Troubleshooting Provision

If Provision is not performing as expected, you might need to troubleshoot issues or change settings.

Collect logs

The information is saved as a ZIP file that you can download with your browser.

  1. From the Provision Overview page, click Help .
  2. Click Download Support Bundle.
    A tanium-provision-support-<timestamp>.zip file downloads to the local download directory.
  3. Contact Tanium Support to determine the best option to send the ZIP file. For more information, see Contact Tanium Support.

Tanium Provision maintains logging information in the provision.log file in the \Program Files\Tanium\Tanium Module Server\services\provision-files\logs directory.

Review endpoint logs

If you have issues during the endpoint provisioning process, you can review the following logs to troubleshoot possible causes.

You can also use Client Management to directly connect to an endpoint and collect the following logs. For more information, see Tanium Client Management User Guide: Collect troubleshooting information from endpoints.

Linux PXE and ODJ endpoints

/opt/Tanium/TaniumClient/Tools/Provision/logs

macOS PXE and ODJ endpoints

/Library/Tanium/TaniumClient/Tools/Provision/logs

Windows PXE and ODJ endpoints

<Tanium Client>\Tools\Provision\logs

Imaging logs

<Tanium Client>\Logs\provision-linux.log - shows the various activities that happen when you boot the device into the Linux image, such as formatting, partitioning, downloading, and so on

<Tanium Client>\Logs\provision-systemd.log - shows messages from the browser and service that are used in the Linux image, in case something is not working as expected

<Tanium Client>\Logs\provision-os.log - shows all the activities while in the new Windows OS

<Tanium Client>\Logs\provision-pe.log - shows all the activities while in Windows PE, such as applying the Windows image, injecting drivers, and so on

<Tanium Client>\Logs\provision-refresh.log - shows the start of the OS refresh process, running in the current Windows OS

C:\_t\logs\Provision-OS.log*

C:\Windows\temp\logs*

After successful OS imaging and installation of the Tanium Client, the logs are copied to <Tanium Client>\Logs and the C:\_t contents are deleted. If the Tanium Client did not successfully install, logs are copied to C:\Windows\temp\logs instead.

PXE Linux environment

/tmp

Perform monthly maintenance

  1. From the Main menu, go to Modules > Provision > Overview.
  2. Scroll to the Health dashboard to verify that the Provision service is running as expected Healthy on Provision endpoints.
  3. If the Health dashboard indicates that the Provision service is not running on Provision endpoints:
    1. Click Provision Endpoints to see details about the service status and versions for all Provision endpoints.
    2. To see additional details about a particular endpoint, click Additional Data beside that endpoint.
  4. To investigate deployment issues, see Monitor a deployment.

Error: You are unable to access Provision due to an invalid license

Issue

If you have an invalid or expired license, you can no longer access the Provision workbench or upgrade Provision. You might also encounter this error if any required dependencies are missing.

Solution

  • Update your license to restore full functionality for Provision.
  • Verify that all Required dependencies are installed.

Troubleshoot the Provision Linux boot image

If the endpoint stops responding during the Provision Linux boot image, you can use the following steps to perform some basic troubleshooting.

  1. Launch Terminal and use the Ctrl+Alt+F1 keyboard shortcut to switch from the graphical user environment to the text based console.

    You can use the Ctrl+Alt+F2 keyboard shortcut to switch back to the graphical user environment.

  2. To sign in to the Linux Environment, enter root for the user name. No password is required.
  3. Enter the following commands to check IP address information:
    • IP address: enter ip address
    • Routing information: enter ip route
    • DNS configuration: enter cat /etc/resolv.conf
  4. To review storage information, enter sudo fdisk -l.
  5. Collect logs for Tanium Support.
    1. To navigate to where the Provision logs are located, enter cd /tmp.
    2. To create an archive of the logs, enter tar czf /tmp/provision.tar.gz /tmp/*.
    3. To copy the archive to a remote SMB share, enter smbclient //myServer.myDomain.com/share - U myDomain/myUserName and then enter put provision.tar.gz at the SMB prompt.

Error: USB media does not find the storage drive

Issue

When a provisioning endpoint is configured with Intel Rapid Restore Technology (RAID), booting to the USB media does not find the storage drive.

Solution

RAID is not supported. Switch the BIOS/firmware to AHCI mode.

Error: PXE boot does not boot to the Tanium PXE service

Issue

When multiple PXE servers exist in the local network, the PXE boot request accepts the response from whichever PXE server responds first. If the PXE boot request does not boot to the Tanium PXE service, it is likely that a different PXE server responded before a Tanium PXE service did.

Solution

Check with your network team to determine if any PXE servers are configured in DHCP (scope options 66 and 67).

Error: Provisioning process incomplete

Issue

The provisioning process does not appear to be complete and Other User cannot sign in.

Solution

You must use non-OEM product keys, except on Enterprise editions and Windows Server operating systems.

Error: Provision-pe.ps1 cannot be found

Issue

The system is missing the storage drivers.

Solution

Update PE.

  1. Download the Dell Windows PE driver pack CAB file from Dell Technologies: WinPE 10 driver pack.
  2. Extract the contents of the file into a folder.
  3. Copy the contents of \winpe\x64\storage\HHN7T_A00-00\F6\NonVMD\f6flpy-x64 (Intel Rapid Storage Technology Driver) into the C:\Users\Administrator\Documents\utility\ADKPrep\amd64\drivers folder.

    The HHN7T part of the folder name could change if the driver is updated.

  4. To create a new adk_amd64.zip file in the /Documents folder, run the ADKPrep.ps1 script in an elevated command prompt.
  5. From the Provision OS Bundles page, update any existing OS bundles to use the new adk_amd64.zip file.

    Wait for the status of the OS bundles to change from Updating to Ready.

  6. When the Dell logo appears in the PXE endpoint, select the F12 key and then select ONBOARD NIC (IPV4).

Error: Domain join fails due to existing computer account

Issue

If the computer account already exists for the specified computer name, the ODJ blob creation fails because the service does not specify to overwrite the existing computer object in AD.

Solution

Make sure that the computer account does not already exist.

This issue is less likely to occur because Provision appends a numeric suffix to the computer name if needed. For example, if you specify myComputer for the computer name, Provision tries myComputer first. If myComputer already exists, Provision tries myComputer-1, and continues to increase the suffix if that account already exists.

Error: [ERR_INVALID_URL]: Invalid URL

Issue

Bootable media created with the -Bundles option hangs with [ERR_INVALID_URL]: Invalid URL log message for isolated endpoints if any OS bundle includes an ODJService or AdminPassword setting.

Solution

Network connectivity to a Tanium PXE server is required by OS bundles that includes an ODJService or AdminPassword setting. To work around this issue:

  • Specify OS bundles that do not include an ODJService or AdminPassword setting, or
  • Establish network connectivity on the endpoint.

Contact Tanium Support

To contact Tanium Support for help, sign in to https://support.tanium.com.