Environment
- App Control Server: All Supported Versions
Objective
How to collect logs for Active Directory console login errors
Resolution
Please confirm that the App Control service account has the permissions needed to access all
Active Directory domains needed with this KB
- Login to the App Control Console using the local "admin" user
- Navigate to > https://ServerName/Shepherd_Config.php > DebugConsoleCommunication > Set to: true > Change
- Navigate to > https://ServerName/Support.php > go to the Diagnostics tab
- Select the "Snapshot Server Logs" button
- Logging Duration: 30 Minutes
- Debug Level: Verbose
- Reporter Log Level: Minimum(default)
- Script Debug Level: Verbose
- Active Directory Debug Level: Verbose (Available in version 8.9+)
- Start Logging
- Reproduce the login error several times
- Go back to > Shepherd_Config.php > DebugConsoleCommunication > Set to: false > Change
- Go back to > Support.php > Diagnostics > select "Stop Logging"
- On the Right side of the page > under Related Views > Select "Available Log Files".
- Save the following files that have today's date:
- AppControlAD-todays-date-time.log
- ServerLog-todays-date-time.bt9
- On the server navigate and copy this file:
\Program Files (x86)\Bit9\Parity Server\scripts\Adrules.xml
- Please make screenshots of the following:
- Gear Icon > Login Account > User Role Mappings > Screenshot the page
- Gear Icon > System Configuration > General Tab > Screenshot the page
- Open "AD Users and Computers" or use a tool like AD Explorer to locate the user/group within the AD tree
- Screenshot the page showing the AD path to said user/group
- Please zip and upload all collected data to CB Vault
Related Content