AD
Agent: Troubleshooting
General
Issues
Probe Issues
Error Codes/Messages
General
Issues
The AD Agent
service won’t start:
- Is the dcagent_service
account defined on the domain and is the service configured to
use it?
- Is the service
account password correct? Reset the password on the dcagent_service
account and re-run the configuration wizard.
- Refresh the
group policy on the machine running the AD Agent (use \Program
Files\8e6 Technologies\8e6 AD Agent\bin\gpo_refresh.cmd)
- Check the
Windows Event log and Agent activity logs for any alarms.
- Can you log
in to the Agent server interactively using the dcagent_service
account?
The Logscan
process can’t access the domain controller security logs:
- Is the domain
controller offline?
- Does the
dcagent_service have the “Manage auditing and security log”
permission? (see instructions)
- Can you connect
to the Agent’s security log using the Event Viewer? Log
in as dcagent_service for this test. If you can connect to
the Agent's security event log via the Windows Event Viewer, the
Agent service should also be able to connect. If not, troubleshoot
the security or connectivity problem with the Event Viewer first.
- Have the
"Audit logon events" and "Audit account logon events"
security policy settings been set up correctly?
- Is the Agent's
security event log actually capturing login events?
- Is the Agent's
security event log full? Be sure to enable log rollover to
prevent this from occurring.
The Agent
cannot connect to the Web Filter:
- The Web Filter
must be running the authentication module for software version
1.10.30 or higher.
- Verify the
Web Filter’s IP address and port number (default is 26267)
in the Agent's configuration.
- Can you connect
to that port via Telnet from the Agent machine?
Top
A satellite
Agent is unresponsive or not sending data:
- Can you connect
from the satellite to a folder share on the primary Agent when
logged in as dcagent_service?
- Can you connect
to a share in the opposite direction (from the primary to the
satellite)?
- The Agent
team uses Windows named pipes to communicate between team members. The
security and network requirements are similar to file sharing,
so if you cannot share files between the satellites and the primary,
the team communication will probably fail for the same reasons. Troubleshoot
file sharing. Remember that the Agent service runs in the
dcagent_service account, so do your troubleshooting while logged
in as the dcagent_service.
- Check the
satellite’s logs; these logs are not forwarded to primary
server.
- Be aware
that satellites sit in "limbo" until they are able to
reach the primary Agent for configuration and work assignment. From
a user's perspective, it looks as though the Agent service on
the satellite is trying to start and just sitting in that state
permanently. But what it is actually doing is repeatedly
trying to fetch its configuration from the primary Agent, which
won't work until the named pipe is available and the primary Agent
is responding.
Top
Probe
Issues
The Agent
does not detect logoff from a Windows 2000 workstation using Netwksta
probes:
- This is a
known problem with the Windows implementation of the NetWkstaUserEnum()
function. There is no workaround except to use WMI probes.
The Agent
reports "access denied" when issuing WMI probes to Windows
2000 workstations:
- The end user's
domain account must be a member of their local Administrators
group to use WMI probes on Windows 2000 workstation. This
is an issue with Windows 2000; there is no workaround.
Related Topic:
Back
| Top |