-
Título
How To: troubleshooting when agent is offline or cannot be protected -
Descripción
Existing agent went offline and no longer communicating with the Core. Or agent server cannot be protected. -
Resolución
To troubleshoot and resolve the issue please follow those steps:
On the Agent server
- Check if Agent service is up and running. Restart it if needed
- make sure that port 8006 (default) was taken by running this command
netstat -aon | find "8006"
- stop the Agent service and run the netstat command again to make sure that 8006 port is not taken by another application, which is causing a port conflict. Start the Agent service back.
- netstat command should provide a list of IPs that port 8006 is bound to. Please make sure that 0.0.0.0 is listed
a) if IP address is ::1, then please set IPv4 priority higher than IPv6 by:- open regedit
- go to HKLM\System\CurrentControlSet\Services\TCPIP6\Parameters
- create a DWORD value with name DisabledComponents and set it to 32 (0x20 in hexadecimal)
- reboot the server
b) if IP is the actual IP of the agent server itself and/or 127.0.0.1 and 0.0.0.0 is not listed in netstat output then:
- open regedit
- go to HKLM\System\CurrentControlSet\Services\HTTP\Parameters
- check if value ListenOnlyList exist (MULTI_SZ) and modify it so only 0.0.0.0 is there
- reboot the server
- open CMD and run command:
telnet localhost 8006
Telnet client can be installed through Roles And Features of the server, if needed. The expected result of that operation is a blank screen and not the error message. Blank screen means that telnet was able to connect to port 8006 locally. Failure means that port either not taken by the agent (verify by nestat command) or that it's blocked by firewall
- after telnet to localhost port 8006 works, open a browser and navigate to https://127.0.0.1:8006/apprecovery/api/agent/pair/connect
This should result in agent response in form of XML text with agent ID.
- if connection to localhost port 8006 using browser is not working then it means that there's a problem with SSL/TLS communication. Please review Event Viewer, System for any SCHANNEL errors or warnings for the root cause of the issue.On the Core server (after agent troubleshooting has been finished)
- click on agent's name and then on Settings. Note the Hostname specified
- open CMD and ping the agent server by name. Make sure that: name is resolvable, resolvable to the correct IP, IP is IPv4 and not IPv6
- perform the command:
telnet <agent_name> 8006
If command stays on the black screen, then it means that connection was successful. Otherwise, make sure that firewall is not blocking the communication
- open browser and navigate to https://<agent_name>:8006/apprecovery/api/agent/pair/connect
This should result in agent response in form of XML text with agent ID. May ask for credentials.
- if telnet can connect but browser can't then it means that HTTPS cannot negotiate SSL/TLS. Please download a program IIS Crypto on the Agent server (https://www.nartac.com/Products/IISCrypto) and run it. Click on Best Practices button and reboot the Agent server. Test URL again.Please note, if existing agent is removed from protection and added back, this will generate a base image.
Recommendation: when protecting an agent please try to:
- use machine name instead of IP whenever possible
- specify username in <domain>\<administrator> format (if protected machine is an AD member), where <domain> is AD NetBIOS (short) name and <administrator> - any user who is a member of machine's local Administrators group -
Información adicional
If all steps were completed successfully, but agent still cannot be protected or stays offline, please review agent's Event Viewer for WMI errors. WMI repository corruption can effectively prevent Agent software to communicate with the Core. Note: there are cases where agent service cannot start because port 8006 is in use by Exchange, however netstat won't show port 8006 was taken. Agent log will usually produce error about "file is already in use" with is .NET way to say that port is already bound.