• IOP 'tstats' or 'litsearch' Error and CU v7.1 On-Prem

    On-Premises customers who have upgraded to ControlUp v7.1.x and IOP v3.x may see occasional 'tstats' errrors. 

    This may be caused by the presence of files named "in_root_folder" in their IOP Activity Files share that is being ingested by the IOP engine. 


    All On-Premises customers on v7.1.x should implement the following fix:

    1) On the Monitor(s) and consoles please create the reg key HKEY_LOCAL_MACHINE\SOFTWARE\Smart-X\ControlUp\Console\RealTimeStats\

    2) Create a D_WORD "DisableRealTimeStats" with a binary value of 1

    3) Restart the Monitor(s), relaunch the Consoles

    4) Delete any files in the IOP Activity Files share named "in_root_folder"

    Alternatively, you can also download and import the registry file attached to this article. 

    If you are currently experiencing the 'tstats' error within IOP and you have not installed ControlUp On-Premises v7.1.x, refer to this article for more information.

     If you are currently experiencing the 'tstats' error within IOP and you have installed ControlUp On-Premises v7.1.x, please contact support@controlup.com for assistance.



  • Configuring a dedicated username for the CU SQL DB ;

    In SQL, the semicolon character is a statement terminator. It is a part of the SQL-92 standard.

    We've seen users in On-Premises deployment that are using semicolon in the username or password. Because of that, the string to the SQL DB is down and it cancels the link to the SQL.

    There should be no semicolon in the password or username that you use for the SQL. 



  • Setting an alert for the On-Premises Monitor that isn't writing files to Activity folder

    For OnPrem customers which use Insights (IOP), their Monitor generates files into the Activity files folder and then they get indexed into the IOP database. In case the monitor stops exporting real time data files, we offer an alert which can be setup (for hybrid cloud customers we have such alert defined on our side which alerts when the monitor stops uploading data).

    The following script / scheduled task will send an e-mail alert to pre-configured recipients. 

    In order to define the alert (scheduled task) which will run every 30 minutes, and will execute the script with a delay of 45 minutes, please follow these steps:

    1. Please download the PowerShell script that is attached to the bottom of this article. (name: activity_files_health.ps1)
    2. Place the script on the machine where the Activity Files Shared Folder is located. 
    3. NOTE: by editing it with notepad++ for example, you can read the script's help and examples. (or Get-help in PS)
    4. Open Task Scheduler > create new scheduled task as the example below:
      • Define a name 
      • Run after user logon (Run whether user logged on or not)
      • Run with highest privileges


    • Set a daily schedule to repeat every 30 minutes



    • Define an action which will start PowerShell.exe
    • Add an argument (which explained below)
    • Add start path


    • In the actions tab, the argument field is very important. As you can see in the argument, the script is located in c:\code, the path may change according to your setting
    • If you look at the argument, in the powershell script help\example -  
      • The delay is 45 minutes, the address from and to are defined and the subject of the email is also there and can be defined as you like, and finally you define which SMTP server to use. (if user and password is needed, in the script you will find an example with that syntax).


    • Define the conditions according to your needs


    • Define the settings according to your needs


    An event in the event viewer is written (successful and when there was an issue) in the application log.




  • Update On-Premises Script Based Actions

    In v7.0 you have added the SBAs to your ControlUp data base. The following explains how to import the latest SBA’s updates:

    1. Download the files located at the bottom of this article. 
    2. Right click the zip files and choose "Properties"
    3. Check the  box that says "Unblock" and click "OK"
    4. Extract the powershell module Import-SBA.zip to a folder on your on-prem server
    5. Copy the ZIP file containing the SBA’s (sba_29052018.zip) to a folder on your on-prem server
    6. Open powershell as Admin, on your on-prem server and run the following commands (Console should be closed):
      1. Import-Module "Path_to_the_extracted_directory_from_Import-SBA.zip\Sba.PowerShell.dll"
      2. Import-Sba -SourcePath "Path_to_ZIP_file_containing_the_SBA's\sba_29052018.zip"
    7. Once the Console is installed and launched you will see now that the SBAs are up to date.
  • Error in 'tstats' or litsearch command: you have exceeded your license limit

    When the following Error appears on IOP, there are 4 possible reasons:



    1. License Violation -  Easy to review, compare your current license with the current usage. Check Introspection report for last few days that it won't pass the actual license, for example, see image below, if the actual license is 200mb it means you are violating it. To check which license you have, go to licenses in Insights (Admin -> Licenses).
    2. Props.conf browserurl Issue - Open the props.conf file located <C:\Program Files\Smart-X\ControlUp Insights\etc\apps\controlup_iop\default> or where your insights install is located.

      Replace the line that reads (should be at line ~682) 
      sourcetype = cuiop:browserurl:header 
      sourcetype = cuiop:aux2

      Or, Just use the props.conf file attached below.

    3. Index of CSV files - verify that IOP is not indexing anything else rather than something that starts with "cuiop", we had some cases where customers had some CSV files in the activity files folder, that causes a violation.
      For example, see image below, the CSV part caused a repeated license violation (roughly 24 hours after the reset license has expired).IOP_introsp1csv.png
      Another option will be to go to the IOP search (Top left corner) and type: 
      |tstats count by sourcetype change it to search last 24 hours.

      That will give us the sourcetypes that IOP has indexed and will tell us what type of file is the problematic one. send support@controlup.com a screenshot of the search.
    4. On-Premises customers who have upgraded to ControlUp v7.1.x and IOP v3.x may see occasional 'tstats' errrors. 

      This may be caused by the presence of files named "in_root_folder" in their IOP Activity Files share that is being ingested by the IOP engine. 

      All On-Premises customers on v7.1.x should implement the solution in this article

    5. Please use Reset License received by ControlUp support to reset the license and continue the work.


  • Reducing Size for ControlUpDB in SQL

    In ControlUp On-Premises mode a SQL DB named ControlUpDB is used, sometimes it can become very large, the main reason for that is that SQL DB is saving Incidents to be shown in Incident Pane at the Console.

    We have prepared a SQL Script that will address this issue and delete Incidents older than 30 days (the maximum that can be shown via Incidents Pane).

    This does not affect the Log Size or other functionality and does not require restarting any service.

    Please see attached script.



  • Moving from Hybrid Cloud to On-Premises

    Moving to On-Premises installation will cause a loss to some of ControlUp's Hybrid Cloud features and you will need to arrange additional resources to your network infrastructure. Please review the On-Premises Installation Prerequisites article.

    Visit the following article to learn more about ControlUp modes, the deployment and Feature Comparison Matrix chart -> ControlUp Modes

    **Make sure to contact your sales person and inform him of this decision as license will need to be changed**. 

    Moving to On-Premises will require these following steps:

    • If you wish to keep the current organization name, you will need to save the current configuration file which is located in %appdata%\ControlUp\Configuration folder. Usually the files extension will be *.v4.xml
    • If you want to create a new organization you will need to do the following: 
      • Issue a new organization name.
      • Remove ControlUp Agents from all machines.
    • Contact your account manager or ControlUp Support and inform them that you'll need a On-Premises license file. 
    • New dedicated servers as instructed in installation prerequisites article:
      • On-Premises Server
      • IOP Server
      • SQL Instance or Server

     After completing all of the above:

    1. Remove all agents (ONLY if a new org is being created)
    2. Uninstall the Monitor
    3. Uninstall the Console

    Then install ControlUp On-Premises using installation guide.

    *When installing the Console, best practice is the assign a dedicated AD group as "Owner". If assigning a user, that user will be "Owner" of that organization. 

  • How to Backup IOP Activity Files share

    The ControlUp Monitor service exports the Activity Files to be used by IOP machine to an SMB share. Once IOP recognizes new files it indexes the data within it's own internal database. After the files are indexed they are no longer needed and should be backed up. ControlUp recommends to zip and save them in a different folder/location (i.e NOT in the Activity Files folder).

     Please note:

    1. The script MUST run on the machine running IOP.
    2. The user needed to run the script is an IOP Admin (the original Admin account).
    3. You need 7zip installed or it's command line version 7za.exe
    4. Please go over the /help section.
    5. Download the script at the bottom of this page.

    Example of the Syntax:

    Example of the Outcome (moved and zipped to default folder C:\AFB):


    Please Note

    In some cases, you will get an error like this:


    In that case you will need to go to Line 63 in the script is:
    $IOPRoot = (Get-ItemProperty HKLM: \Software\Microsoft\Windows\CurrentVersion\Uninstall\`{130753CA-A3B0-449A-8FCA-EFEDD73CA1C0`}).InstallLocation

    in order to fix the script Navigate to HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall and then to find the current ControlUp Insights Key (see image linked below) and replace the the current Key.

    In this example replace the '130753CA-A3B0-449A-8FCA-EFEDD73CA1C0' with the one in the registry - (38295c6c...)


  • Remove Users from On-Premises Org

    The solution is to open ADSI edit and remove the users.

    Here are the steps:

    1. Open ADSI edit with the settings shown in the screenshot:



    2) Remove the users you no longer wish to see.


  • Locations where the ControlUp service account is used in ControlUp On-Premises configurations.  

    Location: On-Premises Server – Configured during On-Premises Server installation process.

    • IIS Application Pool services
      • 1_WS.Pool
      • ConfigurationPool
      • HandshakePool
      • IncidentsReporterPool
      • IncidentsViewerPool
      • MasterPool
      • SBAPool
      • UploaderPool
    • ControlUp-LDS service
    • ControlUp Incidents service

    Location: Monitor Settings – Configured during Monitor deployment process.

    • Go to Monitor Settings, highlight the Monitor you want to update, and click “Settings…”

    Location: SQL Server – Configured during On-Premises Server installation process.

    • The account MUST have dbo permissions to the ControlUpDB.
  • Change the AD Group for ControlUp On-Premises Console Access

    Change the AD Group for ControlUp On-Premises Console Access

    When you install ControlUp On-Premises Server you are asked to provide an Active Directory group to manage access to the ControlUp Console. After installation, you may wish to change this group.


    The Active Directory group that you chose can be found in the file C:\Program Files\Smart-X\ControlUp Server\Server Settings\ServerSettings.XML located on the On-Premises Server.

    In order to change the group, you must open this file, change the group name, and update the group SID.




    To find an AD groups SID, open an elevated powershell prompt from a system that has the AD powershell components installed and type the following command: Get-ADgroup <AD Group Name>

  • On-Premises Installation Failed - .Net 3.5 Not Installed

    When attempting to install the V7 On-Premises Server, the installation fails.


    If you search for "Return value 3" in the MSI log file you will find the following information above the return code:


    MSI (s) (44:F0) [20:13:26:018]: Hello, I'm your 32bit Elevated Non-remapped custom action server.


    CAQuietExec64:  Error: 0x800f0906


    CAQuietExec64:  The source files could not be downloaded.

    CAQuietExec64:  Use the "source" option to specify the location of the files that are required to restore the feature. For more information on specifying a source location, see http://go.microsoft.com/fwlink/?LinkId=243077.

    CAQuietExec64:  Error 0x800f0906: Command line returned an error.

    CAQuietExec64:  Error 0x800f0906: QuietExec64 Failed

    CAQuietExec64:  Error 0x800f0906: Failed in ExecCommon64 method

    CustomAction EnableWindowsFeatures returned actual error code 1603 (note this may not be 100% accurate if translation happened inside sandbox)

    MSI (s) (44:E4) [20:13:45:252]: Note: 1: 2265 2:  3: -2147287035

    MSI (s) (44:E4) [20:13:45:252]: User policy value 'DisableRollback' is 0

    MSI (s) (44:E4) [20:13:45:252]: Machine policy value 'DisableRollback' is 0

    Action ended 20:13:45: InstallFinalize. Return value 3.

    This indicates that the installer was trying to download something it couldn't download since the server was not directly connected to Internet.

    This is usually related to the .NET 3.5 feature since it's not available by default on Windows 2012 and above.

  • ControlUp On-Premises and Insights Installation Video

    The following video displays how to install Controlup on-premises with Insights solution.

    The following components are described:

    1. Installation of the on-premises server
    2. Installation of the Insights on-premises
    3. Installation of the ControlUp Monitor
    4. Installation of the ControlUp Console



  • Adding & Troubleshooting Insights On-Premises (IOP) Module


    In case you have already installed ControlUp On-Premises V7 without the Insights module, you can add it, here is a procedure for that: 

    Note: Before you start, please verify that you have set the correct Activity files shared folder (which you defined during the on-premises Installation wizard) by checking the registry on the ControlUp on-premises application Server.

    Navigate to HKEY_LOCAL_MACHINE\Software\Smart-X\ControlupServer\IOP and verify the ServerName & Shared Folder keys are configured correctly with the IOP server name and the location of the shared folder.


    Steps for Installation:

    1. Stop the Monitor service from the ControlUp Console (Settings ->Monitors Settings -> Stop)

    2. Delete Old activity data, which the monitor might created (before having IOP), from the Monitor computer:

    • Delete all entries under: HKEY_USERS\S-1-5-20\Software\Smart-X\ControlUp\HistoricalReportingPackages
    • Delete all content from: C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\ControlUp\CacheActivity



    3. Install Insights module as explained in the On-Premises Installation Guide v7 (page33) - Click here 

    Important Note: Please make sure the computer account of the IOP server has both read NTFS and share permissions on the file share. (activity files shared folder). Unless changed, the default account is "local system" which should use the computer account to do anything remotely. If you have a service account, then that needs to have read NTFS and Share file permissions.

    4. Please give modify permissions (Both share and NTFS permissions) to the primary AD account defined in the Identity settings of the monitor, on the shared folder of the data activity files.

    5. Verify that the IOP share folder is configured in the SharedFolder registry key on the on-premises server under: HKLM\SOFTWARE\Smart-X\ControlUpServer\IOP

    6. Start the Monitor service using the ControlUp console (or services.msc).

    7. After restarting the monitor, it should be Green and the Data Upload in the Summary Tab should show  “last upload on…” of current time and date.


     7. On the IOP side, if the location of the shared activity files folder has changed, or it seems ther IOP is not reading any files from the shared files folder, you need to update the path in the configuration file (inputs.conf) located here - C:\Program Files\Smart-X\ControlUp Insights\etc\apps\controlup_iop\local


    8. Once the changes are saved in the configuration file, please restart the IOP service



    Changing location of Activity Files Folder (IOP version 2.1)- 

    If you like to change the activity files folder and you are using IOP version 2.1 and above, in Insights go to Settings-> Activity Folder and add a new folder, and disable or remove the old folder.

    The second step is to go to the on-premises server and open the registry and navigate to HKEY_LOCAL_MACHINE\Software\Smart-X\ControlupServer\IOP and verify the ServerName & Shared Folder keys are configured correctly with the IOP server name and the location of the updated shared folder.

    The last step is to restart the Monitor service.



    Please NoteThe Activity Files Folder UNC Share should NOT include $ sign.


  • Your Windows user is not authorized to use ControlUp (On-Premises Login Issue)

    The Issue:

    You try to login to the On-Premises ControlUp Real Time Console and receive an error - "Your Windows user is not authorized to use ControlUp" (or the error might be Black Screen instead of splash screen)



    The Cause:


    The issue might be caused by several reasons. 

    To receive more details about the failure, you can look at the login log which is located on the On-Premises server in 

    C:\Program Files\Smart-X\ControlUp Server\Websites\UserManagementService\4.1_WS\user management.log 


    The cause of this issue might be one of the following:

    1. License issue 

    If the number of members in the authorized group, defined during the On-Premises server application wizard, as the group which contains the AD users which are allowed to login to ControlUp, cross the number of admins in the license, you will receive this error.


    2. AD user or group issue

    The AD user is not part of the authorized group.

    The group or its SID was changed manually in the settings file.

    The AD Group type is universal and not global.


    3. Setup Issue

    The authentication method in the IIS is incorrect.


    The Solution:

    1. License Issue - 

    As mentioned, the error might indicate the number of members in the authorized AD group is higher than the license permits (The error might be Black Screen instead of splash screen).

    To verify the number of users if the authorized group match the license limit, please follow these steps:

    • Check the license quantity - 

    On the On-Premises server, go to - C:\Program Files\Smart-X\ControlUp Server\Server Settings\<LicenseFileName>.XML 

    In the following example, the quantity is unlimited.


    • Check which group you defined during the installation (if you do not remember) -

    On the On-Premises server, go to - C:\Program Files\Smart-X\ControlUp Server\Server Settings\ControlUpServerSettings.XML  

    •  Check the license location and name - 

    • Now that you know the name of the group, check the number of members - 


    2. AD user or Group -

    In case the user is not part of the AD group you defined during the installation of the On-Premises application server as the authorized group of admins which can login to ControlUp, you will receive this error.

    To verify the user you logged in with to windows and tried to launch ControlUp with, follow these steps:

    • Verify which user you are logged in with -

    • Verify the the group you chose to use and its members as mentioned above in License Issue solution.
    • Make sure the group is types global and not universal

    In case the group was changed manually in the settings file and only the name was changed and not corresponding SID number, you will receive this error.

    • To verify the group and SID, please follow the steps mentioned above in License Issue solution.


    3. Setup Issue - 

    The authentication method in the IIS is incorrect.

    To verify the authentication defined for the On-Premises ControlUp site, follow these steps:

    • Open the IIS manager on the On-Premises server
    • Under the ControlUp site click on Authentication
    • Verify that Windows Authentication is the only one Enabled



  • ControlUp On-Premises IOP - LDAP Setup

    The first login to ControlUp's On-Premises Insights website is done with user Admin and password changeme.

    You can keep using Insights user but you can also use LDAP authentication.

    In order to define LDAP authentication, first access the configuration page at:

    Go to Admin > Settings > LDAP Configuration > Add LDAP Strategy  

    LDAP Strategy Name - define the configuration name


    LDAP connection settings

    Host: Active Directoty Domain Controller computer name

    • Your IOP server must be able to resolve this host (check via nslookup)

    Port: 389 for non SSL, 636 with SSL (636)

    SSL enabled: You must also have SSL enabled on your LDAP server.

    Connection order: 1

    The order in which IOP will query this LDAP server (among enabled servers).

    Bind DN

    If you want a specific user to run the queries, this is the distinguished name used to bind to the LDAP server. In most cases should be left blank.

    Any user can be used to bind (service account is preferred, password does not change)

    For example: CN=IOP LDAP Account,OU=ServiceAccounts,OU=Accounts,DC=controlUp,DC=demo

    If you are not sure how to get these details, go to Active Directory Users and Computers and right click the user and choose properties, then go to attribute editor and look for distinguishedName. (make sure to enable advanced featured under the View menu.


    User settings

    User base DN

    Either User settings or Group settings should be applied.

    The location of your LDAP users, specified by the DN of your user subtree. You can specify several DNs separated by semicolons.

    For example: DC=controlup,DC=demo

    User base filter

    Used to filter users. Highly recommended if you have a large amount of user entries under your user base DN. For example, '(department=IT)'

    User name attribute

    The user attribute that contains the username, usually the sAMAccountName, Note that this attribute's value should be case insensitive.

    Real name attribute

    The user attribute that contains a human readable name. This is typically 'cn' (common name) or 'displayName'.

    Email attribute

    The user attribute that contains the user's email address. This is typically 'mail'.

    Group mapping attribute

    The user attribute that group entries use to define their members. If your LDAP groups use distinguished names for membership you can leave this field blank.


    Group settings

    Group base DN

    Either User settings or Group settings should be applied, can use both.

    The location of your LDAP groups, specified by the DN of your group subtree. You can specify several DNs separated by semicolons.

    This will describe the group of users authorized to use insights.

    For example: CN=IOP Admins,OU=Groups,OU=Accounts,DC=controlUp,DC=demo

    Static group search filter

    The LDAP search filter used to retrieve static groups. Highly recommended if you have a large amount of group entries under your group base DN. For example, '(department=IT)'

    Group name attribute

    The group attribute that contains the group name. A typical value for this is 'cn' or 'member'.

    Static member attribute

    The group attribute whose values are the group's members. Typical values are 'member' or 'memberUid'. Groups list user members with values of groupMappingAttribute.

    Nested groups

    Controls whether IOP will expand nested groups using the 'memberof' extension. Only check this if you have nested groups and the 'memberof' extension on your LDAP server.


    Dynamic group settings

    Dynamic member attribute

    The dynamic group attribute that contains the LDAP URL used to find members. This setting is required to configure dynamic groups. A typical value is 'memberURL'.

    Dynamic group search filter

    The LDAP search filter used to retrieve dynamic groups (optional). For example, '(objectclass=groupOfURLs)'


    Advanced settings

    Checkbox:  Enable referrals with anonymous bind only

    Most of our Customers will leave this off. IOP can use referrals with anonymous bind only. You must also have anonymous search enabled on your LDAP server. Turn this off if you have no need for referrals.

    Search request size limit

    Sets the maximum number of entries requested by LDAP searches. The number actually returned is subject to the limit imposed by the LDAP server.

    Search request time limit

    The maximum time limit in seconds to wait for LDAP searches to complete. This should be less than the UI timeout of 30s.

    Network socket timeout

    The maximum amount of seconds to wait on a connection to the LDAP server without activity. As a connection could be a search, this must be greater than the search time limit. Enter -1 for an infinite timeout

  • Black Screen when launching on-premises console

    The Issue:

    You launch the ControlUp Console and get a black screen. 

    After you wait the console opens empty without your configuration.




    The Cause:

    In the license you have specific number of admins allowed. Look in the license, under - Quantity

    During the installation you defined AD Group for Authorized Users - who can login to ControlUp Console.

    The number of users in the group is more than the number in the license file. You might have nested a group in the ControlUp AD Group, and in that group you have more users than defined in the license.


    The Solution:

    Please make sure in the ControlUp Authorized AD Group, you define the same number of users defined in the license file under Quantity (of ControlUp admins).


  • ControlUp has detected...Using an on-premises Installation Error

    Issue Description:

    User is able to log in to ControlUp Console but receives the error - "ControlUp has detected that your environment is using an on-premises Installation"





    The Reason:

    Your organization has installed the ControlUp on-premises server. Once the license is requested, the environment is set to use the on-premises deployment and not the cloud.

    When a user tries to launch a cloud console from the on-premises domain, the cloud console gets rejected.


    The Solution:

    Install the on-premises console and not the cloud console. The on-premises console is part of the on-premises installation package. If you do not have it the on-premises console installer, please click here to download it with the installation guide.

    If you have installed the console and it still attempts to connect as a cloud console, please go to KEY_LOCAL_MACHINE\Software\Smart-X\ControlUp\PrivateCloud and Set Dword IsUsingPrivateCloud to 0.


  • Upgrading to the new Insights On-Premises

    In order to upgrade to the new IOP (Insights On-Premises) release, please download the installer from here.

    Please save the installer on the IOP server and launch it.

    Select the "Quick Upgrade" option and click on Continue:


    Agree to the license agreement:


    Make sure the installation path is correct or change it if needed:


    Make sure the activity shared folder path is correct or change it if needed:


    The installation will start once you click Install:


    An upgrade successfully installed message will appear when the installation finishes:


  • Most Common IOP Errors

    Not enough CPU/RAM/IOPS

    Error in 'SearchOperator:loadjob': Cannot find artifacts for savedsearch_ident 'admin:controlup_iop:last_seen'.



    Lower than 5gb on the drive IOP is installed and/or where the DB is used

    No results found.

    Could not create search. 




    Violation/End of Trial - Need Reset/Commercial License

     Error in 'tstats' command: Your Splunk license expired or you have exceeded your license limit too many times. Contact ControlUp Support for assistance.


  • Changing The Location & Size of IOP Database

    By default, the Insights On-Premises (IOP) data base is limited to 500GB and once you reach that size, the data is overwritten.

    Please note that if you have less than 5 GB on the drive storing the data base, Indexing and some other functionalities will be stopped as well.

    Here are the steps on how to change the location of the data base:


    1. Go into the Insights server and stop the service "Splunkd.exe" 
    2. Go to:   (location may change if installed on different location)
      C:\Program Files\Smart-X\ControlUp Insights\var\lib\
    3. Copy the entire 'Splunk' folder to the new location (for example.. D\E drive..)
    4.  The new location it will be like this: 
    5. After coping the folder was done, go to
      C:\Program Files\Smart-X\ControlUp Insights\etc
      • Open "splunk-launch.conf" via Notepad
      • Where it says: "#SPLUNK_DB=" take down the pound sign (#)
      • Add the new location of the Splunk folder. E.g from the image below: SPLUNK_DB=E:\CUIOP_db\splunk
    6. Run via CMD as administrator:  
      "C:\Program Files\Smart-X\ControlUp Insights\bin\splunk" start
    7. All should show "Done" and in the end for the process starting you'll see:
      1. ​  (with your server name)
    8. Once the service is up and running, you can run some reports in Insights, see it's all working and you can remove the old Splunk folder from the old location.


    In order to change the database size, log into your Insights and go to Admin > Settings > Index Management and select 'Set max size' for the 'cuiop' DB. 


    If you're selecting smaller size then the existing size, Insights will automatically adjust.

  • SQL Express Setup for On-Premises Mode

    In case you deploy SQL express for on-premises solution, be sure to enable the TCP/IP protocol in the SQL Configuration Manager.

    By default the TCP\IP is disabled and also does not have any port assigned.

    Once you enable the protocol, restart the SQL express service and then in the TCP/IP properties you will see the port number, before the restart the port is zero.

    After finishing the protocol and port setup, continue with the On-Premises installation wizard.

  • After IOP upgrade the reports are empty

    The Issue:

    After an IOP (Insights On-Premises) upgrade, all reports return an error


    The Cause:

    In rare scenarios the upgrade might cause cleanup of indexed data and rebuild is necessary to create the available data sets.


    The Solution:

    Please go to the data model settings and rebuild your data sets accelaration.

    To reach the data model settings page, type your Insights URL and add manager/search/data_model_manager

    For example: http://servername.domain.com:8000/en-US and to it add manager/search/data_model_manager



    Once you reach the settings page, please click on rebuild for each report's data set.

    The rebuild takes few minutes, check the Insights reports after 30 minutes.


  • Authorization Failed (On-Premises Login Issue)

    The Issue:

    You cannot login to ControlUp Real Time Console in an On-Premises mode environment.

    The message you receive is - "Authorization Failed"


    The Solution:

    It appeared that the password for the two service accounts that needed to run the ControlUp services were expired. So, AD was not letting them to run the services. 

    You can verify if this is indeed the case, if you try to restart the ControlUp services and they do not start back - 

    ControlUp Incidents




    To receive more details about the failure, you can look at the login log which is located on the On-Premises server in C:\Program Files\Smart-X\ControlUp Server\Websites\UserManagementService\4.1_WS\user management.log 


    If the following errors appears in the user management log:

    ERROR|Error in BaseResponse. |UserManagement.Exceptions.UserManagementException: Failed to bind to organization permissions group 'AD Group Name'

    It means the issue could be with the AD group you assigned as the group for users who can login to ControlUp Console:

    • The AD group and SID needs to match in the server settings file, located here - "C:\Program Files\Smart-X\ControlUp Server\Server Settings\ControlUpServerSettings.xml"
    • The group needs to be a Security Global group.
    • Application Pools - Verify all application pools are running and do IISReset on the On-Premise server.
    • In 7.1 & 7.2 it could be a license issue (IOP Allowed - Yes/No).

    How do I get the SID? click here for additional information.


  • On-Premises Script Error - "The Primary File...model database"

    The issue:

    Error message: "The primary file must be at least X MB to accommodate a copy of the model database" (1024 in this example, it depends on the environment setup)



    The Reason:

    When DB is created it uses the Model DB as template, the model DB is a built in system database in SQL.

    In our ControlUp On-Premises data base creation script, we use:

    DECLARE @dbDataFileSize VARCHAR(10) = 50



    The Resolution:

    Please right click the Model DB and go to properties -> Files and check the initial size (MB)


    Then edit the SQL script the On-Premises wizard created, Line 30, edit the value and change it from 50, in this example as you see the Initial size is 128MB, so in the script change it to 129MB, and that will resolve the issue.

  • The Incidents Pane Is Currently Offline (On-Premises Mode)

    The Issue:

    The Incidents pane is not available and seem to be offline.



    The Cause:

    There is a connection issue between the On-Premises application server and the SQL server storing the ControlUp data base.


    The Solution:


    1. Check if the ControlUp Incidents service is up and running


    2. Test the connection between the On-Premises server and the SQL server, using the ODBC utility.


    3. Open the regedit.exe on the On-Premises server and check the SQLConnectionString. The string is encrypted and in order to decrypt it, please contact support@controlup.com in order to receive the decryptor utility.

  • On-Premises Troubleshooting - Handshake Service Error

    The Issue:


    During first login to the On-Premises ControlUp Real Time Console you receive an error - "An error occurred while getting the user management service URL..."



    The Cause:

    The console tries to connect to the on-premises server, specifically to the IIS and fails.

    The core of the on-premises server is based on the IIS internal site we add during the on-premises server installation and if the IIS is not available, you will not be able to login.


    The Solution:


    The main issue here is that the IIS application pools were not defined correctly with the service account (you chose during the installation wizard of the on-premises application server) or Controlup certificate is not bind correctly.

    During the on-premises installation, the IIS role is added and both the binding of the site and the application pools identity property, are defined during the installation wizard.


    In order to troubleshoot the issue and verify the configuration is correct, please follow these steps:


    1. When you have an issue to login, you can refer to the relevant log file, in order to understand better the issue, the log file is located in the service folder, on the on-premises server, under: c:\program files\smat-x\controlup server\webapps

    UsermanagementService folder or HandshakeService folders wil lnotify you if there is a login issue.

    Other services - IncidentsReporterService and IncidentsViewerService are responsible to read and write incidents to and from the ControlUp database. If you have a SQL connection issue, you will see the error in those logs.




    2. Make sure the ControlUp services are running as expected and the "log On As" property is defined with the correct service account (same service account you defined during the installation)

    3. Please open the IIS manager (go to start->run and type Inetmgr)

    Check under the application pools, the identity configuration, it should show the service account you defined during the on-premises application server installation wizard.


    4. Check the binding of the Controlup site, see below screenshot - 

    Focus on the Controlup site, click on Binding -> Edit


    5. To check the license and settings files, go to the on-premises server, under c:\program files\smart-x\controlup server\server settings (for more information regarding license troubleshooting, refer to the article - Your windows user is not authorized to use controlup)


    ** If any of the details above did not help or you see a difference between your configuration and the configuration presented in the article, and you do not know how to fix it, please contact our support at support@controlup.com



  • On-Premises Handshake Error - .Net Registration Issue

    The Issue:

    Cannot login to Controlup On-Premises Console and receive an error message which flickers when you hover over the red icon.




    The Reason:

    The .net framework was installed before we add the IIS role and the registration of the .net framework failed.

    This issue will be resolved in version 7 of on-premises server release.


    The Solution:

    Please open CMD as admin and execute the following command: 

    %windir%\Microsoft.NET\Framework64\v4.0.30319\aspnet_regiis.exe -I


  • On-Premises - Service Unavailable (503)

    The Issue:


    You try to launch the console and receive the following error:



    The Cause:

    The IIS application pools are not available.



    The Solution:


    It happens that the service account's (used during the on-premises installation) password change (e.g every 3 months policy).

    When the service account's password change the application pool cannot be started.

    To resolve the issue you need to change the password for each application pool, and then restart the IIS service, for example:



     There are cases where you will need to add the service account to the  Performance Log Users local group of the ControlUp Server On-Premises, in order for the service account to be able to start the application code.

  • How to move the on-premises ControlUp database?

    There are situations where the ControlUp database needs to be moved from one SQL server to another.

    In order to move the database, you need to take the database backup and import it on the new SQL server. (that is done by the organization's DBA)

    In detail this process will look similar to this:

    1. Login to the SQL Manager console on the origin server.

    2. Locate the ControlUpDB.

    3. Right click and select “Tasks\Backup” from the menu.


    4. This will launch the DB Backup utility.


    5. Configure desired options (path, file name, etc) and click “Ok” to perform the backup process.

    6. Copy the .bak file you created to the destination server.

    7. On the destination server launch SQL Management Console

    8. Right click on “System Databases” and select “Restore Database”


    9. Configure the Restore wizard to target the .bak file you created and run the DB restore




    Once the database is moved, the SQL connection string (the SQL details defined during the on-premises server application wizard) need to be edited.

    Here are the steps:

    1. On the on-premises server, open regedit.exe and go to the key presented in the following screenshot - 


    2. As you can see the connection string is encrypted. In order to decrypt it, download the EncryptDecryptTool.zip attached to this article.

    3. Please copy the tool to the on-premises server and launch it. (The tool works only on the on-premises server)


    4. Take the encrypted string and paste it to the tool and click decrypt - 


    5. Then edit the connection details in notepad - 


    6. Relaunch the tool and paste the new details and encrypt the string -


    6. Copy and paste the new encrypted string to the registry key and click OK - 


    7. Once you are finished with the registry update, reboot the On-Premises Server, and you are done -