On-Premises related articles

  • IOP 'tstats' Error and CU v7.1 On-Prem

    On-Premises customers who have upgraded to ControlUp v7.1.x and IOP v3.x may see occasional 'tstats' errrors. 

    This may be caused by the presence of files named "in_root_folder" in their IOP Activity Files share that is being ingested by the IOP engine. 

    All On-Premises customers on v7.1.x should implement the following fix:

    1) On the Monitor(s) create the reg key HKEY_LOCAL_MACHINE\SOFTWARE\Smart-X\ControlUp\Console\RealTimeStats\

    2) Create a D_WORD "DisableRealTimeStats" with a binary value of 1

    3) Restart the Monitor(s) 

    4) Delete any files in the IOP Activity Files share named "in_root_folder"

    Alternatively, you can also download and import the registry file attached to this article. 

    If you are currently experiencing the 'tstats' error within IOP and you have not installed ControlUp On-Premises v7.1.x, refer to this article for more information.

     If you are currently experiencing the 'tstats' error within IOP and you have installed ControlUp On-Premises v7.1.x, please contact [email protected] for assistance.

     

     

  • Update On-Premises Script Based Actions

    In v7.0 you have added the SBAs to your ControlUp data base. The following explains how to import the latest SBA’s updates:

    1. Download the files located at the bottom of this article. 
    2. Right click the zip files and choose "Properties"
    3. Check the  box that says "Unblock" and click "OK"
    4. Extract the powershell module Import-SBA.zip to a folder on your on-prem server
    5. Copy the ZIP file containing the SBA’s (sba_29052018.zip) to a folder on your on-prem server
    6. Open powershell on your on-prem server and run the following commands (Console should be closed):
      1. Import-Module "Path_to_the_extracted_directory_from_Import-SBA.zip\Sba.PowerShell.dll"
      2. Import-Sba -SourcePath "Path_to_ZIP_file_containing_the_SBA's\sba_29052018.zip"
    7. Once the Console is installed and launched you will see now that the SBAs are up to date.
  • Error in 'tstats' command: you have exceeded your license limit

    When the following Error appears on IOP, there are 4 possible reasons:

    IOP-License.PNG

     

    1. License Violation -  Easy to review, compare their current license with the current usage. Check Introspection report for last few days that it won't pass the actual license, for example, see image below, if the actual license is 200mb it means you are violating it. To check which license you have, go to licenses in Insights (Admin -> Licenses).
      IOP_introsp1.png
    2. Props.conf browserurl Issue - Open the props.conf file located <C:\Program Files\Smart-X\ControlUp Insights\etc\apps\controlup_iop\default> or where your insights install is located.

      Replace the line that reads (should be at line ~682) 
      sourcetype = cuiop:browserurl:header 
      with 
      sourcetype = cuiop:aux2

      Or, Just use the props.conf file attached below.

    3. Index of CSV files - verify that IOP is not indexing anything else rather than something that starts with "cuiop", we had some cases where customers had some CSV files in the activity files folder, that causes a violation.
      For example, see image below, the CSV part caused a repeated license violation (roughly 24 hours after the reset license has expired).IOP_introsp1csv.png
    4. On-Premises customers who have upgraded to ControlUp v7.1.x and IOP v3.x may see occasional 'tstats' errrors. 

      This may be caused by the presence of files named "in_root_folder" in their IOP Activity Files share that is being ingested by the IOP engine. 

      All On-Premises customers on v7.1.x should implement the solution in this article

     

  • Reducing Size for ControlUpDB in SQL

    In ControlUp On-Premises mode a SQL DB named ControlUpDB is used, sometimes it can become very large, the main reason for that is that SQL DB is saving Incidents to be shown in Incident Pane at the Console.

    We have prepared a SQL Script that will address this issue and delete Incidents older than 30 days (the maximum that can be shown via Incidents Pane).

    This does not affect the Log Size or other functionality and does not require restarting any service.

    Please see attached script.

     

     

  • How to Backup IOP Activity Files share

    The ControlUp Monitor service exports the Activity Files to be used by IOP machine to an SMB share. Once IOP recognizes new files it indexes the data within it's own internal database. After the files are indexed they are no longer needed and should be backed up. ControlUp recommends to zip and save them in a different folder/location (i.e NOT in the Activity Files folder).

     Please note:

    1. The script MUST run on the machine running IOP.
    2. The user needed to run the script is an IOP Admin (the original Admin account).
    3. You need 7zip installed or it's command line version 7za.exe
    4. Please go over the /help section.
    5. Download the script at the bottom of this page.

    Example of the Syntax:

    Example of the Outcome (moved and zipped to default folder C:\AFB):

     

    Please Note

    In some cases, you will get an error like this:

    image001.png

    In that case you will need to Line 63 in the script is:
    $IOPRoot = (Get-ItemProperty HKLM: \Software\Microsoft\Windows\CurrentVersion\Uninstall\`{130753CA-A3B0-449A-8FCA-EFEDD73CA1C0`}).InstallLocation

    in order to fix the script Navigate to HKLM:\Software\Microsoft\Windows\CurrentVersion\Uninstall and then to find the current ControlUp Insights Key (see image linked below) and replace the the current Key.

    In this example replace the '130753CA-A3B0-449A-8FCA-EFEDD73CA1C0' with the one in the registry - (38295c6c...)

    ArchivePS__1_.png

  • Remove Users from On-Premises Org

    The solution is to open ADSI edit and remove the users.

    Here are the steps:

    1. Open ADSI edit with the settings shown in the screenshot:

    2017-04-20_0909.png

    2017-04-20_0910.png

    2) Remove the users you no longer wish to see.

    2018-01-03_0837.png

  • Locations where the ControlUp service account is used in ControlUp On-Premises configurations.  

    Location: On-Premises Server – Configured during On-Premises Server installation process.

    • IIS Application Pool services
      • 1_WS.Pool
      • ConfigurationPool
      • HandshakePool
      • IncidentsReporterPool
      • IncidentsViewerPool
      • MasterPool
      • SBAPool
      • UploaderPool
    • ControlUp-LDS service
    • ControlUp Incidents service

    Location: Monitor Settings – Configured during Monitor deployment process.

    • Go to Monitor Settings, highlight the Monitor you want to update, and click “Settings…”

    Location: SQL Server – Configured during On-Premises Server installation process.

    • The account MUST have dbo permissions to the ControlUpDB.
  • Change the AD Group for ControlUp On-Premises Console Access

    Change the AD Group for ControlUp On-Premises Console Access

    When you install ControlUp On-Premises Server you are asked to provide an Active Directory group to manage access to the ControlUp Console. After installation, you may wish to change this group.

     

    The Active Directory group that you chose can be found in the file C:\Program Files\Smart-X\ControlUp Server\Server Settings\ServerSettings.XML located on the On-Premises Server.

    In order to change the group, you must open this file, change the group name, and update the group SID.

    2018-02-06_14-50-58.jpg

     

     

    To find an AD groups SID, open an elevated powershell prompt from a system that has the AD powershell components installed and type the following command: Get-ADgroup <AD Group Name>

  • On-Premises Installation Failed - .Net 3.5 Not Installed

    When attempting to install the V7 On-Premises Server, the installation fails.

     

    If you search for "Return value 3" in the MSI log file you will find the following information above the return code:

     

    MSI (s) (44:F0) [20:13:26:018]: Hello, I'm your 32bit Elevated Non-remapped custom action server.

    CAQuietExec64:  

    CAQuietExec64:  Error: 0x800f0906

    CAQuietExec64:  

    CAQuietExec64:  The source files could not be downloaded.

    CAQuietExec64:  Use the "source" option to specify the location of the files that are required to restore the feature. For more information on specifying a source location, see http://go.microsoft.com/fwlink/?LinkId=243077.

    CAQuietExec64:  Error 0x800f0906: Command line returned an error.

    CAQuietExec64:  Error 0x800f0906: QuietExec64 Failed

    CAQuietExec64:  Error 0x800f0906: Failed in ExecCommon64 method

    CustomAction EnableWindowsFeatures returned actual error code 1603 (note this may not be 100% accurate if translation happened inside sandbox)

    MSI (s) (44:E4) [20:13:45:252]: Note: 1: 2265 2:  3: -2147287035

    MSI (s) (44:E4) [20:13:45:252]: User policy value 'DisableRollback' is 0

    MSI (s) (44:E4) [20:13:45:252]: Machine policy value 'DisableRollback' is 0

    Action ended 20:13:45: InstallFinalize. Return value 3.

    This indicates that the installer was trying to download something it couldn't download since the server was not directly connected to Internet.

    This is usually related to the .NET 3.5 feature since it's not available by default on Windows 2012 and above.

  • ControlUp On-Premises and Insights Installation Video

    The following video displays how to install Controlup on-premises with Insights solution.

    The following components are described:

    1. Installation of the on-premises server
    2. Installation of the Insights on-premises
    3. Installation of the ControlUp Monitor
    4. Installation of the ControlUp Console

     

     

  • Adding & Troubleshooting Insights On-Premises (IOP) Module

     

    In case you have already installed ControlUp On-Premises V7 without the Insights module, you can add it, here is a procedure for that: 

    Note: Before you start, please verify that you have set the correct Activity files shared folder (which you defined during the on-premises Installation wizard) by checking the registry on the ControlUp on-premises application Server.

    Navigate to HKEY_LOCAL_MACHINE\Software\Smart-X\ControlupServer\IOP and verify the ServerName & Shared Folder keys are configured correctly with the IOP server name and the location of the shared folder.

     

    Steps for Installation:

    1. Stop the Monitor service from the ControlUp Console (Settings ->Monitors Settings -> Stop)

    2. Delete Old activity data, which the monitor might created (before having IOP), from the Monitor computer:

    • Delete all entries under: HKEY_USERS\S-1-5-20\Software\Smart-X\ControlUp\HistoricalReportingPackages
    • Delete all content from: C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\ControlUp\CacheActivity

     

     

    3. Install Insights module as explained in the On-Premises Installation Guide v7 (page33) - Click here 

    Important Note: Please make sure the computer account of the IOP server has both read NTFS and share permissions on the file share. (activity files shared folder). Unless changed, the default account is "local system" which should use the computer account to do anything remotely. If you have a service account, then that needs to have read NTFS and Share file permissions.

    4. Please give modify permissions (Both share and NTFS permissions) to the primary AD account defined in the Identity settings of the monitor, on the shared folder of the data activity files.

    5. Verify that the IOP share folder is configured in the SharedFolder registry key on the on-premises server under: HKLM\SOFTWARE\Smart-X\ControlUpServer\IOP

    6. Start the Monitor service using the ControlUp console (or services.msc).

    7. After restarting the monitor, it should be Green and the Data Upload in the Summary Tab should show  “last upload on…” of current time and date.

      

     7. On the IOP side, if the location of the shared activity files folder has changed, or it seems ther IOP is not reading any files from the shared files folder, you need to update the path in the configuration file (inputs.conf) located here - C:\Program Files\Smart-X\ControlUp Insights\etc\apps\controlup_iop\local

    2017-05-04_1414.png

    8. Once the changes are saved in the configuration file, please restart the IOP service

    2017-05-04_1415.png

     

    Changing location of Activity Files Folder (IOP version 2.1)- 

    If you like to change the activity files folder and you are using IOP version 2.1 and above, in Insights go to Settings-> Activity Folder and add a new folder, and disable or remove the old folder.

    The second step is to go to the on-premises server and open the registry and navigate to HKEY_LOCAL_MACHINE\Software\Smart-X\ControlupServer\IOP and verify the ServerName & Shared Folder keys are configured correctly with the IOP server name and the location of the updated shared folder.

    The last step is to restart the Monitor service.

    2017-07-16_0942.png

     

    Please NoteThe Activity Files Folder UNC Share should NOT include $ sign.

     

  • Your Windows user is not authorized to use ControlUp (On-Premises Login Issue)

    The Issue:

    You try to login to the On-Premises ControlUp Real Time Console and receive an error - "Your Windows user is not authorized to use ControlUp" (or the error might be Black Screen instead of splash screen)

     

     

    The Cause:

     

    The issue might be caused by several reasons. 

    To receive more details about the failure, you can look at the login log which is located on the On-Premises server in 

    C:\Program Files\Smart-X\ControlUp Server\Websites\UserManagementService\4.1_WS\user management.log 

     

    The cause of this issue might be one of the following:

    1. License issue 

    If the number of members in the authorized group, defined during the On-Premises server application wizard, as the group which contains the AD users which are allowed to login to ControlUp, cross the number of admins in the license, you will receive this error.

     

    2. AD user or group issue

    The AD user is not part of the authorized group.

    The group or its SID was changed manually in the settings file.

    The AD Group type is universal and not global.

     

    3. Setup Issue

    The authentication method in the IIS is incorrect.

     

    The Solution:

    1. License Issue - 

    As mentioned, the error might indicate the number of members in the authorized AD group is higher than the license permits (The error might be Black Screen instead of splash screen).

    To verify the number of users if the authorized group match the license limit, please follow these steps:

    • Check the license quantity - 

    On the On-Premises server, go to - C:\Program Files\Smart-X\ControlUp Server\Server Settings\<LicenseFileName>.XML 

    In the following example, the quantity is unlimited.

     

    • Check which group you defined during the installation (if you do not remember) -

    On the On-Premises server, go to - C:\Program Files\Smart-X\ControlUp Server\Server Settings\ControlUpServerSettings.XML  

    •  Check the license location and name - 

    • Now that you know the name of the group, check the number of members - 

     

    2. AD user or Group -

    In case the user is not part of the AD group you defined during the installation of the On-Premises application server as the authorized group of admins which can login to ControlUp, you will receive this error.

    To verify the user you logged in with to windows and tried to launch ControlUp with, follow these steps:

    • Verify which user you are logged in with -

    • Verify the the group you chose to use and its members as mentioned above in License Issue solution.
    • Make sure the group is types global and not universal

    In case the group was changed manually in the settings file and only the name was changed and not corresponding SID number, you will receive this error.

    • To verify the group and SID, please follow the steps mentioned above in License Issue solution.

     

    3. Setup Issue - 

    The authentication method in the IIS is incorrect.

    To verify the authentication defined for the On-Premises ControlUp site, follow these steps:

    • Open the IIS manager on the On-Premises server
    • Under the ControlUp site click on Authentication
    • Verify that Windows Authentication is the only one Enabled

     

     

  • ControlUp On-Premises IOP - LDAP Setup

    The first login to ControlUp's On-Premises Insights website is done with user Admin and password changeme.

    You can keep using Insights user but you can also use LDAP authentication.

    In order to define LDAP authentication, first access the configuration page at:

    Go to Admin > Settings > LDAP Configuration > Add LDAP Strategy  

    LDAP Strategy Name - define the configuration name

     

    LDAP connection settings

    Host: Active Directoty Domain Controller computer name

    • Your IOP server must be able to resolve this host (check via nslookup)

    Port: 389 for non SSL, 636 with SSL (636)

    SSL enabled: You must also have SSL enabled on your LDAP server.

    Connection order: 1

    The order in which IOP will query this LDAP server (among enabled servers).

    Bind DN

    If you want a specific user to run the queries, this is the distinguished name used to bind to the LDAP server. In most cases should be left blank.

    Any user can be used to bind (service account is preferred, password does not change)

    For example: CN=IOP LDAP Account,OU=ServiceAccounts,OU=Accounts,DC=controlUp,DC=demo

    If you are not sure how to get these details, go to Active Directory Users and Computers and right click the user and choose properties, then go to attribute editor and look for distinguishedName. (make sure to enable advanced featured under the View menu.

     

    User settings

    User base DN

    Either User settings or Group settings should be applied.

    The location of your LDAP users, specified by the DN of your user subtree. You can specify several DNs separated by semicolons.

    For example: DC=controlup,DC=demo

    User base filter

    Used to filter users. Highly recommended if you have a large amount of user entries under your user base DN. For example, '(department=IT)'

    User name attribute

    The user attribute that contains the username, usually the sAMAccountName, Note that this attribute's value should be case insensitive.

    Real name attribute

    The user attribute that contains a human readable name. This is typically 'cn' (common name) or 'displayName'.

    Email attribute

    The user attribute that contains the user's email address. This is typically 'mail'.

    Group mapping attribute

    The user attribute that group entries use to define their members. If your LDAP groups use distinguished names for membership you can leave this field blank.

     

    Group settings

    Group base DN

    Either User settings or Group settings should be applied, can use both.

    The location of your LDAP groups, specified by the DN of your group subtree. You can specify several DNs separated by semicolons.

    This will describe the group of users authorized to use insights.

    For example: CN=IOP Admins,OU=Groups,OU=Accounts,DC=controlUp,DC=demo

    Static group search filter

    The LDAP search filter used to retrieve static groups. Highly recommended if you have a large amount of group entries under your group base DN. For example, '(department=IT)'

    Group name attribute

    The group attribute that contains the group name. A typical value for this is 'cn' or 'member'.

    Static member attribute

    The group attribute whose values are the group's members. Typical values are 'member' or 'memberUid'. Groups list user members with values of groupMappingAttribute.

    Nested groups

    Controls whether IOP will expand nested groups using the 'memberof' extension. Only check this if you have nested groups and the 'memberof' extension on your LDAP server.

     

    Dynamic group settings

    Dynamic member attribute

    The dynamic group attribute that contains the LDAP URL used to find members. This setting is required to configure dynamic groups. A typical value is 'memberURL'.

    Dynamic group search filter

    The LDAP search filter used to retrieve dynamic groups (optional). For example, '(objectclass=groupOfURLs)'

     

    Advanced settings

    Checkbox:  Enable referrals with anonymous bind only

    Most of our Customers will leave this off. IOP can use referrals with anonymous bind only. You must also have anonymous search enabled on your LDAP server. Turn this off if you have no need for referrals.

    Search request size limit

    Sets the maximum number of entries requested by LDAP searches. The number actually returned is subject to the limit imposed by the LDAP server.

    Search request time limit

    The maximum time limit in seconds to wait for LDAP searches to complete. This should be less than the UI timeout of 30s.

    Network socket timeout

    The maximum amount of seconds to wait on a connection to the LDAP server without activity. As a connection could be a search, this must be greater than the search time limit. Enter -1 for an infinite timeout

  • Black Screen when launching on-premises console

    The Issue:

    You launch the ControlUp Console and get a black screen. 

    After you wait the console opens empty without your configuration.

     

    image025.jpg

     

    The Cause:

    In the license you have specific number of admins allowed. Look in the license, under - Quantity

    During the installation you defined AD Group for Authorized Users - who can login to ControlUp Console.

    The number of users in the group is more than the number in the license file. You might have nested a group in the ControlUp AD Group, and in that group you have more users than defined in the license.

     

    The Solution:

    Please make sure in the ControlUp Authorized AD Group, you define the same number of users defined in the license file under Quantity (of ControlUp admins).

     

  • ControlUp has detected...Using an on-premises Installation Error

    Issue Description:

    User is able to log in to ControlUp Console but receives the error - "ControlUp has detected that your environment is using an on-premises Installation"

    ControlUp1.PNG 

     

    ControlUp2.PNG

     

    The Reason:

    Your organization has installed the ControlUp on-premises server. Once the license is requested, the environment is set to use the on-premises deployment and not the cloud.

    When a user tries to launch a cloud console from the on-premises domain, the cloud console gets rejected.

     

    The Solution:

    Install the on-premises console and not the cloud console. The on-premises console is part of the on-premises installation package. If you do not have it the on-premises console installer, please click here to download it with the installation guide.

    If you have installed the console and it still attempts to connect as a cloud console, please go to KEY_LOCAL_MACHINE\Software\Smart-X\ControlUp\PrivateCloud and Set Dword IsUsingPrivateCloud to 0.

     

  • Upgrading to the new Insights On-Premises

    In order to upgrade to the new IOP (Insights On-Premises) release, please download the installer from here.

    Please save the installer on the IOP server and launch it.

    Select the "Quick Upgrade" option and click on Continue:

    2017-06-29_1437.png

    Agree to the license agreement:

    2017-06-29_1437_001.png

    Make sure the installation path is correct or change it if needed:

    2017-06-29_1437_002.png

    Make sure the activity shared folder path is correct or change it if needed:

    2017-06-29_1437_003.png

    The installation will start once you click Install:

    2017-06-29_1438.png

    An upgrade successfully installed message will appear when the installation finishes:

    2017-06-29_1440.png

  • Most Common IOP Errors

    Not enough CPU/RAM/IOPS

    Error in 'SearchOperator:loadjob': Cannot find artifacts for savedsearch_ident 'admin:controlup_iop:last_seen'.

    IOP-Resources.jpg

     

    Lower than 5gb on the drive IOP is installed and/or where the DB is used

    No results found.

    Could not create search. 

    IOP-Disk_Space.png

    image002.png

     

    Violation/End of Trial - Need Reset/Commercial License

     Error in 'tstats' command: Your Splunk license expired or you have exceeded your license limit too many times. Contact ControlUp Support for assistance.

    IOP-License.PNG

  • Changing The Location & Size of IOP Data base

    By default, the Insights On-Premises (IOP) data base is limited to 512 GB and once you reach that size, the data is overwritten. Please note that if you have less than 5 GB on the drive storing the data base, Indexing and some other functionalities will stop.

    Here are the steps how to change the location and\or size of the data base:

    1. Stop splunkd service on the IOP server
    2. Move the CUIOP folder from: C:\Program Files\Smart-X\ControlUp Insights\var\lib\splunk\cuiop to the desired location (DataModel_Summary folder will be recreated, that is normal)
    3. Copy file Indexes.conf from C:\Program Files\Smart-X\ControlUp Insights\etc\apps\controlup_iop\default to C:\Program Files\Smart-X\ControlUp Insights\etc\apps\controlup_iop\local and Edit it there
    4. On [cuiop] section (only one that is relevant), change $SplunkDB to drive\folder before \cuiop\
    5. Change the Max size of the Index by changing the value of maxTotalDataSizeMB, please note that it is in MB, meaning 512 GB is 512000 MB

    In the following example we changed the limit to 128GB and the location D:\ControlUpIOP\cuiop\db123123.png

    123123123.png

  • SQL Express Setup for On-Premises Mode

    In case you deploy SQL express for on-premises solution, be sure to enable the TCP/IP protocol in the SQL Configuration Manager.

    By default the TCP\IP is disabled and also does not have any port assigned.

    Once you enable the protocol, restart the SQL express service and then in the TCP/IP properties you will see the port number, before the restart the port is zero.

    After finishing the protocol and port setup, continue with the On-Premises installation wizard.

  • After IOP upgrade the reports are empty

    The Issue:

    After an IOP (Insights On-Premises) upgrade, all reports return an error

     

    The Cause:

    In rare scenarios the upgrade might cause cleanup of indexed data and rebuild is necessary to create the available data sets.

     

    The Solution:

    Please go to the data model settings and rebuild your data sets accelaration.

    To reach the data model settings page, type your Insights URL and add manager/search/data_model_manager

    For example: http://servername.domain.com:8000/en-US and to it add manager/search/data_model_manager

    http://servername.domain.com:8000/en-US/manager/search/data_model_manager

     

    Once you reach the settings page, please click on rebuild for each report's data set.

    The rebuild takes few minutes, check the Insights reports after 30 minutes.

     

  • Authorization Failed (On-Premises Login Issue)

    The Issue:

    You cannot login to ControlUp Real Time Console in an On-Premises mode environment.

    The message you receive is - "Authorization Failed"

     

    The Solution:

    It appeared that the password for the two service accounts that needed to run the ControlUp services were expired. So, AD was not letting them to run the services. 

    You can verify if this is indeed the case, if you try to restart the ControlUp services and they do not start back - 

    ControlUp Incidents

    ControlUp-LDS

     

     

    To receive more details about the failure, you can look at the login log which is located on the On-Premises server in C:\Program Files\Smart-X\ControlUp Server\Websites\UserManagementService\4.1_WS\user management.log 

     

    If the following errors appears -

    ERROR|Error in BaseResponse. |UserManagement.Exceptions.UserManagementException: Failed to bind to organization permissions group 'AD Group Name'

    It means the issue is with the group, the AD group you assigned as the group for users who can login to ControlUp Console.

    The group needs to be a Security Global group.

    And then group and SID needs to match in the server settings file, located here - "C:\Program Files\Smart-X\ControlUp Server\Server Settings\ControlUpServerSettings.xml"

    How do I get the SID? click here for additional information.

     

  • On-Premises Script Error - "The Primary File...model database"

    The issue:

    Error message: "The primary file must be at least X MB to accommodate a copy of the model database" (1024 in this example, it depends on the environment setup)

     

     

    The Reason:

    When DB is created it uses the Model DB as template, the model DB is a built in system database in SQL.

    In our ControlUp On-Premises data base creation script, we use:

    DECLARE @dbDataFileSize VARCHAR(10) = 50

     2017-02-23_1417.png

     

    The Resolution:

    Please right click the Model DB and go to properties -> Files and check the initial size (MB)

     Model-DB-SS.JPG

    Then edit the SQL script the On-Premises wizard created, Line 30, edit the value and change it from 50, in this example as you see the Initial size is 128MB, so in the script change it to 129MB, and that will resolve the issue.

  • The Incidents Pane Is Currently Offline (On-Premises Mode)

    The Issue:

    The Incidents pane is not available and seem to be offline.

     

     

    The Cause:

    There is a connection issue between the On-Premises application server and the SQL server storing the ControlUp data base.

     

    The Solution:

     

    1. Check if the ControlUp Incidents service is up and running

     

    2. Test the connection between the On-Premises server and the SQL server, using the ODBC utility.

     

    3. Open the regedit.exe on the On-Premises server and check the SQLConnectionString. The string is encrypted and in order to decrypt it, please contact [email protected] in order to receive the decryptor utility.

  • On-Premises Troubleshooting - Handshake Service Error

    The Issue:

     

    During first login to the On-Premises ControlUp Real Time Console you receive an error - "An error occurred while getting the user management service URL..."

     

     

    The Cause:

    The console tries to connect to the on-premises server, specifically to the IIS and fails.

    The core of the on-premises server is based on the IIS internal site we add during the on-premises server installation and if the IIS is not available, you will not be able to login.

     

    The Solution:

     

    The main issue here is that the IIS application pools were not defined correctly with the service account (you chose during the installation wizard of the on-premises application server) or Controlup certificate is not bind correctly.

    During the on-premises installation, the IIS role is added and both the binding of the site and the application pools identity property, are defined during the installation wizard.

     

    In order to troubleshoot the issue and verify the configuration is correct, please follow these steps:

     

    1. When you have an issue to login, you can refer to the relevant log file, in order to understand better the issue, the log file is located in the service folder, on the on-premises server, under: c:\program files\smat-x\controlup server\webapps

    UsermanagementService folder or HandshakeService folders wil lnotify you if there is a login issue.

    Other services - IncidentsReporterService and IncidentsViewerService are responsible to read and write incidents to and from the ControlUp database. If you have a SQL connection issue, you will see the error in those logs.

     

     

     

    2. Make sure the ControlUp services are running as expected and the "log On As" property is defined with the correct service account (same service account you defined during the installation)

    3. Please open the IIS manager (go to start->run and type Inetmgr)

    Check under the application pools, the identity configuration, it should show the service account you defined during the on-premises application server installation wizard.

     2017-03-20_1707.png

    4. Check the binding of the Controlup site, see below screenshot - 

    Focus on the Controlup site, click on Binding -> Edit

     

    5. To check the license and settings files, go to the on-premises server, under c:\program files\smart-x\controlup server\server settings (for more information regarding license troubleshooting, refer to the article - Your windows user is not authorized to use controlup)

     

    ** If any of the details above did not help or you see a difference between your configuration and the configuration presented in the article, and you do not know how to fix it, please contact our support at [email protected]

     

     

  • On-Premises Handshake Error - .Net Registration Issue

    The Issue:

    Cannot login to Controlup On-Premises Console and receive an error message which flickers when you hover over the red icon.

    2017-03-15_15-52-38.png

    2017-02-20_15_58_00-Desktop_LBS_AD_-_Desktop_Viewer__1_.png

     

    The Reason:

    The .net framework was installed before we add the IIS role and the registration of the .net framework failed.

    This issue will be resolved in version 7 of on-premises server release.

     

    The Solution:

    Please open CMD as admin and execute the following command: 

    %windir%\Microsoft.NET\Framework64\v4.0.30319\aspnet_regiis.exe -I

     

  • On-Premises - Service Unavailable

    The Issue:

     

    You try to launch the console and receive the following error:

     

    2018-01-18_1432.png

    The Cause:


    The IIS application pools are not available.

    2018-01-18_1433.png

     

    The Solution:

     

    It happens that the service account's (used during the on-premises installation) password change (e.g every 3 months policy).

    When the service account's password change the application pool cannot be started.

    To resolve the issue you need to change the password for each application pool, and then restart the IIS service, for example:

     

    2018-01-18_1435.png

     There are cases where you will need to add the service account to the  Performance Log Users local group of the ControlUp Server On-Premises, in order for the service account to be able to start the application code.

  • How to move the on-premises ControlUp database?

    There are situations where the ControlUp database needs to be moved from one SQL server to another.

    In order to move the database, you need to take the database backup and import it on the new SQL server. (that is done by the organization's DBA)

    In detail this process will look similar to this:

    1. Login to the SQL Manager console on the origin server.

    2. Locate the ControlUpDB.

    3. Right click and select “Tasks\Backup” from the menu.

    12311.png

    4. This will launch the DB Backup utility.

    12312333.png

    5. Configure desired options (path, file name, etc) and click “Ok” to perform the backup process.

    6. Copy the .bak file you created to the destination server.

    7. On the destination server launch SQL Management Console

    8. Right click on “System Databases” and select “Restore Database”

    221.png

    9. Configure the Restore wizard to target the .bak file you created and run the DB restore

     

    2211.png

     

    Once the database is moved, the SQL connection string (the SQL details defined during the on-premises server application wizard) need to be edited.

    Here are the steps:

    1. On the on-premises server, open regedit.exe and go to the key presented in the following screenshot - 

    2017-04-20_0938.png

    2. As you can see the connection string is encrypted. In order to decrypt it, download the EncryptDecryptTool.zip attached to this article.

    3. Please copy the tool to the on-premises server and launch it. (The tool works only on the on-premises server)

    2017-04-20_0946.png

    4. Take the encrypted string and paste it to the tool and click decrypt - 

    2017-04-20_0940.png

    5. Then edit the connection details in notepad - 

    2017-04-20_0949.png

    6. Relaunch the tool and paste the new details and encrypt the string -

     2017-04-20_0952.png

    6. Copy and paste the new encrypted string to the registry key and click OK - 

    2017-04-20_0952_001.png

    7. Once you are finished with the registry update, reboot the On-Premises Server, and you are done -

     

     

  • Script Based Actions for On-Premises Mode (SBA's)

    Until now script based actions were available only for the online customers, now you can import it to your data base and enjoy all community scripts. If you do not import the SBAs, you will receive an error in the console once you launch it. This is a temporary solution, we will implement the SBAs in the server installation wizard in future release.

    The script is part of version 5 package and should be used only in version 5 on-premises implementations.

    If for any reason, you do not have it, here is a link to download the SBA script

    In order to import the script –

    1. Save the importData.sql script on your SQL server (the script is stored in the “Import SBA DB” folder)
    2. Run it in SQL studio and make sure to define the correct path of the data base backup file (sbadata.bak) and path log.
    3. Once the script finished you will find the scripts in the ControlUp Console under Organizational Scripts in the Script Based Actions

     

  • Send An E-mail Alert (On-Premises Mode)

    In On-Premises mode the follow-up action "Send an e-mail alert" needs to be defined in the on-premises application server's registry.

    When you create a trigger alert with the follow-up action "Send an e-mail alert", the e-mail is sent from our cloud servers, in the Online Mode. But in On-Premises Mode which functions only locally, the administrator needs to define his local SMTP server in order for this follow-up action to work.

     

    In order to define your local SMTP server, please open the regedit.exe on the On-Premises server and go to HKEY_LOCAL_MACHINE\SOFTWARE\Smart-X\ControlUp\SMTPSettings and define the needed details, such as:

    SenderEmail, ServerName, EnableSSL, Port etc.

     

  • On-Premises daily quota data base update

    The Issue:

    Each ControlUp customer receive a daily quota of 1000 incidents per day.

    In case you crossed the quota, you will notice a red message in the Incidents pane, telling you that you have crossed the daily limit of incidents.

     

     

    The Solution:

    Online customers should follow this article to resolve the issue - Exceed the daily quota of 1000 incidents

    On-Premises users can update the daily quota limit by themselves.

    In order to update the limit, please open the SQL studio on the ControlUp data base server and run the following script - 

    Use ControlUpDB

    go

    UPDATE IncidentOrganizations

    SET MaxIncidentsPerDay = 100000, PenaltyDateUtc = NULL

    WHERE OrganizationId ='e5abf1de-4d91-4357-8c68-e6e99aae5802'

    go

     

    Another option is to manually update the limit in the SQL studio as presented in the following screenshot -