OverviewQuick StartUser InterfaceConfiguration OptionsTeamsTroubleshooting

AD Agent: Troubleshooting

General Issues
Probe Issues
Error Codes/Messages

General Issues

The AD Agent service won’t start:

  • Is the dcagent_service account defined on the domain and is the service configured to use it?
  • Is the service account password correct? Reset the password on the dcagent_service account and re-run the configuration wizard.
  • Refresh the group policy on the machine running the AD Agent (use \Program Files\8e6 Technologies\8e6 AD Agent\bin\gpo_refresh.cmd)
  • Check the Windows Event log and Agent activity logs for any alarms.
  • Can you log in to the Agent server interactively using the dcagent_service account?

The Logscan process can’t access the domain controller security logs:

  • Is the domain controller offline?
  • Does the dcagent_service have the “Manage auditing and security log” permission? (see instructions)
  • Can you connect to the Agent’s security log using the Event Viewer? Log in as dcagent_service for this test. If you can connect to the Agent's security event log via the Windows Event Viewer, the Agent service should also be able to connect. If not, troubleshoot the security or connectivity problem with the Event Viewer first.
  • Have the "Audit logon events" and "Audit account logon events" security policy settings been set up correctly?
  • Is the Agent's security event log actually capturing login events? 
  • Is the Agent's security event log full? Be sure to enable log rollover to prevent this from occurring.

The Agent cannot connect to the Web Filter:

  • The Web Filter must be running the authentication module for software version 1.10.30 or higher.
  • Verify the Web Filter’s IP address and port number (default is 26267) in the Agent's configuration.
  • Can you connect to that port via Telnet from the Agent machine?

Top

A satellite Agent is unresponsive or not sending data:

  • Can you connect from the satellite to a folder share on the primary Agent when logged in as dcagent_service? 
  • Can you connect to a share in the opposite direction (from the primary to the satellite)?
  • The Agent team uses Windows named pipes to communicate between team members. The security and network requirements are similar to file sharing, so if you cannot share files between the satellites and the primary, the team communication will probably fail for the same reasons. Troubleshoot file sharing. Remember that the Agent service runs in the dcagent_service account, so do your troubleshooting while logged in as the dcagent_service.
  • Check the satellite’s logs; these logs are not forwarded to primary server.
  • Be aware that satellites sit in "limbo" until they are able to reach the primary Agent for configuration and work assignment. From a user's perspective, it looks as though the Agent service on the satellite is trying to start and just sitting in that state permanently. But what it is actually doing is repeatedly trying to fetch its configuration from the primary Agent, which won't work until the named pipe is available and the primary Agent is responding.

Top

Probe Issues

The Agent does not detect logoff from a Windows 2000 workstation using Netwksta probes:

  • This is a known problem with the Windows implementation of the NetWkstaUserEnum() function. There is no workaround except to use WMI probes.

The Agent reports "access denied" when issuing WMI probes to Windows 2000 workstations:

  • The end user's domain account must be a member of their local Administrators group to use WMI probes on Windows 2000 workstation. This is an issue with Windows 2000; there is no workaround.

Related Topic:

Back | Top



© Trustwave. All rights reserved.