From 2c0a06564e3dfa7f5048ebbf2969e92ec6d43396 Mon Sep 17 00:00:00 2001 From: hilram7 <212961752+hilram7@users.noreply.github.com> Date: Tue, 30 Jun 2026 18:45:28 -0400 Subject: [PATCH 1/3] =?UTF-8?q?feat(kb):=20add=209=20Change=20Tracker=20KB?= =?UTF-8?q?=20articles=20(batch=202a=20=E2=80=94=20Ben)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Migrates 9 rolling-log and agent troubleshooting articles from staging repo. Fixes applied: truncated frontmatter restored, kb.netwrix.com links removed, Salesforce CDN images replaced with placeholders, typos fixed, mojibake encoding corrected, structure aligned to KB standards. --- .../agenttaskrunner-processtracker-error.md | 62 +++++++++++ ...iceconfigtask-wildcards-pathmatch-error.md | 60 +++++++++++ .../duplicate-events-in-syslogs.md | 65 ++++++++++++ .../file-entry-not-found-error.md | 57 ++++++++++ .../filehash-sha256-file-not-found-error.md | 57 ++++++++++ ...ub-offline-connection-retries-exhausted.md | 58 ++++++++++ .../hubdetails-crypto-error.md | 100 ++++++++++++++++++ .../mongo-service-not-starting-windows.md | 47 ++++++++ .../registry-key-permissions-error.md | 57 ++++++++++ 9 files changed, 563 insertions(+) create mode 100644 docs/kb/changetracker/troubleshooting-and-errors/agenttaskrunner-processtracker-error.md create mode 100644 docs/kb/changetracker/troubleshooting-and-errors/deviceconfigtask-wildcards-pathmatch-error.md create mode 100644 docs/kb/changetracker/troubleshooting-and-errors/duplicate-events-in-syslogs.md create mode 100644 docs/kb/changetracker/troubleshooting-and-errors/file-entry-not-found-error.md create mode 100644 docs/kb/changetracker/troubleshooting-and-errors/filehash-sha256-file-not-found-error.md create mode 100644 docs/kb/changetracker/troubleshooting-and-errors/hub-offline-connection-retries-exhausted.md create mode 100644 docs/kb/changetracker/troubleshooting-and-errors/hubdetails-crypto-error.md create mode 100644 docs/kb/changetracker/troubleshooting-and-errors/mongo-service-not-starting-windows.md create mode 100644 docs/kb/changetracker/troubleshooting-and-errors/registry-key-permissions-error.md diff --git a/docs/kb/changetracker/troubleshooting-and-errors/agenttaskrunner-processtracker-error.md b/docs/kb/changetracker/troubleshooting-and-errors/agenttaskrunner-processtracker-error.md new file mode 100644 index 0000000000..3c102cd33f --- /dev/null +++ b/docs/kb/changetracker/troubleshooting-and-errors/agenttaskrunner-processtracker-error.md @@ -0,0 +1,62 @@ +--- +description: >- + This article explains how to resolve the "AgentTaskRunner - task execution + failed for task 11 - TrackerPollTask-Baseline-processtracker-88" error in + the Rolling Log by adjusting the configuration template in Netwrix Change + Tracker. +keywords: + - rolling log + - AgentTaskRunner + - TrackerPollTask + - processtracker + - Netwrix Change Tracker + - configuration template + - process tracker + - agent error + - task execution failed + - data collector + - baseline + - troubleshooting +knowledge_article_id: +products: + - change-tracker +sidebar_label: AgentTaskRunner ProcessTracker Error +tags: [kb, troubleshooting-and-errors] +title: >- + Rolling-Log Fix: "AgentTaskRunner - Task Execution Failed for Task 11 - + TrackerPollTask-Baseline-processtracker-88" +--- + +This article explains how to clear the following error from the Rolling Log in Netwrix Change Tracker. + +## Symptom + +The following error appears in the agent Rolling Log: + +```text +2018-04-10 10:56:26,887 [7] ERROR AgentTaskRunner - task execution failed for task 11 - TrackerPollTask-Baseline-processtracker-88 +NNT.Agent.Tracking.TrackerException: no data collector registered for: processtracker-local + at NNT.Agent.Core.Tracking.TrackerBase.GetDataCollector (System.String collectorName, System.Boolean throwException) [0x0002e] in :0 + at NNT.Agent.Core.Tracking.TrackerBase.PollInternal (NNT.Agent.Core.Tracking.PollControl pollControl, NNT.Agent.Core.Interfaces.IDevice device, NNT.Agent.Core.Interfaces.ITrackerConfiguration + configuration, NNT.Agent.Core.Interfaces.IItemStoragePipeline queue, NNT.Agent.Core.Tracking.PollType pollType, System.DateTime pollStartTimeUtc) [0x0004c] in:0 + at NNT.Agent.Core.Tracking.TrackerBase.Poll (NNT.Agent.Core.Tracking.PollControl pollControl, NNT.Agent.Core.Interfaces.IDevice device, NNT.Agent.Core.Interfaces.IItemStoragePipeline queue, + NNT.Agent.Core.Tracking.PollType pollType, System.DateTime pollStartTimeUtc) [0x00075] in :0 + at NNT.Agent.Core.Tasks.TrackerPollTask.Execute (NNT.Agent.Core.Queue.AgentTaskQueue queueContext) [0x00279] in :0 + at NNT.Agent.Core.Application.AgentTaskRunner.ExecuteTask (System.Int32 runnerId, NNT.Agent.Core.Interfaces.IAgentTask task, System.DateTime nowUtc, NNT.Agent.Core.Queue.AgentTaskQueue queue) + [0x00050] in :0 +``` + +## Cause + +This error occurs because the process tracker in Netwrix Change Tracker is enabled in the configuration template, but no specific processes are configured for tracking. The agent cannot execute the tracker poll task without at least one process defined. + +## Resolution + +Edit the configuration template assigned to the affected device and either add processes to track or disable the process tracker. + +1. Log into Netwrix Change Tracker and navigate to **Devices** > select the device experiencing the error > select the configuration template that is causing the issue. +2. Either uncheck the **"Track processes and services in this template"** box, or add at least one service to be tracked. + + + + diff --git a/docs/kb/changetracker/troubleshooting-and-errors/deviceconfigtask-wildcards-pathmatch-error.md b/docs/kb/changetracker/troubleshooting-and-errors/deviceconfigtask-wildcards-pathmatch-error.md new file mode 100644 index 0000000000..8e9d5caadc --- /dev/null +++ b/docs/kb/changetracker/troubleshooting-and-errors/deviceconfigtask-wildcards-pathmatch-error.md @@ -0,0 +1,60 @@ +--- +description: >- + Explains the cause and resolution for a Rolling-Log error where + AgentTaskRunner fails due to a mismatched path-match type in a configuration + template in Netwrix Change Tracker. +keywords: + - AgentTaskRunner + - DeviceConfigTask + - ContainerItemMatchException + - path match + - wildcards + - regex + - configuration template + - rolling log + - Netwrix Change Tracker + - agent error + - custom path match + - troubleshooting +knowledge_article_id: +products: + - change-tracker +sidebar_label: DeviceConfigTask Wildcards PathMatch Error +tags: [kb, troubleshooting-and-errors] +title: >- + Rolling-Log Fix: "ERROR AgentTaskRunner - Task Execution Failed for Task - + DeviceConfigTask. Item Wildcards Match Text Must Not Contain Separator" +--- + +This article explains how to resolve a Rolling-Log error caused by a misconfigured custom path-match definition in a Netwrix Change Tracker configuration template. + +## Symptom + +The following error appears in the agent Rolling Log: + +```text +2018-08-25 12:04:35,780 [9] ERROR AgentTaskRunner - task execution failed for task 2 - DeviceConfigTask-1869 +NNT.Agent.Utils.ContainerItemMatch+ContainerItemMatchException: item wildcards match text must not contain separator '\' for MatchType.Wildcards unless ContainerMatchAppliesToWholePath is true. + at NNT.Agent.Utils.ContainerItemMatch.ValidateMatchPattern(String element, String matchPattern, MatchType matchType, String separator, Boolean containerMatchAppliesToWholePath) + at NNT.Agent.Utils.ContainerItemMatch..ctor(String rootContainer, Boolean skipRootContainer, String separator, Boolean caseSensitive, Nullable`1 recursionLevels, MatchType containerMatchType, String containerMatchPattern, Boolean containerMatchAppliesToWholePath, MatchType itemMatchType, String itemMatchPattern) + at NNT.Agent.Core.Tracking.FileSystem.FileSystemTrackerConfigurationCreator.ProcessDeviceConfiguration(DeviceConfiguration deviceConfiguration, IDevice device, String trackerName) + at NNT.Agent.Core.Tasks.DeviceConfigTask.ApplyDeviceConfigAction(ILifetimeScope scope, IDevice device, DeviceConfiguration configuration, Nullable`1 latestConfigDateUtc) + at NNT.Agent.Core.Tasks.DeviceConfigTask.Execute(AgentTaskQueue queueContext) + at NNT.Agent.Core.Application.AgentTaskRunner.ExecuteTask(Int32 runnerId, IAgentTask task, DateTime nowUtc, AgentTaskQueue queue) +``` + +## Cause + +The agent cannot process an item within the advanced custom path-match definition because the match type is set to **Wildcards** but the match pattern contains regex syntax (or vice versa). For example, a path-match definition may contain regex code but the match type is set to **Wildcards** instead of **Regex**. + + + +## Resolution + +If you are receiving this error, the agent is potentially NOT reporting to your hub. This is a critical error and monitoring will not continue until it is resolved. + +1. Log into the **Netwrix Change Tracker console**. +2. Locate the agent presenting this error and go into each of the configuration templates assigned to that agent. Inspect the custom path matches for misconfiguration. +3. Once you have identified the problem template, modify or remove the custom path-match definition that is causing the issue. For example, change the match type from **Wildcards** to **Regex** if the pattern contains regex syntax. +4. Save the configuration template. +5. Check the agent to confirm it has received the new configuration. diff --git a/docs/kb/changetracker/troubleshooting-and-errors/duplicate-events-in-syslogs.md b/docs/kb/changetracker/troubleshooting-and-errors/duplicate-events-in-syslogs.md new file mode 100644 index 0000000000..6b1d59ebc2 --- /dev/null +++ b/docs/kb/changetracker/troubleshooting-and-errors/duplicate-events-in-syslogs.md @@ -0,0 +1,65 @@ +--- +description: >- + Explains why old or duplicate events appear as new in syslogs and shows how + to remove pending notifications from MongoDB to prevent re-reporting of + outdated events in Netwrix Change Tracker. +keywords: + - syslogs + - duplicate events + - MongoDB + - NotificationQueue + - PendingNotifications + - NNTHubService + - MongoDB Shell + - Netwrix Change Tracker + - old events + - IncomingEventQueue + - BackgroundTaskQueue + - troubleshooting +knowledge_article_id: +products: + - change-tracker +sidebar_label: Duplicate Events in Syslogs +tags: [kb, troubleshooting-and-errors] +title: Old or Duplicate Events Reported as New in Syslogs +--- + +This article explains why old or duplicate events may appear as new in syslogs and how to resolve the issue by clearing the pending notifications queue in MongoDB. + +## Symptom + +- Old events appear in syslogs as new events. Upon further investigation, these are confirmed to be duplicates of previously reported events. +- The affected events have not been resubmitted. + +## Cause + +The pending notifications queue in the MongoDB database contains notifications for older events. When the outdated notifications are released, they are reported as new events or duplicates of previously reported events. + +## Resolution + +1. Install MongoDB Shell — download the MongoDB Shell `.zip` and place the contents into `C:\Program Files\NNT Change Tracker Suite\Gen7\MongoDB\bin`. Download MongoDB Shell from the [MongoDB Shell download page](https://www.mongodb.com/try/download/shell). + +2. Once copied, run the `mongosh.exe` application to connect to your MongoDB database. Run the following command: + + ```text + mongodb://localhost:27017 + ``` + + > **NOTE:** Replace `27017` with the correct port if MongoDB in your environment uses a different port. + +3. Once connected to your MongoDB database, run the following commands to confirm whether notifications are queued: + + ```text + use NNTHubService + db.IncomingEventQueue.count() + db.NotificationQueue.count() + db.PendingNotifications.count() + db.BackgroundTaskQueue.count() + ``` + +4. To clean up the queued notifications, run the following commands: + + ```text + use NNTHubService + db.NotificationQueue.deleteMany({}) + ``` diff --git a/docs/kb/changetracker/troubleshooting-and-errors/file-entry-not-found-error.md b/docs/kb/changetracker/troubleshooting-and-errors/file-entry-not-found-error.md new file mode 100644 index 0000000000..1830472116 --- /dev/null +++ b/docs/kb/changetracker/troubleshooting-and-errors/file-entry-not-found-error.md @@ -0,0 +1,57 @@ +--- +description: >- + Explains the "FileContentTrackerDataCollectorLocal - couldn't locate File + entry" rolling-log message in Netwrix Change Tracker, when it is safe to + ignore, and how to troubleshoot if the file should exist. +keywords: + - FileContentTrackerDataCollectorLocal + - rolling log + - file tracking + - file not found + - Netwrix Change Tracker + - agent + - configuration template + - content tracking + - yum.conf + - troubleshooting + - file entry + - permissions +knowledge_article_id: +products: + - change-tracker +sidebar_label: File Entry Not Found Error +tags: [kb, troubleshooting-and-errors] +title: >- + Rolling-Log Fix: "FileContentTrackerDataCollectorLocal - Couldn't Locate + File Entry for /mydirectory/my.file" +--- + +This article explains the `FileContentTrackerDataCollectorLocal - couldn't locate File entry` message in the Netwrix Change Tracker agent Rolling Log and when it is safe to ignore. + +## Symptom + +The following error appears in the agent Rolling Log: + +```text +2017-10-02 07:42:42,082 [5] ERROR FileContentTrackerDataCollectorLocal - couldn't locate File entry for /etc/yum.conf +``` + +## Explanation + +This error occurs when a configuration template in Netwrix Change Tracker is set to track file contents for a specific file, but the agent cannot locate that file on the monitored device. + +## Resolution + +### If the file does not exist on the device + +If you are receiving this error for a file that does not exist on the device, it is safe to ignore. If you are using one template to track multiple agents and some agents have the file while others do not, it is not a problem to let the template continue tracking this file. + +> **NOTE:** The only caution is the number of files the template is looking for. If the template grows significantly, having a large volume of these errors may cause performance issues. However, in most cases, it is perfectly fine. + +### If the file should exist + +If you are positive the file exists but are still getting this error, check the following: + +1. **Check your configuration template.** Is it looking for the file in the same location where the file is stored? +2. **Is this a file that is in different locations on different servers?** If so, define all of the potential locations in the template. +3. **Does this file have special permissions** that do not allow it to be read by the agent? If so, adjust the file permissions, or adjust the privileges of the account the agent uses. diff --git a/docs/kb/changetracker/troubleshooting-and-errors/filehash-sha256-file-not-found-error.md b/docs/kb/changetracker/troubleshooting-and-errors/filehash-sha256-file-not-found-error.md new file mode 100644 index 0000000000..aa292a26b0 --- /dev/null +++ b/docs/kb/changetracker/troubleshooting-and-errors/filehash-sha256-file-not-found-error.md @@ -0,0 +1,57 @@ +--- +description: >- + Explains the Rolling-Log error where ItemStoragePipeline cannot collect a + file's SHA256 hash because the file is missing, and provides guidance and + troubleshooting steps for Netwrix Change Tracker. +keywords: + - ItemStoragePipeline + - file hash + - SHA256 + - file not found + - rolling log + - Netwrix Change Tracker + - agent + - configuration template + - file tracking + - troubleshooting + - error processing item + - permissions +knowledge_article_id: +products: + - change-tracker +sidebar_label: FileHash SHA256 File Not Found Error +tags: [kb, troubleshooting-and-errors] +title: >- + Rolling-Log Fix: "ItemStoragePipeline - Error Processing Item, Couldn't + Collect FileHashSHA256 for File - Could Not Find File" +--- + +This article explains the `ItemStoragePipeline - Error processing item, couldn't collect filehashsha256` error in the Netwrix Change Tracker agent Rolling Log and when it is safe to ignore. + +## Symptom + +The following error appears in the agent Rolling Log: + +```text +2017-10-11 08:11:18,385 [4] ERROR ItemStoragePipeline - Error processing item, couldn't collect filehashsha256 for file: /etc/rc6.d/K05dsmcad Error: Failed to collect data for attribute (Could not find file "/etc/rc6.d/K05dsmcad") +``` + +## Explanation + +This error occurs when a configuration template in Netwrix Change Tracker is set to track a file and the agent cannot compute the SHA256 hash because the file is not found on the monitored device. + +## Resolution + +### If the file does not exist on the device + +If you are receiving this error for a file that does not exist on the device, it is safe to ignore. If you are using one template to track multiple agents and some agents have the file while others do not, it is not a problem to let the template continue tracking this file. + +> **NOTE:** The only caution is the number of files the template is looking for. If the template grows significantly, having a large volume of these errors may cause performance issues. However, in most cases, it is perfectly fine. + +### If the file should exist + +If you are positive the file exists but are still getting this error, check the following: + +1. **Check your configuration template.** Is it looking for the file in the same location where the file is stored? +2. **Is this a file that is in different locations on different servers?** If so, define all of the potential locations in the template. +3. **Does this file have special permissions** that do not allow it to be read by the agent? If so, adjust the file permissions, or adjust the privileges of the account the agent uses. diff --git a/docs/kb/changetracker/troubleshooting-and-errors/hub-offline-connection-retries-exhausted.md b/docs/kb/changetracker/troubleshooting-and-errors/hub-offline-connection-retries-exhausted.md new file mode 100644 index 0000000000..2fcf3c0039 --- /dev/null +++ b/docs/kb/changetracker/troubleshooting-and-errors/hub-offline-connection-retries-exhausted.md @@ -0,0 +1,58 @@ +--- +description: >- + Explains the "Hub Offline, connection retries exhausted" rolling-log error + for Netwrix Change Tracker agents and how to troubleshoot connectivity + between the agent and the Netwrix Server. +keywords: + - Hub Offline + - connection retries exhausted + - agent connectivity + - Netwrix Server + - firewall + - DNS + - NAT + - port forwarding + - rolling log + - Netwrix Change Tracker + - remote server + - troubleshooting +knowledge_article_id: +products: + - change-tracker +sidebar_label: Hub Offline Connection Retries Exhausted +tags: [kb, troubleshooting-and-errors] +title: >- + Rolling-Log Fix: "Hub Offline, Connection Retries Exhausted - Unable to + Connect to the Remote Server" +--- + +This article explains how to troubleshoot the `Hub Offline, connection retries exhausted` error in the Netwrix Change Tracker agent Rolling Log. + +## Symptom + +The following error appears in the agent Rolling Log: + +```text +2017-11-25 09:22:56,446 [10] INFO Message - Hub Offline, connection retries exhausted. Sleeping until 11/25/2017 2:24:31 PM (Unable to connect to the remote server - No connection could be made because the target machine actively refused it 192.168.1.1:443) +``` + +## Cause + +This error occurs when the agent cannot reach the Netwrix Server. Common causes include: + +1. The Netwrix Server may be powered off, IIS is not running, or MongoDB is not running. +2. The Netwrix Server may not be on the domain, does not have a network connection, or is in the wrong subnet. +3. The port the agent is using is currently being used by another application, causing a conflict. +4. A firewall is blocking the connection to the Netwrix Server over the specified port. +5. Network routes are not configured to allow communication between the Netwrix Server and the agent. +6. If the agent was configured using a Fully Qualified Domain Name instead of an IP address, the issue could be DNS-related. +7. If the agent is on a WAN or a different LAN, port forwarding may need to be configured. +8. If the agent is on a WAN or a different LAN, NAT settings may need to be modified to allow communication. +9. If the agent is on a WAN or a different LAN, proxy settings may need to be modified if a web or other proxy is in use. +10. If the agent is on a cloud provider network, the cloud provider's traffic rules may need to be modified to allow communication. + +## Resolution + +If you are receiving this error, the agent is currently not sending any logs to the Netwrix Server. Review the causes listed above and verify that each item is functioning properly. + +> **NOTE:** In most cases, resolving the underlying connectivity issue will fix this error. If the issue persists after the root cause is addressed, restart the agent service. diff --git a/docs/kb/changetracker/troubleshooting-and-errors/hubdetails-crypto-error.md b/docs/kb/changetracker/troubleshooting-and-errors/hubdetails-crypto-error.md new file mode 100644 index 0000000000..21e76d5993 --- /dev/null +++ b/docs/kb/changetracker/troubleshooting-and-errors/hubdetails-crypto-error.md @@ -0,0 +1,100 @@ +--- +description: >- + Shows how to fix the Rolling-Log error "HubDetails - Crypto error. Has the + agent process account changed since the password data was entered?" by + repairing the HubDetails.xml file used by the Netwrix Change Tracker agent. +keywords: + - HubDetails.xml + - Crypto error + - CryptographicException + - agent process account + - gen7agent + - Rolling Log + - Key not valid + - Netwrix Change Tracker + - agent service + - password encryption + - hub connection + - troubleshooting +knowledge_article_id: +products: + - change-tracker +sidebar_label: HubDetails Crypto Error +tags: [kb, troubleshooting-and-errors] +title: >- + Rolling-Log Fix: "HubDetails - Crypto Error. Has the Agent Process Account + Changed Since the Password Data Was Entered?" +--- + +This article explains how to resolve the `HubDetails - Crypto error` in the Netwrix Change Tracker agent Rolling Log by repairing the `HubDetails.xml` file. + +## Symptom + +The following error appears in the agent Rolling Log, typically followed by additional messages indicating the application is shutting down: + +```text +2019-01-04 07:02:35,644 [4] ERROR HubDetails - Crypto error. Has the agent process account changed since the password data was entered? +System.Security.Cryptography.CryptographicException: Key not valid for use in specified state. + +2019-01-04 07:02:35,675 [4] ERROR ConfigurationLoader - Hub details cannot be read successfully from: C:\ProgramData\NNT\gen7agent.service\HubDetails.xml. Error: Key not valid for use in specified state. +2019-01-04 07:02:35,675 [4] INFO Message - Application core shutting down due to error, please restart service: Hub details cannot be read successfully from: C:\ProgramData\NNT\gen7agent.service\HubDetails.xml. Error: Key not valid for use in specified state. +2019-01-04 07:02:35,691 [4] INFO Message - Application starting shutdown due to: FatalError - Hub details cannot be read successfully from: C:\ProgramData\NNT\gen7agent.service\HubDetails.xml. Error: Key not valid for use in specified state. +``` + +## Cause + +The information in the `HubDetails.xml` file cannot be decrypted by the current agent service account. Each agent must locally encrypt the password entered into the `HubDetails.xml` file. This error commonly occurs when copying a `HubDetails.xml` file from one agent to another to simplify installation — the password encrypted on the source machine cannot be decrypted on the destination machine. + + + +## Resolution + +If you are receiving this error, the agent is NOT reporting to your hub. This is a critical error and monitoring will not continue until it is resolved. + +1. Stop the Netwrix Agent Service. + + On Linux: + + ```bash + service nntgen7agent stop + ``` + +2. Navigate to the agent service data folder: + - **Windows:** `C:\ProgramData\NNT\gen7agent.service` + - **Linux:** `/var/nnt/gen7agent.service/` + +3. Delete all files in this folder **except** for the `HubDetails.xml` file. + +4. Edit the `HubDetails.xml` file using a text editor such as Notepad (Windows) or Nano (Linux). + +5. Inside the `HubDetails.xml` file, remove the entire line containing data within the `` tags. + + + +6. Replace the password element with the following, substituting your actual agent password: + + ```xml + Enter-Password-Here + ``` + +7. Confirm that the `HubDetails.xml` file contains the proper information in the correct format. + + + + For more information about the `HubDetails.xml` file, refer to the [Agent HubDetails File](/docs/changetracker/8_2/install/agent/hubdetailsfile.htm) documentation. + +8. Start the Netwrix Agent Service. + + On Linux: + + ```bash + service nntgen7agent start + ``` + +9. Check the Rolling Log to verify the agent was able to read the information and connect to the hub. + + + +10. You may also confirm that the device is registered via the Netwrix Change Tracker web console. + + diff --git a/docs/kb/changetracker/troubleshooting-and-errors/mongo-service-not-starting-windows.md b/docs/kb/changetracker/troubleshooting-and-errors/mongo-service-not-starting-windows.md new file mode 100644 index 0000000000..27a842ca88 --- /dev/null +++ b/docs/kb/changetracker/troubleshooting-and-errors/mongo-service-not-starting-windows.md @@ -0,0 +1,47 @@ +--- +description: >- + After installing Netwrix Change Tracker, the MongoDB service may fail to + start with a "Logon Failure" message. Updating the Visual C++ + Redistributable Packages on the system resolves the issue. +keywords: + - MongoDB + - Mongo service + - Visual C++ + - Redistributable + - Netwrix Change Tracker + - Windows service + - Logon Failure + - installation + - service not starting + - troubleshooting + - Windows + - could not start +knowledge_article_id: +products: + - change-tracker +sidebar_label: Mongo Service Not Starting on Windows +tags: [kb, troubleshooting-and-errors] +title: Mongo Service Not Starting on Windows Installation +--- + +This article explains how to resolve the MongoDB service failing to start after a fresh installation of Netwrix Change Tracker on Windows. + +## Symptom + +After installing Netwrix Change Tracker for the first time, you are able to reach the logon page but receive a "Logon Failure" message when attempting to access Netwrix Change Tracker. The MongoDB service is stopped, and attempting to start it produces the following error: + +`Windows could not start the MongoDB service on Local Computer` + + + +## Cause + +The system is missing the required Visual C++ Redistributable Packages that MongoDB depends on to run. + +## Resolution + +Update the Visual C++ Redistributable Packages on the system. + +1. Download the latest Visual C++ package from the [Microsoft Visual C++ Redistributable download page](https://www.microsoft.com/en-gb/download/details.aspx?id=48145). +2. Install the C++ package. No reboot is required. +3. Start the MongoDB service. diff --git a/docs/kb/changetracker/troubleshooting-and-errors/registry-key-permissions-error.md b/docs/kb/changetracker/troubleshooting-and-errors/registry-key-permissions-error.md new file mode 100644 index 0000000000..3839b2f64a --- /dev/null +++ b/docs/kb/changetracker/troubleshooting-and-errors/registry-key-permissions-error.md @@ -0,0 +1,57 @@ +--- +description: >- + Explains the RegistryTrackerDataCollector error that indicates the Netwrix + Change Tracker agent cannot access a registry key, why the error appears, + and how to troubleshoot or safely ignore it. +keywords: + - RegistryTrackerDataCollector + - registry key + - permissions + - Netwrix Change Tracker + - rolling log + - agent + - configuration template + - registry tracking + - key does not exist + - troubleshooting + - Windows registry + - HKEY_LOCAL_MACHINE +knowledge_article_id: +products: + - change-tracker +sidebar_label: Registry Key Permissions Error +tags: [kb, troubleshooting-and-errors] +title: >- + Rolling-Log Fix: "RegistryTrackerDataCollector - Check the Agent Process + Has the Required Permissions to Access the Registry Key" +--- + +This article explains the `RegistryTrackerDataCollector` error in the Netwrix Change Tracker agent Rolling Log and when it is safe to ignore. + +## Symptom + +The following error appears in the agent Rolling Log: + +```text +2017-10-02 09:14:38,759 [9] ERROR RegistryTrackerDataCollector - check the agent process has the required permissions to access the registry key. (HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ExampleService\Parameters, error: The specified registry key does not exist.) +``` + +## Explanation + +This error occurs when a configuration template in Netwrix Change Tracker is set to track a registry key and the agent cannot access the registry key because it does not exist or the agent does not have the required permissions. + +## Resolution + +### If the registry key does not exist on the device + +If you are receiving this error for a registry key that does not exist on the device, it is safe to ignore. If you are using one template to track multiple agents and some agents have the key while others do not, it is not a problem to let the template continue tracking this key. + +> **NOTE:** The only caution is the number of keys the template is looking for. If the template grows significantly, having a large volume of these errors may cause performance issues. However, in most cases, it is perfectly fine. + +### If the registry key should exist + +If you are positive the registry key exists but are still getting this error, check the following: + +1. **Check your configuration template.** Is it looking for the key in the correct location? +2. **Is this a registry key that is in different locations on different servers?** If so, define all of the potential locations in the template. +3. **Does the agent have the required permissions** to access the registry key? If not, adjust the permissions to allow access. From c05f48f3e0f5948e2e06710df413752773bf448d Mon Sep 17 00:00:00 2001 From: hilram7 <212961752+hilram7@users.noreply.github.com> Date: Wed, 1 Jul 2026 16:11:22 -0400 Subject: [PATCH 2/3] fix(kb): apply SME feedback to batch 2a Change Tracker articles - hubdetails-crypto-error: correct agent path (gen7agent.service to gen7agent.app.netcore), Windows service name (Netwrix ChangeTracker Gen7 Agent NetCore), Linux service name (nntgen7agentcore) - duplicate-events-in-syslogs: replace deprecated count() with countDocuments() for MongoDB 8.x compatibility - Retire mongo-service-not-starting-windows (both SMEs confirmed the VC++ Redistributable issue no longer occurs on supported OS) - Add knowledge_article_id to 5 articles --- .../duplicate-events-in-syslogs.md | 10 ++-- .../file-entry-not-found-error.md | 2 +- .../filehash-sha256-file-not-found-error.md | 2 +- .../hubdetails-crypto-error.md | 22 ++++----- .../mongo-service-not-starting-windows.md | 47 ------------------- .../registry-key-permissions-error.md | 2 +- 6 files changed, 19 insertions(+), 66 deletions(-) delete mode 100644 docs/kb/changetracker/troubleshooting-and-errors/mongo-service-not-starting-windows.md diff --git a/docs/kb/changetracker/troubleshooting-and-errors/duplicate-events-in-syslogs.md b/docs/kb/changetracker/troubleshooting-and-errors/duplicate-events-in-syslogs.md index 6b1d59ebc2..35890a420c 100644 --- a/docs/kb/changetracker/troubleshooting-and-errors/duplicate-events-in-syslogs.md +++ b/docs/kb/changetracker/troubleshooting-and-errors/duplicate-events-in-syslogs.md @@ -16,7 +16,7 @@ keywords: - IncomingEventQueue - BackgroundTaskQueue - troubleshooting -knowledge_article_id: +knowledge_article_id: ka0Qk0000001R2zIAE products: - change-tracker sidebar_label: Duplicate Events in Syslogs @@ -51,10 +51,10 @@ The pending notifications queue in the MongoDB database contains notifications f ```text use NNTHubService - db.IncomingEventQueue.count() - db.NotificationQueue.count() - db.PendingNotifications.count() - db.BackgroundTaskQueue.count() + db.IncomingEventQueue.countDocuments() + db.NotificationQueue.countDocuments() + db.PendingNotifications.countDocuments() + db.BackgroundTaskQueue.countDocuments() ``` 4. To clean up the queued notifications, run the following commands: diff --git a/docs/kb/changetracker/troubleshooting-and-errors/file-entry-not-found-error.md b/docs/kb/changetracker/troubleshooting-and-errors/file-entry-not-found-error.md index 1830472116..ce40dcd337 100644 --- a/docs/kb/changetracker/troubleshooting-and-errors/file-entry-not-found-error.md +++ b/docs/kb/changetracker/troubleshooting-and-errors/file-entry-not-found-error.md @@ -16,7 +16,7 @@ keywords: - troubleshooting - file entry - permissions -knowledge_article_id: +knowledge_article_id: ka04u000000Hd9NAAS products: - change-tracker sidebar_label: File Entry Not Found Error diff --git a/docs/kb/changetracker/troubleshooting-and-errors/filehash-sha256-file-not-found-error.md b/docs/kb/changetracker/troubleshooting-and-errors/filehash-sha256-file-not-found-error.md index aa292a26b0..949be92d64 100644 --- a/docs/kb/changetracker/troubleshooting-and-errors/filehash-sha256-file-not-found-error.md +++ b/docs/kb/changetracker/troubleshooting-and-errors/filehash-sha256-file-not-found-error.md @@ -16,7 +16,7 @@ keywords: - troubleshooting - error processing item - permissions -knowledge_article_id: +knowledge_article_id: ka04u000000Hd9mAAC products: - change-tracker sidebar_label: FileHash SHA256 File Not Found Error diff --git a/docs/kb/changetracker/troubleshooting-and-errors/hubdetails-crypto-error.md b/docs/kb/changetracker/troubleshooting-and-errors/hubdetails-crypto-error.md index 21e76d5993..1f4bb29279 100644 --- a/docs/kb/changetracker/troubleshooting-and-errors/hubdetails-crypto-error.md +++ b/docs/kb/changetracker/troubleshooting-and-errors/hubdetails-crypto-error.md @@ -16,7 +16,7 @@ keywords: - password encryption - hub connection - troubleshooting -knowledge_article_id: +knowledge_article_id: ka0Qk000000DlabIAC products: - change-tracker sidebar_label: HubDetails Crypto Error @@ -36,9 +36,9 @@ The following error appears in the agent Rolling Log, typically followed by addi 2019-01-04 07:02:35,644 [4] ERROR HubDetails - Crypto error. Has the agent process account changed since the password data was entered? System.Security.Cryptography.CryptographicException: Key not valid for use in specified state. -2019-01-04 07:02:35,675 [4] ERROR ConfigurationLoader - Hub details cannot be read successfully from: C:\ProgramData\NNT\gen7agent.service\HubDetails.xml. Error: Key not valid for use in specified state. -2019-01-04 07:02:35,675 [4] INFO Message - Application core shutting down due to error, please restart service: Hub details cannot be read successfully from: C:\ProgramData\NNT\gen7agent.service\HubDetails.xml. Error: Key not valid for use in specified state. -2019-01-04 07:02:35,691 [4] INFO Message - Application starting shutdown due to: FatalError - Hub details cannot be read successfully from: C:\ProgramData\NNT\gen7agent.service\HubDetails.xml. Error: Key not valid for use in specified state. +2019-01-04 07:02:35,675 [4] ERROR ConfigurationLoader - Hub details cannot be read successfully from: C:\ProgramData\NNT\gen7agent.app.netcore\HubDetails.xml. Error: Key not valid for use in specified state. +2019-01-04 07:02:35,675 [4] INFO Message - Application core shutting down due to error, please restart service: Hub details cannot be read successfully from: C:\ProgramData\NNT\gen7agent.app.netcore\HubDetails.xml. Error: Key not valid for use in specified state. +2019-01-04 07:02:35,691 [4] INFO Message - Application starting shutdown due to: FatalError - Hub details cannot be read successfully from: C:\ProgramData\NNT\gen7agent.app.netcore\HubDetails.xml. Error: Key not valid for use in specified state. ``` ## Cause @@ -51,17 +51,17 @@ The information in the `HubDetails.xml` file cannot be decrypted by the current If you are receiving this error, the agent is NOT reporting to your hub. This is a critical error and monitoring will not continue until it is resolved. -1. Stop the Netwrix Agent Service. +1. Stop the **Netwrix ChangeTracker Gen7 Agent NetCore** service. On Linux: ```bash - service nntgen7agent stop + service nntgen7agentcore stop ``` 2. Navigate to the agent service data folder: - - **Windows:** `C:\ProgramData\NNT\gen7agent.service` - - **Linux:** `/var/nnt/gen7agent.service/` + - **Windows:** `C:\ProgramData\NNT\gen7agent.app.netcore` + - **Linux:** `/var/nnt/gen7agent.app.netcore/` 3. Delete all files in this folder **except** for the `HubDetails.xml` file. @@ -81,14 +81,14 @@ If you are receiving this error, the agent is NOT reporting to your hub. This is - For more information about the `HubDetails.xml` file, refer to the [Agent HubDetails File](/docs/changetracker/8_2/install/agent/hubdetailsfile.htm) documentation. + For more information about the `HubDetails.xml` file, refer to the [Agent HubDetails File](/docs/changetracker/8.2/install/agent/hubdetailsfile) documentation. -8. Start the Netwrix Agent Service. +8. Start the **Netwrix ChangeTracker Gen7 Agent NetCore** service. On Linux: ```bash - service nntgen7agent start + service nntgen7agentcore start ``` 9. Check the Rolling Log to verify the agent was able to read the information and connect to the hub. diff --git a/docs/kb/changetracker/troubleshooting-and-errors/mongo-service-not-starting-windows.md b/docs/kb/changetracker/troubleshooting-and-errors/mongo-service-not-starting-windows.md deleted file mode 100644 index 27a842ca88..0000000000 --- a/docs/kb/changetracker/troubleshooting-and-errors/mongo-service-not-starting-windows.md +++ /dev/null @@ -1,47 +0,0 @@ ---- -description: >- - After installing Netwrix Change Tracker, the MongoDB service may fail to - start with a "Logon Failure" message. Updating the Visual C++ - Redistributable Packages on the system resolves the issue. -keywords: - - MongoDB - - Mongo service - - Visual C++ - - Redistributable - - Netwrix Change Tracker - - Windows service - - Logon Failure - - installation - - service not starting - - troubleshooting - - Windows - - could not start -knowledge_article_id: -products: - - change-tracker -sidebar_label: Mongo Service Not Starting on Windows -tags: [kb, troubleshooting-and-errors] -title: Mongo Service Not Starting on Windows Installation ---- - -This article explains how to resolve the MongoDB service failing to start after a fresh installation of Netwrix Change Tracker on Windows. - -## Symptom - -After installing Netwrix Change Tracker for the first time, you are able to reach the logon page but receive a "Logon Failure" message when attempting to access Netwrix Change Tracker. The MongoDB service is stopped, and attempting to start it produces the following error: - -`Windows could not start the MongoDB service on Local Computer` - - - -## Cause - -The system is missing the required Visual C++ Redistributable Packages that MongoDB depends on to run. - -## Resolution - -Update the Visual C++ Redistributable Packages on the system. - -1. Download the latest Visual C++ package from the [Microsoft Visual C++ Redistributable download page](https://www.microsoft.com/en-gb/download/details.aspx?id=48145). -2. Install the C++ package. No reboot is required. -3. Start the MongoDB service. diff --git a/docs/kb/changetracker/troubleshooting-and-errors/registry-key-permissions-error.md b/docs/kb/changetracker/troubleshooting-and-errors/registry-key-permissions-error.md index 3839b2f64a..eaff1e7c4f 100644 --- a/docs/kb/changetracker/troubleshooting-and-errors/registry-key-permissions-error.md +++ b/docs/kb/changetracker/troubleshooting-and-errors/registry-key-permissions-error.md @@ -16,7 +16,7 @@ keywords: - troubleshooting - Windows registry - HKEY_LOCAL_MACHINE -knowledge_article_id: +knowledge_article_id: ka04u000000Hd99AAC products: - change-tracker sidebar_label: Registry Key Permissions Error From eae542b473e6b3800b17aa76c8c34ed1bea6a9e3 Mon Sep 17 00:00:00 2001 From: hilram7 <212961752+hilram7@users.noreply.github.com> Date: Wed, 1 Jul 2026 20:21:20 -0400 Subject: [PATCH 3/3] fix(kb): apply pre-review polish to batch 2a articles --- .../agenttaskrunner-processtracker-error.md | 14 ++++---- ...iceconfigtask-wildcards-pathmatch-error.md | 16 ++++----- .../duplicate-events-in-syslogs.md | 2 +- .../file-entry-not-found-error.md | 14 ++++---- .../filehash-sha256-file-not-found-error.md | 14 ++++---- ...ub-offline-connection-retries-exhausted.md | 34 ++++++++++++------- .../hubdetails-crypto-error.md | 8 ++--- .../registry-key-permissions-error.md | 14 ++++---- 8 files changed, 62 insertions(+), 54 deletions(-) diff --git a/docs/kb/changetracker/troubleshooting-and-errors/agenttaskrunner-processtracker-error.md b/docs/kb/changetracker/troubleshooting-and-errors/agenttaskrunner-processtracker-error.md index 3c102cd33f..d7248ccfd7 100644 --- a/docs/kb/changetracker/troubleshooting-and-errors/agenttaskrunner-processtracker-error.md +++ b/docs/kb/changetracker/troubleshooting-and-errors/agenttaskrunner-processtracker-error.md @@ -2,7 +2,7 @@ description: >- This article explains how to resolve the "AgentTaskRunner - task execution failed for task 11 - TrackerPollTask-Baseline-processtracker-88" error in - the Rolling Log by adjusting the configuration template in Netwrix Change + the Rolling Log by adjusting the policy template in Netwrix Change Tracker. keywords: - rolling log @@ -10,14 +10,14 @@ keywords: - TrackerPollTask - processtracker - Netwrix Change Tracker - - configuration template + - policy template - process tracker - agent error - task execution failed - data collector - baseline - troubleshooting -knowledge_article_id: +knowledge_article_id: ka04u000000Hd9iAAC products: - change-tracker sidebar_label: AgentTaskRunner ProcessTracker Error @@ -48,14 +48,14 @@ NNT.Agent.Tracking.TrackerException: no data collector registered for: processtr ## Cause -This error occurs because the process tracker in Netwrix Change Tracker is enabled in the configuration template, but no specific processes are configured for tracking. The agent cannot execute the tracker poll task without at least one process defined. +This error occurs because the process tracker in Netwrix Change Tracker is enabled in the policy template, but no specific processes are configured for tracking. The agent cannot execute the tracker poll task without at least one process defined. ## Resolution -Edit the configuration template assigned to the affected device and either add processes to track or disable the process tracker. +Edit the policy template assigned to the affected device and either add processes to track or disable the process tracker. -1. Log into Netwrix Change Tracker and navigate to **Devices** > select the device experiencing the error > select the configuration template that is causing the issue. -2. Either uncheck the **"Track processes and services in this template"** box, or add at least one service to be tracked. +1. Log into Netwrix Change Tracker and navigate to **Devices** > select the device experiencing the error > select the policy template that is causing the issue. +2. Either uncheck the **Track processes and services in this template** box, or add at least one service to be tracked. diff --git a/docs/kb/changetracker/troubleshooting-and-errors/deviceconfigtask-wildcards-pathmatch-error.md b/docs/kb/changetracker/troubleshooting-and-errors/deviceconfigtask-wildcards-pathmatch-error.md index 8e9d5caadc..747261a1e9 100644 --- a/docs/kb/changetracker/troubleshooting-and-errors/deviceconfigtask-wildcards-pathmatch-error.md +++ b/docs/kb/changetracker/troubleshooting-and-errors/deviceconfigtask-wildcards-pathmatch-error.md @@ -1,7 +1,7 @@ --- description: >- Explains the cause and resolution for a Rolling-Log error where - AgentTaskRunner fails due to a mismatched path-match type in a configuration + AgentTaskRunner fails due to a mismatched path-match type in a policy template in Netwrix Change Tracker. keywords: - AgentTaskRunner @@ -10,13 +10,13 @@ keywords: - path match - wildcards - regex - - configuration template + - policy template - rolling log - Netwrix Change Tracker - agent error - custom path match - troubleshooting -knowledge_article_id: +knowledge_article_id: ka0Qk000000DmYHIA0 products: - change-tracker sidebar_label: DeviceConfigTask Wildcards PathMatch Error @@ -26,7 +26,7 @@ title: >- DeviceConfigTask. Item Wildcards Match Text Must Not Contain Separator" --- -This article explains how to resolve a Rolling-Log error caused by a misconfigured custom path-match definition in a Netwrix Change Tracker configuration template. +This article explains how to resolve a Rolling-Log error caused by a misconfigured custom path-match definition in a Netwrix Change Tracker policy template. ## Symptom @@ -45,16 +45,16 @@ NNT.Agent.Utils.ContainerItemMatch+ContainerItemMatchException: item wildcards m ## Cause -The agent cannot process an item within the advanced custom path-match definition because the match type is set to **Wildcards** but the match pattern contains regex syntax (or vice versa). For example, a path-match definition may contain regex code but the match type is set to **Wildcards** instead of **Regex**. +The agent cannot process an item within the advanced custom path-match definition because the match type is set to **Wildcards** but the match pattern contains regex syntax (or vice versa). ## Resolution -If you are receiving this error, the agent is potentially NOT reporting to your hub. This is a critical error and monitoring will not continue until it is resolved. +If you are receiving this error, the agent may not be reporting to your hub. This is a critical error and monitoring will not continue until it is resolved. 1. Log into the **Netwrix Change Tracker console**. -2. Locate the agent presenting this error and go into each of the configuration templates assigned to that agent. Inspect the custom path matches for misconfiguration. +2. Locate the agent presenting this error and go into each of the policy templates assigned to that agent. Inspect the custom path matches for misconfiguration. 3. Once you have identified the problem template, modify or remove the custom path-match definition that is causing the issue. For example, change the match type from **Wildcards** to **Regex** if the pattern contains regex syntax. -4. Save the configuration template. +4. Save the policy template. 5. Check the agent to confirm it has received the new configuration. diff --git a/docs/kb/changetracker/troubleshooting-and-errors/duplicate-events-in-syslogs.md b/docs/kb/changetracker/troubleshooting-and-errors/duplicate-events-in-syslogs.md index 35890a420c..0e5cf3f176 100644 --- a/docs/kb/changetracker/troubleshooting-and-errors/duplicate-events-in-syslogs.md +++ b/docs/kb/changetracker/troubleshooting-and-errors/duplicate-events-in-syslogs.md @@ -37,7 +37,7 @@ The pending notifications queue in the MongoDB database contains notifications f ## Resolution -1. Install MongoDB Shell — download the MongoDB Shell `.zip` and place the contents into `C:\Program Files\NNT Change Tracker Suite\Gen7\MongoDB\bin`. Download MongoDB Shell from the [MongoDB Shell download page](https://www.mongodb.com/try/download/shell). +1. Download the MongoDB Shell `.zip` from the [MongoDB Shell download page](https://www.mongodb.com/try/download/shell) and place the contents into `C:\Program Files\NNT Change Tracker Suite\Gen7\MongoDB\bin`. 2. Once copied, run the `mongosh.exe` application to connect to your MongoDB database. Run the following command: diff --git a/docs/kb/changetracker/troubleshooting-and-errors/file-entry-not-found-error.md b/docs/kb/changetracker/troubleshooting-and-errors/file-entry-not-found-error.md index ce40dcd337..dd789c72eb 100644 --- a/docs/kb/changetracker/troubleshooting-and-errors/file-entry-not-found-error.md +++ b/docs/kb/changetracker/troubleshooting-and-errors/file-entry-not-found-error.md @@ -10,7 +10,7 @@ keywords: - file not found - Netwrix Change Tracker - agent - - configuration template + - policy template - content tracking - yum.conf - troubleshooting @@ -36,9 +36,9 @@ The following error appears in the agent Rolling Log: 2017-10-02 07:42:42,082 [5] ERROR FileContentTrackerDataCollectorLocal - couldn't locate File entry for /etc/yum.conf ``` -## Explanation +## Cause -This error occurs when a configuration template in Netwrix Change Tracker is set to track file contents for a specific file, but the agent cannot locate that file on the monitored device. +This error occurs when a policy template in Netwrix Change Tracker is set to track file contents for a specific file, but the agent cannot locate that file on the monitored device. ## Resolution @@ -50,8 +50,8 @@ If you are receiving this error for a file that does not exist on the device, it ### If the file should exist -If you are positive the file exists but are still getting this error, check the following: +If the file exists but the error still appears, verify the following: -1. **Check your configuration template.** Is it looking for the file in the same location where the file is stored? -2. **Is this a file that is in different locations on different servers?** If so, define all of the potential locations in the template. -3. **Does this file have special permissions** that do not allow it to be read by the agent? If so, adjust the file permissions, or adjust the privileges of the account the agent uses. +1. Verify the policy template is looking for the file in the correct location. +2. If the file is stored in different locations on different servers, define all potential locations in the template. +3. Check whether the file has special permissions that prevent the agent from reading it. If so, adjust the file permissions or the privileges of the account the agent uses. diff --git a/docs/kb/changetracker/troubleshooting-and-errors/filehash-sha256-file-not-found-error.md b/docs/kb/changetracker/troubleshooting-and-errors/filehash-sha256-file-not-found-error.md index 949be92d64..e877e9e162 100644 --- a/docs/kb/changetracker/troubleshooting-and-errors/filehash-sha256-file-not-found-error.md +++ b/docs/kb/changetracker/troubleshooting-and-errors/filehash-sha256-file-not-found-error.md @@ -11,7 +11,7 @@ keywords: - rolling log - Netwrix Change Tracker - agent - - configuration template + - policy template - file tracking - troubleshooting - error processing item @@ -36,9 +36,9 @@ The following error appears in the agent Rolling Log: 2017-10-11 08:11:18,385 [4] ERROR ItemStoragePipeline - Error processing item, couldn't collect filehashsha256 for file: /etc/rc6.d/K05dsmcad Error: Failed to collect data for attribute (Could not find file "/etc/rc6.d/K05dsmcad") ``` -## Explanation +## Cause -This error occurs when a configuration template in Netwrix Change Tracker is set to track a file and the agent cannot compute the SHA256 hash because the file is not found on the monitored device. +This error occurs when a policy template in Netwrix Change Tracker is set to track a file and the agent cannot compute the SHA256 hash because the file is not found on the monitored device. ## Resolution @@ -50,8 +50,8 @@ If you are receiving this error for a file that does not exist on the device, it ### If the file should exist -If you are positive the file exists but are still getting this error, check the following: +If the file exists but the error still appears, verify the following: -1. **Check your configuration template.** Is it looking for the file in the same location where the file is stored? -2. **Is this a file that is in different locations on different servers?** If so, define all of the potential locations in the template. -3. **Does this file have special permissions** that do not allow it to be read by the agent? If so, adjust the file permissions, or adjust the privileges of the account the agent uses. +1. Verify the policy template is looking for the file in the correct location. +2. If the file is stored in different locations on different servers, define all potential locations in the template. +3. Check whether the file has special permissions that prevent the agent from reading it. If so, adjust the file permissions or the privileges of the account the agent uses. diff --git a/docs/kb/changetracker/troubleshooting-and-errors/hub-offline-connection-retries-exhausted.md b/docs/kb/changetracker/troubleshooting-and-errors/hub-offline-connection-retries-exhausted.md index 2fcf3c0039..ed9f3b7973 100644 --- a/docs/kb/changetracker/troubleshooting-and-errors/hub-offline-connection-retries-exhausted.md +++ b/docs/kb/changetracker/troubleshooting-and-errors/hub-offline-connection-retries-exhausted.md @@ -16,7 +16,7 @@ keywords: - Netwrix Change Tracker - remote server - troubleshooting -knowledge_article_id: +knowledge_article_id: ka0Qk000000DldpIAC products: - change-tracker sidebar_label: Hub Offline Connection Retries Exhausted @@ -40,19 +40,27 @@ The following error appears in the agent Rolling Log: This error occurs when the agent cannot reach the Netwrix Server. Common causes include: -1. The Netwrix Server may be powered off, IIS is not running, or MongoDB is not running. -2. The Netwrix Server may not be on the domain, does not have a network connection, or is in the wrong subnet. -3. The port the agent is using is currently being used by another application, causing a conflict. -4. A firewall is blocking the connection to the Netwrix Server over the specified port. -5. Network routes are not configured to allow communication between the Netwrix Server and the agent. -6. If the agent was configured using a Fully Qualified Domain Name instead of an IP address, the issue could be DNS-related. -7. If the agent is on a WAN or a different LAN, port forwarding may need to be configured. -8. If the agent is on a WAN or a different LAN, NAT settings may need to be modified to allow communication. -9. If the agent is on a WAN or a different LAN, proxy settings may need to be modified if a web or other proxy is in use. -10. If the agent is on a cloud provider network, the cloud provider's traffic rules may need to be modified to allow communication. +- The Netwrix Server may be powered off, IIS is not running, or MongoDB is not running. +- The Netwrix Server may not be on the domain, does not have a network connection, or is in the wrong subnet. +- The port the agent is using is currently being used by another application, causing a conflict. +- A firewall is blocking the connection to the Netwrix Server over the specified port. +- Network routes are not configured to allow communication between the Netwrix Server and the agent. +- If the agent was configured using an FQDN instead of an IP address, the issue could be DNS-related. +- If the agent is on a cloud provider network, the cloud provider's traffic rules may need to be modified to allow communication. +- If the agent is on a WAN or a different LAN: + - Port forwarding may need to be configured. + - NAT settings may need to be modified to allow communication. + - Proxy settings may need to be modified if a web or other proxy is in use. ## Resolution -If you are receiving this error, the agent is currently not sending any logs to the Netwrix Server. Review the causes listed above and verify that each item is functioning properly. +If you are receiving this error, the agent is currently not sending any logs to the Netwrix Server. Verify the following common causes: + +- **Confirm the Netwrix Server is running.** Verify that IIS and MongoDB services are running on the Netwrix Change Tracker Hub server. +- **Test connectivity from the agent host.** From the agent, attempt to reach the Hub URL (for example, using `ping`, `curl`, or `Test-NetConnection`). If the Hub URL uses an FQDN, confirm the agent can resolve it via DNS. +- **Verify firewall and port configuration.** Confirm the port defined in the agent's `HubDetails.xml` (typically 443) is open between the agent and the Netwrix Server. See [Network Ports for Change Tracker](/docs/kb/changetracker/configuration-and-setup/network-ports-for-change-tracker) or the [Agent and Device Ports](/docs/changetracker/8_2/requirements/agentdeviceports) product doc. + +After correcting the underlying issue, restart the agent service to force a reconnection. + + -> **NOTE:** In most cases, resolving the underlying connectivity issue will fix this error. If the issue persists after the root cause is addressed, restart the agent service. diff --git a/docs/kb/changetracker/troubleshooting-and-errors/hubdetails-crypto-error.md b/docs/kb/changetracker/troubleshooting-and-errors/hubdetails-crypto-error.md index 1f4bb29279..10434d2073 100644 --- a/docs/kb/changetracker/troubleshooting-and-errors/hubdetails-crypto-error.md +++ b/docs/kb/changetracker/troubleshooting-and-errors/hubdetails-crypto-error.md @@ -49,7 +49,7 @@ The information in the `HubDetails.xml` file cannot be decrypted by the current ## Resolution -If you are receiving this error, the agent is NOT reporting to your hub. This is a critical error and monitoring will not continue until it is resolved. +If you are receiving this error, the agent is not reporting to your hub. This is a critical error and monitoring will not continue until it is resolved. 1. Stop the **Netwrix ChangeTracker Gen7 Agent NetCore** service. @@ -67,7 +67,7 @@ If you are receiving this error, the agent is NOT reporting to your hub. This is 4. Edit the `HubDetails.xml` file using a text editor such as Notepad (Windows) or Nano (Linux). -5. Inside the `HubDetails.xml` file, remove the entire line containing data within the `` tags. +5. Remove the entire line containing the `` tags. @@ -81,7 +81,7 @@ If you are receiving this error, the agent is NOT reporting to your hub. This is - For more information about the `HubDetails.xml` file, refer to the [Agent HubDetails File](/docs/changetracker/8.2/install/agent/hubdetailsfile) documentation. + For more information about the `HubDetails.xml` file, refer to the [Agent HubDetails File](/docs/changetracker/8_2/install/agent/hubdetailsfile) documentation. 8. Start the **Netwrix ChangeTracker Gen7 Agent NetCore** service. @@ -95,6 +95,6 @@ If you are receiving this error, the agent is NOT reporting to your hub. This is -10. You may also confirm that the device is registered via the Netwrix Change Tracker web console. +10. You can also confirm that the device is registered via the Netwrix Change Tracker web console. diff --git a/docs/kb/changetracker/troubleshooting-and-errors/registry-key-permissions-error.md b/docs/kb/changetracker/troubleshooting-and-errors/registry-key-permissions-error.md index eaff1e7c4f..d0d79fc7d7 100644 --- a/docs/kb/changetracker/troubleshooting-and-errors/registry-key-permissions-error.md +++ b/docs/kb/changetracker/troubleshooting-and-errors/registry-key-permissions-error.md @@ -10,7 +10,7 @@ keywords: - Netwrix Change Tracker - rolling log - agent - - configuration template + - policy template - registry tracking - key does not exist - troubleshooting @@ -36,9 +36,9 @@ The following error appears in the agent Rolling Log: 2017-10-02 09:14:38,759 [9] ERROR RegistryTrackerDataCollector - check the agent process has the required permissions to access the registry key. (HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ExampleService\Parameters, error: The specified registry key does not exist.) ``` -## Explanation +## Cause -This error occurs when a configuration template in Netwrix Change Tracker is set to track a registry key and the agent cannot access the registry key because it does not exist or the agent does not have the required permissions. +This error occurs when a policy template in Netwrix Change Tracker is set to track a registry key and the agent cannot access the registry key because it does not exist or the agent does not have the required permissions. ## Resolution @@ -50,8 +50,8 @@ If you are receiving this error for a registry key that does not exist on the de ### If the registry key should exist -If you are positive the registry key exists but are still getting this error, check the following: +If the registry key exists but the error still appears, verify the following: -1. **Check your configuration template.** Is it looking for the key in the correct location? -2. **Is this a registry key that is in different locations on different servers?** If so, define all of the potential locations in the template. -3. **Does the agent have the required permissions** to access the registry key? If not, adjust the permissions to allow access. +1. Verify the policy template is looking for the key in the correct location. +2. If the key is stored in different locations on different servers, define all potential locations in the template. +3. Check whether the agent has the required permissions to access the registry key. If not, adjust the permissions to allow access.