Issue: Change Guardian Agent for Windows installation fails displaying the following error message in failed task logs:
Protocol negotiation failed...
The error might occur due to the following reasons:
SMB1 protocol is disabled on Change Guardian Agent for Windows.
Change Guardian server is installed on a Linux version that does not support SMB Version 2 (such as SLES 11.x or RHEL 6.x that has kernel version 2.6.x or lower), but only supports SMB Version 1. (Bug 1155405)
Workaround: Upgrade the operating system, on which Change Guardian server is running, to a version that supports SMB Version 2.
Alternatively, you can manually install the latest version of Change Guardian Agent for Windows. For more information, see Installing Change Guardian Agent for Windows.
Issue: Change Guardian Agent for Windows installation using Agent Manager fails and displays the following error in the failed task logs:
protocol negotiation failed...
This error might occur due to following reasons:
SMB1 protocol is disabled on Change Guardian Agent for Windows.
Change Guardian server is installed on SLES 11 SP4 or RHEL 6.7 platforms which supports SMBv1 only.
Workaround: Install Change Guardian Agent for Windows manually. For more information see Manual Installation.
You can use Agent Manger to collect logs from Change Guardian Agent for Windows. For more information, see Collecting Agent Logs.
Issue: You have a requirement to roll back to an older version of the agent package, but Agent Manager does not allow you to change the agent package version. (Bug 1155538)
Workaround: You can enable a new package, and disable the previous package by using the following file: /opt/netiq/ams/ams/repository/packageActiveStatus.new.example.
The following table gives you information about how to resolve the agent issues reported in the agent health dashboard:
Issue as shown the Dashboard |
Error Code |
Workaround |
---|---|---|
Driver initialization failure |
Change Guardian Agent for Windows: 00002053 Group Policy: 00001546 AD: 00000778 |
Check if the driver is loaded in the registry |
Driver Configuration failure |
Change Guardian Agent for Windows: 00002052 Group Policy: 00001546 AD: 00000778 |
Check if the driver registry key is set for the specific policy |
General Error setting up monitoring policy |
Change Guardian Agent for Windows: 00002053 |
Check if the policy is loaded in the registry |
Unable to write to baseline |
Change Guardian Agent for Windows: 00002053 |
Check if the system has read and write permissions in the following folder: C:\Program Files (x86)\NetIQ\ChangeGuardianAgent\data\CGW_Repository |
Missing auditing for 'User Account Management', unable to monitor policy |
AD: 00000774 |
Check if AD auditing is configured |
Missing auditing for 'Computer Account Management', unable to monitor policy |
AD: 00000774 |
Check if AD auditing is configured |
Missing auditing for 'Distribution Group Management', unable to monitor policy |
AD: 00000774 |
Check if AD auditing is configured |
Missing auditing for 'Security Group Management', unable to monitor policy |
AD: 00000774 |
Check if AD auditing is configured |
Missing auditing for 'Authorization Policy Change', unable to monitor policy |
AD: 00000774 |
Check if AD auditing is configured |
Missing auditing for 'Authentication Policy Change', unable to monitor policy |
AD: 00000774 |
Check if AD auditing is configured |
Missing auditing for 'Directory Service Changes', unable to monitor policy |
AD: 00000774 Group Policy: 00001542 |
Check if AD auditing is configured |
Missing auditing for 'Directory Service Access', unable to monitor policy |
AD: 00000774 Group Policy: 00001542 |
Check if AD auditing is configured for both AD and Group Policy |
Missing failure auditing for 'User Login Monitoring', unable to monitor logon failure policy |
AD: 00000774 |
Check if AD auditing is configured |
Missing success auditing for 'User Login Monitoring', unable to monitor logon success policy |
AD: 00000774 |
Check if AD auditing is configured |
Missing failure auditing for 'User Logoff Monitoring', unable to monitor logoff failure policy |
AD: 00000774 |
Check if AD auditing is configured |
Missing success auditing for 'User Logoff Monitoring', unable to monitor logoff success policy |
AD: 00000774 |
Check if AD auditing is configured |
Failed to read Active Directory object <directory_path>, unable to monitor policy |
AD: 00000779 Group Policy: 00001547 |
Check if AD auditing is configured |
Missing auditing flags <\flag_value> in ACE SACL for <directory_path>, unable to monitor policy |
AD: 00000776 Group Policy:00001544 |
Check if AD auditing is configured |
Required provider IQCGW missing |
Change Guardian Agent for Windows: ELQ0006 |
Check if the registry key of the provider includes the value IQCGW |
Required provider IQCG missing |
Change Guardian Agent for Windows: ELQ0006 |
Check if the system is a domain controller and check if the registry key of the provider includes the value IQCG |
Required provider CGADProvider is missing |
AD: ELQ0006 |
Check if the system is a domain controller and check if the registry key of the provider includes the value CGADProvider |
Required provider CGSmartProvider is missing |
Change Guardian Event Collector Addon for Windows: ELQ0006 |
Check if Change Guardian Event Collector Addon for Windows Agent is enabled in Agent Manager before installing Change Guardian Agent for Windows |
Required provider CGAzureADProvider is missing |
Azure AD: ELQ0006 |
Check if Azure AD monitoring is enabled in Agent Manager before installing Change Guardian Agent for Windows |
Required provider UDetect is missing |
NetApp: ELQ0006 |
Check if the system is a domain controller and check if the registry key of the provider includes the value UDetect |
Required provider IQCDetect is missing |
UNIX: ELQ0006 |
Check if the system is a domain controller and check if the registry key of the provider includes the value IQCDetect |