Having trouble with your upgrade? Here are some solutions to common issues.
Scheduler Not Running
Windows:
To test Windows Scheduler, run this command:
Get-ScheduledTask -taskname SUPERVISOR_TASKS
Output Examples:
Task is enabled. This is a good state.
C:\Users\Administrator> Get-ScheduledTask -taskname SUPERVISOR_TASKS TaskPath TaskName State -------- -------- ----- \Armor Defense\ SUPERVISOR_TASKS Ready
Task is disabled. This is a bad state.
C:\Users\Administrator> Get-ScheduledTask -taskname SUPERVISOR_TASKS TaskPath TaskName State -------- -------- ----- \Armor Defense\ SUPERVISOR_TASKS Disabled
Task is missing. This is also a bad state.
C:\Users\Administrator> Get-ScheduledTask -taskname SUPERVISOR_TASKS Get-ScheduledTask : No MSFT_ScheduledTask objects found with property 'TaskName' equal to 'SUPERVISOR_TASKS'. Verify the value of the property and retry. At line:1 char:1 + Get-ScheduledTask -taskname SUPERVISOR_TASKS + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : ObjectNotFound: (SUPERVISOR_TASKS:String) [Get-ScheduledTask], CimJobException + FullyQualifiedErrorId : CmdletizationQuery_NotFound_TaskName,Get-ScheduledTask
For bad states. Run this script.
$start = "00:{0}" -f [datetime]::Now.AddMinutes((3 + 15)).Minute.ToString("00"); $interval = 15; $schedule = "MINUTE"; $user = "NT AUTHORITY\SYSTEM"; $taskName = "\Armor Defense\SUPERVISOR_TASKS"; $taskRun = "c:\.armor\opt\armor-supervisor.exe get-tasks"; $arguments = "/create /f /sc `"${schedule}`" /tn `"${taskName}`" /tr `"${taskRun}`" /np /st `"${start}`" /mo `"$interval`" /k /ru `"${user}`""; Start-Process -FilePath "schtasks.exe" -ArgumentList $arguments
Example:
C:\Users\Administrator> $start = "00:{0}" -f [datetime]::Now.AddMinutes((3 + 15)).Minute.ToString("00"); C:\Users\Administrator> $interval = 15; C:\Users\Administrator> $schedule = "MINUTE"; C:\Users\Administrator> $user = "NT AUTHORITY\SYSTEM"; C:\Users\Administrator> $taskName = "\Armor Defense\SUPERVISOR_TASKS"; C:\Users\Administrator> $taskRun = "c:\.armor\opt\armor-supervisor.exe get-tasks"; C:\Users\Administrator> $arguments = "/create /f /sc `"${schedule}`" /tn `"${taskName}`" /tr `"${taskRun}`" /np /st `"${start}`" /mo `"$interval`" /k /ru `"${user}`""; C:\Users\Administrator> Start-Process -FilePath "schtasks.exe" -ArgumentList $arguments C:\Users\Administrator> Get-ScheduledTask -taskname SUPERVISOR_TASKS TaskPath TaskName State -------- -------- ----- \Armor Defense\ SUPERVISOR_TASKS Ready
Linux:
Verify job exists in /etc/cron.d/armor-job-SUPERVISOR_TASKS
If not, run this script:
SEED=$(( $RANDOM % 14 )) CRON_EXPRESSION="${SEED},$((${SEED} + 15)),$((${SEED} + 30)),$((${SEED} + 45))" CRON_FILE=/etc/cron.d/armor-job-SUPERVISOR_TASKS echo -e "${CRON_EXPRESSION} * * * *\troot\t/opt/armor/armor-supervisor get-tasks" > ${CRON_FILE}
Output Examples:
Task is enabled. This is a good state.
[root@myhost ~]# cat /etc/cron.d/armor-job-SUPERVISOR_TASKS 0,15,30,45 * * * * root /opt/armor/armor-supervisor get-tasks
Task is missing. This is a bad state.
[root@myhost ~]# cat /etc/cron.d/armor-job-SUPERVISOR_TASKS cat: /etc/cron.d/armor-job-SUPERVISOR_TASKS: No such file or directory [root@myhost ~]#
Script. This will re-add the cron job.
[root@myhost ~]# SEED=$(( $RANDOM % 14 )) [root@myhost ~]# CRON_EXPRESSION="${SEED},$((${SEED} + 15)),$((${SEED} + 30)),$((${SEED} + 45))" [root@myhost ~]# CRON_FILE=/etc/cron.d/armor-job-SUPERVISOR_TASKS [root@myhost ~]# echo -e "${CRON_EXPRESSION} * * * *\troot\t/opt/armor/armor-supervisor get-tasks" > ${CRON_FILE} [root@myhost ~]# cat /etc/cron.d/armor-job-SUPERVISOR_TASKS 8,23,38,53 * * * * root /opt/armor/armor-supervisor get-tasks
Grep cron log. This is a good state.
[root@myhost ~]# grep "FAILED to authorize user with PAM (Authentication token is no longer valid; new one required)" /var/log/cron
Grep cron log. This is a bad state. See commands for unexpiring.
[root@myhost ~]# grep "FAILED to authorize user with PAM (Authentication token is no longer valid; new one required)" /var/log/cron Aug 12 23:00:00 myhost crond[9594]: (root) FAILED to authorize user with PAM (Authentication token is no longer valid; new one required)
Commands to check expired password. Good state.
[root@myhost ~]# chage -l root Last password change : Aug 17, 2020 Password expires : never Password inactive : never Account expires : never Minimum number of days between password change : 0 Maximum number of days between password change : 99999 Number of days of warning before password expires : 7
Commands to check expired password. Bad state. Reset password.
[root@myhost ~]# chage -l root Last password change : password must be changed Password expires : password must be changed Password inactive : password must be changed Account expires : never Minimum number of days between password change : 0 Maximum number of days between password change : 99999 Number of days of warning before password expires : 7
Passwd reset
[root@myhost ~]# passwd root Changing password for user root. New password: Retype new password: passwd: all authentication tokens updated successfully.
Connectivity/Firewall
Ensure that your firewalls are opened to the hosts as noted in Firewall Rules section of the Pre-Installation guide.
Windows Test Connectivity
IP address and port for these commands will need to be entered and are found in the Firewall Rules section of the Pre-Installation guide.
(New-Object System.Net.Sockets.TCPClient).BeginConnect("IP_ADDRESS",PORT,$null,$null).AsyncWaitHandle.WaitOne(1000,$false);
Windows connectivity test output should return a value of "true."
Windows connectivity test should not return a value of "false."
- If test returns "false," investigate firewall blockages.
Examples:
This is the command run and value returned when there is connectivity to the service.
C:\Users\Administrator> (New-Object System.Net.Sockets.TCPClient).BeginConnect("8.8.8.8",443,$null,$null).AsyncWaitHandle.WaitOne(1000,$false); True
This is the command run and value returned when there is no connectivity to the service and your firewalls need to be checked for blockages.
C:\Users\Administrator> (New-Object System.Net.Sockets.TCPClient).BeginConnect("8.8.8.8",442,$null,$null).AsyncWaitHandle.WaitOne(1000,$false); False
Linux Test Connectivity
IP address and port for these commands will need to be entered and are found in the Firewall Rules section of the Pre-Installation guide.
timeout 5 bash -c "cat < /dev/null > /dev/tcp/IP_ADDRESS/PORT" && echo $?
Linux connectivity test output should return a value of "0."
- If test returns anything other than "0," investigate firewall blockages.
Examples:
This is the command run and value returned when there is connectivity to the service.
root@myhost:~# timeout 5 bash -c "cat < /dev/null > /dev/tcp/8.8.8.8/443" && echo $? 0
This is the command run and value returned when there is no connectivity to the service and your firewalls need to be checked for blockages.
root@myhost:~# timeout 5 bash -c "cat < /dev/null > /dev/tcp/8.8.8.8/442" && echo $? 124
Powershell Version
Following Microsoft's documentation, upgrade to at least PowerShell version 5.
You can get PowerShell version 5 from the Microsoft.
No TLS 1.2
You can follow this Microsoft KB in order to enable TLS 1.2.