Environment
- App Control Server: All Supported Versions
- Microsoft Windows Server: All Supported Versions
Objective
To collect server logs for Active Directory policy mapping troubleshooting.
Resolution
Please confirm that the App Control service account has the permissions for accessing all
Active Directory domains needed with this KB
- In the web console navigate to > https://AppCServer/Support.php > go to the Diagnostics tab
- Select the "Snapshot Server Logs" button
- Set logging duration: 30 Minutes
- Debug Level: High
- Reporter Log Level: Minimum(default)
- Script Debug Level: Verbose
- Active Directory Debug Level: Verbose (Available in version 8.9+)
- Start Logging
- Navigate to Assets > Computers > Select an agent for testing
- On the Computer Details page > On Right: Actions > Change Policy > Select the checkbox "Automatic" > Go
Note: If the "Automatic" box has been selected already > Please uncheck it > Wait 1-2 minutes until the agent policy status is Up to date > Then go back and check the box again - Please take screenshots of the following console pages:
- System Configuration > General tab > Screenshot the page
- Rules > Policies > Mappings > Screenshot the page
- If the AD mapping is based on the machine’s OU > go to Assets > Computers > Select the test agent > Click on AD Details tab > Screenshot the page
- If the AD mapping is based on AD user/group membership:
Open "AD Users and Computers" or use a tool like AD Explorer to locate the user/group within the AD tree > Screenshot the page showing the AD path to the user/group
- Go back to Support.php page > select "Stop Logging"
- On the Right side of the page > under Related Views > Select "Available Log Files" > Save the files with today's date:
- AppControlAD-todays-date-time.log
- ServerLog-todays-date-time.bt9
- From the App C server navigate and copy this file:
\Program Files (x86)\Bit9\Parity Server\scripts\Adrules.xml
- Please collect screenshots, server logs and adrules.xml and upload to the CB Vault HERE
Related Content