• IOP 'tstats' or 'litsearch' Error and CU v7.1 On-Prem

    On-Premises customers who have upgraded to ControlUp v7.1.x and IOP v3.x may see occasional 'tstats' errrors. 
    This may be caused by the presence of files named "in_root_folder" in their IOP Activity Files share that is being ingested by the IOP engine. IOP-License.PNG

    All On-Premises customers using v7.1.x should implement this fix:

    1) On the Monitor(s) and consoles please create the reg key HKEY_LOCAL_MACHINE\SOFTWARE\Smart-X\ControlUp\Console\RealTimeStats\
    2) Create a D_WORD "DisableRealTimeStats" with a binary value of 1
    3) Restart the Monitor(s), relaunch the Consoles
    4) Delete any files in the IOP Activity Files share named "in_root_folder"

    Alternatively, you can also download and import the registry file attached to this article. 

    If you are currently experiencing the 'tstats' error within IOP and you have not installed ControlUp On-Premises v7.1.x, refer to this article for more information.
    If you are currently experiencing the 'tstats' error within IOP and you have installed ControlUp On-Premises v7.1.x, please contact support@controlup.com for assistance.



  • TimeStamp Patch for Insights On-Premises (IOP)

    Important Notes:
    1. This article is for ControlUp On-Premises customers only!
    2. This patch only applies to IOP 3.5 and below.

    The Issue

    Beginning of January 1, 2020, un-patched IOP instance may be unable to recognize timestamps from events where the date contains a two-digit year. This means data that meets these criteria will be indexed with incorrect timestamps. While we do not expect any issues due to the fact we use epoch time, we recommend patching as a precautionary measure.

    The Solution

    To implement the new TimeStamp Patch for the IOP.

    Please download an updated version of datetime.xml and apply it to your IOP server

    After you download the file, you must apply it directly over the existing datetime.xml file using the following procedure. You must apply the updated file to all affected On-Premises IOP instances prior to January 1, 2020.
    If not applied, you may experience timestamp recognition problems from that point forward.

    1. Download the "datetime.xml" timestamp recognition file from here.
    2. Save it on your ControlUp Insights On-Premises server.
    3. On each IOP instance, do the following:
      • Using your operating system file management utilities, copy the updated datetime.xml from the location where you downloaded it to the $IOP_HOME/etc directory (i.e. c:\program files\smartx\controlup insights\etc) on the IOP platform instance.
        Note: Ensure that the updated file overwrites the existing file.
      • Confirm that the new datetime.xml has been written to the $IOP_HOME/etc directory.
      • Restart the IOP platform.

        Your IOP platform instance is now patched!
  • Setting up a Schedule Task for Backing Up IOP Activity Files.

    Following the How to Backup IOP Activity Files share article; 

    In this article, we'll do a walkthrough on how exactly to set up the backup script as a scheduled task in your Insights machine so the activity file share will be over-sized or taking all of the disk space. 

    NOTE - This article is for On-Premises customers only.


    1. The script MUST run on the machine running IOP (InsightsOnPrem)
    2. The user needed to run the script is an IOP Admin (the original Admin account).
      • The password should not contain a $doller sign. 
    3. You need 7zip installed or it's command line version 7za.exe (downloadable via this link). 
    4. Download the script at the bottom of this page.


    1. Press the Windows + R keys on your keyboard to open Run (or use Start), and then type taskschd.msc in the open field.
    2. Right-click 'Task Scheduler Library' and choose 'Create Task'.
    3. In the newly opened window we'll fill out the following in the General tab; 
      1. Task Name - this name will be displayed as the task name.
      2. Description - a short detailed description so colleagues will know that it's used by ControlUp. 
      3. Select the 'Run whether user is logged on or not' 
      4. Mark the 'Run with highest privileges
      5. You can configure the task to be coded to your local OS.
    4. In the Triggers tab, click New.
      1. In this guide, we'll use Daily at midnight but you can configure it based on the available size of the disk. Every Sunday is also good and the task will re-occur every day\week.
    5. In the Actions tab, click New.
      1. In Action, select the 'Start a program' option
      2. Program/script will be 'PowerShell'
      3. Add arguments will be based on your choosing. The script holds a Synopsis which explains which methods you can use. In this example, I choose the syntax that creates the zip files in a remote location and then removes the original files to save space in the backup directory This is the command: 
        C:\Archive-Files.ps1 -username admin -password P@ssw0rd -DeleteSource 
      4. Start in is optional but over here since the script is located in C:\, I've placed it as a pointer. 
    6. Press OK and you'll be prompted to enter the credentials of the service account\other AD account the task will run as. 

    Once done, you can right-click the task and Run to test the task integrity.


  • Monitor Error: "Error with saving file to local disk"

    ControlUp Monitor uses the interactive logon and impersonates as the AD account it's set to run with in order to perform the following tasks -

    1. Writing Activity files to disk (for On-Premises deployments only)
    2. Writing CSV to disk when using the Export Schedule feature

    To allow this, the AD account that the monitor is using in its settings must be granted with the Allow log on locally security policy setting.
    For On-Premises customers, it's best practice to have the activity files folder locally on the monitor machine so the security settings should be assigned to the same machine.

    Example #1: You've configured the Monitor on machine A to export CSVs to machine B. 
    Machine B will need the interactive logon rights for the AD account the monitor is using. 

    Example #2: (for On-Premises) You've configured the Monitor on machine A to write the activity files to a folder on the same machine. A. 
    Machine A will need the interactive logon rights for the AD account the monitor is using

    Example #3: (for On-Premises) You've configured the Monitor on machine A to write the activity files to a folder that resides on machine B. 
    Machine B will need the interactive logon rights for the AD account the monitor is using.  


    Troubleshooting steps available if the following terms are met- 

    • The Monitor is showing red in the Console. 
    • The Monitor is experiencing issues writing the Activity Fils into the SMB dedicated share. 

    The Cause:

    There could be a couple of reasons which each is different-

    1. The drive that the Activity Files folder resides on, has a disk space issue. (for On-Premises) 2019-05-22_10-00-27.png
    2. The configured Activity Files folder path is invalid\moved\removed so the Monitor can't find it.2019-05-22_09-32-56.png
    3. The AD account that the Monitor is using, doesn't have the right permissions.2019-05-22_14-01-57.png

    The Solution:

    (numbered according to the previous section)

    1. Locate the Activity Files folder. The disk that it resides on, it's probably is out of space. 

    • If you do not know the exact location of the folder, you can see it in the Insights website by going into Admin > Settings > Activity Folder.
      • Another option is to go to the OnPrem server - go to > Registry Editor > HKEY_LOCAL_MACHINE\SOFTWARE\Smart-X\ControlUpServer\IOP and there you'll have the 'SharedFolder' key. The path in that key will be the location of the Activity Files folder.
    • Refer to the How to Backup IOP Activity Files share article to move, zip & clean the folder. 
    • As a temporary option, add space to the disk, and then the monitor will continue to write files there. NOTE that the folder will keep growing unless you maintain it properly. More information can be found here Managing IOP Activity Files folder

    2. Re-create the Activity Files folder and assign the right permissions.

    3. Verify that the AD account that the monitor is using has the permission it requires. 


    If you have any further questions or need further assistance, contact us at support@controlup.com




  • IOP (Insights On Premise) - No data after drilling down

    The Issue: 

    Customers that have upgraded IOP recently, most reports are working correctly under 'Entire Organization' but when drilling down, shows no data.

    The Cause:
    When ControlUp release new IOP versions, we sometimes change some parameters or other parts of the code, Chrome (or FireFox) saves cache for better performance of the older version.

    The Solution:

    1. If using Chrome -
      • just open the Chrome Dev Tools by pressing F12. Once the chrome dev tools are open, just right click on the refresh button and a menu will drop down. Choose "Empty Cache and Hard Reload"
    2. If using FireFox - 
      • Hold down Ctrl and click the Reload button.
      • Or, Hold down Ctrl and press F5.
  • Authorization Failed: Cannot Log In to Console

    When a user launches the Console they may get the following error message: 

    Authorization Failed: ControlUp Server was unable to validate the group membership of your user account. Please make sure that the security group configured for ControlUp access in Active Directory is in place or contact support@controlup.com for further assistance. 


    First, check the troubleshooting steps in the article: Your Windows user is not authorized to use ControlUp (On-Premises Login Issue)

    If you have checked all these steps and you're still unable to log in to the Console, check the User Management log located on the ControlUp On-Premises server in the following location: 

    "C:\Program Files\Smart-X\ControlUp Server\WebApps\UserManagementService\7_WS\UserManagementService.log"

    Check the errors at the bottom of the log. If you see the group listed: 'ControlUp_PrivateCloudMembers' then the issue is that your service account is unable to read the contents of the file: "C:\Program Files\Smart-X\ControlUp Server\Server Settings\ControlUpServerSettings.xml" 

    To resolve, make certain that your ControlUp service account has Read & Execute permissions to the ControlUpServerSetting.xml that defines the ControlUp User group, then perform an IISRESET. 


  • Configuring a dedicated username for the CU SQL DB

    In SQL, the semicolon character is a statement terminator. It is a part of the SQL-92 standard.

    We've seen users in On-Premises deployment that are using semicolon in the username or password. Because of that, the string to the SQL DB is down and it cancels the link to the SQL.

    There should be no semicolon in the password or username that you use for the SQL. 



  • Setting an alert for the On-Premises Monitor that isn't writing files to Activity folder

    For OnPrem customers who use Insights (IOP), their Monitor generates files into the Activity files folder and then they get indexed into the IOP database. In case the monitor stops exporting real-time data files, we offer an alert that can be setup (for hybrid cloud customers we have such alert defined on our side which alerts when the monitor stops uploading data).

    The following script / scheduled task will send an e-mail alert to pre-configured recipients. 

    In order to define the alert (scheduled task) which will run every 30 minutes, and will execute the script with a delay of 45 minutes, please follow these steps:

    1. Please download the PowerShell script that is attached to the bottom of this article. (name: activity_files_health.ps1)
    2. Place the script on the machine where the Activity Files Shared Folder is located. 
    3. NOTE: by editing it with notepad++ for example, you can read the script's help and examples. (or Get-help in PS)
    4. Open Task Scheduler > create new scheduled task as the example below:
      • Define a name 
      • Run after user logon (Run whether user logged on or not)
      • Run with highest privileges 
        Set a daily schedule to repeat every 30 minutes
        Define an action which will start PowerShell.exe
    • Add an argument (which explained below)
    • Add start path
      In the actions tab, the argument field is very important. As you can see in the argument, the script is located in c:\code, the path may change according to your setting
    • If you look at the argument, in the powershell script help\example -  
      • The delay is 45 minutes, the address from and to are defined and the subject of the email is also there and can be defined as you like, and finally you define which SMTP server to use. (if user and password is needed, in the script you will find an example with that syntax).
    • Define the conditions according to your needs
    • Define the settings according to your needs
      An event in the event viewer is written (successful and when there was an issue) in the application log.



  • Update On-Premises Script Actions

    The following explains how to import the latest SA’s updates to your ControlUp On-Premises Console:

    1. Download the SA Package from here - Link 
    2.  Copy the file to your On-Premises Server.
      • Right-click the file and choose "Properties".
      • Check the box that says "Unblock" and click "OK".
    3. Extract the ZIP file.
    4. 'Edit' the file and verify that the DB name is exactly as the one you used durning the installation.
    5. Open Programs and Features on your on-premises server
    6. Locate the ControlUp Server > Change
    7. Click Update SBAs > Choose the extracted file.


    Manual update of the Script via SQL Studio

    Another option is to run the .sql script linked below, just run it against the ControlUpDB in SQL DB, it will truncate the entire SA directory and replace it with the new versions of the Scripts.

  • Error in 'tstats' or litsearch Command: License Limit Was Exceeded - IOP 8.x


    If there is an issue with your Insights license, one of the following messages appear:


    This may due to the following reasons:

    1. License Violation - This may be because the daily indexing volume exceeds the license allowance or due to the expiration of the license.
      In the example below, the maximum daily index volume hit 214MB on one of the days in the week. 
      View your license to see if your indexing volume exceeded your allowance.
      To view your license, go to Settings in the Admin section of Insights and select License, and your license information appears.

      Standalone Mode


      Cluster Mode



      Note: If you have a problem accessing the enterprise Enterprise License Group screen, you might need to open incoming traffic to the IOP master node on port 8080.


      To increase your license's maximum volume, contact support@controlup.com

    2. CSV Files Index - Verify that Insights is not indexing anything other than files that starts with 'cuiop'.
      In the example below, the CSV element caused a repeated license violation roughly 24 hours after the reset license has expired.IOP_introsp1csv.png
      Another way to diagnose the issue is to search |tstats count by sourcetype in the Insights search in the top left corner for the previous 24 hours' activity. This displays the sourcetypes that Insights has indexed and shows what type of file is causing the issue.
      For more assistance, contact support@controlup.com with a screenshot of the search.

    Adding a New License

    To add a new license in standalone mode:

    1. From the Insights screen, click Settings, and the the Settings screen appears.
    2. From the Licensing tab, click Add License and the Add License popup appears.
    3. Click Choose File and select your license. Click Install, and a popup appears to confirm that the license was properly installed.

    Once the new license is installed, Insights must be restarted. See below for more details.

    To add a new license in cluster mode:

    1. From the Insights screen, click Settings, and the the Settings screen appears.
    2. From the Licensing tab, click here, and the Add the Enterprise License Group screen appears.
      Note: If you have a problem accessing the enterprise Enterprise License Group screen, you might need to open incoming traffic to the IOP master node on port 8080.  
    3. Click Add License and then Choose File to select your license. Click Install, and a popup appears to confirm that the license was properly installed.

    Once the new license is installed, Insights must be restarted. See below for more details.

    To restart Insights:

    1. From the Settings screen, select the Maintenance Task tab and click Restart, and confirmation screen appears.
    2. Click OK, and Insights restarts with your new valid license.
  • Reducing Size for ControlUpDB in SQL

    In ControlUp On-Premises mode a SQL DB named ControlUpDB is used, sometimes it can become very large, the main reason for that is that SQL DB is saving Incidents to be shown in Incident Pane at the Console.

    We have prepared a SQL Script that will address this issue and delete Incidents older than 30 days (the maximum that can be shown via Incidents Pane).

    This does not affect the Log Size or other functionality and does not require restarting any service.

    Please see attached script.



  • Moving from Hybrid Cloud to On-Premises

    Moving to On-Premises installation will cause a loss to some of ControlUp's Hybrid Cloud features and you will need to arrange additional resources to your network infrastructure. Please review the On-Premises Installation Prerequisites article.

    Visit the following article to learn more about ControlUp modes, the deployment and Feature Comparison Matrix chart -> ControlUp Modes

    **Make sure to contact your sales person and inform him of this decision as license will need to be changed**. 

    Moving to On-Premises will require these following steps:

    • If you wish to keep the current organization name, you will need to save the current configuration file which is located in %appdata%\ControlUp\Configuration folder. Usually the files extension will be *.v4.xml
    • If you want to create a new organization you will need to do the following: 
      • Issue a new organization name.
      • Remove ControlUp Agents from all machines.
    • Contact your account manager or ControlUp Support and inform them that you'll need a On-Premises license file. 
    • New dedicated servers as instructed in installation prerequisites article:
      • On-Premises Server
      • IOP Server
      • SQL Instance or Server

     After completing all of the above:

    1. Remove all agents (ONLY if a new org is being created)
    2. Uninstall the Monitor
    3. Uninstall the Console

    Then install ControlUp On-Premises using installation guide.

    *When installing the Console, best practice is the assign a dedicated AD group as "Owner". If assigning a user, that user will be "Owner" of that organization. 

  • Remove Users from On-Premises Org

    The solution is to open ADSI edit and remove the users.

    Here are the steps:
    1. Open ADSI edit with the settings shown in the screenshot:2017-04-20_0909.png2017-04-20_0910.png2) Remove the users you no longer wish to see.2018-01-03_0837.png

  • Locations where the ControlUp service account is used in ControlUp On-Premises configurations.  

    Location: On-Premises Server – Configured during On-Premises Server installation process.

    • IIS Application Pool services
      • 7_WS.Pool
      • ConfigurationPool
      • HandshakePool
      • IncidentsReporterPool
      • IncidentsViewerPool
      • MasterPool
      • SBAPool
      • UploaderPool
    • ControlUp-LDS service
    • ControlUp Incidents service

    Location: Monitor Settings – Configured during Monitor deployment process.

    • Go to Monitor Settings, highlight the Monitor you want to update, and click “Settings…”

    Location: SQL Server – Configured during On-Premises Server installation process.

    • The account MUST have dbo owner permissions to the ControlUpDB.
  • Change the AD Group for ControlUp On-Premises Console Access

    Change the AD Group for ControlUp On-Premises Console Access.
    When you install ControlUp On-Premises Server you are asked to provide an Active Directory group to manage access to the ControlUp Console. After installation, you may wish to change this group. 

    The Active Directory group that you chose can be found in the file C:\Program Files\Smart-X\ControlUp Server\Server Settings\ServerSettings.XML located on the On-Premises Server.
    In order to change the group, you must open this file, change the group name, and update the group SID:2018-02-06_14-50-58.jpgTo find an AD groups SID, open an elevated powershell prompt from a system that has the AD powershell components installed and type the following command: Get-ADgroup <AD Group Name>

  • On-Premises Installation Failed - .Net 3.5 Not Installed

    The Issue:
    When attempting to install the V7 On-Premises Server, the installation fails.
    If you search for "Return value 3" in the MSI log file you will find the following information above the return code: 
    MSI (s) (44:F0) [20:13:26:018]: Hello, I'm your 32bit Elevated Non-remapped custom action server.
    CAQuietExec64:  Error: 0x800f0906
    CAQuietExec64:  The source files could not be downloaded.
    CAQuietExec64:  Use the "source" option to specify the location of the files that are required to restore the feature. For more information on specifying a source location, see http://go.microsoft.com/fwlink/?LinkId=243077.
    CAQuietExec64:  Error 0x800f0906: Command line returned an error.
    CAQuietExec64:  Error 0x800f0906: QuietExec64 Failed
    CAQuietExec64:  Error 0x800f0906: Failed in ExecCommon64 method
    CustomAction EnableWindowsFeatures returned actual error code 1603 (note this may not be 100% accurate if translation happened inside sandbox)
    MSI (s) (44:E4) [20:13:45:252]: Note: 1: 2265 2:  3: -2147287035
    MSI (s) (44:E4) [20:13:45:252]: User policy value 'DisableRollback' is 0
    MSI (s) (44:E4) [20:13:45:252]: Machine policy value 'DisableRollback' is 0
    Action ended 20:13:45: InstallFinalize. Return value 3.

    This indicates that the installer was trying to download something it couldn't download since the server was not directly connected to Internet.
    This is usually related to the .NET 3.5 feature since it's not available by default on Windows 2012 and above.

  • Adding & Troubleshooting Insights On-Premises (IOP) Module

    In case you have already installed ControlUp On-Premises V7 without the Insights module, you can add it, here is a procedure for that: 


    1. Please verify that you have set the correct Activity files shared folder (which you defined during the on-premises Installation wizard) by checking the registry on the ControlUp on-premises application Server.
    Navigate to HKEY_LOCAL_MACHINE\Software\Smart-X\ControlupServer\IOP and verify the ServerName & Shared Folder keys are configured correctly with the IOP server name and the location of the shared folder. 2. Stop the Monitor service from the ControlUp Console (Settings ->Monitors Settings -> Stop)
    3. Delete Old activity data, which the monitor might created (before having IOP), from the Monitor computer:

    • Delete all entries under: HKEY_USERS\S-1-5-20\Software\Smart-X\ControlUp\HistoricalReportingPackages
    • Delete all content from: C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\ControlUp\CacheActivity

    1. Computer account of the IOP server - Reading permissions on both NTFS and Security on the file share. (activity files shared folder). 
    2. User Running the Monitor (primary AD account defined in the Identity settings of the monitor) - Read & Write permissions on both NTFS and Security on the file share.

    1. Install Insights module as explained in the On-Premises Installation Guide v7 (page33) - Click here 
    2. Start the Monitor service using the ControlUp console (or services.msc).
    3. After restarting the monitor, it should be Green and the Data Upload in the Summary Tab should show  “last upload on…” of current time and date. (only after 30 minutes)  4. On the IOP side, if the location of the shared activity files folder has changed, or it seems like IOP is not reading any files from the shared files folder, you need to update the shared folder path:
    - either from the UI Itself: Settings-->Activity Folder
    or using the configuration file (inputs.conf) located here - C:\Program Files\Smart-X\ControlUp Insights\etc\apps\controlup_iop\local2017-05-04_1414.png5. Once the changes are saved in the configuration file, please restart the IOP service2017-05-04_1415.png Please NoteThe Activity Files Folder UNC Share should NOT include $ sign.



  • Your Windows user is not authorized to use ControlUp (On-Premises Login Issue)

    The Issue:
    You try to login to the On-Premises ControlUp Real Time Console and receive an error - "Your Windows user is not authorized to use ControlUp" (or the error might be Black Screen instead of splash screen) The Cause:
    The issue might be caused by several reasons. 
    To receive more details about the failure, you can look at the login log which is located on the On-Premises server in:
    C:\Program Files\Smart-X\ControlUp Server\Websites\UserManagementService\4.1_WS\user management.log  

    The cause of this issue might be one of the following:

    1. License issue -
    If the number of members in the authorized group, defined during the On-Premises server application wizard, as the group which contains the AD users which are allowed to login to ControlUp, cross the number of admins in the license, you will receive this error. 

    2. AD user or group issue - 
        - The AD user is not part of the authorized group.
        - The group or its SID was changed manually in the settings file.
        - The AD Group type is universal and not global. 

    3. Setup Issue - 
    The authentication method in the IIS is incorrect. 

    The Solution:

    1. License Issue - 
    As mentioned, the error might indicate the number of members in the authorized AD group is higher than the license permits (The error might be Black Screen instead of splash screen).
    To verify the number of users if the authorized group match the license limit, please follow these steps:

    - Check the license quantity: 
    On the On-Premises server, go to - C:\Program Files\Smart-X\ControlUp Server\Server Settings\<LicenseFileName>.XML In the following example, the quantity is unlimited.- Check which group you defined during the installation (if you do not remember):
    On the On-Premises server, go to - C:\Program Files\Smart-X\ControlUp Server\Server Settings\ControlUpServerSettings.XML  - Check the license location and name:Now that you know the name of the group, check the number of members

    2. AD user or Group -
    In case the user is not part of the AD group you defined during the installation of the On-Premises application server as the authorized group of admins which can login to ControlUp, you will receive this error.
    To verify the user you logged in with to windows and tried to launch ControlUp with, follow these steps:

    • Verify which user you are logged in with -
    • Verify the the group you chose to use and its members as mentioned above in License Issue solution.
    • Make sure the group is types global and not universal

    In case the group was changed manually in the settings file and only the name was changed and not corresponding SID number, you will receive this error.

    • To verify the group and SID, please follow the steps mentioned above in License Issue solution. 

    3. Setup Issue - 
    The authentication method in the IIS is incorrect.
    To verify the authentication defined for the On-Premises ControlUp site, follow these steps:

    • Open the IIS manager on the On-Premises server
    • Under the ControlUp site click on Authentication
    • Verify that Windows Authentication is the only one Enabled


  • ControlUp On-Premises IOP - LDAP Setup

    The first login to ControlUp's On-Premises Insights website is done with user Admin and the password configured for the root user. You can keep using the Insights user but you can also use LDAP authentication.
    To define LDAP authentication, first access the configuration page:
    Go to Admin > Settings > LDAP Configuration > Add LDAP Strategy  
    LDAP Strategy Name - define the configuration name 

    LDAP connection settings
    Host: Active Directory Domain Controller computer name:
    Your IOP server must be able to resolve this host (check via nslookup)

    Port: 389 for non SSL, 636 with SSL (636)
    SSL enabled: You must also have SSL enabled on your LDAP server.

    Connection order: 1
    The order in which IOP queries this LDAP server (among enabled servers).

    Bind DN
    If you want a specific user to run the queries, this is the distinguished name used to bind to the LDAP server. In most cases this field should be left blank.
    Any user can be used to bind (service account is preferred, password does not change).
    For example: CN=IOP LDAP Account,OU=ServiceAccounts,OU=Accounts,DC=controlUp,DC=demo
    If you are not sure how to get these details, go to Active Directory Users and Computers and right click the user and choose Properties. Go to attribute editor and look for distinguishedName. Make sure to enable advanced features under the View menu.
    mceclip0.pngUser settings

    User base DN
    Apply either User settings or Group settings. You can use both.
    The location of your LDAP users, specified by the DN of your user subtree. You can specify several DNs separated by semicolons.
    For example: DC=controlup,DC=demo

    User base filter
    Used to filter users. Highly recommended if you have a large amount of user entries under your user base DN. For example: '(department=IT)'

    User name attribute
    The user attribute that contains the username, usually the sAMAccountName, Note that this attribute's value should be case insensitive.

    Real name attribute
    The user attribute that contains a human readable name. This is typically 'cn' (common name) or 'displayName'.

    Email attribute
    The user attribute that contains the user's email address. This is typically 'mail'.

    Group mapping attribute
    The user attribute that group entries use to define their members. If your LDAP groups use distinguished names for membership, you can leave this field blank.

    Group settings

    Group base DN
    Apply either User settings or Group settings. You can use both.
    The location of your LDAP groups, specified by the DN of your group subtree. You can specify several DNs separated by semicolons.
    This describes the group of users authorized to use insights.
    For example: CN=IOP Admins,OU=Groups,OU=Accounts,DC=controlUp,DC=demo

    Static group search filter
    The LDAP search filter used to retrieve static groups. Highly recommended if you have a large amount of group entries under your group base DN. For example, '(department=IT)'

    Group name attribute
    The group attribute that contains the group name. A typical value for this is 'cn' or 'member'.

    Static member attribute
    The group attribute whose values are the group's members. Typical values are 'member' or 'memberUid'. Groups list user members with values of groupMappingAttribute.

    Nested groups
    Controls whether IOP expands nested groups using the 'memberof' extension. Only check this if you have nested groups and the 'memberof' extension on your LDAP server.
    mceclip2.pngDynamic group settings

    Dynamic member attribute
    The dynamic group attribute that contains the LDAP URL used to find members. This setting is required to configure dynamic groups. A typical value is 'memberURL'.

    Dynamic group search filter
    The LDAP search filter used to retrieve dynamic groups (optional). For example, '(objectclass=groupOfURLs)'

     Advanced settings

    Checkbox:  Enable referrals with anonymous bind only
    Most of our customers do not enable this option. IOP can use referrals with anonymous bind only but you must also have anonymous search enabled on your LDAP server. Turn this off if you have no need for referrals.

    Search request size limit
    Sets the maximum number of entries requested by LDAP searches. The number actually returned is subject to the limit imposed by the LDAP server.

    Search request time limit
    The maximum time limit in seconds to wait for LDAP searches to complete. This should be less than the UI timeout of 30s.

    Network socket timeout
    The maximum amount of seconds to wait on a connection to the LDAP server without activity. As a connection could be a search, this must be greater than the search time limit. Enter -1 for an infinite timeout.

  • Black Screen when launching on-premises console

    The Issue:
    You launch the ControlUp Console and get a black screen. 
    After you wait the console opens empty without your configuration.image025.jpgThe Cause:
    In the license you have specific number of admins allowed. Look in the license, under - QuantityDuring the installation you defined AD Group for Authorized Users - who can login to ControlUp Console.
    The number of users in the group is more than the number in the license file. You might have nested a group in the ControlUp AD Group, and in that group you have more users than defined in the license. 

    The Solution:
    Please make sure in the ControlUp Authorized AD Group, you define the same number of users defined in the license file under Quantity (of ControlUp admins).


  • ControlUp has detected...Using an on-premises Installation Error

    Issue Description:

    User is able to log in to ControlUp Console but receives the error - "ControlUp has detected that your environment is using an on-premises Installation"ControlUp1.PNGControlUp2.PNG

    The Reason:
    Your organization has installed the ControlUp on-premises server. Once the license is requested, the environment is set to use the on-premises deployment and not the cloud.

    When a user tries to launch a cloud console from the on-premises domain, the cloud console gets rejected.

    The Solution:
    Install the on-premises console and not the cloud console. The on-premises console is part of the on-premises installation package. If you do not have the on-premises console installer, please contact support to have the latest console. 

    If you have installed the console and it still attempts to connect as a cloud console, please go to KEY_LOCAL_MACHINE\Software\Smart-X\ControlUp\PrivateCloud and Set Dword IsUsingPrivateCloud to 1.


  • Upgrading to the new Insights On-Premises (IOP)

    In order to upgrade to the new IOP (Insights On-Premises) release, please contact support@controlup.com and request the latest build. 

    Select the "Quick Upgrade" option and click on Continue:2017-06-29_1437.png

    Agree to the license agreement:2017-06-29_1437_001.png

    Make sure the installation path is correct or change it if needed:2017-06-29_1437_002.png

    Make sure the activity shared folder path is correct or change it if needed:2017-06-29_1437_003.png

    The installation will start once you click Install:2017-06-29_1438.png

    An upgrade successfully installed message will appear when the installation finishes:2017-06-29_1440.png

  • Most Common IOP Errors

    Not enough CPU/RAM/IOPS
    Error in 'SearchOperator:loadjob': Cannot find artifacts for savedsearch_ident 'admin:controlup_iop:last_seen'.IOP-Resources.jpg

    Lower than 5gb on the drive IOP is installed and/or where the DB is used
    No results found.
    Could not create search.IOP-Disk_Space_LI.jpg

    image002.png Violation/End of Trial - Need Reset/Commercial License
    Error in 'tstats' command: Your Splunk license expired or you have exceeded your license limit too many times. Contact ControlUp Support for assistance.IOP-License.PNG

    Please Note that if Top Insights is not working (after it ran once) please try to restart the IOP service and try again, if it still doesn't work, please contact us at Support@ControlUp.com

  • Changing The Location & Size of IOP Database

    By default, the Insights On-Premises (IOP) data base is limited to 500GB and once you reach that size, the data is overwritten.
    Please note that if you have less than 5 GB on the drive storing the data base, Indexing and some other functionalities will be stopped as well.
    Here are the steps on how to change the location of the data base:

    1. Go into the Insights server and stop the service "Splunkd.exe" 
    2. Go to:   (location may change if installed on different location)
      C:\Program Files\Smart-X\ControlUp Insights\var\lib\
    3. Copy the entire 'Splunk' folder to the new location (for example.. D\E drive..)
      The new location it will be like this: 
    4. After coping the folder was done, go to
      C:\Program Files\Smart-X\ControlUp Insights\etc
      • Open "splunk-launch.conf" via Notepad
      • Where it says: "#SPLUNK_DB=" take down the pound sign (#)
      • Add the new location of the Splunk folder. E.g from the image below: SPLUNK_DB=E:\CUIOP_db\splunk
    5. Run via CMD as administrator:  
      "C:\Program Files\Smart-X\ControlUp Insights\bin\splunk" start
    6. All should show "Done" and in the end for the process starting you'll see:
      (with your server name)
    7. Once the service is up and running, you can run some reports in Insights, see it's all working.

    Please note that the splunk folder in the old location may be recreated. It may contain a few small files. This is expected and not an issue. The new location will be used to read and write the vast majority of data from. 
    In order to change the database size, log into your Insights and go to Admin > Settings > Index Management and select 'Set max size' for the 'cuiop' DB. 

    If you're selecting smaller size then the existing size, Insights will automatically adjust.

  • SQL Express Setup for On-Premises Mode

    In case you deploy SQL express for on-premises solution, be sure to enable the TCP/IP protocol in the SQL Configuration Manager.

    By default the TCP\IP is disabled and also does not have any port assigned.

    Once you enable the protocol, restart the SQL express service and then in the TCP/IP properties you will see the port number, before the restart the port is zero.After finishing the protocol and port setup, continue with the On-Premises installation wizard.

  • After IOP upgrade the reports are empty

    The Issue:
    After an IOP (Insights On-Premises) upgrade, all reports return an errorThe Cause:
    In rare scenarios the upgrade might cause cleanup of indexed data and rebuild is necessary to create the available data sets. 

    The Solution:
    Please go to the data model settings and rebuild your data sets acceleration.
    To reach the data model settings page, type your Insights URL and add manager/search/data_model_manager.
    For example: http://servername.domain.com:8000/en-US and to it add manager/search/data_model_manager
    Once you reach the settings page, please click on rebuild for each report's data set.
    The rebuild takes few minutes, check the Insights reports after 30 minutes.

  • Authorization Failed (On-Premises Login Issue)

    The Issue:

    You cannot login to ControlUp Real Time Console in an On-Premises mode
    environment. The message you receive is - "Authorization Failed"

    The Solution:

    It appeared that the password for the two service accounts that needed to run the ControlUp services were expired. So, AD was not letting them to run the services. 
    You can verify if this is indeed the case, if you try to restart the ControlUp services and they do not start back - 

    1. ControlUp Incidents
    2. ControlUp-LDS or ADAM_ControlUp-LDS

    To receive more details about the failure, you can look at the login log which is located on the On-Premises server in C:\Program Files\Smart-X\ControlUp Server\Websites\UserManagementService\7_WS\user management.log 

    If the following errors appear in the user management log:
    ERROR|Error in BaseResponse. |UserManagement.Exceptions.UserManagementException: Failed to bind to organization permissions group 'AD Group Name'It means the issue could be with the AD group you assigned as the group for users who can login to ControlUp Console:

    • The AD group and SID needs to match in the server settings file, located here - "C:\Program Files\Smart-X\ControlUp Server\Server Settings\ControlUpServerSettings.xml"
    • The group needs to be a Security Global group.
    • Application Pools - Verify all application pools are running and do IISReset on the On-Premise server.
    • In 7.1 & 7.2 it could be a license issue (IOP Allowed - Yes/No).

    How do I get the SID? click here (external link) for additional information.

  • On-Premises Script Error - "The Primary File...model database"

    The issue:

    Error message: "The primary file must be at least X MB to accommodate a copy of the model database" (1024 in this example, it depends on the environment setup)

    The Reason:

    When DB is created it uses the Model DB as template, the model DB is a built in system database in SQL.
    In our ControlUp On-Premises data base creation script, we use:
    DECLARE @dbDataFileSize VARCHAR(10) = 502017-02-23_1417.png The Resolution:
    Please right click the Model DB and go to properties -> Files and check the initial size (MB) Model-DB-SS.JPGThen edit the SQL script the On-Premises wizard created, Line 30, edit the value and change it from 50, in this example as you see the Initial size is 128MB, so in the script change it to 129MB, and that will resolve the issue.

  • The Incidents Pane Is Currently Offline (On-Premises Mode)

    The Issue:
    The Incidents pane is not available and seem to be offline.
    The Cause:
    There is a connection issue between the On-Premises application server and the SQL server storing the ControlUp data base.

    The Solution:
    1. Check if the ControlUp Incidents service is up and running
    2. Test the connection between the On-Premises server and the SQL server, using the ODBC utility.
    3. Open the regedit.exe on the On-Premises server and check the SQLConnectionString. The string is encrypted and in order to decrypt it, please contact support@controlup.com in order to receive the decryptor utility.

  • On-Premises Troubleshooting - Handshake Service Error

    The Issue:

    During first log in to the On-Premises ControlUp Real-Time Console you receive an error - "An error occurred while getting the user management service URL..."

    The Cause:

    The console tries to connect to the on-premises server, specifically to the IIS and fails.
    The core of the on-premises server is based on the IIS internal site we add during the on-premises server installation and if the IIS is not available, you will not be able to log in.

    The Solution:

    The main issue here is that the IIS application pools were not defined correctly with the service account (you chose during the installation wizard of the on-premises application server) or ControlUp certificate is not bind correctly.
    During the on-premises installation, the IIS role is added and both the binding of the site and the application pools identity property, are defined during the installation wizard.

    In order to troubleshoot the issue and verify the configuration is correct, please follow these steps:
    1. When you have an issue to login, you can refer to the relevant log file, in order to understand better the issue, the log file is located in the service folder, on the on-premises server, under c:\program files\smat-x\controlup server\webapps
    UsermanagementService folder or HandshakeService folders will notify you if there is a login issue.
    Other services - IncidentsReporterService and IncidentsViewerService are responsible to read and write incidents to and from the ControlUp database. If you have a SQL connection issue, you will see the error in those logs.2. Make sure the ControlUp services are running as expected and the "log On As" property is defined with the correct service account (same service account you defined during the installation)3. Please open the IIS manager (go to start->run and type Inetmgr)

    Check under the application pools, the identity configuration, it should show the service account you defined during the on-premises application server installation wizard. 2017-03-20_1707.png4. Check the binding of the Controlup site, see below screenshot - 

    Focus on the Controlup site, click on Binding -> Edit5. To check the license and settings files, go to the on-premises server, under c:\program files\smart-x\controlup server\server settings (for more information regarding license troubleshooting, refer to the article - Your windows user is not authorized to use controlup

    ** If any of the details above did not help or you see a difference between your configuration and the configuration presented in the article, and you do not know how to fix it, please contact our support at support@controlup.com 

Powered by Zendesk