Troubleshooting Tools
Last updated
Last updated
The most common tools used to help troubleshoot ePO issues are:
Notepad++
Jconsole.bat
WebMER
Performance Monitor (Perfmon)
Process Monitor (Procmon)
SQL Server Configuration Manager
Test.UDL
Wireshark
Notepad++ is a free source code editor that can be used on systems running Microsoft Windows to easily parse out text into columns as well as provide syntax highlighting for desired keywords to troubleshoot log files easier. Some of the features include tabbed document interface, drag-and-drop, multiple clipboards, split screen, spell checker, find and replace functionality, data comparison, and zooming.
You can download this utility from http://notepad-plus-plus.org. Once installed, click Start, Run, type notepad++, and click OK.
The tabbed editing feature in Notepad++ allows you to have multiple troubleshooting log files open at once, parsing each of the columns neatly for better readability.
Syntax Highlighting is another helpful feature when troubleshooting large log files as it easily identifies keywords from the log files.
Below is an example of how you can configure syntax highlighting when using Notepad++ to review a log file.
Jconsole.bat is a graphical tool to monitor Java Virtual Machine (JVM) and Java applications on local or remote systems. Use Jconsole to configure Tomcat dumps for troubleshooting.
This tool is included with the ePO 5.x installation. <ePO_installation directory>\JRE\bin
See KB81848 (opens in a new tab)for details on using the Jconsole.bat utility.
WebMER is a tool that collects product data from systems so Technical Support can analyze data more efficiently to help resolve issues. As previously mentioned, the results from WebMER are best viewed when using MER Analyzer to parse those into a readable format.
KB59385 (opens in a new tab)outlines the basic steps for obtaining and using the WebMER tool, as well as providing a list of supported products it can be used with.
Performance Monitor (better known as Perfmon) is a 3rd-party utility that is often used in diagnosing issues surrounding ePO.
Perfmon is a Microsoft tool that is distributed with the standard installation of many Microsoft Operating Systems. Like its name, its purpose is to monitor the performance of the operating system. It does this by monitoring specific system information called Performance Counters. These performance counters can range from CPU % to handle counts by processes.
The flexibility and amount of content available with this tool makes it a good choice when collecting data for troubleshooting.
See the KB article below for additional information pertaining to Perfmon.
KB78237(opens in a new tab)– Provides details on how to use Perfmon to collect the necessary data for issues with “max connections”
The image below shows the initial Perfmon activity screen, where you can begin to configure performance activities to meet your needs.
Perfmon can be used as a tool to better understand the resources being used along with its logging capabilities to help analyze saved data. Perfmon has many useful counters for troubleshooting possible issues with ePO.
Once you have identified the appropriate counters to log, click the Add button to move those counters under the Added Counters column. Once you have all your items, the counter becomes added to your counter log, where you can continue to add more available counters at any time.
Now that the counters are setup and displayed, you can view the graph for any anomalies. Note that you need to know what you are looking for, so you can properly filter out unnecessary data.
Process Monitor (Procmon) is another useful third-party application for troubleshooting possible ePO issues.
As defined by Microsoft, Procmon is: “.. an advanced monitoring tool for Windows that shows real-time file system, Registry, and process/thread activity. It combines the features of two legacy Sysinternals utilities, Filemon and Regmon and adds an extensive list of enhancements including rich and nondestructive filtering, comprehensive event properties such session IDs and user names, reliable process information, full thread stacks with integrated symbol support for each operation, simultaneous logging to a file, and much more. Its uniquely powerful features will make Process Monitor a core utility in your system troubleshooting and malware hunting toolkit.”
Procmon can be used to locate system level information to help troubleshoot various issues. It can help you determine the process and root cause of performance and stability issues. The information is collected at the system level, which can help determine if the issue is truly a Trellix or other third-party issue.
See KB72766 (opens in a new tab)for additional details on using Procmon.
For more information on Procmon and how to download it, see documentation on the Microsoft TechNet site http://technet.microsoft.com/en-us/sysinternals/bb896645(opens in a new tab).
When viewing the process monitor, you will see a log screen split into 7 specifically defined columns:
Time of Day
Process Name
Process Identification (PID)
Operation
Path
Result
Detail
Each of these columns can be used for different types of solutions. The most obvious columns to pay attention to would include Time of Day, Process Name, and Operation. When you have found a problem, you should always attempt to recreate that problem. Once you successfully recreate that problem, make note of the time when it occurs as this can help you locate the processes and operations involved in the error.
Another valuable function of Procmon is the ability to find and log registry edits. The Detail column can show what registry activity is occurring.
Procmon can be used to observe things such as:
How applications use the registry
What registry values they read
What registry values get changed when you modify a setting and click Apply
SQL Server Configuration Manager is a Microsoft Management Console (MMC) snap-in that:
Manages the services associated with SQL Server
Configures the network protocols used by SQL Server
Manages the network connectivity configuration from SQL Server client computers
Additionally, SQL Server Configuration Manager allows you to configure server and client network protocols, as well as connectivity options.
After the correct protocols are enabled, you usually do not need to change the server network connections; however, SQL Server Configuration Manager can be used to reconfigure the server connections if needed, so that SQL Server listens on a particular network protocol, port, or pipe.
SQL Server Configuration Manager is a great place to start when reviewing the default SQL server connectivity settings.
A possible scenario here can occur where TCP/IP could be set as Disabled. This is commonly seen if a customer attempts to move databases after the initial installation and forgets to enable this option on the new SQL server. Once this happens, database connectivity issues could occur and would need to be resolved before continuing.
Test.UDL is a Microsoft utility that is used to test database credential connectivity from a system back to SQL. This is commonly used when you are dealing with database connection issues.
You can get the test.udl tool by simply creating a text file on your desktop, then renaming it to Test.UDL. Once completed, you can open the tool and start testing system connectivity back to SQL. This should be the first tool you use when troubleshooting database connectivity issues.
KB70929 (opens in a new tab)outlines the basic steps on creating a Test.UDL file for testing system and database connectivity back to SQL.
The image below displays an example of what the Test.UDL looks like before anything is entered into the connection properties. Then, we see the results afterwards once generic connection information is entered and Test Connection is clicked.
It’s important to note that if you select the option to use the Windows NT Integrated security, this will attempt to authenticate to SQL using the account you are logged on with. Therefore, if that account has not been added or authenticated to the SQL Server previously, it’s likely that the Test Connection option will fail.
Wireshark is a network protocol analyzer and is considered the de facto standard across many industries and educational institutions. You can download Wireshark from https://www.wireshark.org(opens in a new tab).
Wireshark allows you to collect data and analyze network traffic to let you see what’s happening on the network at a microscopic level. It can be very helpful in troubleshooting ePO server performance issues.
Wireshark is an open source network traffic capture and analysis tool that is a very popular choice in Technical Support circles because it's free and has high platform compatibility.
Wireshark can be used to capture network traffic to obtain a snapshot of the issue from the network level and to view and analyze that capture. If you are not reproducing the issue while the capture is running, anything captured will not be useful, so always confirm the issue was reproduced while the capture was running.
Wireshark typically captures enough data to fill a warehouse by just running for only a few minutes. Therefore, we’ve identified some filters along with some associated operators here that may help to pinpoint the traffic you are looking for when reviewing a Wireshark trace.
For example, Wireshark can help determine if update issues are being caused by connectivity problems, repository problems or problems on the host.
From an ePO perspective, Wireshark can also be used to validate that hosts are receiving new policies and tasks.
CONTINUE
