Troubleshoot Checklists for Reporting Components

The checklists in this section can help you troubleshoot problems with the reporting components.

Endpoints

To check for endpoint problems, confirm the following:

  • eventlog service running
  • eventfwd service running
  • reapsysl service running
  • eventfwd service properly configured 
    /opt/pbis/bin/regshell
HKEY_THIS_MACHINE\> ls Policy\Services\eventfwd\parameters\

[HKEY_THIS_MACHINE\Policy\Services\eventfwd\parameters]
+  "Collector" REG_SZ          "services.umon.com"
  • Collector name resolvable and address reachable 
    ping services.umon.com
PING services.umon.com (10.100.1.1) 56(84) bytes of data.
64 bytes from services.umon.com (10.100.1.1): icmp_seq=1 ttl=128 time=0.867 ms

For more information about the services, please see AD Bridge Services and Status.

  • Collector principal properly set 
    /opt/pbis/bin/regshell
HKEY_THIS_MACHINE\> ls Policy\Services\eventfwd\parameters\
        
[HKEY_THIS_MACHINE\Policy\Services\eventfwd\parameters]
+  "CollectorPrincipal" REG_SZ          "10.100.1.1"
  • /etc/syslog.conf properly configured
  • events present in local event log (test with eventlog-cli)
  • eventfwd service seems to forward messages properly (run from command-line to test)
  • firewall not blocking RPC access of collector server

Collector Servers

To check for problems with the collector servers, confirm the following:

  • BTCollector service running
  • BTEventDBReaper service running
  • events present in local collector database (test with BTCollector-cli)
  • BTEventDBReaper properly configured (test with BTEventDBReaper /s)
  • database provider and connection string properly set
  • collector ACL allows endpoints to write to it (set with Event Management Console)
  • collector machine account has sufficient privileges to write to database
  • no unusual errors in Windows event log (run eventvwr.exe)
  • firewall not blocking incoming RPC connections or outgoing database connections

Database

To check for problems with the database, confirm the following:

  • can connect to it with SQL Server Management Studio
  • Events table contains events
  • EventsWithOUName view contains events
  • database security set to allow writing by collector servers, by ldbupdate user, and by administrators
  • ldbupdate utility recently run to account for new endpoints joined to AD
  • named-pipe client access enabled in SQL Server
  • firewall not blocking incoming database connection

Windows Reporting Components

To check for problems with the Windows reporting components, confirm the following:

  • database connection strings set properly
  • user has sufficient privileges to access database
  • firewall not blocking database connections