Tanium Cloud is a self-monitored service, designed to detect failures before the failures surface to users. For more information, see Tanium Cloud Deployment Guide: Troubleshooting Tanium Cloud.

Use the following procedures, settings, and logs to troubleshoot issues relating to the Tanium Console and Tanium Interact.

For the role permissions that are required to perform troubleshooting tasks, see Troubleshooting permissions.

Basic troubleshooting tips

The following table lists errors that you might encounter when using the Tanium Console or Interact, as well as recommended troubleshooting steps:

 Table 1: Common Tanium Console and Interact errors and solutions
Issue Troubleshooting steps
Any/indeterminate issue
  • Contact Tanium Support to verify that the Tanium solutions you installed are the recommended versions. The Tanium Console version appears in the Tanium Console header. To check the current installed versions of Tanium modules and shared services, and to update them if necessary, see Managing Tanium solutions.

  • Ensure that all Tanium Core Platform components are the same version. For example, ensure that all the platform servers have build number The Tanium Server Build number appears in the Tanium Console header.
Console-reported errors Review any error messages that are reported to the Tanium Console. See View and copy the Console error log.
Console user session terminates prematurely Review the events and platform settings that affect the duration of a user session. See:
Console is unavailable
Authentication errors
  • If you cannot sign in to the Tanium Console, first ask an administrator who has permissions for managing users to verify that your account exists in Administration > Permissions > Users. See Managing users for the steps to view, import, or create accounts.

  • Ask your IdP administrator to verify that the account is not renamed, deleted, disabled, or locked out in the identity store. Verify that the account is not renamed, deleted, disabled, or locked out:
    • If your the account is imported, ask your Active Directory (AD) or Lightweight Directory Access Protocol (LDAP) administrator to check the account status.
    • For accounts that authenticate through Security Assertion Markup Language (SAML), ask your IdP administrator to check the account status in the identity store.
    • (Tanium Appliance only) If your account uses the local authentication service, see Tanium Appliance Deployment Guide: Configure the local authentication service.
    • (Windows deployment only) For accounts that are defined locally on a Tanium Server, check the account status in the Windows user database.
  • In rare cases, if the Tanium Server was upgraded since your last sign-in session, you might have to clear your browser cache or try a different browser.

  • Check the authentication logs:
Permission errors If you see permission errors when trying to access certain Tanium Console pages or features, verify that your user account (persona) has the necessary permissions. See User role requirements.
Service account lockouts

If passwords change for service accounts, lockout errors might occur for those accounts until you update the account configurations:

Plugin errors

Tanium modules and shared services run background processes called plugins at intervals. If you see plugin errors:

Tanium Clients do not answer questions
Tanium Clients do not run actions Record the action IDs for the affected actions (see Track Action IDs), and then check the following logs:

Manage the Tanium Server service

To start, stop, restart, or check the status of the Tanium Server service, perform the steps that correspond to the server infrastructure:

  • Windows Server:
    1. Sign in to the Windows Server that hosts the Tanium Server.
    2. Open the Windows Services program and scroll to the Tanium Server service.
    3. Check the Status column to determine whether the service is Running or Stopped.
    4. Right-click the Tanium Server service and select an action such as Restart.

    To change the Windows service account that the Tanium Server uses, see Windows service accounts (not applicable to the Tanium Appliance).

View and copy the Console error log

The Tanium Console maintains an error log on the local host computer for your web browser. It includes details on the last 100 errors that were returned to the Console in response to actions that you performed through the browser. For example, the log records errors that are associated with attempting to save a configuration or import a content file. The Console maintains a separate log for each browser that you use.

  1. In the Main menu, expand the <user name> drop-down menu and select Local Error Log.
  2. (Optional) Expand Expand a log entry and click Copy Copy to copy the log details to the clipboard.

Collect Interact logs

To send information to Tanium Support for troubleshooting Tanium Interact, collect logs and other relevant information as follows. The information is saved as a ZIP file that you can download through your browser.

  1. From the Interact Overview page, click Help .
  2. In the Troubleshooting section, click Download Support Package.
    A tanium-interact-support-<date-time>.zip file downloads to the local download directory.
  3. Attach the ZIP file to your Tanium Support case form or send to Tanium Support.

Troubleshoot Tanium Client connectivity

The Client Status page displays information about the state of Tanium Client registration and connectivity, and enables you to deploy actions to remediate issues.

Managed endpoints count for license compliance

You can configure the Client Status page to Show systems that have reported in the last 30 days to see the approximate number of managed endpoints in relation to Tanium license compliance. To tally the count, Tanium Cloudthe server identifies each endpoint by its fully qualified domain name (FQDN). To see the maximum number of managed endpoints that the license allows, go to Administration > Configuration > Tanium License and check the Seat Count.

In environments where endpoints have dynamic FQDNs that are not necessarily unique, the Tanium Home page, Environment Status section has a Total Endpoints field that displays a more accurate count of managed endpoints for the last 30 days. The Total Endpoints count is based on multiple identifiers that the Tanium Data Service collects from each endpoint. See View environment status.

To see the Client Status page and filter its grid, you require a role with the Client Status read permission. Users with the Administrator reserved role have this permission.

View the status of Tanium Client registration and communication

  1. From the Main menu, go to Administration > Configuration > Client Status.
  2. (Optional) To display status details only for specific Tanium Clients, edit the default filter settings, such as the registration intervals and connection status.

The following table lists the information that the Client Status page displays for each Tanium Client:

 Table 2: Client Status columns
Column Description
Host Name Endpoint host name.
Network Location (from client) Client IP address returned from a sensor on the client.
Network Location (from server) Client IP address recorded on the Tanium Server or Zone Server during the last registration.
Direction A circle represents the client and arrows represent its connections. For a list of possible connection states, see Table 3.
Valid Key No indicates an issue with the public key that the Tanium Client uses to secure communication with other Tanium Core Platform components. To resolve the issue, reinstall the Tanium Client (see Tanium Client Management User GuideDeploying the Tanium Client) or redeploy the key (see Download infrastructure configuration files (keys)).
Send State
  • Normal: The client is sending data to its backward and forward peers.
  • None: The client is not sending data to its forward or backward peers.
  • Forward Only: The client is sending data to its forward peer but not to its backward peer.
  • Backward Only: The client is sending data to its backward peer but not to its forward peer.
Receive State
  • Normal: The client is receiving data from its backward and forward peers.
  • None: The client is not receiving data from its forward or backward peers.
  • Next Only: The client is receiving data from its forward peer but not from its backward peer.
  • Previous Only: The client is receiving data from its backward peer but not from its forward peer.
  • Normal: The client is communicating normally.
  • Slow Link: The client has connections with abnormally slow throughput.
  • Leader: The client is communicating with the Tanium Server or Zone Server because it is a backward leader, a forward leader, a neighborhood leader, or a client with no peer connections (such as a client in an isolated subnet).
  • Blocked: The client is not communicating reliably.
Registration Error (Salesforce deployments only) The client can be in one of the following registration states:
  • None: Registration succeeded
  • Failed Client Challenge: Registration failed because the client did not present the registration secret that is contained in the tanium-init.dat file.
  • Failed Server Challenge: Registration failed because mismatching Tanium root keys prevented Tanium Cloud from establishing trust with the client or other Tanium Core Platform components.
  • Root Key Mismatch: Registration failed due to any other issue related to mismatching Tanium root keys.
  • Exceeded License Seats: Tanium Cloud denied registration for the client because the number of active clients exceeded the limit that the Tanium license specifies. Clients are considered active if they registered within the last two days.

To resolve issues that relate to the Tanium root key or registration secret, re-install the Tanium Client on the affected endpoints. Contact Tanium Support (sign in to for a new Tanium license if you want to change the maximum number of active clients.

Last Registration Date and time when the Tanium Client last registered with the Tanium Server or Zone Server.
Protocol Version (hidden by default) Tanium Protocol version. For details about the protocol, see TLS communication.
Version Tanium Client version.

The Direction column displays icons that use the following conventions to depict Tanium Client connection states:

  • An up arrow indicates a connection with Tanium Cloud the Tanium Server or Zone Server.
  • Side arrows pointing away from the client indicate outbound connections to peers.
  • Side arrows pointing at the client indicate inbound connections from peers.
  • Side arrows on the right side of clients indicate the state of connections to forward peers.
  • Side arrows on the left side of clients indicate the state of connections to backward peers.
  • Side arrows with dashed lines indicate slow connections.

You can use the Direction column to understand why a Tanium Client is a leader and to identify connection issues. The following table lists the possible connection states:

 Table 3: Tanium Client peer connection states
Attribute Value Description
Leader Backward

Backward leader

The client is a backward leader that terminates one end of a linear chain. It typically has the lowest IP address in its linear chain.

Forwared leader

The client is a forward leader that terminates one end of a linear chain. It typically has the highest IP address in its linear chain.


The client is designated as a neighborhood leader because its linear chain has reached the maximum number of clients.

No peering

The client is an isolated leader that connects only to Tanium Cloud the Tanium Server or Zone Server, and has no connections to other clients. The client might be isolated because its IP address falls within the range of an isolated subnet or because it has no peers in its local subnet with which to connect.
Neighbor No side arrows

No peering

This is the same as an isolated leader.
Single side arrow

inbound only or outbound only

The client has a neighborhood list of peers but has not established a peer connection. This state generally results from a misconfiguration, such as when a host-based firewall on the endpoint does not allow inbound connections to the client.
Double side arrows

inbound and outbound connections

The client has a neighborhood list of peers and has connected with peers in the indicated direction.
Client state Normal

inbound and outbound connections

The client is communicating normally.


The client is not communicating reliably. This might result from a network issue or host resource issue, such as an anti-virus program that slows the client.

Export Tanium Client status details

Export information in the Client Status page as a CSV file or, if you have the AdminAdministrator reserved role, as a JSON file.

  1. From the Main menu, go to Administration > Configuration > Client Status.
  2. Select rows in the grid to export information for specific Tanium Clients. If you want to export information for all clients, skip this step.
  3. Click Export Export.
  4. (Optional) Edit the default export File Name.

    The file suffix (.csv or .json) changes automatically based on the Format selection.

  5. Select an Export Data option: information for All clients in the grid or only for the Selected clients.
  6. Select the file Format: JSON (AdminAdministrator reserved role only) or CSV.
  7. Click Export.

    Tanium CloudThe Tanium Server exports the file to the downloads folder on the system that you used to access the Tanium Console.

Copy Tanium Client status details

Copy information from the Client Status page to your clipboard to paste the information into a message, text file, or spreadsheet. Each row in the grid is a comma-separated value string.

  1. From the Main menu, go to Administration > Configuration > Client Status.
  2. Perform one of the following steps:
    • Copy row information: Select one or more rows and click Copy Copy.
    • Copy cell information: Hover over the cell, click Options Options, and click Copy Copy.

Deploy actions to remediate client registration or connectivity issues

You can deploy actions to Tanium Clients to remediate issues that you observe in the Client Status page. For example, if you want certain clients to register with a Tanium Zone Server instead of the Tanium Server, you can deploy the Set Tanium Server Name List package to change the ServerNameList setting on those clients.

  1. From the Main menu, go to Administration > Configuration > Client Status.
  2. Select the Tanium Clients (up to 100) to which you want to deploy actions and click Deploy Action.
  3. Deploy the action.
  4. Review the Client Status grid to verify that the action produced the expected result.

Configure server logging levels

Tanium Support might instruct you to change the log verbosity levels for the Tanium Server and Tanium Module Server when troubleshooting issues.

You require the Administrator reserved role to see and use the Logging page.

  1. From the Main menu, go to Administration > Configuration > Logging.
  2. Set the logging levels and click Save.

    The following decimal values are best practices for specific use cases.

    • 0: Logging disabled.
    • 1: Normal log level.
    • 41: Best practice value during troubleshooting.
    • 91 or higher: Most detailed log level. Enable for short periods of time only.

View plugins and plugin schedules

A plugin is an extension to a Tanium Core Platform component, module, or shared service. A scheduled plugin is a process that is set to run at a specified interval. Plugin operations are usually transparent to users. However, Tanium Support might instruct you to review plugin details when troubleshooting unexpected behavior.

Only users who are assigned the Administrator reserved role can access the Configuration pages for viewing plugin information.

To see details about installed plugins and scheduled plugins, from the Main menu go to Administration > Configuration > Plugins. The Plugins page displays separate grids for installed plugins and scheduled plugins.

To review the history of plugin executions, see the module-history<#>.txt logs in the <Module_Server>/Logs folder on the Tanium Module Server.

Manage the package file repository

By default, the Tanium Server stores the package files that it downloads to Tanium Clients in the <Tanium Server installation directory>/Downloads folder. When you are troubleshooting download issues, Tanium Support might instruct you to monitor usage for this repository and to free space in it if necessary.

Only users who have the Administrator reserved role can see the Package File Repository page.

View package file repository usage

From the Main menu, go to Administration > Configuration > Package File Repository and review the information.

Clean the package file repository (Windows infrastructure only)

By default, the Tanium Server automatically cleans the repository (deletes unused package files) every Sunday at 2 AM. However, if you see symptoms of low disk space on the server, you can manually clean the repository before then if the server is deployed on a Windows host. For example, when space is low, users might not be able to access the Tanium Console sign-in page or they might experience sign-in failures.

To manually clean the repository:

  1. Sign in to the Tanium Server host as the Administrator user.

  2. Open the Windows Command Prompt to access the CLI.

    For information on using the CLI, see Tanium Core Platform Deployment Reference Guide: Command-line interface.

  3. Navigate to the Tanium Server <installation directory>:

    cd <installation directory>

  4. Run the following command to clear the repository:

    TaniumReceiver clean-downloads

Relocate the package file repository (Windows infrastructure only)

Optionally, you can relocate the package file repository if another drive on the Tanium Server host has better resources for storing package downloads. See Tanium Core Platform Deployment Guide for Windows: Relocate the package file repository.

Monitor resource usage for sensor results collection

The Tanium Data Service collects and stores the results of all sensors that are registered for collection so that users can see those results for offline endpoints when issuing questions. Sensor collection consumes resources such as network bandwidth, processing on endpoints, and disk space on the Tanium Server. Resource consumption increases with the cardinality of sensors. For example, the IP Address sensor produces a unique result string for each queried endpoint, whereas the Operating System (OS) sensor produces the same string for all endpoints that have the same OS. In this case, the high cardinality IP Address sensor requires more bandwidth, CPU usage, and storage. Interact provides charts that enable you to visualize resource usage metrics related to results collection.

For more details and procedures related to sensor results collection, see Manage sensor results collection.

  1. Go to the Interact Overview page and click Info Information.
  2. Review the following charts:
    • Harvest Metrics: These charts display metrics related to the number of database rows that are processed when question results are collected for registered sensors. These charts only display when the Continuous Harvest option is selected. For more information, see Configure advanced settings for sensor collection.
    • Data Service Status: This chart displays metrics related to sensor collection processes when the Continuous Harvest option is deselected. By default, the Tanium Data Service runs the Data Collection process every hour to collect results for registered sensors and runs the Garbage Collection process every 15 minutes to remove expired result strings. The chart uses the following icons. Hover over an icon to display details about a specific process instance.
      • Success: process that completed successfully
      • Refresh: process that is currently running
      • Error: process with errors
      • Future: pending process
    • Data Service Sensor Metrics: Use these charts to determine whether specific sensors are generating result strings that consume too much storage.
    • Data Service Database Metrics: These charts provide indicators on the disk space usage for the Tanium Data Service. The Database Key Size and Database Value Size charts show usage in bytes.
    • Data Service Resource Consumption Metrics: Use these charts to determine the resource usage for the Tanium Data Service.

If you determine that sensor collection consumes too many resources, consider the following solutions:

View the info page

Tanium Support might instruct you to review settings or counters displayed on the info page.

  1. Open a browser and go to https://<FQDN>/info.
  2. Sign in as a user who is assigned the Administrator reserved role.

Contact Tanium Support

Tanium Support is your first contact for assistance with preparing for and performing an installation or upgrade, as well as verifying and troubleshooting the initial deployment. If you require further assistance from Tanium Support, please be sure to include version information for Tanium Core Platform components and specific details on dependencies, such as the host system hardware and OS details and database server version. You can also send Tanium Support a collection of logs and other information as a ZIP file: see Collect Interact logs.

To contact Tanium Support for help, sign in to