Other versions

Troubleshooting the installation

This chapter includes information on the location of the settings and logs you can use to troubleshoot installation issues.

Basic tips

  • Check with your technical account manager (TAM) to ensure the Tanium™ software version is a recommended version.
  • Ensure your environment meets the host system and network requirements.
  • Review any error messages reported to the user interface or installation log files.
  • If you encounter failed access messages when running an installer, examine the privileges for the logged in user.
  • If you encounter failed connections, use standard tools like ping and traceroute to verify basic connectivity. If those checks fail, work with your network administrator to diagnose. If those pass, it might be a certificate problem or firewall issue.
  • If the Tanium™ Console is unavailable, check the status of the Tanium™ Server Windows Service and the Tanium databases on the database server.

Windows Registry

Many installation settings get populated to the Windows Registry. If you encounter issues with the installation, you can review the registry entries for typos.

Tanium Server

The Windows Registry entry for Tanium Server is found in the following location:

HKEY_LOCAL_MACHINE\Software\Wow6432Node\Tanium\Tanium Server

Table 1:   Tanium Server Registry Key settings
Name Type Data
AddressMask REG_DWORD Hexadecimal value of a subnet CIDR that delineates the clients that belong to a chain. Do not change this registry value unless instructed to do so by your TAM.
BypassCRLCheckHostList REG_SZ Use this setting to list servers that should be trusted without CRL checking. Unless a server is specified in this list, the Tanium Server performs a CRL check and does not download files from a server that does not pass.
BypassProxyHostList REG_SZ If you configure a proxy server, you might need to configure exceptions so that connections to specified hosts do not go through the proxy server.

For example, a proxy server should not be used for traffic between Tanium Servers in an active-active cluster.

A proxy server can cause problems with other traffic to a destination Tanium Server. For example, a package configuration can specify file URIs that are local to the Tanium Server. It is important to bypass the proxy server for these URIs.

Use this setting to specify destinations that should not use the proxy servers. In most cases, specify localhost, 127.0.0.1, and all Tanium Server names and IP addresses.

For example:

ts1.example.com, ts2.example.com,localhost,127.0.0.1,10.10.10.11,10.10.10.15

Version 7.0.314.6242 and later support wildcards.

ConsoleSettingsJSON REG_SZ Path to the console settings file.
DBUserDomain REG_SZ FQDN for the service account that connects to the database server. Specified when you completed the installation wizard.
DBUserName REG_SZ Username for the service account that connects to the database server. Specified when you completed the installation wizard.
LogPath REG_SZ Path to Tanium Server logs.
LogVerbosityLevel REG_DWORD Log verbosity level:
  • 0: Logging disabled.
  • 1: Normal log level.
  • 41: Recommended during troubleshooting.
  • >= 91: Most detailed log level. Enable for short periods of time only.
ModuleServer REG_SZ FQDN of the Module Server.
ModuleServerPort REG_DWORD Module Server Port. The default is 17477.
Path REG_SZ Installation path.
PGDLLPath REG_SZ Path to the PostgreSQL Server libraries.
PGRoot REG_SZ Path to the Postgres installation directory.
ProxyPassword REG_SZ Account password. Required if a Basic proxy is configured.

Note: The Proxy keys have entries only if a proxy server has been configured.

ProxyPort REG_SZ Proxy server listening port.
ProxyType REG_SZ Basic or NTLM.
ProxyServer REG_SZ IP address of the proxy server.
ProxyUserid REG_SZ Account username to establish the connection with the proxy server. Required if a Basic proxy is configured. NTLM proxies use the credentials of the user context that runs the Tanium Server service.
ServerName REG_SZ 0.0.0.0 indicates bind to all network adapters.
ServerPort REG_DWORD Tanium Server Port. The server listens for Tanium Clients on this port. Specified when you completed the installation wizard. The default is 17472.
ServerSOAPPort REG_DWORD Tanium Console and SOAP API port. Specified when you complete the installation wizard. The default is 443.
SQLConnectionString REG_SZ Database server connection information. 

Example SQL Server:

SQL1\[email protected]

Example PostgreSQL Server: 

postgres:[email protected]=postgres port=5432

TrustedCertPath REG_SZ Path to the certificate file used for secure connections to the Tanium Console port. The certificate is selected when you completed the installation wizard.
TrustedHostList REG_SZ Unless a server is specified in this list, the Tanium Server does not download files from a server without a valid SSL certificate.

Add the FQDN or IP address of any servers you want to trust. In an Active/Active cluster, specify the FQDN for both Tanium Servers. Version 7.0.314.6242 and later support wildcards.

Version REG_SZ Tanium Server version number.

Tanium Server settings that are stored in the Windows Registry are not automatically synced to other cluster nodes. In active-active deployments, if you make changes to these settings, be sure to do so on both nodes.

Tanium Module Server

The Windows Registry entry for the Tanium Module Server is found in the following location:

HKEY_LOCAL_MACHINE\Software\Wow6432Node\Tanium\Tanium Module Server

You might be asked to review or confirm the settings when troubleshooting an issue with Tanium support. You would rarely be asked to change settings.

Table 2:   Tanium Module Server Registry Key settings
Name Type Data
LogVerbosityLevel REG_DWORD Log verbosity level:
  • 0: Logging disabled.
  • 1: Normal log level.
  • 41: Recommended during troubleshooting.
  • >= 91: Most detailed log level. Enable for short periods of time only.
Path REG_SZ Installation path.
ServerName REG_SZ 0.0.0.0 indicates bind to all network adapters.
ServerPort REG_DWORD Module Server port. The default is 17477.
Version REG_SZ Tanium Module Server version number.

On the Module Server host computer, there is an entry for the Tanium Server: 

HKEY_LOCAL_MACHINE\Software\Wow6432Node\Tanium\Tanium Server

These settings are for proxy server settings.

Table 3:   Tanium Server Registry Key settings on Module Server host computer
Name Type Data
BypassCRLCheckHostList REG_SZ Use this setting to list servers that should be trusted without CRL checking. Unless a server is specified in this list, the Tanium Server performs a CRL check and does not download files from a server that does not pass.
BypassProxyHostList REG_SZ If you configure a proxy server, you might need to configure exceptions so that connections to specified hosts do not go through the proxy server.

For example, a proxy server should not be used for traffic between Tanium Servers in an active-active cluster.

A proxy server can cause problems with other traffic to a destination Tanium Server. For example, a package configuration can specify file URIs that are local to the Tanium Server. It is important to bypass the proxy server for these URIs.

Use this setting to specify destinations that should not use the proxy servers. In most cases, specify localhost, 127.0.0.1, and all Tanium Server names and IP addresses.

For example:

ts1.example.com, ts2.example.com,localhost,127.0.0.1,10.10.10.11,10.10.10.15

Version 7.0.314.6242 and later support wildcards.

ProxyPassword REG_SZ Account password. Required if a Basic proxy is configured.
ProxyPort REG_SZ Port number of the proxy server.
ProxyType REG_SZ Basic or NTLM.
ProxyServer REG_SZ IP address of the proxy server.
ProxyUserid REG_SZ Account username to establish the connection with the proxy server. Required if a Basic proxy is configured. NTLM proxies use the credentials of the user context that runs the Tanium Server service.
TrustedHostList REG_SZ Unless a server is specified in this list, the Tanium Server does not download files from a server without a valid SSL certificate.

Add the FQDN or IP address of any servers you want to trust. In an Active/Active cluster, specify the FQDN for both Tanium Servers. Version 7.0.314.6242 and later support wildcards.

TDownloader

The Tanium Downloader (TDownloader) service manages import and download operations on both the Tanium Server and Tanium Module Server.

On the Tanium Server and Module Server host computers, there is an entry for TDownloader: 

HKEY_LOCAL_MACHINE\Software\Wow6432Node\Tanium\Downloader

Table 4:   TDownloader Registry Key setting
Name Type Data
LogVerbosityLevel REG_DWORD Log verbosity level:
  • 0: Logging disabled.
  • 1: Normal log level.
  • 41: Recommended during troubleshooting.
  • >= 91: Most detailed log level. Enable for short periods of time only.

Zone Server

The Windows Registry entry for the Tanium Zone Server is found in the following location:

HKEY_LOCAL_MACHINE\Software\Wow6432Node\Tanium\Tanium ZoneServer

You might be asked to review or confirm the settings when troubleshooting an issue with Tanium support. You would rarely be asked to change settings.

Table 5:   Tanium Zone Server Registry Key settings
Name Type Data
AllowedHubs REG_SZ A comma-separated list of IP addresses of Zone Server Hub(s) that are authorized to communicate with this Zone Server.
EnforceAllowedHubs REG_DWORD Set the value to 1.
LogPath REG_SZ Path to Tanium Zone Server logs.
LogVerbosityLevel REG_DWORD Log verbosity level:
  • 0: Logging disabled.
  • 1: Normal log level.
  • 41: Recommended during troubleshooting.
  • >= 91: Most detailed log level. Enable for short periods of time only.
Path REG_SZ Installation path.
ServerName REG_SZ Tanium Server fully qualified domain name.
ServerPort REG_DWORD Tanium Server Port. Specified when you completed the installation wizard. The default is 17472.
ServiceUserDomain REG_SZ The Zone Server Windows service runs in the context of a service account. This entry contains the domain specified during installation.
ServiceUserName REG_SZ The Zone Server Windows service runs in the context of a service account. This entry contains the username specified during installation.
Version REG_SZ Tanium Zone Server version number.
ZoneHubFlag REG_DWORD 0 if not the hub; 1 if the hub.

Logs

Installation logs

The installation log files are chronological logs of the actions taken by the installer. If you encounter issues with your installation, examine the installation log file to see which actions completed successfully and which failed.

Table 6:   Installation logs directories
Component Default Location
Tanium Server C:\Program Files\Tanium\Tanium Server\Install.txt
Tanium Module Server C:\Program Files\Tanium\Tanium Module Server\Install.txt
Tanium Zone Server C:\Program Files (x86)\Tanium\Tanium Zone Server\Install.txt

TDownloader logs

TDownloader logs are chronological logs of the actions taken by the TDownloader service when it downloads files from Tanium and other Internet locations. It includes proxy server connection status events when applicable. You might find the TDownloader logs helpful if you have to troubleshoot importing Tanium content packs and solution modules or downloading updates to package files.

Logs are written to the file log0.txt. When that file reaches 1 MB in size, log0.txt is renamed to log1.txt. When log0.txt reaches 1 MB in size again, log1.txt is renamed to log2.txt, and log0.txt again renamed to log1.txt. The process to roll the logs whenever log0.txt reaches the 1 MB size limit continues until 10 logs exist in total. In effect, once the Tanium component reaches the 10 log limit, the log details in log9.txt are overwritten each time a new log0.txt is started.

Table 7:   TDownloader logs directories
Component Default Location
Tanium Server C:\Program Files\Tanium\Tanium Server\TDL_Logs
Tanium Module Server C:\Program Files\Tanium\Tanium Module Server\TDL_Logs

Tanium Support

Your TAM is your first contact for assistance with preparing for and performing the installation, as well as verifying and troubleshooting the initial deployment.

If you require further assistance from Tanium Support, please be sure to include version information for Tanium Core Platform components and specific details on dependencies, such as the host system hardware and OS details and database server version. Log into https://support.tanium.com and submit a new ticket or send us an email at [email protected]

Last updated: 6/21/2018 3:46 PM | Feedback