App Control: How To Collect Logs for Active Directory Integration Troubleshooting
search cancel

App Control: How To Collect Logs for Active Directory Integration Troubleshooting

book

Article ID: 288365

calendar_today

Updated On:

Products

Carbon Black App Control (formerly Cb Protection)

Issue/Introduction

To collect logs for troubleshooting AD Integration

Environment

  • App Control Server: All Supported Versions
  • Microsoft Windows Server: All Supported Versions

Resolution

  1. Login to App Control Server as the service account 
  2. Confirm that the service account running the CB Protection Server/Reporter services is a domain account.
  3. Confirm that the service account has correct LDAP permission:
    • https://community.carbonblack.com/t5/Knowledge-Base/Cb-Protection-How-To-Check-if-Service-Account-Has-Correct-LDAP/ta-p/36012
  4. Open an admin CMD prompt
  5. Run commands:
    cscript /U /nologo "C:\Program Files (x86)\Bit9\Parity Server\scripts\TestAD.vbs" /r EnterServerFQDNHere /v -debug 6 > C:\temp\testAD-v.txt
    
    cscript /U /nologo "C:\Program Files (x86)\Bit9\Parity Server\scripts\QueryAD.vbs" -base "toplevel" -list EnterServerFQDNHere -access EnterDomainNameHere /v -debug 6 > C:\temp\QueryAD-v.txt
  6. Login to the App Control Console
  7. Navigate to System Configuration (Gear Icon) > General Tab
  8. Under section "Active Directory / LDAP integration" click "Test"
  9. Once test is complete, click on the word "Success" or "Failure". Screenshot the Active Directory Information page that displays.
  10. Browse to https://CbServerNameHere/support.php.
  11. Under "Diagnostics tab - Server Logging" Set the Logging Duration to 30 minutes.
  12. Leave all other settings set to Minimum (Default).
  13. Click Start Logging.
  14. Browse to https://YourCbServerName/testlogin.php.
  15. Enter a test Active Directory account and their password.
  16. Click Test Login.
  17. Take a screenshot of the result.
  18. Browse to https://YourCbServerName/support.php
  19. Click Stop Logging
  20. Click on "Available Log Files" (right hand pane)
  21. Click "Download File"  for ServerLog.bt9
  22. Take a screenshot of:
    • https://YourCbServerName/support.php > Advanced Configuration tab
    • Gear Icon > System Configuration > General Tab
  23. Files to send to Carbon Black:
    • testAD-v.txt (created in step 5)
    • QueryAD-v.txt (created in step 5)
    • ServerLog{datetime}.bt9 (step 121)
    • Screenshots (steps 9 and 22)