• How to move the on-premises ControlUp database?

    There are situations where the ControlUp database needs to be moved from one SQL server to another.
    In order to move the database, you need to take the database backup and import it on the new SQL server. (that is done by the organization's DBA)

    In detail this process will look similar to this:
    1. Login to the SQL Manager console on the origin server.
    2. Locate the ControlUpDB.
    3. Right click and select “Tasks\Backup” from the menu.12311.png4. This will launch the DB Backup utility.12312333.png5. Configure desired options (path, file name, etc) and click “Ok” to perform the backup process.
    6. Copy the .bak file you created to the destination server.
    7. On the destination server launch SQL Management Console
    8. Right click on “System Databases” and select “Restore Database”221.png
    9. Configure the Restore wizard to target the .bak file you created and run the DB restore2211.pngOnce the database is moved, the SQL connection string (the SQL details defined during the on-premises server application wizard) need to be edited.

    Here are the steps:
    1. On the on-premises server, open regedit.exe and go to the key presented in the following screenshot - 2017-04-20_0938.png2. As you can see the connection string is encrypted. In order to decrypt it, download the EncryptDecryptTool.zip attached to this article.

    3. Please copy the tool to the on-premises server and launch it. (The tool works only on the on-premises server)2017-04-20_0946.png4. Take the encrypted string and paste it to the tool and click decrypt - 2017-04-20_0940.png5. Then edit the connection details in notepad - 2017-04-20_0949.png6. Relaunch the tool and paste the new details and encrypt the string - 2017-04-20_0952.png6. Copy and paste the new encrypted string to the registry key and click OK - 2017-04-20_0952_001.png7. Once you are finished with the registry update, reboot the On-Premises Server, and you are done -

     

  • On-Premises daily quota data base update

    The Issue:
    Each ControlUp customer receive a daily quota of 1000 incidents per day.
    In case you crossed the quota, you will notice a red message in the Incidents pane, telling you that you have crossed the daily limit of incidents. 

    The Solution:

    Online customers should follow this article to resolve the issue - Exceed the daily quota of 1000 incidents
    On-Premises users can update the daily quota limit by themselves.
    In order to update the limit, please open the SQL studio on the ControlUp data base server and run the following script - 

    Use ControlUpDB
    go
    UPDATE IncidentOrganizations
    SET MaxIncidentsPerDay = 100000, PenaltyDateUtc = NULL
    WHERE OrganizationId ='e5abf1de-4d91-4357-8c68-e6e99aae5802'
    go

    Another option is to manually update the limit in the SQL studio as presented in the following screenshot - 

  • Master Service is disconnected

    The Issue:
    During the installation of the ControlUp Monitor you receive an error - "Master Service is disconnected"The installation of the ControlUp Monitor is finished but the error can be viewed in the status tab.The Cause:
    There is a connection issue to the SQL server and\or the ControlUp database. 

    The Solution:
    First, make sure you have followed the installation guide and installed or updated the ControlUp data base correctly.
    Second step we recommend on doing is to test the connection between the On-Premises server and the SQL server, using the ODBC utility (Windows Control panel -> administrative tools).
    Second step would be to check the SQL connection details either via the on-premises installer or in the registry of the On-premises server.
    To check the connection details you can either run the on-premises application wizard in upgrade\repair mode, and then go over the connection details, or open the regedit.exe on the On-Premises server and check the SQLConnectionString. The string is encrypted and in order to decrypt it, please contact support@controlup.com in order to receive the decryptor utility. 

  • How to copy and create a Script Based Action (SBAs for On-Premises customers)

    ControlUp On-premises customers cannot import a new released script based action at the moment and because of that, they need to copy the script from our website and create their own new script locally.
    To achieve that, please follow these steps:

    1. Copy the script code you like from our website, click here to reach our scripts library
    2. In the Controlup Real Time Console, go to the script based actions and click on create new script. You can create a new script from the Organizational Actions or My Draft Actions tabs
    3. Give the new script a name and then make sure you define the correct type of resource, execution context, and security context you like to use. 
    4. In the script page, paste the script you have copied from our site library (Step 1)
    5. In the arguments page use the arguments needed for the script to run successfully.
    6. Once the script is ready, click on Finalize and you are good to go. 

    Note: If you are not sure which settings or arguments should be used, please contact support@controlup.com and we will help you with screenshots, what needs to be defined in the different fields.

    Here are a couple of examples

     

  • On-Premises Insights (IOP) - SSL

    The default installation does not include SSL.

    However, implementing SSL is relatively simple and recommended.

    Please follow the following steps:

    Secure the Web with your own certificate

    This example assumes that you have already generated self-signed certificates or purchased third-party certificates. If you have not done this and are unsure how to proceed, we've provided some simple examples:

    Note: IOP currently does not support password-protected private keys. You should remove the password from your key before configuring IOP for the certificate.

    Before you begin: Copy your certificates to a new folder

    Copy the server certificate to $IOP_HOME/etc/auth/splunkweb or to your own certificate repository in $IOP_HOME/etc/auth.

    In the following example our web certificate is called myIOPCertificate.pem and our private key is called myIOPPrivateKey.key:

    *nix:

    # cp $IOP_HOME/etc/auth/mycerts/myIOPCertificate.pem $IOP_HOME/etc/auth/mycerts/myIOPPrivateKey.key $IOP_HOME/etc/auth/splunkweb

    Windows:

    copy $IOP_HOME\etc\auth\mycerts\myIOPCertificate.pem $IOP_HOME\etc\auth\splunkweb\
    
    copy $IOP_HOME\etc\auth\mycerts\myIOPPrivateKey.key $IOP_HOME\etc\auth\splunkweb\

    Note: Do not overwrite or delete the existing certificates located in $IOP_HOME/etc/auth/splunkweb/. The certificates at this location are automatically generated upon startup, meaning that any changes you make will be overwritten at startup. Instead, in the next steps, we will rewrite the relevant configuration file to point to your new certificate location.

    Configure IOP to use the key and certificate files

    Note: IOP does not support passwords for private keys, so you must remove the password from the key before using the key to secure Web.

    1. In $IOP_HOME/etc/system/local/web.conf (or any other applicable location, if you are using a deployment server), make the following changes to the [settings]stanza. The file
    paths can be set either using relative or absolute paths. Both of the following examples are
    equivalent if $IOP_HOME is set to d:/myroot/home.

    The following is an example of an edited settings stanza using a path relative to
    $IOP_HOME:

    [settings]
    # Example of using path relative to $IOP_HOME
    enableSplunkWebSSL = true
    privKeyPath = etc/auth/mycerts/mySplunkWebPrivateKey.key
    serverCert = etc/auth/mycerts/mySplunkWebCertificate.pem

    The following is an example of an edited settings stanza using a path relative to
    $IOP_HOME:

    [settings]
    # Example of using absolute path
    enableSplunkWebSSL = true
    privKeyPath = d:/myroot/home/etc/auth/mycerts/mySplunkWebPrivateKey.key
    serverCert = d:/myroot/home/etc/auth/mycerts/mySplunkWebCertificate.pem

    2. Restart The service: # $IOP_HOME/bin/splunk restart splunk service

    3. To change the Console URL to open as https (instead of http) please go to the On-Prem server > Open the regedit.exe

    Change the UseSSL to 1 under the HKEY_LOCAL_MACHINE\SOFTWARE\Smart-X\ControlUpServer\IOP

     

    If you encounter any issue or question, please let us know at support@controlup.com

  • On-Premises Server Installation Fails - "Invalid digital signature"

    The Issue:
    The installation of the on-premises server fails due to invalid digital signature (cab1.cab) The Reason:
    The on-premises server is missing the Digicert Root CA certificate or if you do not have Internet access, or have a restrictive firewall or proxy, setup may be failing to verify the signature because it cannot access the online certificate revocation list (CRL).
    As you can see below screenshot shows our installer is signed and our certificate is signed by Digicert. If you do not have the root certificate you will notice red x.2017-07-25_1026.pngThe Solution:
    In order to resolve the missing certificate issue, please open the certificates manager (you can launch it from Run -> certmgr.msc).
    Import the Digicert root ca certificate, it is attached to this article, in case you need it (DigiCert.pfx), password: Qa123456. For more information about a second workaround, checking the CRL settings, please review this blog article  

  • Communication Ports used by ControlUp - On-Premises Mode

    Architecture-ONPREM-124_w_9440_40706.png

     

     

    Source Destination Type Port Details Notes
    ControlUp Console ControlUp Agent TCP 40705 Console to agent communication via the WCF protocol  
    ControlUp Console ControlUp Agent TCP

    RPC / WMI

    SMB

    Only used for agent deployment via the console

     135-139

    445

    ControlUp Console VMware vCenter Server TCP 443 Communication with vSphere infrastructure Note 1
    ControlUp Console Nutanix / AHV TCP 9440 Communication with Nutanix infrastructure  
    ControlUp Console Citrix XenServer Pool Master / Hosts TCP 80 Communication with XenServer infrastructure (and RRD communications) Note 1
    ControlUp Console Citrix XenDesktop Controllers TCP 80 Communication with XenDesktop infrastructure Note 1
    ControlUp Console ControlUp Monitor TCP 40706 ControlUp Console - Monitor management port  
    ControlUp Console Domain Controllers TCP 389 LDAP communication with Domain Controllers, used for initial login and when adding new computers or new AD connections  
    ControlUp Console ControlUp On-premises Server TCP 443 Communications with ControlUp On-premises Server web services  
    ControlUp Console NetScalers TCP 443 \ 80 Depending on what the administrator configured  
    ControlUp OnPrem \ Application SQL Instance TCP Default 1433 Application to SQL communication  
    ControlUp Monitor ControlUp Agent TCP 40705 Console to agent communication via the WCF protocol  
    ControlUp Monitor ControlUp Agent TCP RPC / WMI Only used for agent deployment via the console  
    ControlUp Monitor VMware vCenter Server TCP 443 Communication with vSphere infrastructure Note 1
    ControlUp Monitor Nutanix / AHV TCP 9440 Communication with vSphere infrastructure  
    ControlUp Monitor Citrix XenServer Pool Master / Hosts TCP 80 Communication with XenServer infrastructure (and RRD communications) Note 1
    ControlUp Monitor Citrix XenDesktop Controllers TCP 80 Communication with XenDesktop infrastructure Note 1
    ControlUp Monitor Domain Controllers TCP 389 LDAP communication with Domain Controllers, used for initial login and when adding new computers or new AD connections  
    ControlUp Monitor ControlUp On-premises Server TCP 443 Communications with ControlUp On-premises Server web services  
    ControlUp Monitor Insights On-premises file share TCP RPC \ SMB Writing IOP activity files to the configured file share  
    ControlUp Monitor NetScalers TCP 443 \ 80 Depending on what the administrator configured  
    ControlUp Monitor SMTP Server TCP 25 Email Alerts  
               
    ControlUp Data Collector VMware vCenter Server TCP 443 Communication with vSphere infrastructure  
    ControlUp Data Collector Nutanix / AHV TCP 9440 Communication with Nutanix infrastructure  
    ControlUp Data Collector Citrix XenServer Pool Master / Hosts TCP 80 Communication with XenServer infrastructure (and RRD communications)  
    ControlUp Data Collector Citrix XenDesktop Controllers TCP 80 Communication with XenDesktop infrastructure  
    ControlUp Data Collector NetScalers TCP 443 \ 80 Depending on what the administrator configured  
               
    Browser IOP Server TCP 8000 Web communication to IOP portal  
    Note 1 Used only if Hypervisor / XD site dedicated data collectors are not configured https://support.controlup.com/hc/en-us/articles/207260875#Collector
  • How to disable\Enable On-Premises "Upload"?

    This article is only for a situation where the customer moves from cloud mode to on-premises mode and upload was disabled while being in Cloud and did not change before the move to On Premises.

    The issue is that the Monitor shows that the upload is disabled.2017-04-20_0930.png
    Cloud example, upload is disabled - 2017-04-20_0905.png
    The issue is that in on-premises mode, the data upload settings does not have the option to enable back the upload -2017-04-20_0906.pngThe solution is to open ADSI edit and change the string manually. The trick is to copy a string which represents "enabled" and paste it in the upload data settings which is at the moment set to disabled.

    Here are the steps:

    1. Stop all monitor services and exit all consoles
    2. Rename the *.v3.xml file to .old on the machine you run the console on (on all consoloe machines). The file is located here: %appdata%\Roaming\ControlUp\Configuration
    3. Open ADSI edit with the settings shown in the screenshot:2017-04-20_0909.png
    cn=controlup,o=smartx    localhost:505002017-04-20_0910.png4. To copy an "Enabled" string, we need to verify in the console that a specific settings is in fact enabled. In this example I am going to the settings-> agent settings and verify the Auto upgrade is enabled - 2017-04-20_0913.png
    In the ADSI edit go to the location presented in the screenshot -2017-04-20_0914.png
    Copy the Data String - 
    2017-04-20_0915.png2017-04-20_0917.png
    3. Paste the string in the data upload settings. In ADSI edit go to the location presented in the screenshot-2017-04-20_0917_001.pngPaste the string in the data string of the data upload settings - 2017-04-20_0918.png2017-04-20_0918_001.png
    5. Last step is to start the console, because we renamed the local configuration file, the console will now retrieve new and updated configuration from the LDS. Then start the Monitor so it will retrieve new configuration as well.
    Issue should be solved and now the Monitor will show that it is connected and uploading - 2017-04-20_0926.png