Collect Server Logs for Active Directory Policy Mapping Issues
search cancel

Collect Server Logs for Active Directory Policy Mapping Issues

book

Article ID: 286520

calendar_today

Updated On:

Products

Carbon Black App Control (formerly Cb Protection)

Issue/Introduction

Steps to collect logs for troubleshooting Active Directory Policy Mapping issues.

Environment

  • App Control Agent: All Supported Versions
  • App Control Server: All Supported Versions

Resolution

Please confirm that the App Control service account has the permissions for accessing all Active Directory domains needed with this KB

  1. Log in to the Console and navigate to: Rules > Policies.
    • From the right-hand side > Actions > Clear Server Cache
  2. Navigate to: Assets > Computers > select an Agent for testing.
    1. On the Computer Details page > right-hand side > Actions > Change Policy.
    2. Uncheck Automatic > Go.
  3. In a new tab, navigate to: https://ServerAddress/support.php > Diagnostics tab
    1. Click the "Snapshot Server Logs" button to flush the existing logs.
    2. Set the following options: 
      • Logging Duration: 30 Minutes
      • Debug Level: High
      • Reporter Log Level: Minimum(default)
      • Script Debug Level: Verbose
      • Active Directory Debug Level: Verbose (Available in version 8.9+)
    3. Click Start Logging.
  4. In the tab for the test Agent > right-hand side > Actions > Change Policy: check Automatic > Go.
  5. Take screenshots of the following Console pages:
    • Settings > System Configuration > General > Screenshot the page
    • Rules > Policies > Mappings > Screenshot the page
    • If the AD mapping is based on the machine’s OU > go to Assets > Computers > Select the test Agent > Click on AD Details tab > Screenshot the page
    • If the AD mapping is based on AD user/group membership:
      Open "AD Users and Computers" or use a tool like AD Explorer to locate the user/group within the AD tree > Screenshot the page showing the AD path to the user/group
  6. Go back to https://ServerAddress/support.php page > Diagnostics > Stop Logging.
  7. On the right side of the page > under Related Views > Select "Available Log Files" > Save the files with today's date:
    • AppControlAD-todays-date-time.log
    • ServerLog-todays-date-time.bt9
  8. From the App C server navigate and copy this file: 
    \Program Files (x86)\Bit9\Parity Server\scripts\Adrules.xml
  9. Zip the collected data and provide to Support.
Powered by Wolken Software