | Basic or NTLM. |
| ProxyServer | REG_SZ |
IP address of the proxy server. |
| ProxyUserid | REG_SZ |
For a basic proxy server that requires authentication, this setting is the account username used when establishing a connection with the proxy server. The password is stored in clear text within the registry.
This setting does not apply NTLM proxies, which use the credentials of the user context that runs the Tanium Server service. |
| PythonPath | REG_SZ | Deprecated setting that is no longer used. |
| ServerName | REG_SZ | The network adapter binding that the Tanium Server uses to listen for IPv4 client registrations. The default value 0.0.0.0 indicates binding to all network adapters. Do not change this registry value unless your TAM instructs you to do so. |
| ServerNameIPv6 | REG_SZ | Add this registry key manually if you need it, but only with guidance from your TAM. By default, the key is hidden and has a value of [::], which indicates that the Tanium Server binds to all network adapters to listen for IPv6 client registrations. To bind to a specific network adapter, add the key and enter the IPv6 address of the adapter within square brackets (for example, [2001:db8::1]). |
| ServerPort | REG_DWORD | Tanium Server Port. The server listens for Tanium Clients on this port. Specified when you completed the installation wizard. The default is 17472. |
| ServerSOAPPort | REG_DWORD | Tanium Console and SOAP API port. Specified when you complete the installation wizard. The default is 443. |
| SQLConnectionString | REG_SZ |
Database server connection information.
Example SQL Server: SQL1\[email protected] Example PostgreSQL Server: postgres:[email protected]=postgres port=5432 |
| TrustedCertPath | REG_SZ | Path to the certificate file used for secure connections to the Tanium Console port. The certificate is selected when you completed the installation wizard. |
| TrustedHostList | REG_SZ |
The trusted servers that the Tanium Server can download files from even if those servers do not have valid SSL certificates. In an active-active cluster, specify both Tanium Servers. Tanium Core Platform 7.0.314.6242 and later supports wildcards. Specify the servers by FQDN or IP address. |
| Version | REG_SZ | Tanium Server version number. |
Tanium Module Server
The Windows Registry entry for the Tanium Module Server is found in the following location:
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Tanium\Tanium Module Server
When troubleshooting an issue, Tanium Support might ask you to review or confirm these settings, but would rarely ask you to change them.
The Module Server host computer has a registry entry for the Tanium Server:
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Tanium\Tanium Server
The settings in this registry entry are for the proxy server configuration.
| Name | Type | Data |
|---|---|---|
| BypassCRLCheckHostList | REG_SZ |
Servers that the Tanium Server trusts without checking a certificate revocation list (CRL). The Tanium Server performs a CRL check on all servers that are not in this list, and does not download files from a server that fails the check. Specify the servers by FQDN or IP address. |
| BypassProxyHostList | REG_SZ | Hosts that bypass the proxy server. For example, do not use a proxy server for traffic between Tanium Servers in an active-active cluster. A proxy server can cause problems with other traffic to a destination Tanium Server. For example, a package configuration can specify file URIs that are local to the Tanium Server to download content. It is important to bypass the proxy server for these URIs, or else the download will fail. Enter the exceptions as FQDNs or IP addresses. ts1.example.com, ts2.example.com,localhost,127.0.0.1, Specify literal values. Tanium Core Platform 7.0.314.6242 and later supports wildcards. |
| ProxyPassword | REG_SZ |
For a basic proxy server that requires authentication, this setting is the account password used when establishing a connection with the proxy server. The password is stored in clear text within the registry. This setting does not apply NTLM proxies, which use the credentials of the user context that runs the Tanium Server service. |
| ProxyPort | REG_SZ | Proxy server listening port. |
| ProxyType | REG_SZ | Basic or NTLM. |
| ProxyServer | REG_SZ |
IP address of the proxy server. |
| ProxyUserid | REG_SZ |
For a basic proxy server that requires authentication, this setting is the account username used when establishing a connection with the proxy server. The password is stored in clear text within the registry.
This setting does not apply NTLM proxies, which use the credentials of the user context that runs the Tanium Server service. |
| TrustedHostList | REG_SZ |
The trusted servers that the Tanium Server can download files from even if those servers do not have valid SSL certificates. In an active-active cluster, specify both Tanium Servers. Tanium Core Platform 7.0.314.6242 and later supports wildcards. Specify the servers by FQDN or IP address. |
TDownloader
The Tanium Downloader (TDownloader) service manages import and download operations on both the Tanium Server and Tanium Module Server. The hosts for both servers have an entry for TDownloader:
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Tanium\Downloader
Zone Server
The Windows Registry entry for the Tanium Zone Server is found in the following location:
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Tanium\Tanium ZoneServer
When troubleshooting an issue, Tanium Support might ask you to review or confirm these settings, but would rarely ask you to change them.
Logs
Installation logs
The installation log files are chronological logs of the actions taken by the installer. If you encounter issues with your installation, examine the installation log file to see which actions completed successfully and which failed.
TDownloader logs
TDownloader logs are chronological logs of the actions that the TDownloader service performs when it downloads files from Tanium and other Internet locations. The logs include proxy server connection status events when applicable. The TDownloader logs might help you troubleshoot when importing Tanium content packs and solution modules or downloading updates to package files.
Logs are written to the file log0.txt. When that file reaches 1 MB in size, log0.txt is renamed to log1.txt. When log0.txt reaches 1 MB in size again, log1.txt is renamed to log2.txt, and log0.txt again renamed to log1.txt. The process to roll the logs whenever log0.txt reaches the 1 MB size limit continues until 10 logs exist in total. In effect, once the Tanium component reaches the 10 log limit, the log details in log9.txt are overwritten each time a new log0.txt is started.
Tanium Support
Your TAM is your first contact for assistance with preparing for and performing the installation, as well as verifying and troubleshooting the initial deployment.
If you require further assistance from Tanium Support, please be sure to include version information for Tanium core platform components and specific details on dependencies, such as the host system hardware and OS details and database server version. Log into https://support.tanium.com and submit a new ticket or send us an email at [email protected]
Last updated: 9/21/2018 3:58 PM | Feedback