logo

Knowledge Base

Access official resources from Carbon Black experts

IMPORTANT ANNOUNCEMENT: On May 6, 2024, Carbon Black User eXchange (UeX) and Case Management will move to a new platform!
The Community will be in read-only mode starting April 19th, 7:00 AM PDT. Check out the blog post!
You will still be able to use the case portal to create and interact with your support cases until the transition, view more information here!

App Control: How to Enable Server Service Trace Logging from Startup

App Control: How to Enable Server Service Trace Logging from Startup

Environment

  • App Control Server (Formerly CB Protection): All Supported Versions

Objective

How to set App Control Server services to debug level 6 in the registry for troubleshooting. This is to capture logs on boot time

Resolution

  1. If the server has the App Control Agent installed turn off tamper protection following the below steps. If not please skip to step 2.
  • Open a command prompt as Administrator
  • Change directory to C:\Program Files (x86)\Bit9\Parity Agent (or the location where App Control is installed)
  • Turn off the tamper protect by doing the following commands in order
dascli password <Either the CLI or global password can be entered here without the brackets>
dascli tamperprotect 0
  1. Stop the "Parity Server" service.
  • Go to services.msc and stop CB Protection Server service or run the command as Administrator “net stop ParityServer”
  1. Open the Registry (go to Start > Run > type regedit > click OK)
  2. Browse to HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ParityServer
  3. Edit the registry value called “ImagePath” by adding “ /debuglevel 6” on the very end of the registry data. Below is an example of what it should look like
C:\Program Files\Bit9 (x86)\Parity Server\parityserver.exe" /service /dsn "C:\Program Files\Bit9\Parity Server\shepherd.dsn" /debuglevel 6
  1. Start the "Parity Server" service.
  • Go to services.msc and start CB Protection Server service or run the command as Administrator “net start ParityServer”
  1. Reproduce the issue and collect the necessary data for engineering
  • ServerLog.bt9 located in C:\Program Files (x86)\Bit9\Parity Server\
  1. Repeat the step 1-4
  2. Remove the “ /debuglevel 6” from the registry value ImagePath
  3. Repeat Step 6 and start Parity Server
  • If the server has a App Control Agent installed, turn on the tamper protect
  1. Upload the file to CB Vault https://community.carbonblack.com/groups/cb-vault

Additional Notes

  • WARNING:  Make sure to remove “ /debuglevel 6”, so it will return to the default level 0. Otherwise, the logs will keep growing and use unneccessary disk space
  • If registry key has been reset to default and debugging is still being written to the Serverlog.bt9 file, go to https://<servername>/Support.php > Diagnostics Tab > Click on Snapshot Server Logs. This will collect the Serverlog.bt9 file in the Diagnostics folder and end the debugging.

Related Content


Labels (1)
Labels:
Tags (2)
Was this article helpful? Yes No
No ratings
Article Information
Author:
CB_Support
Creation Date:
‎09-09-2020
Views:
716
Contributors
logo

Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.