Troubleshooting

 


 

Unable to monitor Windows 2012 server using local admin account

If receiving Access Denied errors while trying to monitor Windows 2012 with a local admin account, the following configuration of the Windows 2012 server will enable monitoring to properly function:

  • Go to Local Security Policy
  • Go to Local Policies -> Security Options
  • Go to User Account Contol: Run all Administrators in Admin Approval Mode, then set this to Disabled
  • Reboot the 2012 server so this takes effect
  • Then to monitor the server again

 

How to fix Collections failing with “Invalid Class” errors

If WMI collections fail with an error referencing Invalid Class (example at the end of this topic), resynchronizing the performance counters may correct the issue.

To resynchronize the performance counters, run the following from the command line on the computer that you are trying to monitor:

  • winmgmt /resyncperf
  • After running the winmgmt command, restart the WMI service on the target computer.

Example of a Longitude Invalid Class error:


This collection is not registered. Collection registration failed.
Resolve cause of inner exception
Registration failed for new collection.
Registration to SS failed.
The Statistics Server could not complete the request.
Error when registering a collection. Check Error Log for more details.
Failed to collect from WmiV2: retVal=0x80041010, computer=xxxxxxxx, The enumerator terminated with an ‘Invalid Class’ error for query Select * from Win32_PerfRawData_PerfOS_System, HRESULT=0x80041010
A general error occurred: Failed to collect from WmiV2: retVal=0x80041010, computer=xxxxxxxxx, The enumerator terminated with an ‘Invalid Class’ error for query Select * from Win32_PerfRawData_PerfOS_System, HRESULT=0x80041010
No remedy is available.

 

How does Longitude SMTP server work?

Heroix Longitude can send e-mail through two mechanisms: an internal SMTP engine and through a user-configured, external SMTP server. This dual approach is taken to minimize initial configuration and to provide additional flexibility and resiliency. The default SMTP engine will continue to function and send email independent of the health and availability of the existing external SMTP server.

Heroix Longitude uses SMTP to mail:

– Administrative notices from the Web UI (e.g. new user notifications, password change notifications)
– Reports
– Alert Notifications from Longitude events (go to Dashboards >> Configure >> Actions to enable mail notification for individual events).

By default, Heroix Longitude uses an internal SMTP engine, called Aspirin, to send e-mail. The internal SMTP engine does not require any configuration from the user. The internal SMTP engine functions as a mini send-only SMTP server running inside Heroix Longitude. Since it is not registered as a real SMTP server, some spam filters may interpret the e-mail Longitude sends as spam. This may be the problem if you do not receive any e-mail from Heroix Longitude.

The Limitations section on the Aspirin website (https://aspirin.dev.java.net/) notes a potential problem sending mail to a server using Sender Policy Framework mail authorization, along with a link to the SPF website (http://www.openspf.org/) for more details.

More information about configuring e-mail settings in Longitude is available in the online help Longitude Help
 

How do I backup my Longitude Server?

  1. On the Longitude server, go to \Program Files\Longitude\appman\config.
  2. Open the backupDefintion.xml file with a text editor i.e. WordPad.
  3. Note that the backup schedule is initially disabled by the early end date. Modify the EndDate property to a date in the future to enable the backup.
  4. A list of days of the week may be entered for daily backups.
    (ex. Sunday,Monday,Tuesday,Wednesday,Thursday,Friday,Saturday)
  5. You may also edit this file to add additional files to the backup or change the destination to a different drive. If you have any customized files for Longitude – e.g. applications or scripts – please include these files in the backup.
  6. Enter a backup destination – make sure the destination has enough free space for the backup files. The size for these files will vary depending primarily on the database size – review the size of the Longitude\sapdb\indep_data\wrk\FZEDB1\DATA* files – the sum of the size of these files will provide an estimate of the maximum space needed.
    ***NOTE:
    The destination location must be a local drive, and you cannot use any spaces when you specify it. For example: c:\program files\Longitude\backup should be specified as c:\progra~1\Longitude\backup
    ***
  7. When all changes to the backupDefinition are complete, save & close the file.
  8. Restart the Heroix Longitude Upgrade Manager service.
  9. When a backup time specified by the file occurs, the Upgrade Manager will backup the specified files and the database, and send an email when the backup is completed to the MailToForLongitudeProblems address.
  10. To run an on-demand backup, go to Admin >> Advanced >> Administration >> Component Management >> Manage Longitude Properties >> Upgrade Manager >> Advanced and change the AdHocBackupTime value to a time you would like for the next backup. For example, setting it to 13:15 would schedule an ad hoc backup the next time 1:15 PM occurs. After the backup has been started, this setting will revert to the default “HH:mm” value, so the backup will only be done once when this setting is modified.

 

Configuring public-key authentication for SSH based collections

The Statistics Server supports SSH authentication via public key exchange. Password authentication is always attempted first, and if that fails then key based authentication is used.

Longitude installs keys under Longitude/ss/config/sshKeys. The appropriate public key needs to be configured on the monitored computer before key based authentication will succeed.

The instructions for configuring the keys will vary based on the version of SSH and the operating system of the agent. In general, the following steps can be used for setting up Public Key Authentication to monitor a Unix/Linux server:

  1. The public key goes on the monitored Unix/Linux computer, in the .ssh/authorized_keys file in the home directory for the account being used in the ssh connection.
  2. The private key goes on Longitude agent, in Longitude\ss\config\sshkeys\{filename}, where {filename} is either OpenSshRsa1024 or OpenSshDsa1024, depending on whether an RSA or DSA key is being used.
  3. If using the keys provided with Longitude, copy the text from the Longitude\ss\config\sshKeys\{keyname}.pub file and write it into the authorized_keys file for the appropriate account.
  4. If you generate your own key, and you set up a password for the key, the password is entered in the field for the password for the account.

 

Using a trusted SSL certificate with Longitude’s Web UI

Longitude provides a self-signed certificate when it is installed for basic site encryption. Since this certificate is not signed by a trusted certificate authority, Firefox 3.x may not allow you to view the Longitude Management Console in SSL using the default certificate, and other browsers may display security warnings.

To resolve these issues, you will need to configure the Longitude Management Console to use an SSL certificate from a trusted authority. Heroix is not a certificate provider, and cannot provide a trusted certificate – you will need to create a certificate site request (CSR) and provide this to a certification authority. The authority you purchase the certificate from will usually provide you with specific instructions for creating an acceptable CSR. Longitude uses a Tomcat web server, with a home directory of Longitude\tomcat. The default files used to configure SSL are all in Longitude\tomcat\conf, and are:

keyStore default keystore, password = “changeit”
httpsKeys.pkcs12 keyfile containing self signed certificate
server.xml server definition file

In general, the sequence of steps to install a new certificate is:

  1. Create a keystore to hold the certificate information
    • Go to a command prompt in the Longitude\tomcat\conf directory, and use the “keytool” command. The syntax would be:keytool -genkey -alias {aliasForEntryInKeystore} -keyalg RSA -keysize 2048 -keystore {nameOfKeystore}.jks
    • for example:keytool -genkey -alias longitude -keyalg RSA -keysize 2048 -keystore longitude.jks
    • Remember the alias used to create the keystore – you will need to import the server certificate using the same alias.
  2. After entering this command, you will be prompted for information about the web server:
    • You will be asked to create a password – remember this, you will need it later
    • You will be asked for your “first and last name” – this is the FQDN for the longitude server, and should be the address used to access the Longitude Web UI (e.g. Longitude.heroix.com)
    • You will be asked for you organizational unit (becomes a property of the certificate – not critical)
    • You will be asked for your organization (becomes a property of the certificate – not critical)
    • You will be asked for your City or Locality (becomes a property of the certificate – not critical)
    • You will be asked for your State or Province (becomes a property of the certificate – not critical)
    • You will be asked for your two letter country code (becomes a property of the certificate – not critical)
    • It will repeat the information you’ve entered, and ask if it’s correct – if it’s not, take the default “no”, and re-enter the information.
    • You will be asked for a key password – the default is the same password you used previously.
  3. After running this command, you will now have a keystore file (with a .jks extension).
  4. Use the information in the keystore file to create a certificate site request (CSR)
    • run this from the same directory you created the keystore.jks file:keytool -certreq -alias {aliasForEntryInKeystore} -file {outputfile}.txt -keystore {nameOfKeystore}.jks
    • from our previous example:keytool -certreq -alias longitude -file csr.txt -keystore longitude.jks
    • you will be prompted for the keystore password (the first one you entered above – the one I told you you would need later). The certificate site request will be the csr.txt file.
  5. Find a trusted certificate authority, and send them the csr.txt file. They will send you back a certificate.
  6. Save your certificate file and any additional root and intermediate certificates to the Longitude\tomcat\conf directory.
  7. Back up your keystore file before importing any certificates.
  8. Certificates may be imported with the following command:
    keytool -import -alias {aliasForEntryInKeystore} -file {certificateFile} -keystore {nameOfKeystore}.jks
    Please note that root and intermediate certificates will use a different alias than the server certificate, and the server certificate must use the alias that was used to generate the keystore. If your certificate authority provides alternate instructions for loading certificates into the keystore, please follow their directions.
  9. Keytool has an option to delete certficates. If you make a mistake when importing the server certificate, do NOT delete the certificate for the server’s alias as it will delete the private key for the server. Restore the keystore from backup and begin the import again.
  10. MAKE A BACKUP COPY OF Longitude\tomcat\conf\server.xml!!!!!!!! Keep it someplace safe. You may need to back out of this.
  11. Edit the Longitude\tomcat\conf\server.xml file to use your keystore.
      • The SSL section of the file has the following default values:<Connector port=”7238″ maxThreads=”150″ minSpareThreads=”25″ maxSpareThreads=”75″ enableLookups=”false” disableUploadTimeout=”true” acceptCount=”100″ debug=”0″ scheme=”https” secure=”true” clientAuth=”false” sslProtocol=”TLS” keystoreFile=”./conf/httpsKeys.pkcs12″ keystorePass=”changeit” keystoreType=”PKCS12″ />
      • Modify this file to change this section to:
        <Connector port=”7238″ maxThreads=”150″ minSpareThreads=”25″ maxSpareThreads=”75″ enableLookups=”false” disableUploadTimeout=”true” acceptCount=”100″ debug=”0″ scheme=”https” secure=”true” clientAuth=”false” sslProtocol=”TLS” keyAlias=”{yourAlias}” keystoreFile=”./conf/{yourFile}” keystorePass=”{yourPasswrd}” />
      • From our example:
        <Connector port=”7238″ maxThreads=”150″ minSpareThreads=”25″ maxSpareThreads=”75″ enableLookups=”false” disableUploadTimeout=”true” acceptCount=”100″ debug=”0″ scheme=”https” secure=”true” clientAuth=”false” sslProtocol=”TLS” keyAlias=”longitude” keystoreFile=”./conf/longitude.jks” keystorePass=”myPasssword” />

    ***Please note:
    When you purchase a certificate from a trusted authority, they will usually provide instructions for applying that certificate. Please modify Longitude’s server.xml file as they specify.
    ****

  12. Restart the Web UI
  13. After the Web UI has initialized, try to access the Longitude management console using https over port 7238.

 

Longitude installed on a Workgroup computer

If Longitude is installed on a server in a workgroup, Longitude will generate the following message during installation:

Heroix Longitude is being installed in a workgroup. Workgroup installations are for evaluation purposes only. After installation, you will be able to collect data for this machine only.
To collect data for additional machines, consult the Heroix Community web site for knowledge book articles on workgroup configuration.
To continue the installation, click OK, otherwise click Cancel.

The installation will configure Longitude to use Local System account permissions for Windows collections, and in this configuration, Longitude will only be able to collect Windows data from the computer it is installed on. To configure Longitude to collect data from other Windows Servers, you will need to set up authentication to those computers.

Authentication is configured by setting up corresponding local accounts on the Longitude computer and any computers to be monitored. The account should have the same username and password on each computer, be a member of the local administrators group on each computer, and be used as the Statistics Server service account. The Statistics Server account can be accessed through the Windows Services Applet (Control Panel >> Administrative Tools >> Services >> Heroix Longitude Statistics Server Service, log on information is set in the Log On tab).

For example, if you install Longitude on computer Workgroup1, you could set up local account “longitude”, with password “heroix”, make it a member of the Local Administrator group, and configure the Heroix Longitude Statistics Server service to log in as “.\longitude”, with password “heroix”. On monitored computer Workgroup2, you would also set up a local “longitude” account, with password “heroix”, and make it a member of Workgroup2’s Local Administrator group.

*****Please note:
Depending on your computer’s security settings, this authentication may not work. Consult with your System Administrator to determine your local settings.
****
 

Alerts from Longitude for Component Problems

ongitude will monitor each of its components for performance and connectivity.

The 5 Longitude components are:

  • Consolidator
  • Rule Engine
  • Statistics Server
  • Upgrade Manager
  • Web UI

If a Longitude component experiences a problem that Longitude cannot repair on its own, an email alert will be sent to the address or addresses specified in Admin >> Mail. Each component has its own Contact property and the default value is the email address entered during installation.

The following alerts may be generated by Longitude:

  • Subject: Longitude Component running out of memory
    This alert may be generated for any of the Longitude Components. Usually restarting the service for the named component will resolve the error. If you continue to get out of memory alerts, please submit the issue to Heroix Support or post your issue to the Community.
  • Subject: Statistics Server is not reachable
    This alert may be generated for either the Statistics Server on the Management Console, or for a remote agent. For either the local or remote server, first confirm that the Heroix Longitude Statistic Server Service is running on the server.
    If the service is running, and the alert is for a remote Statistics Server, check the firewall and confirm that port 7220 is open, or port 7223 is open if using SSL.
    If this problem persists, please submit the \Longitude\ss\log\ss_startup.txt to Heroix Support or post the contents of the file to the Community.
  • Subject: One or more Longitude components are not running
    This alert may be generated for any of the Longitude Components. Please confirm the appropriate Heroix Longitude service is running. If this problem persists, submit the related component startup.txt to Heroix Support or post the contents of the file to the Community. The startup.txt files can be found in the following directories:

    Consolidator Longitude\consolidator\logs\consolidator_startup.txt
    Rule Engine Longitude\engine\log\engine_startup.txt
    Statistics Server Longitude\ss\log\ss_startup.txt
    Upgrade Manager Longitude\appman\log\appman_startup.txt
    Web UI Longitude\tomcat\webapps\webui\log\webui_startup.txt

 

Installation fails with “SysWOW64” error

Longitude is supported on 64-bit Windows servers, and the installation checks registry values to determine that the operating system is a supported Windows version. One of the checks is for the following “SystemDirectory” value:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Windows\SystemDirectory

if this value is set to “C:\Windows\SysWOW64” or “%SystemRoot%\SysWOW64”, the installation will stop with a SysWOW64 warning. If you receive this warning but the SystemDirectory key is set to “C:\Windows\system32” or “%SystemRoot%\system32”, please contact Heroix Support.