Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

App Control: How To Collect Server Logs for Active Directory Policy Mapping Issues

App Control: How To Collect Server Logs for Active Directory Policy Mapping Issues

Environment

  • App Control Server: All Supported Versions
  • Microsoft Windows Server: All Supported Versions

Objective

To collect server logs for Active Directory policy mapping troubleshooting.

Resolution

Please confirm that the App Control service account has the permissions for accessing all Active Directory domains needed with this KB
  1. In the web console navigate to > https://AppCServer/Support.php > go to the Diagnostics tab
    • Select the "Snapshot Server Logs" button
    • Set logging duration: 30 Minutes
    • Debug Level: High
    • Reporter Log Level: Minimum(default)
    • Script Debug Level: Verbose
    • Active Directory Debug Level: Verbose (Available in version 8.9+)
    • Start Logging
  2. Navigate to Assets > Computers > Select an agent for testing
  3. On the Computer Details page > On Right: Actions > Change Policy > Select the checkbox "Automatic" > Go
    Note: If the "Automatic" box has been selected already > Please uncheck it > Wait 1-2 minutes until the agent policy status is Up to date > Then go back and check the box again
  4. Please take screenshots of the following console pages:
    • System Configuration > General tab > Screenshot the page
    • Rules > Policies > Mappings > Screenshot the page
    • If the AD mapping is based on the machine’s OU > go to Assets > Computers > Select the test agent > Click on AD Details tab > Screenshot the page
    • If the AD mapping is based on AD user/group membership:
      Open "AD Users and Computers" or use a tool like AD Explorer to locate the user/group within the AD tree > Screenshot the page showing the AD path to the user/group
  5. Go back to Support.php page > select "Stop Logging"
  6. On the Right side of the page > under Related Views > Select "Available Log Files" > Save the files with today's date:
    • AppControlAD-todays-date-time.log
    • ServerLog-todays-date-time.bt9
  7. From the App C server navigate and copy this file:
    \Program Files (x86)\Bit9\Parity Server\scripts\Adrules.xml
  8. Please collect screenshots, server logs and adrules.xml and upload to the CB Vault HERE

Related Content


Labels (1)
Tags (2)
Was this article helpful? Yes No
100% helpful (1/1)
Article Information
Author:
Creation Date:
‎09-18-2018
Views:
2512
Contributors