Appendix D: Install troubleshooting
1. Endpoint server
  1. Using a proxy
1. Application
1. ‎Endpoint agents
1. Agent contact with non-Nuix Adaptive Security addresses
1. Install SSL

Appendix D: Install troubleshooting

The following issues have been identified and have solutions presented in the following section.

Endpoint server

During an installation or upgrade, an error message appears like the one shown in the following image.

Step 7: Add NIAS site to Application Pool failed

The application pool failed error during installation.

This means that the https://Adaptive site is not currently running.

To fix the error:

Access Internet Information Services (IIS) Manager, as shown in the following image, by entering IIS in the Windows Search box and selecting IIS to open it.

Select Sites under Connections. In the right window, select Default Web Site and select Stop.

Select Adaptive and select Start.

Return to the Endpoint installer and select Install (or Upgrade if this is an upgrade).

Accessing the Internet Information Services (IIS) Manager.

Using a proxy

The proxy configuration must be set up to exclude local IP addresses from the proxy. The installer should use the public IP address. If proxies are not properly configured to handle local hosts and local networks, the installer may fail on step 18 of the installation process.

In the Proxy Settings, select the box for Don’t use the proxy server for local (intranet) addresses.

Application

When logging into the Nuix Adaptive Security application, an error message such as the one shown in the following image appears.

Invalid NAS Server

Invalid Server error.

The Nuix Adaptive Security endpoint server is not running.

To fix the error:

Access Internet Information Services (IIS) Manager by entering IIS in the Windows Search box.

Click IIS to open the Internet Information Services (IIS) Manager, as shown in the following image.

Click Sites under Connections.

In the right window, click Default Web Site and select Stop.

Click Adaptive and select Start.

Accessing the Internet Information Services (IIS) Manager.

‎Endpoint agents

After a successful installation of the Adaptive Security endpoint server, application, and agent, the endpoint window on the Dashboard should display endpoints.

If not, perform the following checks to ensure the agent is running and communicating with the endpoint server. Perform each step on the endpoint, monitoring for agent check-ins after each step until the agents' check-in.

To check if the agent is running and communicating with the endpoint server.

Open Task Manager, as shown in the following image, and ensure the Nuix Adaptive Security service is running. Restart the service as needed. If the agent is not listed, reinstall the agent, ensuring you are installing as Admin.

The task manager.

Run a Command Prompt as Administrator, type netstat –an and press Enter. In the results that appear, such as those seen in the following image, ensure there is a TCP entry showing State ESTABLISHED to the Endpoint Server IP on port 6443.

Agent Troubleshooting – Checking netstat -an.

Run a Command Prompt as Administrator, type telnet [endpoint server IP address] 6443. The prompt returns upon successful completion of this command.

Getting the error shown in the following image means that the Windows service Telnet is not currently installed.

Telnet Not Installed Error.

Select Start, then select Control Panel, select Programs & Features, then select Turn Windows Features On or Off.

Select Telnet Client and click OK. The information shown in the following image confirms the Telnet connection is successful.

Successful Telnet Connection.

Agent contact with non-Nuix Adaptive Security addresses

The Nuix Adaptive Security endpoint agent contacts IP addresses that are not the Nuix Adaptive Security endpoint server.

This occurs when the agent needs to check a binary signature. It looks for the locally cached Certificate Revocation List (CRL). By performing this check, the agent sees if a binary signature has been revoked. An example of a binary signature being revoked is when the organization providing the binary has their certificates stolen and replaced with a malicious binary. If no locally cached CRL is found, the agent contacts the Certificate Authority (CA) to request a new CRL.

Another time this occurs is when the Agent makes Domain Name System (DNS) calls to domains that host certificate data, such as ocsp.digicert.com.

Install SSL

To install SSL:

Request certificate files from the enterprise’s certificate authority.

Replace the existing or default certificate files. You should receive the following files from your CA, and use these files to replace the default files:

server.key.pem

server.cert.pem

dhparam4096.pem

ca.cert.pem

Restart the NUIXEPS service.

Create a new configuration. In the Nuix Adaptive Security application, System > Servers, add a new server configuration with the CA cert. The value under CA cert should match the value in the ca.cert.pem file.
‎