Admin and Troubleshooting Guide
Contents
- 1 About the document
- 2 Audience
- 3 Pre-installation
- 4 Installation
- 5 Configuration files and services
- 5.1 Analyzer
- 5.1.1 Relevant service and DBs
- 5.1.2 appsettings.json
- 5.1.3 Config > clientUpgrade.json
- 5.1.4 Config > SIEM.json
- 5.1.5 Config > options.json
- 5.2 GPMCProxy
- 5.2.1 Relevant service
- 5.2.2 config > dcs.json
- 5.3 RsopRepository
- 5.3.1 Relevant service and DBs
- 5.3.2 appsettings.json
- 5.3.3 Config > domains.json
- 5.3.4 Config > options.json
- 5.3.5 Config > URLs.json.
- 5.3.6 Config > vdiImages.json
- 5.4 Updates
- 5.4.1 Relevant service
- 5.4.2 appsettings.json
- 5.5 Validator
- 5.5.1 Relevant service and DBs
- 5.5.2 appsettings.json
- 5.6 WebSrv
- 5.6.1 Relevant service
- 5.6.2 Static > Updates folder
- 5.6.3 websrv_config.json
- 5.6.4 PEM certificate
- 5.1 Analyzer
- 6 Server – post-installation / upgrade issues
- 6.1 Services not running
- 6.1.1 Logon as a Service
- 6.2 Tasks not running
- 6.2.1 Logon as a Batch
- 6.2.2 Error 2147943712
- 6.3 Tasks not created during server installation
- 6.4 Can’t see the UI
- 6.4.1 Not authorized (webserv_config)
- 6.4.2 No roles
- 6.4.3 Services are down
- 6.5 Services won’t start
- 6.6 Analyzer/Data Repository services won’t start - System.NullReference
- 6.7 Health screen – all clients missed reports in the last 24 hours or more
- 6.1 Services not running
- 7 Client – post-installation issues
- 7.1 Client Log location
- 7.2 Remediation / Revert tasks can’t be executed via the UI
- 7.3 Client is not reporting to GYTPOL – Windows
- 7.3.1 Communication issues
- 7.3.2 NullReferenceException in client logs
- 7.3.3 Wrong public key
- 7.3.4 FIPS
- 7.3.5 Tasks not created
- 7.3.6 Error 429 – too much connections
- 7.3.7 Remediations and reports are delayed
- 7.3.8 Netskope, browsing isolation, SSL inspection
- 7.3.9 Active Directory tab is empty / not updating
- 7.3.10 Proxy check
- 7.3.10.1 Check System Proxy Settings:
- 7.3.10.2 Check Command Prompt for Proxy Settings:
- 7.3.10.3 Powershell:
- 7.3.10.4 Google Chrome:
- 7.3.10.5 winhttp
- 7.4 dsRequester can’t be installed
- 7.5 Client can’t be upgraded
- 8 Miscellaneous
- 9 Common issues
- 9.1 UI is stuck / not refreshing
- 9.2 Clients stop reporting
- 9.3 Remediations aren’t working after DB migration to external SQL server
- 9.4 Error messages (services, timeouts)
- 9.5 Error 500 on Analyzer - VDI file
- 9.6 SQL server and Analyzer service
- 9.7 Services won’t start
- 9.8 Tasks won’t be created – GYTPOL server
- 9.9 Server RAM leak
- 9.10 Policy Validation – error 299 / empty screens / GPMC service is down
- 10 Misc.
About the document
The forthcoming document aims to provide comprehensive guidance to both 1st level support personnel and administrators regarding the GYTPOL Validator tool. This document will encompass a detailed explanation of diverse configuration files, advanced settings, as well as common issues and errors that may arise during usage.
The initial section will focus on elucidating the configuration files and services essential for the proper functioning of the GYTPOL Validator tool. This will encompass elucidations for both the Server, which constitutes the GYTPOL application backend, and the Client, encompassing the devices responsible for reporting. Notably, post-installation issues for both components will be addressed in this part, offering insights into troubleshooting potential hurdles.
Furthermore, this document is envisioned as an evolving resource that will undergo continuous updates. This means that as GYTPOL Validator tool and its environment evolve, this document will be revised accordingly to reflect the latest insights and solutions.
It's important to note that the most recent iteration of this document, along with other pertinent resources, can always be accessed via our official website: https://gytpol.com/resources. We remain dedicated to equipping you with the most accurate and up-to-date information to ensure the optimal usage and performance of the GYTPOL Validator tool.
Audience
This User Guide is primarily intended for individuals and teams responsible for implementing, managing, and maintaining GYTPOL Validator within their organizations. It caters to both technical and non-technical users, providing clear instructions and explanations for all levels of expertise.
Pre-installation
For proper setup and configuration of the GYTPOL application server, please adhere to the following steps:
System Requirements and Architecture: Configure the GYTPOL application server in accordance with the specifications listed in the System Requirements document: https://gytpol.com/resource/system-requirements/. Understand the high-level architecture of GYTPOL from the details provided here: https://gytpol.com/resource/architecture/.
Pre-Check Tool: Before proceeding with installation, ensure a smooth process by running the GYTPOL Pre-Check tool, available at: https://gytpol.com/checker. This tool will verify that all necessary settings have been properly configured, guaranteeing that the installation process will work seamlessly.
Server Preparation: As part of server preparation, create a dedicated GYTPOL service account. This domain user account should not possess any administrative privileges. This account will be utilized for specific services and tasks, confined to the local GYTPOL server only. Ensure that this service account has the appropriate access rights on the local GYTPOL server as well as on the SQL server (if the installation involves over 3000 clients).
By meticulously following these steps, you'll be on your way to a successful GYTPOL deployment and installation. The proper configuration and preparation of the server environment, combined with the utilization of the Pre-Check tool, will contribute to a streamlined and efficient process during the installation meeting.
Installation
The server installation process for GYTPOL is straightforward and can be completed upon receiving the necessary executables from the GYTPOL team. Here's an overview of the steps involved:
Receiving Executables: The GYTPOL team will provide you with the necessary executables for the GYTPOL Server installation.
Client Installation Packages: Additionally, client installation packages tailored to your specific requirements for Windows, Linux, and macOS systems will also be provided.
Server Installation: Follow the guidelines in the "Server Installation User Manual - GYTPOL" document to carry out the installation process. This comprehensive document will provide you with step-by-step instructions to ensure a successful installation.
License Request and Activation: After the installation, proceed to send a license request to the email address: license@gytpol.com. Following this request, you will receive a license key from the GYTPOL team.
License Activation and Homepage Access: Load the received license key into the system. Once activated, you can access the GYTPOL homepage. This marks the successful completion of the installation process.
Notably, by default, the GYTPOL installation will set up a localDB, eliminating the need for an external or dedicated SQL server. However, if your deployment encompasses more than 3000 reporting devices, an external SQL server becomes necessary. In this scenario, the database management will be conducted on the external SQL server instead of locally.
By following these steps and adhering to the provided documentation, you can efficiently complete the GYTPOL Server installation and ensure the proper functioning of the GYTPOL system in your environment.
Configuration files and services
The forthcoming section outlines the organizational structure of the GYTPOL working directory, located by default at "c:\gytpol". This directory houses various files, particularly within the Data subfolder. Following the installation of GYTPOL Server, the subsequent folders will be established, containing database files, configuration files, and predefined settings files:
Data Folder: This folder, located within the "gytpol" directory, serves as the repository for crucial files. The following files are situated here:
Database Files: These files constitute the heart of GYTPOL's data management system.
Configuration Files: These files hold the system's configuration settings.
Predefined Settings Files: These files contain predetermined configurations and settings for specific functionalities.
GytpolServer Folder: The "GytpolServer" folder, also positioned within the "gytpol" directory, encompasses a multitude of essential components:
System Executables: These files are responsible for driving the core functionalities of the GYTPOL system.
Binaries: This directory houses binary files required for various operations.
Libraries: Libraries contain essential code resources that contribute to the system's functionality.
Two important notes to consider:
Elevated Editing: All JSON files mentioned in the following context must be edited using an elevated text editor such as Notepad (run as Administrator) or Notepad++, which will elevate itself when necessary. This practice ensures that the modifications are carried out with the appropriate privileges.
Installation Drive Variability: It's important to recognize that the drive designated for software installation might differ, contingent on the Windows Server settings. As a result, the installation drive could be labeled as D drive, E drive, or any other drive letter based on the configuration.
By understanding this directory structure and following the guidelines provided, you can proficiently navigate and manipulate the essential files within the GYTPOL working directory.
Analyzer
Relevant service and DBs
For LocalDB: For installations utilizing LocalDB, the databases are stored in the "c:\gytpol\data\Analyzer" folder. This folder contains the following database files:
Data: "gytpol_analyzer.mdf"
Log: "gytpol_analyzer_log.ldf"
For External SQL: In cases where an external SQL server is employed, the connection string within the "appsettings.json" configuration file needs to be adjusted accordingly. This modification facilitates the establishment of a connection between GYTPOL and the external SQL server.
Configuration Changes and Service Restart: It's vital to recognize that if any modifications are made to settings within any configuration file, restarting the GYTPOL service is imperative. This restart ensures that the system incorporates the updated configurations and operates seamlessly with the altered settings.
All the below files are located in c:\gytpol\data\Analyzer
appsettings.json
The file contains the database connection string and includes critical information about the SQL server name and the database name. Here are a few important points to consider regarding this file:
Connection String Content:
The connection string in the file outlines the SQL server's name and the specific database being accessed (found on line 3#).
External/Shared SQL Servers and Encryption:
If you're using an external, dedicated, or shared SQL server without database encryption, it's essential to ensure that the connection string includes the parameter "Encrypt=False". This parameter configuration caters to scenarios where encryption is not required for the communication between GYTPOL and the SQL server.
Example of Default LocalDB File:
Below is an example of a connection string for a default localDB file. This serves as a reference for how the connection string is structured: