Troubleshooting information available to help with Symantec Management Agent
SMA: Symantec Management Agent.
NS: Notification Server.
SMP: Symantec Management Platform.
SMP Server: Notification Server on which the Symantec Management Platform is installed.
1. There is ability to redirect all OutputDebugStringA and OutputDebugStringW calls made by any SMA Plugin or DLL loaded in context of SMA Service into SAM log. Simply add greater than zero REG_DWORD "InterceptDebugOutput" value to 'HKLM\Software\\Altiris\\Altiris Agent\Diagnostics' registry key and restart SMA service. All the debug output will be redirected to the agent log marked by source "DebugOutput" and 'debug' severity.
2. There is a limit of 15 seconds given SMA Service to gracefully stop. If some plugin or SMA component delays unloading this timeout may expire and SMA Service will terminate itself. Starting with build 7.5.1566 there is ability to create AeXNSAgent.exe's memory dump. Simply add REG_DWORD"dumpOnProcessTerminate" = 1 to 'HKLM\SOFTWARE\\Altiris\\Altiris Agent\\Diagnostics' registry key. There is no need to restart the service. Once the condition occurs the standard SMA EZ memory dump file will be created. The exception record for that dump will have the exception code 0x0000042B. The dump file may help to understand why a plugin or a component fail to shut down in the specified amount of time.
3. There is an old registry value "Save Policy Requests" under ''HKLM\Software\\Altiris\\Altiris Agent\"registry key that forces SMA to dump the copy of HTTP policy requests and responses into "Altiris Agent\Client Policies" folder. A few adjustments were made because of Agent Trust Initiative implementation.
4. Push service install log AltirisAgentInstSvc.log has been combined with agent installer log AeXNSC.log into the single file. The combined log is named AEXNSC.log and located in the same folder where old AeXNSC.log lived. The install log now contains more information for troubleshooting purposes:
5. AeXNSAgent.exe and AeXAgentUtil.exe got the new commands to help configuring agent log's severity, these commands can be also specified during push install or when installing from AeXNSC.exe:
6. The ability to disable OLE Automation string cache has been added to simplify memory leaks troubleshooting. Add greater than zero REG_DWORD "disableOLEAutomationStringCache" value to 'HKLM\Software\\Altiris\\Altiris Agent\Diagnostics" registry key and restart SMA service or other SMA process. The process will disable OLE Automation cache upon restart so the cached strings are not reported as leaked by the various tools.
7. Agent Storage troubleshooting:
1. There is a possibility now to automatically copy the dump files to some UNC location right after the creation of a dump file. The registry keys for regulation: "HKEY_LOCAL_MACHINE\SOFTWARE\Altiris Agent\Diagnostics". String values: "DumpRemotePath", "DumpRemoteUser", "DumpRemotePassword". User and password are in plain text and used for remote connection authentication. The keys should be created manually. By default they do not exist.
2. The new commands have been added to SMATOOL.EXE:
The new features were added to SMA 8.0:
1. The new compressed and encrypted file format is introduced for the memory dump files the agent produces. The format is named EZ2, it provides authenticated recoverable encryption. The dump file can now be partially restored in case EZ2 file is damaged. The new utility called SMADumpDecoder.exe is shipped as part of SDK and SMP server installation. You should still use the older DumpDecoder.exe utility to decrypt EZ files.
2. The log files are now embedded into the DMP file. By default, around 1MB of the latest agent log files get into the dump. This 1MB value can be changed by modifying DWORD registry value "embeddedLogFilesSoftLimit" in HKEY_LOCAL_MACHINE\SOFTWARE\Altiris\Altiris Agent\Diagnostics. The value sets the soft limit for the total size of the embedded log files in KB.
If value is zero then no log files will be embedded. if value is not zero then after embedding the file the agent will check if the total size of embedded log files exceeds the specified value, if it is then no more files will be embedded. SMADumpDecoder.exe has been modified to extract the embedded files from DMP files. If EZ2 file is passed as the input then utility will decrypt EZ2 file and create DMP file, then it will extract the embedded files from DMP file into the output folder. if DMP file is passed as the input then utility will extract the embedded files from DMP file into the output folder. Output paths in both cases are optional, the utility will form the output path itself if it is missing. The maximal hardcoded size of all the embedded log files is limited by 100MB. The logs files are collected in memory so in order to not overload the slow or low RAM machines in case user makes a mistake and specifies too large value in the registry the maximal value is limited by 100MB. The default 1MB should be enough in most of the cases. The maximal number of embedded files is limited by 10000.
3. "DumpRemotePath" registry value can now contain the environment variable. You can use any system variable or custom variables set internally by SMA, these are:
SMA_VERSION - SMA agent version, like 8.0 if full version is 8.0.1234.5
SMA_BUILD_NUMBER - SMA agent build number, like 1234 if full version is 8.0.1234.5
SMA_REVISION - SMA agent build revision, like 5 if full version is 8.0.1234.5
WINDOWS_VERSION - Windows version, like 6.1
WINDOWS_REVISION - Windows revision, like "Service Pack 1"
WINDOWS_BUILD_NUMBER - Windows build number, like 1670
SMA_CRASH_PROCESS - the process that crashed, like "AeXNSAgent.exe"
SMA_CRASH_MODULE - the module that crashed, like ""ole32.dll"
Path sample \\10.31.8.74\REMOTE\%COMPUTERNAME%\%SMA_VERSION%\%PROCESSOR_ARCHITECTURE%\%WINDOWS_VERSION%\%WINDOWS_REVISION%\%WINDOWS_BUILD_NUMBER%
These folders hierarchy will be created automatically.
3. SMATOOL utility is able to dump agent resource keys for the specific machine. Run SMATOOL /AGENT DUMP RESOURCEKEYS command on the specific machine to see what info was used to generate the resource keys and the keys themselves.
AeXAgentUtil.exe [Optional Parameters]
/? | /h | /help Shows this help
/start Starts the Agent
/stop Stops the Agent
/restart Stops and starts the Agent
/recover Stops the Agent and restarts it only if it stopped without crashing
/sendbasicinventory Forces the Agent to send basic inventory
/updateconfiguration Forces the Agent to update configuration
/resetguid[:<delay sec>] Resets the Agent ID and forces the Agent to register on Notification Server after the optional delay
/registerguid[:<delay sec>] Forces the Agent to register on Notification Server after the optional delay
/diags Enables the Agent diagnostics
/nodiags Disables the Agent diagnostics
/uninstall | /clean Uninstalls the Agent
/uninstallagents Uninstalls all the installed plug-ins
/removepsfiles Removes the files downloaded by the Package Server plug-in
/removepackageserver Removes the files downloaded by the Package Server plug-in and uninstalls the Package Server plug-in
/registerclient Registers all the core agent modules
/nologging Disables the logging
/enablelogging:error Enables the error logging
/enablelogging:warning Enables the error and warning logging
/enablelogging:info Enables the error, warning and informational events logging
/enablelogging:debug Enables the error, warning, informational events and debug events logging
/enablelogging Enables the default logging
/server:<server> | /ns:<server> Switches the Agent to the new Notification Server specified by the host name <server>
/web:<web> | /nsweb:<web> Switches the Agent to the new Notification Server specified by the URL <web>
/enableasp Enables use of ASP pages in IIS
This is a log file of the SMA itself. It contains all the information SMA is configured to log during its work time.
This log file is "rotated" - means old files are being overwritten when number of files reach maximum defined value.
The following are the usual locations for the SMA logs:
<drive:>\Program Files\Altiris\Altiris Agent\Logs.
Note: Please be advised that "C:\Program Files" could vary depending on SMA bitness vs System bitness. In case of 32-bit agents being installed on 64-bit OS-es, the path will start with "C:\Program Files (x86)".
Vista/Windows 7/Server 2008:
1.) Open a terminal.
2.) Enter the following command cd /opt/altiris/notification/nsagent/var.
3.) Enter the following command cat aex-client.log.
The logging settings are stored in the following locations in the registry:
HKEY_LOCAL_MACHINE\SOFTWARE\Altiris\Altiris Agent\Event Logging\LogFile
The following values are to be changed or created:
Size of an individual log file in kilobytes.
Number of log files to keep/rotate.
Bitmask of levels for log messages to be written to the log.
Changing the settings above will cause Agent to write significantly more information to the logs. This is why it is necessary to increase the limits on the log file size.
Restarting the Agent is not required for the settings to take effect.
This is a log file created by installation service of an SMA named "AltirisAgentInstSvc.exe". This service is being installed while "push install" triggered on NS side or "pull install".
This log is being appended if already exist and contain information about how installation binary is being downloaded and launched, what installation parameters were transferred through command line to installation service.
Default log file location is:
Note 7.5 changes: this log does not exist anymore; it has been merged with Agent Installation Log below.
This is a log file created by SMA installation. It covers all the install modes: install, upgrade, uninstall. Being re-created for each mode triggered, if added if already exist. Latest file is always "AEXNSC.log". The older files are being renamed to contain the date-time in their names like: "AEXNSC-20121122-182708.log".
This log contains detailed information about input parameters and installation environment data, what services are being stopped/installed, module registrations done and other auxiliary and useful information which could help to troubleshoot the installation process.
You basically run DumpDecoder.exe from the command prompt. You then you add the .ez dump file path and then the destination with the name that you want:
DumpDecoder.exe encoded_file_name out_file_name
C:\Users\Administrator.EPM>"C:\Program Files\Altiris\Notification Server\Bin\Tools\DumpDecoder.exe" C:\AeXNSAgentHostSurrogate32.dmp.ez C:\AeXNSAgentHostSurrogate32_extracted.dmp
Then, the extracted file should be a dmp file that you can run against a debugger tool.
Agent NSE Capture