Windows Troubleshooting

Windows Installer References

Since we use Windows MSI, users will see these error codes on their devices and Secure Endpoint Console Events page for Orbital Install Failed events. To troubleshoot installer problems, go to the device and check the MSI logs and the Event Viewer.

• MsiExec.exe and InstMsi.exe Error Messages - Error codes that are returned by the Windows Installer functions MsiExec.exe and InstMsi.exe.

Orbital Installation Failed

Symptoms

• Orbital Installation Failure events are listed on the Secure Endpoint Console Events page with a specific error code/message.

Things to Check

• Check the detailed install logs on your device.

• The detailed install logs show that installation failed because the service didn't start.

• Windows Event Viewer - Orbital logs show that the business_guid is missing from the registry (the ultimate cause of Orbital installation failure).

Powershell Events Not Enabled by Default

• Windows Event Log Powershell Events is not enabled by default. Any query against the table powershell_events will not return data until it is enabled.

Troubleshooting Tools

Various tools exist to help gather more information and troubleshoot customer issues with Orbital.

Logs

If an error or warning occurs, check the logs first.

Secure Endpoint Diagnostics

These items in a remote Diagnostics bundle from the Secure Endpoint Console can help troubleshoot Orbital:

• List of installed/running Windows services (service name: Orbital).

• Windows Application Event Log which includes Orbital application logging (log event source: Orbital).

• Local Secure Endpoint policy.xml which should contain Orbital configuration nodes, e.g.:

<orbital>

<enable>1</enable>

<server>ncp.orbital.amp.cisco.com:443</server>

<updater>

<protocol>https</protocol>

<server>orbital.amp.cisco.com</server>

<path>/static/update.xml</path>

<interval>3600</interval>

<smallinterval>300</smallinterval>

<signer>Cisco Systems, Inc.</signer>

</updater>

</orbital>

• Orbital Windows MSI installer/uninstaller logs are available at C:\ProgramData\Cisco\AMP\orbital_install.log and orbital_uninstall.log.

• Secure Endpoint Connector Logs.

• Failure to download, install, or update Orbital, e.g.:

(316078, +0 ms) Oct 09 11:19:06 [1408]: ERROR: OrbitalInstallerDownloader::DownloadAndVerifyInstaller: Could not download C:\Program Files\Cisco\AMP\tmp\orbital.exe

(316078, +0 ms) Oct 09 11:19:06 [1408]: OrbitalUpdateEngine::AttemptUpdateOrbital: Orbital download or verification failed: 2148270088

IP Connectivity Tool

Secure Endpoint has a connectivity diagnostic tool called ConnectivityTool.exe that customers can run to see if the device can reach required backend URL. If the Secure Endpoint customer has a proxy configured in their Secure Endpoint policy, the tool will use these settings and try to connect to the URL via the proxy. However, when the tool reports success, it can be misleading because the Orbital node will not use the same proxy settings.

• IP Connectivity Tool will test Orbital backend URLs for connectivity.

 

More Info

• Orbital Troubleshooting

• Alerts, Errors, and Warnings