What is the best way to view or capture the communication processes involved with Axengine, Agent, or PXE for troubleshooting?

Ghost Solution Suite 8.x

What to capture:

To troubleshoot any Axengine, PXE, and DAgent/AClient issues, the following logs are very useful, though all may not be necessary for any particular issue.  Most of these are not enabled by default, or if they are, may need adjustment. 

• Axengine.log (Engine or eXpress.exe)
• Server side Agent log
• DAgent.log
• PXE logs
• Wireshark trace

As a good place to start, the Engine and Client logs are very basic ones we use often in support and should be capture per the instructions below. Each circumstance is different though, and depending on your issue, you may need more than that.

When to capture:

It is best to capture your logs and traces at the same time so that comparisons may be made.  For instance, client communications may "look" OK on the client-side, but be broken on the server, or vise-versa.

Also, it is very useful to start with a clean set of logs, and to get these to include the startup of the services themselves.  Windows Services should some or all of the following services (they will have all in a full DS installation, but some may be moved off-box):

• Altiris Deployment Server DB Management
• Altiris eXpress Server
• Altiris PXE Config Helper
• Altiris PXE Manager
• Altiris PXE MTFTP
• Altiris PXE Server

Depending on what you are troubleshooting, you should stop the related services, delete any previously created log files, and then restart those services.  For instance, you may want to stop all PXE services if your clients are having troubles getting the pre-boot environment.  You may want to also stop the engine (eXpress server) if they don't get menu's.  If you are unsure, stopping all the services and capturing all these logs may be the wisest option, or getting assistance from Support.

Configuring Logging and/or Trace

Engine Logs (eXpress service) and server-side AClient/DAgent logs

The axengine.log and server-side agent logs are enabled and adjusted in file size in the same location on the GSS Server. Within the Windows Control Panel you will see the Altiris Deployment Server (32-bit) applet. Click on the icon. Click on the Options button and then select the Debug tab.  Change the level from 1 to level 9 logging and increase Max File Size by adding two zeroes at the end of the default size for Engine Debug Logging. It should read "Max File Size: 204800" after you have added the two zeroes at the end.

The Agent server side client log will be named after the client ID and placed into the location specified, which is located in the express share > Temp > MSGS > CompID.log by default.  We only need the CompID.log associated with the Computer ID in question.  Right click on the Computer Icon in the Deployment Server console> Select 'Properties' the Computer ID is 'ID' = 5000xxx.  Locate the 5000xxx.log in express share > Temp> MSGS> 5000xxx.log

Client side agent logs

DAgent logs can be enabled from the Deployment Server console. Right-click on the computer icon, select Change Agent settings > Production agent, and then select the Log File tab. Check box should be on  Log errors, Log information, Log Debugging information.

The location for the log files will be, by default:

• DAgent: %systemdrive%\Program Files\DAgentLogs\DAgent.log

Automation agent (Aclient) logs can be enabled on a PXE or Boot Disk Creator configuration by modifying the 'aclient.inp' file built in by default. Expand the BDC or PXE configuration, click on 'aclient.inp' then scroll down to the 'LogFile' section.

The location for the log files will be, by default:

• AClient: %systemdrive%\DagentLogs\Dagent.log

Wireshark Trace:

Wireshark is a free tool to watch network traffic.  It is often very useful when troubleshooting PXE and other imaging related issues.  It can be downloaded for free from Microsft Technet.

Once downloaded, it should generally be run from the Deployment Solution server, and should be configured to watch all traffic on the local segment.  A filter that is VERY useful though, to capture all PXE and automation environment processes is:

bootp || tftp || udp.port == 4011

This would be placed on the Filter line, so that you only see the relevant traffic.  Removing that filter would immediately expose the rest of the traffic though, which may be useful.  Once captured, this trace can be saved, zipped, and set to support if necessary.

Other tools from Technet that could be helpful is Regmon, and Filemon, to troubleshoot further.

PXE Logging:

Any PXE Server side logs should only be turned on when Support needs these logs. These logs are located in Deployment Server Console > Tools > PXE Configuration utility. The log files do not have a file max size and will increase, potentially filling the drive.  Additionally, some of the logs, such as MTFTP logging, can significantly slow performance.

The logs are very specific to certain functionality and should be enabled accordingly.  When in doubt, set all (except MTFPT) the logs to capture "All" and enable them.  MTFTP logging should only be enabled when you are confident you need this log.

What to do with your logs?

Enable the logs, restart the services, and then duplicate your problem.  Capture the logs created, and, along with a well documented set of steps you followed, send both to Support. 

We do need to know WHAT you did, not just what errors you received.  The process, even configuration items you may feel are un-related, may be very important to your issue.  Whatever you customized, or performed should be captured and given to support as well.