Check the AD Bridge BTCollector

  1. Make sure BTCollector is running by executing the following command at the shell prompt of the Windows computer running the collector:

    C:\Program Files\BeyondTrust\PBIS\Enterprise>sc query BTCollector
    SERVICE_NAME: BTCollector
            TYPE               : 10  WIN32_OWN_PROCESS
            STATE              : 4  RUNNING
  2. If the process is stopped, use eventvwr.exe to check the Windows event log for information about why the service failed.

The collector server must be running Windows 2003 or Windows 2008.

  1. If the process is not running, start it by executing the following command:

    C:\Program Files\BeyondTrust\Enterprise>sc start BTCollector

  2. Verify that the service is receiving forwarded events by viewing the contents of the collector's local SQLite database. To execute the following command, the BTCollector process must be running and you must have read privileges in the access control list:

    C:\Program Files\BeyondTrust\Enterprise>BTCollector-cli -s - localhost

The command should return a list of the events collected from the endpoints. If there is no data, it is likely that your endpoints are improperly configured (see the previous section). If the event that you noted when you checked the event forwarder in the previous section is among the results, make sure the BTEventDBReaper service is functioning properly.

  1. Verify that BTEventDBReaper is running:

    C:>sc query BTEventDBReaper

  2. If the process is stopped, use eventvwr.exe to check the Windows event log for information about why the service failed. Restart the service with:

    C:>sc start BTEventDBReaper

  3. Check the database connection string and the service's other execution parameters:

    C:\Program Files\BeyondTrust\Enterprise>BTEventDBReaper /s

    The results should look something like this:

    Database provider:     System.Data.SqlClient
    Connection string:     Data Source=SomeCollector;Initial Catalog=LikewiseEnterprise;Integrated Security=yes
    Record id last copied: 487
    Records per period:    120
    Seconds in a period:   10000

    If the database server (Data Source= for SQL Server or Server= for MySQL)) is identified by name (as in the example), verify that the name can be resolved to an address by using nslookup and verify that the address is reachable from the collector server by using ping.

  4. Use eventvwr.exe to check the Windows event log for messages. If BTEventDBReaper is failing to write to the central AD Bridge Enterprise database and if you are using SQL Server with integrated security, make sure that the collector server’s machine account has sufficient privileges to write to the AD Bridge Enterprise database.