Troubleshoot

A diagnostics tool, DiagnosticsCli.exe, is available with Privilege Management for Windows installed files. Using the tool, you can:

  • Diagnose the cause of connection problems. The tool offers actions to remedy the issue.
  • Request an immediate policy update from BeyondInsight.

The tool does not require any elevated rights to run; any authenticated user on the system can use the tool.

Use the DiagnosticsCli.exe Tool

Arguments

Management platform argument:

/bi: BeyondInsight

Task arguments:

/c: Test connection

/p: Force policy

Test Connection

Run the following commands to send a test message to the BeyondInsight instance. The test results are displayed in the console window.

The registry settings used to connect to BeyondInsight are displayed first, followed by the result of the test message.

If Privilege Management for Windows is installed in the default location, run the following from the command line:

"C:\Program Files\Avecto\Privilege Guard Client\DiagnosticsCli.exe" /bi /c

PowerShell:

& "C:\Program Files\Avecto\Privilege Guard Client\DiagnosticsCli.exe" /bi /c

Possible Test Connection Results

Result Remedy
Connection Successful NA
Defendpoint BeyondInsight Adapter cannot be contacted.

Reinstall BeyondTrust Privilege Management with BIMODE=1 and correct parameters for;

BEYONDINSIGHTURL (and optionally BEYONDINSIGHTCERTNAME and BEYONDINSIGHTWORKGROUP).

BeyondInsight Client Certificate Name could not be found. Check the value of BEYONDINSIGHTCERTNAME in the registry and verify that the certificate is installed in and accessible from the correct certificate store
BeyondInsight Connection refused.

Check the value of BEYONDINSIGHTURL in the registry and that you have installed the correct BeyondInsight client certificate.

BeyondInsight URL not specified Provide a value for BEYONDINSIGHTURL in the registry
BeyondInsight could not be contacted Check the value of BEYONDINSIGHTURL in the registry, and network and firewall settings

Force Policy

Run the following commands to force a policy update on endpoints from BeyondInsight.

If Privilege Management for Windows is installed in the default location, run the following command from the Windows command prompt:

"C:\Program Files\Avecto\Privilege Guard Client\DiagnosticsCli.exe" /bi /p

PowerShell:

& "C:\Program Files\Avecto\Privilege Guard Client\DiagnosticsCli.exe" /bi /p

Force Update Policy for End Users

End users are able to force a policy update to their computer from the system tray. This feature allows the end-user to request a new policy from their desktop, thus significantly reducing the time it takes to update a policy.

  1. In the system tray, click the Privilege Management icon.
  2. Click Check for Policy Update.

A notification appears with Update Finished to notify the user that a policy update has been applied to the client.

A notification appears with No Updates Found if the current policy is already up to date.

A notification appears with Unable to Check for Updates if the computer is unable to reach the management platform.