Collect Server Logs For Active Directory Login Errors
search cancel

Collect Server Logs For Active Directory Login Errors

book

Article ID: 288986

calendar_today

Updated On:

Products

Carbon Black App Control (formerly Cb Protection)

Issue/Introduction

Steps to collect logs for troubleshooting errors logging in to the Console when using Active Directory integration.

Environment

  • App Control Server: All Supported Versions

Resolution

IMPORTANT for Server 8.11.0+

  • First verify https://ServerName/shepherd_config.php > AllowADScripts is false
  • If this is currently set to true change to false and restart the service, Carbon Black App Control Server

Please confirm that the App Control service account has the permissions needed to access all Active Directory domains needed with this KB

  1. Log in to the Console using the local "admin" user.
  2. Navigate to > https://ServerName/Shepherd_Config.php > DebugConsoleCommunication > Set to: true > Change
  3. Navigate to > https://ServerName/Support.php > Diagnostics tab
    1. Click the "Snapshot Server Logs" button to flush the existing logs.
    2. Adjust the following options: 
      • Logging Duration: 30 Minutes
      • Debug Level: Verbose
      • Script Debug Level: Verbose
      • Active Directory Debug Level: Verbose
    3. Click Start Logging.
  4. Use an incognito window (or a different browser/computer) to reproduce the login failure several times.
  5. Go back to > /Shepherd_Config.php > DebugConsoleCommunication > Set to: false > Change
  6. Go back to > /Support.php >  Diagnostics > select "Stop Logging"
  7. From the right-hand menu > Related Views > Available log files
  8. Download any/all Diagnostic Files generated with today's date:
    • AppControlAD-TIMESTAMP.log
    • ServerLog-TIMESTAMP.bt9 (typically there will be several)
      IMPORTANT! There could be up to 20 ServerLog-TIMESTAMP files generated during this, download all.
  9. Copy the Adrules.xml file from the Parity Server directory: 
    \Program Files (x86)\Bit9\Parity Server\scripts\Adrules.xml
  10. Take screenshots of the following:
    • In the App Control Console:
      • Settings > Login Account > User Role Mappings > Screenshot the page.
      • Settings > System Configuration > General > Screenshot the page.
    • "AD Users and Computers" (or use a tool like AD Explorer to locate the user/group within the AD tree.
    • Screenshot the page showing the AD path to said user/group.
  11. Zip all collected data and provide to Support.

Additional Information

Powered by Wolken Software