Troubleshooting HEAT Discovery
This section contains basic troubleshooting procedures for HEAT Discovery. After you install HEAT Discovery, we recommend that you use the following checklist to ensure that all relevant services are properly installed and working correctly. See Troubleshooting Checklist
|
This is an advanced function for administrators and Discovery Managers.
|
Troubleshooting HEAT Discovery requires access to the .frs log files that are available from the Logs workspace. See Logging for more information. By default, the logs are set to the Error log level; however, you can capture more details. See Logging Configuration for information on available options and how to change or set logging levels.
|
We recommend resetting the logs back to the Error log level after troubleshooting is completed. Otherwise, the system will continue to generate large logs that contain a high level of detail.
|
Troubleshooting Checklist
|
1.
|
From the main server, check that all services are running correctly by doing the following: |
|
a.
|
Click on a service such as AgentTaskWs. |
|
b.
|
In the Content window right-click on the ASMX file. |
|
c.
|
Right-click and select Browse…. |
|
d.
|
Check if the agent task is responding. If it is, it opens a new window that lists the supported operations. |
|
e.
|
Follow the same steps with the ClientTransportProcessor service. |
|
2.
|
For App services check that Net.tcp is up and running. |
- From a command window (as administrator) run a telnet client on the server name using the specified net.tcp port configuration. Enter a specific domain name or IP address as shown in the following example:
C:\Windows\System32\telnet <Domain_Name_IPAddress> 7100
If net.tcp is correctly configured, you will see a Telnet command window with no data.
|
3.
|
Check the log file on the client or gateway machine for errors. The log file path is usually ~\FRS\Logs\JobQueues. Any errors appear in the GetClientTask job. An example of a file name is JobQueue_GetClientTasksQueue_00000037014.
|
|
4.
|
Check the Netscan tasks queue log file for errors. An example of a file name is JobQueue_NetScanTasksQueue_00000 000058. |
|
5.
|
Check the AssetProcessor.log file (the server log) located under ~\Logs for any errors. |
Common Issues and Steps for Resolving Them
CI and Gateway are Not Created After Installation
This can indicate that the processor failed to send a message to the message sender or that the agent failed to query tasks from the task processor.
The following error message is an example of a message that can be found in the AgentTaskWS.frslog and the ClientTransportProcessorWs.frslog files:
The message could not be dispatched because the service at the endpoint address 'net.tcp://sql-1:5000/MessageSender/EventSender.svc' is unavailable for the protocol of the address
Cause: The net.tcp.web service is not working.
Solution: Remove and reinstall the WCF service, by following these steps:
|
1.
|
Open the Server Manager and start the Remove Roles and Features wizard. |
|
2.
|
From the Features tab, expand .NET FrameWork 4.5 Features. |
After the feature is removed, add it back using the Add Roles and Features wizard and following the prompts.
Log Failed Message
When the server fails to process a message, it is discarded. The Log Failed Message setting allows you change the default and to capture failed messages. Your HEAT login must have administrator privileges to use this feature. Turn this setting on if the server logs indicate that a message cannot be processed. FrontRange uses the generated log files to troubleshoot the problem.
|
1.
|
Log into the HEAT Configuration Database (ConfigDB) and open your tenant workspace. |
|
2.
|
Check Log failed IM message. |
|
3.
|
Click Save to save the change. |
|
4.
|
Log out of the ConfigDB and log into HEAT . |
|
5.
|
Click More… then search for and open the Integration Log workspace. |
|
6.
|
Group by log type and select LogType: Error to see the list of messages. The same error message for a single machine is not saved multiple times. |
|
7.
|
Click a message to open and view it, or to download the attached file. FrontRange may use these files to assist in resolving the issue. |
|
8.
|
You can also access the messages from the integration log, by doing the following: |
|
a.
|
Click Configure Application. |
|
b.
|
In the left pane, select Monitor > Application logs > Integration Log. |
|
c.
|
Click to open the pane. |
Gateway Errors
If a gateway task does not complete successfully, do the following:
|
1.
|
Click Scan Active Directory or Deploy Settings to create an agent task record that can be seen under the Agent Tasks tab. |
|
2.
|
Double-click the task to display information about why the task failed. An example of a failed task is if the RPC server was available or, if access was denied (a password issue). |
|
3.
|
Correct any issues as needed. |
Client Machine Errors
If the client is no longer sending data, check the following:
|
1.
|
Ensure that the machine on which the MDI client is running is turned on and functional. |
|
2.
|
From the CI workspace, check whether the agent status of the machine is in suspended mode. |
|
3.
|
If it is, select the machine and click Resume Client Agent from the taskbar. |
MDI Troubleshooting
|
1.
|
Ensure that the MDI service is started. |
|
2.
|
Inspect the file called MDIServiceHost.exe.config. By default, it should be located at: ~\MDIServiceHost. Ensure that the MDIServiceBaseAddress is correctly set to: https://<your_registered_domain>:8734/MDM. |
|
|
The .netsh http show sslcert command displays the SSL certificate binding information. Ensure that ports 8734 and 4423 are bound to it. |
|
4.
|
Check the port binding and ensure that port 8734 is actively listened to by running the following command in a command window: netstat -ano | find "8734" |
|
5.
|
Temporarily turn off the firewall on the server to rule it out as a cause. |
|
6.
|
Ensure that you are using the correct SSL certificate for the domain. Identify and install the correct certificate. |
|
7.
|
Ensure that you are using the correct root CA certificate name (available from the Certificate Authority provider) when creating the enroll.mobileconfig file. If not, regenerate the file following the steps in the Using the APNS Certificate Tool . |
|
8.
|
Ensure that the server hosting the MDI service is not blocked from accessing the following services at ports 2195 and 2196: |
- gateway.push.apple.com
- gateway.sandbox.push.apple.com
- feedback.push.apple.com
- feedback.sandbox.push.apple.com
|
9.
|
Run the following command from a command window to test the connection. A blank screen confirms that the connection is successful: |
telnet gateway.push.apple.com 2195
|
10.
|
Rerun the telnet command with the appropriate port numbers for each of the addresses listed above, to check that you are able to connect. |