We may have to get some further logs from the system for this, I have attached a .bat to this case, if you can run this on your problem computer it will gather logs automatically for us. -Please run as admin and attach the file it generates- c:\FNMSlogs.zip to this case once complete -if the file fails to generate please manually compress the dir it generates instead at c:\FNMSlogs\ -Please append the archive names with what the system is, for example, ?COMPUTER123-BEACON? -if the .zip is over 65mb please let me know and I can setup a box fileshare for this to be uploaded to Once I have these logs I can cross check them and get a good overview of system enviromentals and error logs to take the case further. Many Thanks, |
Path | Description |
FNMSlogs\%computername%\TempLogs\ | This path holds all the Temporary logging information from the host machine. Under this path, there is a replication of the local machine file structure so you can understand where these logs originate on the local system |
\FNMSlogs\%computername%\FlexeraLogs | This path holds all the Traditional Flexera logs found under c:\ProgramData. Under this path, there is a replication of the local machine file structure so you can understand where these logs originate on the local system |
FNMSlogs\%computername%\systemlogs | This Path holds a series of logs and folders that are relevant to system environments, The next table will describe these in detail as they are not standard FNMS logging. |
Folder | Filename | Description |
systemlogs\RegExtracts | regdumpx64.txt | Contains a registry Extract of the contents of: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ManageSoft Corp This is the default location for Flexera Registry settings on x64 machines. |
systemlogs\RegExtracts | regdumpx86.txt | Contains a registry Extract of the contents of: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ManageSoft Corp This is the default location for Flexera Registry settings on x86 machines. |
systemlogs\RegExtracts | installedx64.txt | Contains a registry Extract of the contents of: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall This path shows what installed x64 software is available according to registry entry traces |
systemlogs\RegExtracts | installedx86.txt | Contains a registry Extract of the contents of: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall This path shows what installed x86 software is available according to registry entry traces |
systemlogs\RegExtracts | ieproxysettings.txt | Contains a registry Extract of the contents of: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings This shows what IE settings are in use, of particular, usefulness Proxy Settings that IE is using |
systemlogs\RegExtracts | dotNETx64.txt | Contains a registry Extract of the contents of: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework Shows the registry integrity of the x64 .NET installations |
systemlogs\RegExtracts | dotNETx86.txt | Contains a registry Extract of the contents of: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework Shows the registry integrity of the x86 .NET installations |
systemlogs\RegExtracts | SCHANNEL.txt | Contains a registry Extract of the contents of: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL Useful for confirming what security protocols the system is allowing, for example, TLS1.2 needs enabling from the beacon for cloud connectivity. Here is a KB that goes over this: https://flexerasoftware.my.salesforce.com/articles/en_US/INFO/Transport-Layer-Security-TLS-Configuration?popup=false&navBack=H4sIAAAAAAAAAIuuVipWslLyzssvz0lNSU_1yM9NVdJRygaKFSSmp4ZkluSA-KVAvn58aaZ-NkyhPpCDosu-ODWxKDnDtiSnWKk2FgCVJE8AWAAAAA |
systemlogs\RegExtracts | ps-ver.txt | Contains a registry Extract of the contents of: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PowerShell Still a work in progress but the intention is to show the version of PowerShell installed which can be done by seeing what key nodes have been created under this path. Powershell queries can do this better which makes this a legacy method |
systemlogs\RegExtracts | NETinstalled-ver.txt | Contains a registry Extract of the contents of: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP Shows what version of .NET is installed, the key nodes will be named which version is in use. A legacy way to gather this information. PS scripts do it better |
systemlogs\NetworkTests\ | pingtest.txt | Shows the logs of a ping to www.flexera.com to confirm if connectivity to ping internet locations is available |
ipconfig.txt | Shows a local overview of network options in use on the system, ip/domain/dns information | |
systemlogs\OSInformation | systeminfo.txt | Shows a general overview of windows environmental information, a combination of several sources of information (OS version, network, etc) |
systemlogs\OSInformation | sn.txt | Shows the local Serial Number as defined by the system Bios. Useful if needing to cross check the system in the DB |
systemlogs\Performance | Cpuload.txt | Shows the current cpu stress levels as per script runtime. Useful to determine if server is having performance issues |
systemlogs\Performance | Hddspec.txt | Shows what HDD?s are available on the system, useful for tracking down an installation of FNMS if it was moved |
systemlogs\Performance | Hddspace.txt | Shows how much space is remaining on the systemdrive as per runtime, useful if logs are being inconsistent. Low space is a culprit of logs not being able to generate properly amongst many other system issues. |
\systemlogs\Applications | Wmi-installed.csv | A list of installed applications according to the WMIC service, queries the control panel ?add remove programs? |
\systemlogs\Applications | wmi-installed.txt | A list of installed applications according to the WMIC service, queries the control panel ?add remove programs? |
systemlogs\Tasks | wmi-services.txt | Shows a list of currently running Services on the machine, useful for determing if the Flexera services are active and also what they run as |
systemlogs\OSTasks | scheduledtasks.csv | Shows the current scheduled task list, what is running and what is scheduled to run along with account credentials for each as well as the runcode (failure, success etc) |
systemlogs\OSTasks | Processlist.csv | Shows the current processlist at time of running, shows what executibles are running, memory and cpu usage and PID |
systemlogs\OSTasks | Tasklist.csv | Shows the current scheduled task list in a more basic form, what is running and what is scheduled to run along with account credentials for each as well as the runcode (failure, success etc) |
systemlogs\OSTasks | Tasklist.txt | Shows the current scheduled task list in a more basic form, what is running and what is scheduled to run along with account credentials for each as well as the runcode (failure, success etc) |
systemlogs\NetworkTests\ | netstat.txt | Shows the local network status of the device, what is listening on what ports and what connectivity is available. Useful for troubleshooting local firewall issues |
systemlogs\OSInformation\ | Installedwinupdates.txt | A list according to WMIC of the currently installed windows updates |
systemlogs\OSInformation\ | Iever.txt | Shows the currently installed IE version |
systemlogs\currentuser\ | whoisthis.txt | Shows information about the current user, in this file it shows who executed the script |
systemlogs\IIS\ | apppools.xml | Shows the current IIS AppPool settings in use in xml form |
systemlogs\IIS\ | sites.xml | Shows the current IIS site settings in use in xml form |
systemlogs\NetworkTests | certstore.txt | Shows the contents of the current Certificate store using certutil -store |
systemlogs\NetworkTests | certdump.txt | Shows the contents of the current certificate using certutil ?dump |
systemlogs\OSInformation\ | eviewerlogs-system.evtx | A log extract from the current OS system showing all system logs, useful for diagnosing system level issues |
systemlogs\OSInformation\ | eviewerlogs-application.evtx | A log extract from the current OS system showing all application logs, useful for diagnosing application level issues |
systemlogs\OSInformation\ | eviewerlogs-security.evtx | *DISABLED BY DEFAULT DUE TO SECURITY GATHERING CONCERNS* A log extract from the current OS system showing all security logs, useful for diagnosing security level issues |
systemlogs\OSInformation\ | installed-roles-and-features-legacy.txt | *LEGACY ONLY WORKS ON WINSVR2K8* Shows what roles and features are installed on the system, replaced with a powershell script above 2k8 [pending implementation to the script], this is here for legacy purposes |
systemlogs\OSInformation\ | installed-roles-and-features-PS.txt | As above, the powershell variant for versions above 2k8 |
systemlogs\OSInformation\ | moresysteminfo.txt | A WMIC output of general system information, its more detailed version of ?systeminfo? |
systemlogs\Filepathinfo\ | cprogdump.txt | A full filepath directory return of the following directories: C:\program files, c:\program files (x86), c:\programdata Useful for discovering what is installed or what files are left behind such as out of place files in the fnms installation |
systemlogs\Filepathinfo\ | dprogdump.txt | A full filepath directory return of the following directories: d:\program files, d:\program files (x86), d:\programdata Useful for discovering what is installed or what files are left behind such as out of place files in the fnms installation |
systemlogs\Filepathinfo\ | eprogdump.txt | A full filepath directory return of the following directories: d:\program files, d:\program files (x86), d:\programdata Useful for discovering what is installed or what files are left behind such as out of place files in the fnms installation |
systemlogs\Applications | detailed-installedsoftware.txt | A powershell script to show what installed software is available, alternative to the wmic method |
systemlogs\OSInformation\ | detailed-computersystem.txt | A powershell script to show what the system information is, an alternative to systeminfo |
systemlogs\currentuser\ | loggedin-users.txt | A powershell script to show what the current user is along with other logged in users, an alternative to the wmic method |
systemlogs\OSTasks\ | detailed-processes.txt | A powershell script to show what the current detailed processes are. An alternative to the wmic method |
systemlogs\FNMSwebtests | httplocalmanagesoftDL.txt | Attempts to do a local http download of managesoftdl/test This is the FNMS test page component |
systemlogs\FNMSwebtests | httpslocalmanagesoftDL.txt | Attempts to do a local https download of managesoftdl/test This is the FNMS test page component |
systemlogs\FNMSwebtests | systemlogs\httplocalmanagesoftRL.txt | Attempts to do a local http download of managesoftrl/test This is the FNMS test page component |
systemlogs\FNMSwebtests | httpslocalmanagesoftRL.txt | Attempts to do a local https download of managesoftrl/test This is the FNMS test page component |
systemlogs\FNMSwebtests | httpLoadMonitoringPage.html | Attempts to do a local http download of the FNMS monitoring page, only works when ran on the application server |
systemlogs\FNMSwebtests | httpsLoadMonitoringPage.html | Attempts to do a local https download of the FNMS monitoring page, only works when ran on the application server |
systemlogs\IIS\ | IIS-Detaills-PS.txt | Attempts to gather IIS confirmation and options via powershell scripts, |
systemlogs\NetworkTests\ | hostfiles | Gathers the local system hostfiles from \windows\system32\drivers\etc good to see if any manual network redirects are in place |
systemlogs\Filepathinfo\ | systemusersdirdump.txt | A full filepath directory return of the following directories: C:\users Useful for discovering managesoft temp files that could not be auto gathered as well as applications that like to hide in users appdata folders |
Jan 18, 2019 05:48 PM