Environment
- App Control Server (Formerly CB Protection): All Supported Versions
Objective
How to set App Control Server services to debug level 6 in the registry for troubleshooting. This is to capture logs on boot time
Resolution
- If the server has the App Control Agent installed turn off tamper protection following the below steps. If not please skip to step 2.
- Open a command prompt as Administrator
- Change directory to C:\Program Files (x86)\Bit9\Parity Agent (or the location where App Control is installed)
- Turn off the tamper protect by doing the following commands in order
dascli password <Either the CLI or global password can be entered here without the brackets>
dascli tamperprotect 0
- Stop the "Parity Server" service.
- Go to services.msc and stop CB Protection Server service or run the command as Administrator “net stop ParityServer”
- Open the Registry (go to Start > Run > type regedit > click OK)
- Browse to HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ParityServer
- Edit the registry value called “ImagePath” by adding “ /debuglevel 6” on the very end of the registry data. Below is an example of what it should look like
C:\Program Files\Bit9 (x86)\Parity Server\parityserver.exe" /service /dsn "C:\Program Files\Bit9\Parity Server\shepherd.dsn" /debuglevel 6
- Start the "Parity Server" service.
- Go to services.msc and start CB Protection Server service or run the command as Administrator “net start ParityServer”
- Reproduce the issue and collect the necessary data for engineering
- ServerLog.bt9 located in C:\Program Files (x86)\Bit9\Parity Server\
- Repeat the step 1-4
- Remove the “ /debuglevel 6” from the registry value ImagePath
- Repeat Step 6 and start Parity Server
- If the server has a App Control Agent installed, turn on the tamper protect
- Upload the file to CB Vault https://community.carbonblack.com/groups/cb-vault
Additional Notes
- WARNING: Make sure to remove “ /debuglevel 6”, so it will return to the default level 0. Otherwise, the logs will keep growing and use unneccessary disk space
- If registry key has been reset to default and debugging is still being written to the Serverlog.bt9 file, go to https://<servername>/Support.php > Diagnostics Tab > Click on Snapshot Server Logs. This will collect the Serverlog.bt9 file in the Diagnostics folder and end the debugging.
Related Content