Troubleshooting

Download this manual as a PDF file

The following sections describe some of the error messages that you might see when configuring SL1 to monitor Windows devices.

Use the following menu options to navigate the SL1 user interface:

  • To view a pop-out list of menu options, click the menu icon ().
  • To view a page containing all of the menu options, click the Advanced menu icon ().

The following video covers additional troubleshooting tips for PowerShell Monitoring:

Troubleshooting WinRM Error Messages

SL1 can generate the following error messages when problems occur in Windows Remote Management (WinRM). For each error message, the top-most cause listed is the most likely reason for the error message.

Error / Message Cause / Resolution
Incorrect username and/or password provided in the PowerShell Credential. Bad HTTP response returned from server. Basic authentication failed. Code 401. (For more information, see the section Debugging Code 401 Errors.)
Pre-authentication failed while getting initial credentials.
Client not found in Kerberos database.
The device cannot respond to WinRM requests or the PowerShell credential settings do not match the device's WinRM configuration. Kerberos-based authentication failed. Code 500. (For more information, see the section Debugging Code 500 Errors.)
[Errno 111] Connection refused.
ParseError.
Server is offline. Increase the Timeout value on your ScienceLogic credential.

If you receive an error message that is a combination of the first two error messages, then you must run debugging steps for both Code 401 and Code 500.

Debugging Code 401 Errors

If you encounter a Code 401 error, perform the following troubleshooting steps to debug the error:

  • Determine if the error is caused by an issue with the Kerberos ticket:
  • Ensure forward and reverse DNS are configured correctly when using Active Directory authentication:

# nslookup [IP address]

# nslookup [hostname]

 

  • Ensure you are able to run the following command without error from the collector:

# kinit [username@DOMAINNAME]

 

  • If you see the following error, change the domain name to all capital letters:

  • Ensure that your WinRM settings match your ScienceLogic credential.
  • To print out current WinRM settings:

# winrm get winrm/config

 

  • If your ScienceLogic credential says no encryption, AllowUnencrypted should be set to True for both the Client and the Service:

# winrm set winrm/config/client ‘@{AllowUnencrypted="$true"}’

# winrm set winrm/config/service ‘@{AllowUnencrypted="$true"}’

 

  • If you are using local type credentials, basic Authentication should be set to True for both Client and Service:

# winrm set winrm/config/client/Auth ‘@{Basic="$true"}’

# winrm set winrm/config/service/Auth ‘@{Basic="$true"}’

 

  • If you are using AD type credentials, Kerberos Authentication should be set to True for both Client and Service:

# winrm set winrm/config/client/Auth ‘@{Kerberos="$true"}’

# winrm set winrm/config/service/Auth ‘@{Kerberos="$true"}’

 

  • In the ScienceLogic credential, ensure the Active Directory Hostname/IP field contains the FQDN and the LDAP Domain field includes the domain.
  • In the ScienceLogic credential, the value in the LDAP Domain field might need to be entered in all capital letters.
  • Ensure your ScienceLogic credentials are correct:
  • SSH to your Data Collector and try running the following command:

# wmic -U ‘user%password’ //IP “select * from Win32_ComputerSystem”

If you choose to copy and paste the above command from this document into a shell session, you might have to replace the single and double quotation marks.

  • If you are using Windows Servers 2012 and above, make sure that the user you are using belongs to the group: WinRMRemoteWMIUsers__
  • If multiple domains are in use, ensure that they are mapped in the [domain_realm] section of the Kerberos krb5.conf file.
  • The [domain_realm] section provides a translation from a domain name or hostname to a Kerberos realm name.
  • Ensure that the username and password are correct and that you can log on to the system.
  • Ensure your credential cache is up-to-date:
  • SSH to your Data Collector and cd to the /tmp/ directory.
  • Do an ‘ls’ to list all the contents of the /tmp/ directory.
  • If you see any files that being with “krb5cc_”, delete those files.

Debugging Code 500 Errors

If you encounter a Code 500 error, perform the following troubleshooting steps to debug the error:

  • In the ScienceLogic credential, increase the value in the Timeout field (e.g., 180000 ms.).

  • Increase the timeout in the WinRM settings:

winrm set winrm/config ‘@{MaxTimeoutms=”30000”}’

 

  • Increase the maximum number of concurrent operations per user:

winrm set winrm/config/service ‘@{MaxConcurrentOperationsPerUser=”100”}’

 

  • Increase the maximum number of connections:

winrm set winrm/config/service ‘@{MaxConnections=”100”}’

 

  • Increase the maximum number of concurrent operations:

winrm set winrm/config/service ‘@{MaxConcurrentOperations=”500”}’

 

  • Ensure that the Windows device being monitored is not exceeding its resource thresholds. You can do this by opening Resource Monitor on the Windows Device and monitoring the CPU usage.

Troubleshooting PowerShell Error Messages

SL1 can generate the following error message when monitoring Windows devices using PowerShell. This error message usually indicates that an issue with WinRM is not causing the error.

Error / Message Cause / Resolution
Get-Counter
The specified object was not found on the computer.		 The PowerShell object was not found on the device that is being monitored. To test this, copy the PowerShell request from the Dynamic Application and run it on the Windows device in a PowerShell shell as Administrator. If you get a similar error message, then the counter does not exist on your Windows device. This means that the user must install the necessary service on the Windows device.