The following information is specific to troubleshooting issues and errors that occur on an endpoint with Windows installed.
Windows Installer References
Because we are using a windows MSI, users will see these error codes on their endpoints and on their Secure Endpoint Console Events page for Orbital Install Failed events and the best course of action for customers when troubleshooting installer problems is to go to the endpoint and look at the MSI logs and the Event Viewer.
- MsiExec.exe and InstMsi.exe Error Messages - Error codes that are returned by the Windows Installer functions MsiExec.exe and InstMsi.exe.
Orbital Installation Failed
- Orbital Installation Failure events are listed on the Secure Endpoint Console Events page with a specific error code/message.
Things to Check
Check the detailed install logs on your endpoint.
The detailed install logs show that installation failed because the service didn’t start.
Windows Event Viewer - Orbital logs show us that the business_guid is missing from the registry (the ultimate cause of orbital installation failure).
Powershell Events Not Enabled by Default
Windows Event Log Powershell Events is not enabled by default, and so any query against the table
powershell_events will not return data until this is enabled.
Various tools exist to help gather more information and help troubleshoot customer issues with Orbital, which are described in this section.
The first thing you should do in the event of an error or warning is to check the logs.
Secure Endpoint Diagnostics
The following items inside a remote Diagnostics bundle from the Secure Endpoint Console can help troubleshoot Orbital:
List of installed/running Windows services (service name:
Windows Application Event Log which includes Orbital application logging (log event source:
local Secure Endpoint policy.xml which should contain Orbital configuration nodes, e.g.:
<orbital> <enable>1</enable> <server>ncp.orbital.amp.cisco.com:443</server> <updater> <protocol>https</protocol> <server>orbital.amp.cisco.com</server> <path>/static/update.xml</path> <interval>3600</interval> <smallinterval>300</smallinterval> <signer>Cisco Systems, Inc.</signer> </updater> </orbital>
Orbital Windows MSI installer/uninstaller logs are available at
Secure Endpoint Connector Logs
Failure to download/install/update Orbital, e.g.:
(316078, +0 ms) Oct 09 11:19:06 : ERROR: OrbitalInstallerDownloader::DownloadAndVerifyInstaller: Could not download C:\Program Files\Cisco\AMP\tmp\orbital.exe
(316078, +0 ms) Oct 09 11:19:06 : OrbitalUpdateEngine::AttemptUpdateOrbital: Orbital download or verification failed: 2148270088
IP Connectivity Tool
Secure Endpoint has an endpoint-bundled connectivity diagnostic tool called ConnectivityTool.exe that customers can run to see if the endpoint is capable of reaching every backend URL required. They recently included some Orbital URLs to test in this tool as well. If the Secure Endpoint customer has a proxy configured in their Secure Endpoint policy, the tool will honor these settings and attempt to connect to the URL via the proxy. However, when the tool reports success, it is a bit misleading because the Orbital node won’t honor the same proxy settings.
- IP Connectivity Tool will test Orbital backend URLs for connectivity
Return to Table of Contents