10 Replies Latest reply on Jan 19, 2015 6:17 AM by GusMcCabe

    Endpoint Analysis Scan Problem

    GusMcCabe Rookie
      Does anyone have any ideas as to why my Application Manager (v8.8.249) simply won't perform an Endpoint Scan on any of my Endpoints.

      I've followed the product guide and realised that we had to enable Remote Registry and although the Endpoint Analysis tab of Application Manager is showing that the Endpoints are connected, whenever you ask the console to perform a scan it does nothing.  No errors.  Just...nothing.  I thought that maybe it takes some time before it starts to report back that it's scanning etc, but I right-clicked and select scan about 20 mins ago and so far...nothing.

      I thought that maybe it could be due to a user being logged on, logged off and it's still the same.  File Sharing is turned on as well.  Config is deployed and install.  Licensing key is in the registry, although it appears to be empty - but that's the same on all our Endpoints which have Env. Manager agents and configs working perfectly for over a year.

      Help please :)
        • 1. Re: Endpoint Analysis Scan Problem
          Are there console.command.trigger and console.command files in "C:\ProgramData\AppSense\Application Manager\Endpoint Analysis" on the end-point you are trying to scan? These are placed there by the console via write access to c$ once it has used the remote registry service to query where this folder is located. If the files aren't there then it's a console problem otherwise the agent has failed to notice/action them for some reason where an agent restart might rectify the latter.

          You can create these files manually if needs be so that you don't need a console although it should work if remote registry and write access to c$ is enabled and the agent is running.
          • 2. Re: Endpoint Analysis Scan Problem
            GusMcCabe Rookie
            Cheers for the quick reply.

            The console.command.trigger and console.command files are there, but as the endpoint is a standard mode VM, the ProgramData\AppSense folder and it's contents have been redrirected to the VM's cache disk via mklink.

            Going by your suggestion that the agent may have needed a restart I have tried both restarting the services and restarting Windows and neither made any difference.

            Re-direction is unsupported maybe?
            • 3. Re: Endpoint Analysis Scan Problem
              BChriscoli Expert
              Using a Symbolic Link for the configuration may not work - I haven't tested it personally, but can do momentarily.
              Using the AMC 8.6 Console, the Configurations can be pointed to a different location natively.

              Does a Rules Analyzer work on the device?
              • 4. Re: Endpoint Analysis Scan Problem
                GusMcCabe Rookie
                No - it would seem that Rules Analyzer is the same.  Console reports Endfpoint is connected but ask it to Start Logging and it just sits there.  As for Symbolic link, technically they were in place since before AMC 8.6 and our configs are set to use the new location using the Native Configuration File option so I guess the link isn't being used.  I will confess that even after nearly 15 years with Windows I think I've used symbolic links twice.

                Anyway.  I actually deployed Application Manager Agent 8.8.249 to my own PC and does the same, Endpoint reports as connected but asking it to Scan just does nothing.

                Confused.com much?
                • 5. Re: Endpoint Analysis Scan Problem
                  BChriscoli Expert
                  You'll find the Licensing key in the Wow6432Node and there should be a value for it (will be pretty much guaranteed if managed by an AMC)

                  If you modify the config on the endpoint, does it actually do what the config says? I.e. Restriction/Elevation etc.
                  Wondering if AM is actually functioning correctly at this point.

                  Edit: Also worth noting that SP1 is out for AM 8.8, but bear in mind TN151335 if applying it.
                  • 6. Re: Endpoint Analysis Scan Problem
                    Is the AM Agent functioning at all - does it block the execution of non-trusted owned files for a non-admin user (assuming you are running a relatively "standard" configuration)? I'm assuming you've checked the agent is running (you have to ask - the 4 basics of troubleshooting any AppSense product (and others) are is it installed, is it running, is it licenced and is it configured?

                    I'd restart the agent with SysInternals Process Monitor running and look to see how it gets on accessing the configuration.aemp and these trigger/command files in the "Endpoint Analysis" folder.

                    I'd also enable all of the auditing events within the configuration (ensuring you pick the AppSense (preferred) or Application) event log and see if it generates any events at startup.
                    • 7. Re: Endpoint Analysis Scan Problem
                      GusMcCabe Rookie
                      Friends - thank you all for your help but it now appears to be working.

                      Probably had something to do with the Agent on the Endpoint being 8.8.249 and the Console and therefore the configuration file I created being 8.7, as once I updated my console and then got the message regarding versions why trying to save that configuration that I noticed it was in the older format.

                      Deployed new format and Endpoint Scan started straight away.

                      I've given Bryan the best answer as it was his comments regarding SP1 that made me go look at version numbers and stuff.  Hope I didn't waste anyone's time apart from my own. :)
                      • 8. Re: Endpoint Analysis Scan Problem
                        BChriscoli Expert
                        Glad you found your problem Gus.

                        AFAIK, 8.8 should have allowed for previous versions of the config down to 8.6.
                        The products (EM/AM/PM) were enhanced to all be backwards compatible with a previous version of the configurations.. so not sure why AM isn't working correctly.
                        • 9. Re: Endpoint Analysis Scan Problem
                          I always ensure that the major.minor version of my configs match my agent versions, despite what any documentation says since it's easy enough to do.
                          • 10. Re: Endpoint Analysis Scan Problem
                            GusMcCabe Rookie
                            Yeah, I tend to do the same.  EM, PM and AMC are all in line with their agents, must have been day dreaming when doing AM.

                            As for different versions and backwards compatible?  Well I don't know about that, but I can say the only things that changed were my console and subsequently, the config version.

                            Thanks again folks.