On-Premises related articles

  • On-Premises Installation Failed - .Net 3.5 Not Installed

    When attempting to install the V7 On-Premises Server, the installation fails.

     

    If you search for "Return value 3" in the MSI log file you will find the following information above the return code:

     

    MSI (s) (44:F0) [20:13:26:018]: Hello, I'm your 32bit Elevated Non-remapped custom action server.

    CAQuietExec64:  

    CAQuietExec64:  Error: 0x800f0906

    CAQuietExec64:  

    CAQuietExec64:  The source files could not be downloaded.

    CAQuietExec64:  Use the "source" option to specify the location of the files that are required to restore the feature. For more information on specifying a source location, see http://go.microsoft.com/fwlink/?LinkId=243077.

    CAQuietExec64:  Error 0x800f0906: Command line returned an error.

    CAQuietExec64:  Error 0x800f0906: QuietExec64 Failed

    CAQuietExec64:  Error 0x800f0906: Failed in ExecCommon64 method

    CustomAction EnableWindowsFeatures returned actual error code 1603 (note this may not be 100% accurate if translation happened inside sandbox)

    MSI (s) (44:E4) [20:13:45:252]: Note: 1: 2265 2:  3: -2147287035

    MSI (s) (44:E4) [20:13:45:252]: User policy value 'DisableRollback' is 0

    MSI (s) (44:E4) [20:13:45:252]: Machine policy value 'DisableRollback' is 0

    Action ended 20:13:45: InstallFinalize. Return value 3.

    This indicates that the installer was trying to download something it couldn't download since the server was not directly connected to Internet.

    This is usually related to the .NET 3.5 feature since it's not available by default on Windows 2012 and above.

  • ControlUp On-Premises and Insights Installation Video

    The following video displays how to install Controlup on-premises with Insights solution.

    The following components are described:

    1. Installation of the on-premises server
    2. Installation of the Insights on-premises
    3. Installation of the ControlUp Monitor
    4. Installation of the ControlUp Console

     

     

  • Adding & Troubleshooting Insights On-Premises (IOP) Module

     

    In case you have already installed ControlUp On-Premises V6 without the Insights module, you can add it, here is a procedure for that: 

    Note: Before you start, please verify that you have set the correct Activity files shared folder (which you defined during the on-premises Installation wizard) by checking the registry on the ControlUp on-premises application Server.

    Navigate to HKEY_LOCAL_MACHINE\Software\Smart-X\ControlupServer\IOP and verify the ServerName & Shared Folder keys are configured correctly with the IOP server name and the location of the shared folder.

     

    Steps for Installation:

    1. Stop the Monitor service from the ControlUp Console (Settings ->Monitors Settings -> Stop)

    2. Delete Old activity data, which the monitor might created (before having IOP), from the Monitor computer:

    • Delete all entries under: HKEY_USERS\S-1-5-20\Software\Smart-X\ControlUp\HistoricalReportingPackages
    • Delete all content from: C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\ControlUp\CacheActivity

     

     

    3. Install Insights module as explained in the On-Premises Installation Guide v6 (page33) - Click here 

    Important Note: Please make sure the computer account of the IOP server has both read NTFS and share permissions on the file share. (activity files shared folder) Unless changed the default account is "local system" which should use the computer account to do anything remotely. If you have a service account then that needs to have read NTFS and Share file permissions.

    4. Please give modify permissions (Both share and NTFS permissions) to the primary AD account defined in the Identity settings of the monitor, on the shared folder of the data activity files.

    5. Verify that the IOP share folder is configured in the SharedFolder registry key on the on-premises server under: HKLM\SOFTWARE\Smart-X\ControlUpServer\IOP

    6. Start the Monitor service using the ControlUp console (or services.msc).

    7. After restarting the monitor, it should be Green and the Data Upload in the Summary Tab should show  “last upload on…” of current time and date.

      

     7. On the IOP side, if the location of the shared activity files folder has changed, or it seems ther IOP is not reading any files from the shared files folder, you need to update the path in the configuration file (inputs.conf) located here - C:\Program Files\Smart-X\ControlUp Insights\etc\apps\controlup_iop\local

    2017-05-04_1414.png

    8. Once the changes are saved in the configuration file, please restart the IOP service

    2017-05-04_1415.png

     

    Changing location of Activity Files Folder (IOP version 2.1)- 

    If you like to change the activity files folder and you are using IOP version 2.1 and above, in Insights go to Settings-> Activity Folder and add a new folder, and disable or remove the old folder.

    The second step is to go to the on-premises server and open the registry and navigate to HKEY_LOCAL_MACHINE\Software\Smart-X\ControlupServer\IOP and verify the ServerName & Shared Folder keys are configured correctly with the IOP server name and the location of the updated shared folder.

    The last step is to restart the Monitor service.

    2017-07-16_0942.png

     

     

  • Your Windows user in not authorized to use ControlUp (On-Premises Login Issue)

    The Issue:

    You try to login to the On-Premises ControlUp Real Time Console and receive an error - "Your Windows user is not authorized to use ControlUp" (or the error might be Black Screen instead of splash screen)

     

     

    The Cause:

     

    The issue might be caused by several reasons. 

    To receive more details about the failure, you can look at the login log which is located on the On-Premises server in 

    C:\Program Files\Smart-X\ControlUp Server\Websites\UserManagementService\4.1_WS\user management.log 

     

    The cause of this issue might be one of the following:

    1. License issue 

    If the number of members in the authorized group, defined during the On-Premises server application wizard, as the group which contains the AD users which are allowed to login to ControlUp, cross the number of admins in the license, you will receive this error.

     

    2. AD user or group issue

    The AD user is not part of the authorized group.

    The group or its SID was changed manually in the settings file.

    The AD Group type is universal and not global.

     

    3. Setup Issue

    The authentication method in the IIS is incorrect.

     

    The Solution:

    1. License Issue - 

    As mentioned, the error might indicate the number of members in the authorized AD group is higher than the license permits (The error might be Black Screen instead of splash screen).

    To verify the number of users if the authorized group match the license limit, please follow these steps:

    • Check the license quantity - 

    On the On-Premises server, go to - C:\Program Files\Smart-X\ControlUp Server\Server Settings\<LicenseFileName>.XML 

    In the following example, the quantity is unlimited.

     

    • Check which group you defined during the installation (if you do not remember) -

    On the On-Premises server, go to - C:\Program Files\Smart-X\ControlUp Server\Server Settings\ControlUpServerSettings.XML  

    •  Check the license location and name - 

    • Now that you know the name of the group, check the number of members - 

     

    2. AD user or Group -

    In case the user is not part of the AD group you defined during the installation of the On-Premises application server as the authorized group of admins which can login to ControlUp, you will receive this error.

    To verify the user you logged in with to windows and tried to launch ControlUp with, follow these steps:

    • Verify which user you are logged in with -

    • Verify the the group you chose to use and its members as mentioned above in License Issue solution.
    • Make sure the group is types global and not universal

    In case the group was changed manually in the settings file and only the name was changed and not corresponding SID number, you will receive this error.

    • To verify the group and SID, please follow the steps mentioned above in License Issue solution.

     

    3. Setup Issue - 

    The authentication method in the IIS is incorrect.

    To verify the authentication defined for the On-Premises ControlUp site, follow these steps:

    • Open the IIS manager on the On-Premises server
    • Under the ControlUp site click on Authentication
    • Verify that Windows Authentication is the only one Enabled

     

     

  • ControlUp On-Premises IOP - LDAP Setup

    The first login to ControlUp's On-Premises Insights website is done with user Admin and password changeme.

    You can keep using Insights user but you can also use LDAP authentication.

    In order to define LDAP authentication, first access the configuration page at:

    http://"Insights server":8000/en-US/manager/search/authentication/providers/LDAP 

    For example:

    http://iopdemo01:8000/en-US/manager/search/authentication/providers/LDAP  

    LDAP Strategy Name - define the configuration name

     

    LDAP connection settings

    Host: Active Directoty Domain Controller computer name

    • Your IOP server must be able to resolve this host (check via nslookup)

    Port: 389 for non SSL, 636 with SSL (636)

    SSL enabled: You must also have SSL enabled on your LDAP server.

    Connection order: 1

    The order in which IOP will query this LDAP server (among enabled servers).

    Bind DN

    If you want a specific user to run the queries, this is the distinguished name used to bind to the LDAP server. In most cases should be left blank.

    Any user can be used to bind (service account is preferred, password does not change)

    For example: CN=IOP LDAP Account,OU=ServiceAccounts,OU=Accounts,DC=controlUp,DC=demo

    If you are not sure how to get these details, go to Active Directory Users and Computers and right click the user and choose properties, then go to attribute editor and look for distinguishedName. (make sure to enable advanced featured under the View menu.

     

    User settings

    User base DN

    Either User settings or Group settings should be applied.

    The location of your LDAP users, specified by the DN of your user subtree. You can specify several DNs separated by semicolons.

    For example: DC=controlup,DC=demo

    User base filter

    Used to filter users. Highly recommended if you have a large amount of user entries under your user base DN. For example, '(department=IT)'

    User name attribute

    The user attribute that contains the username, usually the sAMAccountName, Note that this attribute's value should be case insensitive.

    Real name attribute

    The user attribute that contains a human readable name. This is typically 'cn' (common name) or 'displayName'.

    Email attribute

    The user attribute that contains the user's email address. This is typically 'mail'.

    Group mapping attribute

    The user attribute that group entries use to define their members. If your LDAP groups use distinguished names for membership you can leave this field blank.

     

    Group settings

    Group base DN

    Either User settings or Group settings should be applied, can use both.

    The location of your LDAP groups, specified by the DN of your group subtree. You can specify several DNs separated by semicolons.

    This will describe the group of users authorized to use insights.

    For example: CN=IOP Admins,OU=Groups,OU=Accounts,DC=controlUp,DC=demo

    Static group search filter

    The LDAP search filter used to retrieve static groups. Highly recommended if you have a large amount of group entries under your group base DN. For example, '(department=IT)'

    Group name attribute

    The group attribute that contains the group name. A typical value for this is 'cn' or 'member'.

    Static member attribute

    The group attribute whose values are the group's members. Typical values are 'member' or 'memberUid'. Groups list user members with values of groupMappingAttribute.

    Nested groups

    Controls whether IOP will expand nested groups using the 'memberof' extension. Only check this if you have nested groups and the 'memberof' extension on your LDAP server.

     

    Dynamic group settings

    Dynamic member attribute

    The dynamic group attribute that contains the LDAP URL used to find members. This setting is required to configure dynamic groups. A typical value is 'memberURL'.

    Dynamic group search filter

    The LDAP search filter used to retrieve dynamic groups (optional). For example, '(objectclass=groupOfURLs)'

     

    Advanced settings

    Checkbox:  Enable referrals with anonymous bind only

    Most of our Customers will leave this off. IOP can use referrals with anonymous bind only. You must also have anonymous search enabled on your LDAP server. Turn this off if you have no need for referrals.

    Search request size limit

    Sets the maximum number of entries requested by LDAP searches. The number actually returned is subject to the limit imposed by the LDAP server.

    Search request time limit

    The maximum time limit in seconds to wait for LDAP searches to complete. This should be less than the UI timeout of 30s.

    Network socket timeout

    The maximum amount of seconds to wait on a connection to the LDAP server without activity. As a connection could be a search, this must be greater than the search time limit. Enter -1 for an infinite timeout

  • Black Screen when launching on-premises console

    The Issue:

    You launch the ControlUp Console and get a black screen. 

    After you wait the console opens empty without your configuration.

     

    image025.jpg

     

    The Cause:

    In the license you have specific number of admins allowed. Look in the license, under - Quantity

    During the installation you defined AD Group for Authorized Users - who can login to ControlUp Console.

    The number of users in the group is more than the number in the license file. You might have nested a group in the ControlUp AD Group, and in that group you have more users than defined in the license.

     

    The Solution:

    Please make sure in the ControlUp Authorized AD Group, you define the same number of users defined in the license file under Quantity (of ControlUp admins).

     

  • ControlUp has detected...Using an on-premises Installation Error

    Issue Description:

    User is able to log in to ControlUp Console but receives the error - "ControlUp has detected that your environment is using an on-premises Installation"

    ControlUp1.PNG 

     

    ControlUp2.PNG

     

    The Reason:

    Your organization has installed the ControlUp on-premises server. Once the license is requested, the environment is set to use the on-premises deployment and not the cloud.

    When a user tries to launch a cloud console from the on-premises domain, the cloud console gets rejected.

     

    The Solution:

    Install the on-premises console and not the cloud console. The on-premises console is part of the on-premises installation package. If you do not have it the on-premises console installer, please click here to download it with the installation guide.

    If you have installed the console and it still attempts to connect as a cloud console, please go to KEY_LOCAL_MACHINE\Software\Smart-X\ControlUp\PrivateCloud and Set Dword IsUsingPrivateCloud to 0.

     

  • Upgrading to the new Insights On-Premises

    In order to upgrade to the new IOP (Insights On-Premises) release, please download the installer from here.

    Please save the installer on the IOP server and launch it.

    Select the "Quick Upgrade" option and click on Continue:

    2017-06-29_1437.png

    Agree to the license agreement:

    2017-06-29_1437_001.png

    Make sure the installation path is correct or change it if needed:

    2017-06-29_1437_002.png

    Make sure the activity shared folder path is correct or change it if needed:

    2017-06-29_1437_003.png

    The installation will start once you click Install:

    2017-06-29_1438.png

    An upgrade successfully installed message will appear when the installation finishes:

    2017-06-29_1440.png

  • Most Common IOP Errors

    Not enough CPU/RAM/IOPS

    IOP-Resources.jpg

     

    Lower than 5gb on the drive IOP is installed and/or where the DB is used

    IOP-Disk_Space.png

     

    Violation/End of Trial - Need Reset/Commercial License

     

    IOP-License.PNG

  • Changing The Location & Size of IOP Data base

    By default, the Insights On-Premises (IOP) data base is limited to 512 GB and once you reach that size, the data is overwritten. Please note that if you have less than 5 GB on the drive storing the data base, Indexing and some other functionalities will stop.

    Here are the steps how to change the location and\or size of the data base:

    1. Stop splunkd service on the IOP server
    2. Move the CUIOP folder from: C:\Program Files\Smart-X\ControlUp Insights\var\lib\splunk\cuiop to the desired location
    3. Copy file Indexes.conf from C:\Program Files\Smart-X\ControlUp Insights\etc\apps\controlup_iop\default to C:\Program Files\Smart-X\ControlUp Insights\etc\apps\controlup_iop\local and Edit it there
    4. On [cuiop] section (only one that is relevant), change $SplunkDB to drive\folder before \cuiop\
    5. Change the Max size of the Index by changing the value of maxTotalDataSizeMB, please note that it is in MB, meaning 512 GB is 512000 MB

    In the following example we changed the limit to 128GB and the location D:\ControlUpIOP\cuiop\db123123.png

    123123123.png

  • SQL Express Setup for On-Premises Mode

    In case you deploy SQL express for on-premises solution, be sure to enable the TCP/IP protocol in the SQL Configuration Manager.

    By default the TCP\IP is disabled and also does not have any port assigned.

    Once you enable the protocol, restart the SQL express service and then in the TCP/IP properties you will see the port number, before the restart the port is zero.

    After finishing the protocol and port setup, continue with the On-Premises installation wizard.

  • After IOP upgrade the reports are empty

    The Issue:

    After an IOP (Insights On-Premises) upgrade, all reports return an error

     

    The Cause:

    In rare scenarios the upgrade might cause cleanup of indexed data and rebuild is necessary to create the available data sets.

     

    The Solution:

    Please go to the data model settings and rebuild your data sets accelaration.

    To reach the data model settings page, type your Insights URL and add manager/search/data_model_manager

    For example: http://servername.domain.com:8000/en-US and to it add manager/search/data_model_manager

    http://servername.domain.com:8000/en-US/manager/search/data_model_manager

     

    Once you reach the settings page, please click on rebuild for each report's data set.

    The rebuild takes few minutes, check the Insights reports after 30 minutes.

     

  • Authorization Failed (On-Premises Login Issue)

    The Issue:

    You cannot login to ControlUp Real Time Console in an On-Premises mode environment.

    The message you receive is - "Authorization Failed"

     

    The Solution:

    It appeared that the password for the two service accounts that needed to run the ControlUp services were expired. So, AD was not letting them to run the services. 

    You can verify if this is indeed the case, if you try to restart the ControlUp services and they do not start back - 

    ControlUp Incidents

    ControlUp-LDS

     

     

    To receive more details about the failure, you can look at the login log which is located on the On-Premises server in C:\Program Files\Smart-X\ControlUp Server\Websites\UserManagementService\4.1_WS\user management.log 

     

    If the following errors appears -

    ERROR|Error in BaseResponse. |UserManagement.Exceptions.UserManagementException: Failed to bind to organization permissions group 'AD Group Name'

    It means the issue is with the group, the AD group you assigned as the group for users who can login to ControlUp Console.

    The group needs to be a Security Global group.

    And then group and SID needs to match in the server settings file, located here - "C:\Program Files\Smart-X\ControlUp Server\Server Settings\ControlUpServerSettings.xml"

    How do I get the SID? click here for additional information.

     

  • On-Premises Script Error - "The Primary File...model database"

    The issue:

    Error message: "The primary file must be at least X MB to accommodate a copy of the model database" (1024 in this example, it depends on the environment setup)

     

     

    The Reason:

    When DB is created it uses the Model DB as template, the model DB is a built in system database in SQL.

    In our ControlUp On-Premises data base creation script, we use:

    DECLARE @dbDataFileSize VARCHAR(10) = 50

     2017-02-23_1417.png

     

    The Resolution:

    Please right click the Model DB and go to properties -> Files and check the initial size (MB)

     Model-DB-SS.JPG

    Then edit the SQL script the On-Premises wizard created, Line 30, edit the value and change it from 50, in this example as you see the Initial size is 128MB, so in the script change it to 129MB, and that will resolve the issue.

  • The Incidents Pane Is Currently Offline (On-Premises Mode)

    The Issue:

    The Incidents pane is not available and seem to be offline.

     

     

    The Cause:

    There is a connection issue between the On-Premises application server and the SQL server storing the ControlUp data base.

     

    The Solution:

     

    1. Check if the ControlUp Incidents service is up and running

     

    2. Test the connection between the On-Premises server and the SQL server, using the ODBC utility.

     

    3. Open the regedit.exe on the On-Premises server and check the SQLConnectionString. The string is encrypted and in order to decrypt it, please contact support@controlup.com in order to receive the decryptor utility.

  • On-Premises Troubleshooting - Handshake Service Error

    The Issue:

     

    During first login to the On-Premises ControlUp Real Time Console you receive an error - "An error occurred while getting the user management service URL..."

     

     

    The Cause:

    The console tries to connect to the on-premises server, specifically to the IIS and fails.

    The core of the on-premises server is based on the IIS internal site we add during the on-premises server installation and if the IIS is not available, you will not be able to login.

     

    The Solution:

     

    The main issue here is that the IIS application pools were not defined correctly with the service account (you chose during the installation wizard of the on-premises application server) or Controlup certificate is not bind correctly.

    During the on-premises installation, the IIS role is added and both the binding of the site and the application pools identity property, are defined during the installation wizard.

     

    In order to troubleshoot the issue and verify the configuration is correct, please follow these steps:

     

    1. When you have an issue to login, you can refer to the relevant log file, in order to understand better the issue, the log file is located in the service folder, on the on-premises server, under: c:\program files\smat-x\controlup server\webapps

    UsermanagementService folder or HandshakeService folders wil lnotify you if there is a login issue.

    Other services - IncidentsReporterService and IncidentsViewerService are responsible to read and write incidents to and from the ControlUp database. If you have a SQL connection issue, you will see the error in those logs.

     

     

     

    2. Make sure the ControlUp services are running as expected and the "log On As" property is defined with the correct service account (same service account you defined during the installation)

    3. Please open the IIS manager (go to start->run and type Inetmgr)

    Check under the application pools, the identity configuration, it should show the service account you defined during the on-premises application server installation wizard.

     2017-03-20_1707.png

    4. Check the binding of the Controlup site, see below screenshot - 

    Focus on the Controlup site, click on Binding -> Edit

     

    5. To check the license and settings files, go to the on-premises server, under c:\program files\smart-x\controlup server\server settings (for more information regarding license troubleshooting, refer to the article - Your windows user is not authorized to use controlup)

     

    ** If any of the details above did not help or you see a difference between your configuration and the configuration presented in the article, and you do not know how to fix it, please contact our support at support@controlup.com

     

     

  • On-Premises Handshake Error - .Net Registration Issue

    The Issue:

    Cannot login to Controlup On-Premises Console and receive an error message which flickers when you hover over the red icon.

    2017-03-15_15-52-38.png

    2017-02-20_15_58_00-Desktop_LBS_AD_-_Desktop_Viewer__1_.png

     

    The Reason:

    The .net framework was installed before we add the IIS role and the registration of the .net framework failed.

    This issue will be resolved in version 7 of on-premises server release.

     

    The Solution:

    Please open CMD as admin and execute the following command: 

    %windir%\Microsoft.NET\Framework64\v4.0.30319\aspnet_regiis.exe -I

     

  • How to move the on-premises ControlUp database?

    There are situations where the ControlUp database needs to be moved from one SQL server to another.

    In order to move the database, you need to take the database backup and import it on the new SQL server. (that is done by the organization's DBA)

    In detail this process will look similar to this:

    1. Login to the SQL Manager console on the origin server.

    2. Locate the ControlUpDB.

    3. Right click and select “Tasks\Backup” from the menu.

    12311.png

    4. This will launch the DB Backup utility.

    12312333.png

    5. Configure desired options (path, file name, etc) and click “Ok” to perform the backup process.

    6. Copy the .bak file you created to the destination server.

    7. On the destination server launch SQL Management Console

    8. Right click on “System Databases” and select “Restore Database”

    221.png

    9. Configure the Restore wizard to target the .bak file you created and run the DB restore

     

    2211.png

     

    Once the database is moved, the SQL connection string (the SQL details defined during the on-premises server application wizard) need to be edited.

    Here are the steps:

    1. On the on-premises server, open regedit.exe and go to the key presented in the following screenshot - 

    2017-04-20_0938.png

    2. As you can see the connection string is encrypted. In order to decrypt it, download the EncryptDecryptTool.zip attached to this article.

    3. Please copy the tool to the on-premises server and launch it.

    2017-04-20_0946.png

    4. Take the encrypted string and paste it to the tool and click decrypt - 

    2017-04-20_0940.png

    5. Then edit the connection details in notepad - 

    2017-04-20_0949.png

    6. Relaunch the tool and paste the new details and encrypt the string -

     2017-04-20_0952.png

    6. Copy and paste the new encrypted string to the registry key and click OK - 

    2017-04-20_0952_001.png

    7. Once you are finished with the registry update, reset the IIS, and you are done -

    2017-04-20_0954.png

    2017-04-20_0955.png

  • Script Based Actions for On-Premises Mode (SBA's)

    Until now script based actions were available only for the online customers, now you can import it to your data base and enjoy all community scripts. If you do not import the SBAs, you will receive an error in the console once you launch it. This is a temporary solution, we will implement the SBAs in the server installation wizard in future release.

    The script is part of version 5 package and should be used only in version 5 on-premises implementations.

    If for any reason, you do not have it, here is a link to download the SBA script

    In order to import the script –

    1. Save the importData.sql script on your SQL server (the script is stored in the “Import SBA DB” folder)
    2. Run it in SQL studio and make sure to define the correct path of the data base backup file (sbadata.bak) and path log.
    3. Once the script finished you will find the scripts in the ControlUp Console under Organizational Scripts in the Script Based Actions

     

  • Send An E-mail Alert (On-Premises Mode)

    In On-Premises mode the follow-up action "Send an e-mail alert" needs to be defined in the on-premises application server's registry.

    When you create a trigger alert with the follow-up action "Send an e-mail alert", the e-mail is sent from our cloud servers, in the Online Mode. But in On-Premises Mode which functions only locally, the administrator needs to define his local SMTP server in order for this follow-up action to work.

     

    In order to define your local SMTP server, please open the regedit.exe on the On-Premises server and go to HKEY_LOCAL_MACHINE\SOFTWARE\Smart-X\ControlUp\SMTPSettings and define the needed details, such as:

    SenderEmail, ServerName, EnableSSL, Port etc.

     

  • On-Premises daily quota data base update

    The Issue:

    Each ControlUp customer receive a daily quota of 1000 incidents per day.

    In case you crossed the quota, you will notice a red message in the Incidents pane, telling you that you have crossed the daily limit of incidents.

     

     

    The Solution:

    Online customers should follow this article to resolve the issue - Exceed the daily quota of 1000 incidents

    On-Premises users can update the daily quota limit by themselves.

    In order to update the limit, please open the SQL studio on the ControlUp data base server and run the following script - 

    Use ControlUpDB

    go

    UPDATE IncidentOrganizations

    SET MaxIncidentsPerDay = 100000, PenaltyDateUtc = NULL

    WHERE OrganizationId ='e5abf1de-4d91-4357-8c68-e6e99aae5802'

    go

     

    Another option is to manually update the limit in the SQL studio as presented in the following screenshot - 

  • Master Service is disconnected

    The Issue:

     

    During the installation of the ControlUp Monitor you receive an error - "Master Service is disconnected"

     

     

    The installation of the ControlUp Monitor is finished but the error can be viewed in the status tab.

     

     

    The Cause:

    There is a connection issue to the SQL server and\or the ControlUp database.

     

    The Solution:

    First, make sure you have followed the installation guide and installed or updated the ControlUp data base correctly.

    Second step we recommend on doing is to test the connection between the On-Premises server and the SQL server, using the ODBC utility (Windows Control panel -> administrative tools).

    Second step would be to check the SQL connection details either via the on-premises installer or in the registry of the On-premises server.

    To check the connection details you can either run the on-premises application wizard in upgrade\repair mode, and then go over the connection details, or open the regedit.exe on the On-Premises server and check the SQLConnectionString. The string is encrypted and in order to decrypt it, please contact support@controlup.com in order to receive the decryptor utility.

     

  • How to copy and create a Script Based Action (SBAs for On-Premises customers)

    ControlUp On-premises customers cannot import a new released script based action at the moment and because of that, they need to copy the script from our website and create their own new script locally.

    To achieve that, please follow these steps:

    1. Copy the script code you like from our website, click here to reach our scripts library
    2. In the Controlup Real Time Console, go to the script based actions and click on create new script. You can create a new script from the Organizational Actions or My Draft Actions tabs
    3. Give the new script a name and then make sure you define the correct type of resource, execution context, and security context you like to use. 
    4. In the script page, paste the script you have copied from our site library (Step 1)
    5. In the arguments page use the arguments needed for the script to run successfully.
    6. Once the script is ready, click on Finalize and you are good to go. 

    Note: If you are not sure which settings or arguments should be used, please contact support@controlup.com and we will help you with screenshots, what needs to be defined in the different fields.

    Here are a couple of examples

     

     

     

  • On-Premises Insights (IOP) - SSL

    The default installation does not include SSL.

    However, implementing SSL is relatively simple and recommended.

    Please follow the following steps:

    Secure Web with your own certificate

    This example assumes that you have already generated self-signed certificates or purchased third-party certificates. If you have not done this and are unsure how to proceed, we've provided some simple examples:

    Note: IOP does not currently support password-protected private keys. You should remove the password from your key before configuring IOP for the certificate.

    Before you begin: Copy your certificates to a new folder

    Copy the server certificate to $IOP_HOME/etc/auth/splunkweb or to your own certificate repository in $IOP_HOME/etc/auth.

    In the following example our web certificate is called myIOPCertificate.pem and our private key is called myIOPPrivateKey.key:

    *nix:

    # cp $IOP_HOME/etc/auth/mycerts/myIOPCertificate.pem $IOP_HOME/etc/auth/mycerts/myIOPPrivateKey.key $IOP_HOME/etc/auth/splunkweb

    Windows:

    copy $IOP_HOME\etc\auth\mycerts\myIOPCertificate.pem $IOP_HOME\etc\auth\splunkweb\
    
    copy $IOP_HOME\etc\auth\mycerts\myIOPPrivateKey.key $IOP_HOME\etc\auth\splunkweb\

    Note: Do not overwrite or delete the existing certificates located in $IOP_HOME/etc/auth/splunkweb/. The certificates at this location are automatically generated upon startup, meaning that any changes you make will be overwritten at startup. Instead, in the next steps, we will rewrite the relevant configuration file to point to your new certificate location.

    Configure IOP to use the key and certificate files

    Note: IOP does not support passwords for private keys, so you must remove the password from the key before using the key to secure Web.

    1. In $IOP_HOME/etc/system/local/web.conf (or any other applicable location, if you are using a deployment server), make the following changes to the [settings]stanza:

    The following is an example of an edited settings stanza:

    [settings]
    enableSplunkWebSSL = true
    privKeyPath = </home/user/certs/myprivatekey.key> Absolute paths may be used. non-absolute paths are relative to $IOP_HOME
    caCertPath = </home/user/certs/mycacert.pem. Absolute paths may be used. non-absolute paths are relative to $IOP_HOME
    

    2. Restart The service:

    # $IOP_HOME/bin/splunk restart splunk service

     

    If you encounter any issue or question, please let us know at support@controlup.com

  • On-Premises Server Installation Fails - "Invalid digital signature"

    The Issue:

    The installation of the on-premises server fails due to invalid digital signature (cab1.cab)

     

     

    The Reason:

    The on-premises server is missing the Digicert Root CA certificate or if you do not have Internet access, or have a restrictive firewall or proxy, setup may be failing to verify the signature because it cannot access the online certificate revocation list (CRL).

    As you can see below screenshot shows our installer is signed and our certificate is signed by Digicert. If you do not have the root certificate you will notice red x.

     

    2017-07-25_1026.png

    The Solution:

    In order to resolve the missing certificate issue, please open the certificates manager (you can launch it from Run -> certmgr.msc).

    Import the Digicert root ca certificate, it is attached to this article, in case you need it (DigiCert.pfx), password: Qa123456.

     

    For more information about a second workaround, checking the CRL settings, please review this blog article  

  • Communication Ports used by ControlUp - On-Premises Mode

    image001.png

     

     

    Source Destination Type Port Details Notes
    ControlUp Console ControlUp Agent TCP 40705 Console to agent communication via the WCF protocol  
    ControlUp Console ControlUp Agent TCP RPC / WMI Only used for agent deployment via the console  
    ControlUp Console VMware vCenter Server TCP 443 Communication with vSphere infrastructure Note 1
    ControlUp Console Citrix XenServer Pool Master / Hosts TCP 80 Communication with XenServer infrastructure (and RRD communications) Note 1
    ControlUp Console Citrix XenDesktop Controllers TCP 80 Communication with XenDesktop infrastructure Note 1
    ControlUp Console ControlUp Monitor TCP 40706 ControlUp Console - Monitor management port  
    ControlUp Console Domain Controllers TCP 389 LDAP communication with Domain Controllers, used for initial login and when adding new computers or new AD connections  
    ControlUp Console ControlUp On-premises Server TCP 443 Communications with ControlUp On-premises Server web services  
    ControlUp Monitor ControlUp Agent TCP 40705 Console to agent communication via the WCF protocol  
    ControlUp Monitor ControlUp Agent TCP RPC / WMI Only used for agent deployment via the console  
    ControlUp Monitor VMware vCenter Server TCP 443 Communication with vSphere infrastructure Note 1
    ControlUp Monitor Citrix XenServer Pool Master / Hosts TCP 80 Communication with XenServer infrastructure (and RRD communications) Note 1
    ControlUp Monitor Citrix XenDesktop Controllers TCP 80 Communication with XenDesktop infrastructure Note 1
    ControlUp Monitor Domain Controllers TCP 389 LDAP communication with Domain Controllers, used for initial login and when adding new computers or new AD connections  
    ControlUp Monitor ControlUp On-premises Server TCP 443 Communications with ControlUp On-premises Server web services  
    ControlUp Monitor Insights On-premises file share TCP RPC \ SMB Writing IOP activity files to the configured file share  
    ControlUp Data Collector VMware vCenter Server TCP 443 Communication with vSphere infrastructure  
    ControlUp Data Collector Citrix XenServer Pool Master / Hosts TCP 80 Communication with XenServer infrastructure (and RRD communications)  
    ControlUp Data Collector Citrix XenDesktop Controllers TCP 80 Communication with XenDesktop infrastructure  
    Browser IOP Server TCP 8000 Web communication to IOP portal  
     ControlUp Monitor SMTP Server TCP 25 Email Alerts  
    Note 1 Used only if Hypervisor / XD site dedicated data collectors are not configured https://support.controlup.com/hc/en-us/articles/207260875#Collector
  • How to disable\Enable On-Premises "Upload"?

    There are situations where the customer moves from cloud to on-premises mode and while he worked with the cloud, he disabled the upload.

    The issue is that the Monitor shows that the upload is disabled.

    2017-04-20_0930.png

    Cloud example, upload is disabled - 

    2017-04-20_0905.png

    The issue is that in on-premises mode, the data upload settings does not have the option to enable back the upload -

    2017-04-20_0906.png

    The solution is to open ADSI edit and change the string manually. The trick is to copy a string which represents "enabled" and paste it in the upload data settings which is at the moment set to disabled.

    Here are the steps:

    1. Stop all monitor services and exit all consoles

    2. Rename the *.v3.xml file to .old on the machine you run the console on (on all consoloe machines). The file is located here: %appdata%\Roaming\ControlUp\Configuration

    3. Open ADSI edit with the settings shown in the screenshot:

    2017-04-20_0909.png

    2017-04-20_0910.png

    4. To copy an "Enabled" string, we need to verify in the console that a specific settings is in fact enabled. In this example I am going to the settings-> agent settings and verify the Auto upgrade is enabled - 

    2017-04-20_0913.png

    In the ADSI edit go to the location presented in the screenshot -

    2017-04-20_0914.png

    Copy the Data String - 

    2017-04-20_0915.png

    2017-04-20_0917.png

    3. Paste the string in the data upload settings. In ADSI edit go to the location presented in the screenshot-

    2017-04-20_0917_001.png

    Paste the string in the data string of the data upload settings - 

    2017-04-20_0918.png

    2017-04-20_0918_001.png

    5. Last step is to start the console, because we renamed the local configuration file, the console will now retrieve new and updated configuration from the LDS. Then start the Monitor so it will retrieve new configuration as well.

    Issue should be solved and now the Monitor will show that it is connected and uploading - 

    2017-04-20_0926.png