Collect Server Logs For Active Directory Login Errors
book
Article ID: 288986
calendar_today
Updated On:
Products
Carbon Black App Control (formerly Cb Protection)
Show More
Show Less
Issue/Introduction
Steps to collect logs for troubleshooting errors logging in to the Console when using Active Directory integration.
Environment
App Control Server: All Supported Versions
Resolution
Please confirm that the App Control service account has the permissions needed to access all Active Directory domains needed with this KB
Log in to the Console using the local "admin" user.
Navigate to > https://ServerName/Shepherd_Config.php > DebugConsoleCommunication > Set to: true > Change
Navigate to > https://ServerName/Support.php > Diagnostics tab
Click the "Snapshot Server Logs" button to flush the existing logs.
Set the following options:
Logging Duration: 30 Minutes
Debug Level: Verbose
Reporter Log Level: Minimum(default)
Script Debug Level: Verbose
Active Directory Debug Level: Verbose (Available in version 8.9+ )
Click Start Logging.
Reproduce the issue several times.
Go back to > Shepherd_Config.php > DebugConsoleCommunication > Set to: false > Change
Go back to > Support.php > Diagnostics > select "Stop Logging"
On the Right side of the page > under Related Views > Select "Available Log Files".
Save the following files that have today's date:
AppControlAD-todays-date-time.log
ServerLog-todays-date-time.bt9
On the server navigate and copy this file:
\Program Files (x86)\Bit9\Parity Server\scripts\Adrules.xml
Please make screenshots of the following:
Settings > Login Account > User Role Mappings > Screenshot the page.
Settings > System Configuration > General Tab > Screenshot the page.
Open "AD Users and Computers" or use a tool like AD Explorer to locate the user/group within the AD tree.
Screenshot the page showing the AD path to said user/group.
Zip all collected data and provide to Support.
Additional Information
In the ServerLog-*.bt9 file searching for GetObjectTrySecureWithPassword can be used to find the section where an error using the AD user accounts can be found
Feedback
thumb_up
Yes
thumb_down
No