Gateway problems
If you have gateway problems, check the deployed gateway files for TADDM. Gateway files are deployed to the %SystemRoot%\temp\taddm.nnnn directory, where nnnn is a string that identifies the TADDM gateway directory (an example is taddm.dsfewf).
PowerShell session fails when a Windows gateway with Cygwin SSH Server is used
- Problem
- PowerShell session fails when a Windows gateway with Cygwin SSH Server is used. Session sensor
fails with the following
message:
CTJTP1163E The following sessions cannot be established: (…) Failed to create PowerShell session: [10.23.45.7] Connecting to remote server failed with the following error message : WinRM cannot process the request. The following error occured while using Negotiate authentication: A specified logon session does not exist. It may already have been terminated (…)
- Solution
- Some of the Cygwin SSH servers handle the SSH session reuse incorrectly. As a result, remote SSH
commands are run with permissions that are different than the required ones. To solve this problem,
complete one of the following steps:
- Append the Cygwin SSH version to the
com.collation.SshSessionReuseSuppressList
property in the collation.properties file. To determine which version of Cygwin SSH you have, open the SessionSensor log file of the server that causes the discovery to fail, and look for the line that containsgetSshVersion
. For example:
In this case, the Cygwin SSH version isSessionSensor-10.23.45.7-[135,389,443,445,636,5985]INFO session.Ssh2SessionClient - getSshVersion: from transport_, version is SSH- 2.0-OpenSSH_6.7.8
SSH-2.0-OpenSSH_6.7.8
. - Modify Cygwin SSH Server configuration so that the server is run by the same user that is used for the discovery.
- Modify the TADDM access list so that during discoveries the same user is used as when running Cygwin SSH Server.
- Append the Cygwin SSH version to the
Discovery fails when running a gateway on Windows Server 2012
Note: The following problem is not applicable to TADDM 7.3.0.2, or later.
- Problem
- Discovery fails when running a gatewayr on Windows Server 2012.
- Solution
- To run a gateway on Windows Server 2012, you must install Microsoft .NET Framework 3.5. The default version is 4.5. For more information about installing Microsoft .NET Framework 3.5, see http://technet.microsoft.com/en-us/library/hh831809.aspx#BKMK_FoD.
Session sensor ends with an error that the server cannot find a gateway for the target computer system
- Problem
- The session sensor ends with an error that the server cannot find a working gateway for a target computer system.
- Solution
- There are two possible causes for this problem:
- The gateway is not defined in the Discovery Management Console, the access list does not have the correct access list credentials or both. Ensure that the gateway is defined and the correct access list credentials are used.
- Add the following entry to the collation.properties,
when you are using both an anchor and a gateway on the same system:
com.collation.platform.session.GatewayForceSsh=true
This entry specifies whether to force the gateway to act independently of the anchor. When the value is set to true, an SSH session is used to transfer traffic between the gateway and anchor rather than a local session.
When discovering multiple Windows servers, A Working
gateway cannot be found
error is displayed
- Problem
- When discovering a group of 10 or more Windows targets, some discoveries
might end with the following error:
In addition, you might see an error like the following in the sensor log when using Cygwin:A Working gateway cannot be found
SSH2EOFException: Server closed connection before sending identification
- Solution
- This problem might occur because Cygwin and Bitvise WinSSHD are
configured out of the box to limit simultaneous connections using
SSH. On a fast gateway and TADDM server, the SSH connections might
exceed the out-of-the-box values configured for connections. It might
help to configure some of the following properties, depending on your
environment:
- For Bitvise WinSSHD, decrease the
Accept delay
value to 1 and theLogin attempt delay
value to 0. - For Cygwin, change the
MaxStartups
value to at least 30. You might need to increase theMaxSessions
value also.
- For Bitvise WinSSHD, decrease the