Tchater maintenant avec le support
Tchattez avec un ingénieur du support

Foglight for Active Directory 6.3.0 - Release Notes

Could not establish a connection to host xxx.xxxx.xxx

Troubleshooting

This section provides information about problems that you might encounter while monitoring your environment with Foglight for Active Directory, and describes the solutions available to troubleshoot these problems.

DCs on Windows Server 2012/2012 R2 Systems may experience high CPU usage

Symptom: In some circumstances, DCs on Windows Server 2012/2012 R2 systems may experience high CPU usage when monitored by the Active Directory agent. This issue only appears when using WinRM connections. Using WMI/DCOM connections prevents this issue.

Resolution:

If this issue is encountered, contact Support for assistance.

To troubleshoot this issue directly, use the Windows Task Manager to look for an increasing number of active conhost.exe or svchost.exe processes. If this problem is observed, the problem can be confirmed by adding the optional "Command Line" column to Task Manager (View > Select Columns > [ x ] Command Line). You should then see WinRM commands associated with the conhost.exe or svchost.exe instances.

If many of these processes are observed, increase the WinRM message envelope size from the default size of 500, as follows:

winrm set winrm/config @{MaxEnvelopeSizekb="1000"}

Microsoft® offers a workaround for this issue in the "Svchost.exe uses excessive CPU resources on a single-core Windows Server 2012 domain controller" article (KB 3118385).

Recommended best practices

The following procedure is a best practice that is recommended for optimal performance.

Disable automatic updates on Foglight Management Server

Do NOT allow the Microsoft® automatic update feature to force an update of the server hosting the Foglight Management Server. This automatic update feature does not allow enough time for the Foglight Management Server to shutdown gracefully, which may leave your agents in a broken state.

Symptom: Cartridge agents will appear to be deactivated on the Agent Status dashboard.

Resolution: Using the Agent Status dashboard, select the deactivated agent and select the Activate button. If you cannot activate the selected agent, delete and reinstall the agent.

Potential issues after upgrading the cartridge to version 6.3.0

Insufficient heap memory

Symptoms:

When upgrading to version 6.3.0, you encounter an error message similar to the following message (actual values may vary):

Error deploying package … Cause: The addition of 2097152kb to the negotiated JVM Max heap size would adjust to 2359296kb, which would exceed the total available physical memory of 1780736kb. Rejecting memory request.

 

Resolution:

This message indicates that the Agent Manager does not have sufficient heap memory to allocate to the requesting Foglight for Active Directory agent package. It is not possible to directly increase the amount of heap memory available to the Agent Manager, as it uses as much memory as the monitoring host can provide to it before issuing this message. The amount of memory available to be allocated to the Agent Manager must be increased, for example by adding more physical memory to the host. If the monitoring host is a virtual machine, more memory may be allocated to the VM.  

If this is not possible, consider moving some agents, or the Agent Manager and all agents, to another monitoring host which has more memory capacity.

Could not establish a connection to host xxx.xxxx.xxx

Symptoms:

  1. The following exception message may be found in the Active Directory agent log.
    2013-12-19 17:57:56.129 ECHO    <ActiveDirectory/5.6.6/ActiveDirectory/ad0-dc7.domain7.local-agent INFO> [Thread-33] com.quest.agent.ad.ActiveDirectoryAgent - Validate credentials for host: dc7.domain7.local
    2013-12-19 17:57:56.130 ECHO    <ActiveDirectory/5.6.6/ActiveDirectory/ad0-dc7.domain7.local-agent> ERROR [Thread-33] com.quest.agent.ad.ActiveDirectoryAgent - Could not establish a connection to host : dc7.domain7.local.
    2013-12-19 17:57:56.130 ECHO    <ActiveDirectory/5.6.6/ActiveDirectory/ad0-dc7.domain7.local-agent> ERROR [Thread-33] com.quest.agent.ad.ActiveDirectoryAgent - Data collection failure.
    com.quest.glue.api.services.NoCredentialsException: Could not establish a connection to host : dc7.domain7.local
    at com.quest.agent.ad.ActiveDirectoryAgent.buildConfigOnCredential(ActiveDirectoryAgent.java:1290)
    at com.quest.agent.ad.ActiveDirectoryAgent.access$000(ActiveDirectoryAgent.java:128)
    at com.quest.agent.ad.ActiveDirectoryAgent$1.run(ActiveDirectoryAgent.java:1262)
    at java.lang.Thread.run(Thread.java:662) 
  2. In Credentials > Manage Credentials, the following alarm may be found: "A Credential with purpose xxxx has been encrypted with a lockbox that has not been granted to this Agent Manager".

Resolution:

  1. Ensure that the lockbox has been released to the related Agent Manager (check credential clients in the Credentials > Manage Lockboxes dashboard).
  2. If the Agent Manager is in the credential client list, it must be restarted to fix this issue.

Query credential timeout

Symptom:

The following exception message may be found in the Active Directory agent log.

2013-12-19 18:00:02.317 ECHO    <ActiveDirectory/5.6.6/ActiveDirectory/ad0-dc7.domain7.local-agent> ERROR [Thread-35] com.quest.agent.ad.ActiveDirectoryAgent - Data collection failure.
java.util.concurrent.TimeoutException: Time out when query AD / EXC credentials.
at com.quest.agent.service.auth.impl.CredentialQueryResultImpl.get(CredentialQueryResultImpl.java:54)
at com.quest.agent.service.auth.impl.CredentialManagerImpl.queryCredential(CredentialManagerImpl.java:56)
at com.quest.agent.ad.ActiveDirectoryAgent.buildConfigOnCredential(ActiveDirectoryAgent.java:1285)
at com.quest.agent.ad.ActiveDirectoryAgent.access$000(ActiveDirectoryAgent.java:128)
at com.quest.agent.ad.ActiveDirectoryAgent$1.run(ActiveDirectoryAgent.java:1262)
at java.lang.Thread.run(Thread.java:662)

Resolution: Re-start the data collection.

 


Query credential timeout

Troubleshooting

This section provides information about problems that you might encounter while monitoring your environment with Foglight for Active Directory, and describes the solutions available to troubleshoot these problems.

DCs on Windows Server 2012/2012 R2 Systems may experience high CPU usage

Symptom: In some circumstances, DCs on Windows Server 2012/2012 R2 systems may experience high CPU usage when monitored by the Active Directory agent. This issue only appears when using WinRM connections. Using WMI/DCOM connections prevents this issue.

Resolution:

If this issue is encountered, contact Support for assistance.

To troubleshoot this issue directly, use the Windows Task Manager to look for an increasing number of active conhost.exe or svchost.exe processes. If this problem is observed, the problem can be confirmed by adding the optional "Command Line" column to Task Manager (View > Select Columns > [ x ] Command Line). You should then see WinRM commands associated with the conhost.exe or svchost.exe instances.

If many of these processes are observed, increase the WinRM message envelope size from the default size of 500, as follows:

winrm set winrm/config @{MaxEnvelopeSizekb="1000"}

Microsoft® offers a workaround for this issue in the "Svchost.exe uses excessive CPU resources on a single-core Windows Server 2012 domain controller" article (KB 3118385).

Recommended best practices

The following procedure is a best practice that is recommended for optimal performance.

Disable automatic updates on Foglight Management Server

Do NOT allow the Microsoft® automatic update feature to force an update of the server hosting the Foglight Management Server. This automatic update feature does not allow enough time for the Foglight Management Server to shutdown gracefully, which may leave your agents in a broken state.

Symptom: Cartridge agents will appear to be deactivated on the Agent Status dashboard.

Resolution: Using the Agent Status dashboard, select the deactivated agent and select the Activate button. If you cannot activate the selected agent, delete and reinstall the agent.

Potential issues after upgrading the cartridge to version 6.3.0

Insufficient heap memory

Symptoms:

When upgrading to version 6.3.0, you encounter an error message similar to the following message (actual values may vary):

Error deploying package … Cause: The addition of 2097152kb to the negotiated JVM Max heap size would adjust to 2359296kb, which would exceed the total available physical memory of 1780736kb. Rejecting memory request.

 

Resolution:

This message indicates that the Agent Manager does not have sufficient heap memory to allocate to the requesting Foglight for Active Directory agent package. It is not possible to directly increase the amount of heap memory available to the Agent Manager, as it uses as much memory as the monitoring host can provide to it before issuing this message. The amount of memory available to be allocated to the Agent Manager must be increased, for example by adding more physical memory to the host. If the monitoring host is a virtual machine, more memory may be allocated to the VM.  

If this is not possible, consider moving some agents, or the Agent Manager and all agents, to another monitoring host which has more memory capacity.

Could not establish a connection to host xxx.xxxx.xxx

Symptoms:

  1. The following exception message may be found in the Active Directory agent log.
    2013-12-19 17:57:56.129 ECHO    <ActiveDirectory/5.6.6/ActiveDirectory/ad0-dc7.domain7.local-agent INFO> [Thread-33] com.quest.agent.ad.ActiveDirectoryAgent - Validate credentials for host: dc7.domain7.local
    2013-12-19 17:57:56.130 ECHO    <ActiveDirectory/5.6.6/ActiveDirectory/ad0-dc7.domain7.local-agent> ERROR [Thread-33] com.quest.agent.ad.ActiveDirectoryAgent - Could not establish a connection to host : dc7.domain7.local.
    2013-12-19 17:57:56.130 ECHO    <ActiveDirectory/5.6.6/ActiveDirectory/ad0-dc7.domain7.local-agent> ERROR [Thread-33] com.quest.agent.ad.ActiveDirectoryAgent - Data collection failure.
    com.quest.glue.api.services.NoCredentialsException: Could not establish a connection to host : dc7.domain7.local
    at com.quest.agent.ad.ActiveDirectoryAgent.buildConfigOnCredential(ActiveDirectoryAgent.java:1290)
    at com.quest.agent.ad.ActiveDirectoryAgent.access$000(ActiveDirectoryAgent.java:128)
    at com.quest.agent.ad.ActiveDirectoryAgent$1.run(ActiveDirectoryAgent.java:1262)
    at java.lang.Thread.run(Thread.java:662) 
  2. In Credentials > Manage Credentials, the following alarm may be found: "A Credential with purpose xxxx has been encrypted with a lockbox that has not been granted to this Agent Manager".

Resolution:

  1. Ensure that the lockbox has been released to the related Agent Manager (check credential clients in the Credentials > Manage Lockboxes dashboard).
  2. If the Agent Manager is in the credential client list, it must be restarted to fix this issue.

Symptom:

The following exception message may be found in the Active Directory agent log.

2013-12-19 18:00:02.317 ECHO    <ActiveDirectory/5.6.6/ActiveDirectory/ad0-dc7.domain7.local-agent> ERROR [Thread-35] com.quest.agent.ad.ActiveDirectoryAgent - Data collection failure.
java.util.concurrent.TimeoutException: Time out when query AD / EXC credentials.
at com.quest.agent.service.auth.impl.CredentialQueryResultImpl.get(CredentialQueryResultImpl.java:54)
at com.quest.agent.service.auth.impl.CredentialManagerImpl.queryCredential(CredentialManagerImpl.java:56)
at com.quest.agent.ad.ActiveDirectoryAgent.buildConfigOnCredential(ActiveDirectoryAgent.java:1285)
at com.quest.agent.ad.ActiveDirectoryAgent.access$000(ActiveDirectoryAgent.java:128)
at com.quest.agent.ad.ActiveDirectoryAgent$1.run(ActiveDirectoryAgent.java:1262)
at java.lang.Thread.run(Thread.java:662)

Resolution: Re-start the data collection.

 


Product licensing

Product licensing

Foglight includes a licensing capability that restricts access to those features that are defined in the license. Any Management Server installation requires a license that grants access to server-specific parts of the browser interface and the features associated with them. Foglight cartridges are also license-protected. While some cartridges are covered by the base Foglight license (such as Foglight Agent Manager cartridges and the Cartridge for Infrastructure), others may require an additional license. Foglight for Active Directory is covered by the Foglight Evolve Monitor, Operate, and Flex license.

 

To activate a trial or a purchased commercial license:

  1. On the navigation panel, under Dashboards, click Administration > Setup > Manage Licenses.
  2. Click Install.
  3. In the Install License dialog box, click Browse.
  4. In the file browser that appears, specify the location of the license file.
  5. In the Install License dialog box, click Install License.

 


Getting started with Foglight for Active Directory

Getting started with Foglight for Active Directory

Contents of the release package

The Foglight for Active Directory release package contains the following:

  1. Foglight for Active Directory version 6.3.0 files:
    • Active-Directory-6_3_0.car
  2. Product Documentation, including:
    • Foglight for Active Directory User and Reference Guide (PDF and online help)
    • Foglight for Active Directory Release Notes (this document)
    • Remote Access Diagnostics User Guide (PDF)

Installation instructions

Foglight for Active Directory can be installed as a stand-alone cartridge on a Foglight platform. In this configuration, all Active Directory® metrics are collected as well as basic host metrics from both physical and virtual domain controllers. Before installing the cartridge, ensure that your Foglight Management Server is properly installed and configured. For information on how to install and configure the Foglight Management Server, refer to the Foglight Installation and Setup Guide set.

 

Foglight for Active Directory can also be installed on a Foglight Evolve or Foglight for Virtualization, Enterprise Edition platform. In this configuration, it is used to gain in-depth insight into the health of the virtual machine, the virtual host, and the virtual environment as a whole. Before installing the cartridge, ensure that Foglight Evolve or Foglight for Virtualization, Enterprise Edition is properly installed and configured. For information on how to install and configure Foglight Evolve or Foglight for Virtualization, Enterprise Edition, refer to the Foglight Installation and Setup Guide set.

Installation best practices

You can use one Foglight Agent Manager (FglAM) with the following settings to support 25 to 30 agent instances: 6 GB memory and 2 CPU.

It is recommended that you perform the following steps before you begin the installation procedure:

  1. If you do not already have the Foglight for Active Directory cartridge, you can download it from our Support Portal at https://support.quest.com/.
    1. Before you can download the product, you must register with Quest. If you are a registered Quest user, log on using your email address and password.
    2. Once you have registered or logged in, locate the product and version that you want to download from the product list.
    3. In the download window, click the link and save the file to an appropriate directory (for example, C:\temp).
  2. Verify that the prerequisites are met as listed in the Upgrade and compatibility and System requirements sections of this document.

Installation and setup

Foglight for Active Directory is distributed as a .car file: Active-Directory-5_8_3.car. Use the Administration > Cartridges > Cartridge Inventory dashboard to install the cartridge. For full installation instructions, refer to the topic "Installing Foglight Cartridges" in the Foglight Administration and Configuration Help.

In order for Active Directory® data to appear on the Foglight browser interface, once the cartridge has been successfully installed, you need to deploy the agent package, configure the agent properties, create and activate agents, and start the data collection. For detailed information about these procedures, refer to Foglight for Active Directory User and Reference Guide

Additional Resources

Additional information is available from the following:

Globalization

This section contains information about installing and operating this product in non-English configurations, such as those needed by customers outside of North America. This section does not replace the materials about supported platforms and configurations found elsewhere in the product documentation.

This release is Unicode-enabled and supports any Unicode character set. In this release, all product components should be configured to use the same or compatible character encodings and should be installed to use the same locale and regional options. This release is targeted to support operations in the following regions: North America, Western Europe and Latin America, Central and Eastern Europe, Far-East Asia, Japan. It supports bidirectional writing (Arabic and Hebrew). The release supports Complex Script (Central Asia – India, Thailand).

 


Documents connexes

The document was helpful.

Sélectionner une évaluation

I easily found the information I needed.

Sélectionner une évaluation