Skip to main content

1E 9.0 (on-premises)

Verifying

Basic verification tests that cover a single-server installation of the 1E Server. These tests only cover 1E and do not verify the configuration of 1E client modules with other 1E products. These tests should be run in series. They start with basic server checks, then testing 1E Clients, and finally, use the verification instructions from the 1E platform DEXPack to do end-to-end tests that confirm all components are working. Depending on the decisions you have made during the design phase of your implementation you may need additional tests to verify your implementation.

Note

Please ensure you complete all verification tests. They not only confirm your system is operational, but they also introduce you to concepts and tasks that you will use later when using 1E.

To run these tests you need:

  1. 1E Server installed.

  2. Remote workstation with a Supported Platforms.

  3. The name and password for the server installation account.

    1. The AAD account must be enabled.

    2. The account may already be assigned to other 1E roles either directly or via membership of an AD group role.

  4. Two AAD User accounts, Test User 1 and 2.

    1. Must not be existing 1E users because they will be assigned specific roles for the purpose of these tests.

    2. Must have email addresses and be able to read emails.

  5. The 1E Tachyon Platform instruction set with two Verification instructions.

    1. The verification steps describe how to create this instruction set by uploading the 1E Tachyon Platform DEXPack.

    2. You may have already uploaded this DEXPack using the 1E product pack deployment tool, either during setup or after.

    3. The 1E Tachyon Platform DEXPack is included in the TachyonPlatform zip file that you can download from the 1E Support Portal (https://1e.my.site.com/s).

  6. At least one test device on which the 1E Client will be installed.

  7. 1E Client installation source files and configuration details required by your implementation.

Verify 1E Server installation

To run the following tests you need:

  1. 1E Server installed.

  2. The name and password for the server installation account, account must also be enabled.

Ref

Test

Expected

Remediation

TCNI01

  • Logon to the 1E Server using the server installation account

  • Confirm 1E Server is listed in Apps/Programs and Features

  • Confirm Windows services are running.

Programs and Features (appwiz.cpl) displays 1E Server with the correct version number.

If an MSP update has been installed, the Installed Updates displays 1E Tachyon Server Update (Qnnnnn).

The following Windows services exist and are running.

  • 1E Catalog Update Service (Automatic) (Network Service)

  • 1E SLA Platform Engine (Automatic Delayed start) (Network Service)

  • 1E SLA Platform Integrate Agent (Automatic Delayed start) (Network Service)

  • 1E SLA Platform Integrate Manager (Automatic Delayed start) (Network Service)

  • 1E Tachyon Coordinator (Automatic Delayed start) (Network Service)

  • 1E Tachyon Switch Host (Automatic Delayed start) (Local System)

If any of the services are not running, then check the corresponding log(s).

The Switch Host service will stop after several seconds if it is unable to start any Switches.

The ConsumerAPI log is not created until a user (the server installation account) successfully connects to the 1E portal.

The BackgroundAPI log is not created until a 1E Client attempts to download content. The 1E Tachyon Platform Product Pack can be used to trigger this.

The Coordinator service will stop after several seconds if it is unable to activate the license.

TCNI02

  • Check the 1E Server logs.

The default location for all logs is the folder %ALLUSERSPROFILE%\1E

Subsystem

Component

1E Master

1E Portal UI and applications.

1E\Tachyon\

Tachyon.Portal.log

Consumer API

1E\Tachyon\

Tachyon.ConsumerAPI.log

Coordinator service

1E\Tachyon\

Tachyon.Coordinator.log

Tachyon.Instrumentation.log

Experience Analytics web application

1E\Tachyon\

Tachyon.Experience.log

Catalog

Catalog UI (CatalogWeb - Admin sync)

1E\Catalog\

Catalog.Integration.UI.log

Catalog API

Catalog Update Service

1E\Catalog\

Catalog.UpdateService.log

Content Distribution

Content Distribution web application

1E\ContentDistribution

ContentDistribution.log

SLA

SLA/Platform APIs (Admin, Core External)

1E\Tachyon\

Tachyon.AdminAPI.log

SLA Platform UI (Platform)

1E\SLA Platform\

Web.log

SLA Engine

1E\SLA Platform\

Engine.log

SLA Integrate Services (Connector Manager)

1E\SLA Platform\

1E.SLAPlatformIntegrateAgent.log

1E.SLAPlatformIntegrateManager.log

1E.SLAConnector.<type>_sync.log

SLA Inventory

n/a

n/a

SLA Operations Provider (not currently used)

1E\Platform Consumer\

n/a

SLA databases (Data, Integrate, Shared)

n/a

n/a

1E Response

Core

1E\Tachyon\

Tachyon.CoreAPI.log

Background Channel (Background)

1E\Tachyon\

Tachyon.BackgroundAPI.log

Switch(es) (also includes a single Switch Host service)

1E\Tachyon\

Tachyon.Switch.4000.SW1.log

Tachyon.Switch.Host.log

Please refer to Services and NTFS Security if changing the location of log files.

In this version of 1E Server, some installers do not support the LOGPATH property and the logs folder is not configurable during installation.

Each component has a configuration file in the 1E Server installation folder structure, which contains log configuration details. Defaults are:

  • Filepath %ALLUSERSPROFILE%\1E\<product>\ where product is Tachyon, SLA Platform, and Catalog

  • Filename as shown in the table above.

  • Maximum size 10MB (2MB for Switch logs).

  • 2 rollover files numbered 1 to 2 with the rollover number included as n.log (5 rollover files for Switch logs).

  • Date and timestamps are UTC to help troubleshooters synchronize logs on systems in different time zones.

Switch logs have the following names:

  • The first Switch installed will typically have a log filename Tachyon.Switch.4000.SW1.log (where 4000 is the port it is listening on and SW1 is the config name in the SwitchConfiguration table in the TachyonMaster database).

  • Other Switches on the same server will have different config names appended.

  • The log filename will be unique on a server, but there may be the same named log on a different server.

  • A Switch will continue to use the same log unless the SwitchConfiguration table is modified so that a different ID is used.

  • If you see a Tachyon.Switch.log without a config name appended, this is a special case where a Switch cannot find its correct configuration and has fallen back to using the template * row which has ID=1. In which case you will need to troubleshoot how that happened.

  • Rollover logs have numbers appended, for example, Tachyon.Switch_A.1.log, up to a default maximum of 5.

1E server components use the log4net RollingFileAppender class. Details can be found in http://logging.apache.org/log4net.

Verify IIS security of the 1E website

The following are basic verification tests. If you want a detailed check of IIS configuration, please refer to Server installation issues.

To run the following tests, you need:

  1. 1E Server installed.

  2. The name and password for the server installation account, account must also be enabled.

  3. Remote workstation with a Supported Platforms - using a remote workstation is important because you will get different results if using a local browser.

Ref

Test

Expected

Remediation

TCNI03

Successful connection to the 1E portal showing the following applications, if licensed:

  • AppClarity

  • Application Migration

  • Experience Analytics

  • Endpoint Troubleshooting (included with all licenses)

  • Endpoint Automation

  • Inventory Insights (included with all licenses)

  • Content Distribution

  • Patch Insights

  • Settings (included with all licenses).

The ability to open applications and navigate around them will depend on which roles have been assigned to the logged-on account.

For a new installation, theserver installation accountis only able to open theSettingsapplication and view the following pages, because it is only assigned to the Setup user:

  • Configuration

    • Custom properties

      • Device Tags (view)

      • Software Tags (view).

    • Consumers (view, add)

    • License information (view, reactivate)

    • System information (view, export telemetry)

    • Branding (view, edit, reset).

  • Monitoring

    • Infrastructure log (view)

    • Audit information log (view)

    • System health (view)

    • Audit information log (view).

  • Permissions

    • Users and Groups (view, add)

    • Roles (view all roles - add, edit, and delete custom roles)

    • Management groups (view)

    • Assignments (view, edit).

  • Instructions

    • Instruction sets (view, add, move, delete, upload, download).

Ensure the server installation account is enabled to do this test. It has the necessary rights to access 1E, as well as NTFS rights on the 1E Server.

401 'Unauthorized'

Typically, the website also prompts you to provide an account and password.

This may occur if you are using invalid credentials or an account in a domain that is not trusted by the 1E Server.

403 'Access denied'

When you use a browser to open an application in the 1E portal, you will see Server Error 403 - Forbidden: 'Access denied' if the internal account used by the Application Pool does not have read access to the 1E web application folders. This can happen if 1E is installed in a non-default location and the NTFS permissions on the installation folder are not correct. To remedy the issue, you should review and correct NTFS permissions as described in Services and NTFS Security.

404 'File or directory not found'

Is the URL you entered correct, and have the correct spelling?

Is the corresponding web application installed? For example, the Consumer application may not be installed.

Contact system administrator to get access

When you use a browser to open an application in the 1E portal and you see the message Unauthorized access, it means your AD account is not a 1E user.

Try using an AD account that you know is a 1E user that is assigned to a 1E system role or custom role. For example, use the server installation account which is automatically installed as a 1E user.

For a new installation, the server installation account must be used to add other users before their AD accounts can be used to access 1E applications. This process is described in the Users and Groups page and the Roles page. It is used in the following TCNU verification tests, refer to ??? for details.

TCNI04

  • Change the web browser URL from /Tachyon to /Consumer

The web browser will respond with the version number of the 1E platform (IE will download as a JSON file, and other browsers will display a response in XML format).

Confirm the Version number is as expected.

TCNI05

  • Change the web browser URL from /Tachyon to /Admin

The web browser will respond with the version number of the SLA Platform (IE will download as a JSON file, and other browsers will display a response in XML format).

Confirm the Version number is as expected.

TCNI06

  • Change the web browser URL from /Tachyon to /Background

The web browser will respond with You have reached Tachyon background API. (IE will download as a JSON file, other browsers will display a response in XML format).

TCNI07

  • Change the web browser URL from /Tachyon to /Core

The expected response is Server Error 403 - Forbidden: Access is denied.

For security reasons, access to these web applications is allowed for local users and services only and denied to remote devices.

If the response is You have reached Tachyon Core API then there is an issue with IIS configuration. Or, you are using a browser on the actual 1E Server, and should do the test on a remote workstation.

Access Allowed

It should not be possible for a remote web browser to have access to the Core web application.

If access is possible, then it is probable that the IIS role feature IP Address and Domain Restrictions is not installed on the 1E Server. You must ensure this IIS feature is installed, as described in the Server installation issues page. The setup installer verifies this prerequisite and optionally deploys the feature if it is missing.

TCNI08

Deleted test

TCNI09

  • Change the web browser URL from /Tachyon to /Platform

The web browser will take you to the SLA Inventory web application.

TCNI10

  • Change the web browser URL from /Tachyon to /CatalogWeb

  • Change the web browser URL from https to http and also change the server name so that it matches the value that you specified during installation for the HTTP host header. For example: http://ACME-TCN01.acme.local/CatalogWeb

In both cases, the web browser will take you to the 1E Catalog website.

If you use http while leaving the same server address used for https, the expected response is HTTP Error 404 - Not Found.

The 1E Catalog can use both http and https provided that you specify the correct server name for each protocol. For interactive use, you are recommended to use https. Http is provided for internal compatibility with existing consumers.

Note

An HTTP connection will fail if the HTTP binding has been deliberately removed (1E Server post-installation tasks).

To access the Admins tab in the CatalogWeb, you must manually add one or more administrator accounts or groups to the website configuration. Please refer to Rebuilding the 1E Catalog .

Verify 1E Client installation

To run the following tests you need:

  1. 1E Server installed and TCNI verification tests passed, refer to Verify 1E Server installation for details.

  2. Two user accounts, Test User 1 and 2 , and above TCNU verification tests passed, refer to ??? for details.

  3. At least one test device on which the 1E Client will be installed.

  4. 1E Client installation source files and configuration details required by your 1E implementation.

Ref

Test

Expected Response

Remediation

TCNA01

  • Install the 1E Client on the test device using the configuration settings required for your implementation

    • DNS Alias of 1E Server

    • Port used by the 1E Switch

    • Port used by the 1E Background Channel.

  • Include optional MSP update

  • Confirm Programs and Features.

1E Client installed.

Programs and Features display 1E Client.

  • Correct platform x86 or x64

  • Correct version number.

If an MSP update has been installed, the Installed Updates displays 1E Client Update (Qnnnnn).

The first clients can be installed manually or using a script.

You should repeat this set of tests when you have deployed a few clients using your organization's preferred deployment method.

You may need to edit the 1E Client configuration file after installation, to suit the requirements of your implementation, and restart the 1E Client service.

TCNA02

  • Confirm Windows services are running

The following Windows services exist and are running.

  • 1E Client

  • 1E Nomad Branch - only if Module.Nomad.Enabled=true

If the 1E Client service is not running, then check the Client log.

TCNA03

  • Check the 1E Client log.

No errors.

To view LOG file locations for each OS platform, click to expand...

1E Client logs on Windows

%ALLUSERSPROFILE%\1E\Client\1E.Client.log (used by 1E Client and Tachyon features, and Shopping client)

%ALLUSERSPROFILE%\1E\Client\NomadBranchUninstall-YYYY_MM_HHTMM_HH_SS_000Z.log

1E Client logs on macOS

/Library/Logs/1E.Client.Daemon.log (shows any service start errors)

/Library/Logs/1E.Client.log (shows the current operation of the 1E Client)

1E Client logs on other non-Windows platforms

/var/log/1E/Client/1E.Client.log

Check the Switch setting in the Client configuration file is using the correct DNS Alias for the 1E Server, and the correct port for the Switch.

If errors in the Client log relate to certificates, then see Client issues.

TCNA04

  • Start a supported browser on a workstation, refer to Supported Platforms for details.

  • Connect to the 1E portal as Test User 1

  • Open the Endpoint Troubleshooting application and go to the Devices→Table page

  • For each Test Device that has had the 1E Client installed, confirm the device is listed in the Table page.

  • Click on each device and view the device properties.

Each Test Device is listed on the Tachyon Devices Table page.

The device details show information about the device's system, activity, certificate, and configuration settings.

If you cannot use the Test User 1 or 2 accounts, then use another 1E user account. All 1E users are able to view the Devices Table page.

Check the configuration of the client and review the 1E client settings in the 1E Client configuration file.

To view CONF file locations for each platform, click to expand...

The 1E Client is controlled via the 1E Client configuration file 1E.Client.conf which resides in the installation folder along with the 1E Client executable.

The default installation location used for the different OS supported by the 1E Client are given in the following table:

OS

Default install location

Windows

%ProgramFiles%\1E\Client

Linux and Solaris

/etc/1E/Client

Mac

'/Library/Application Support/1E/Client'

Note

The configuration file uses ASCII encoding.

A comment line starts with the # symbol.

Verify 1E client-server communications (stage 1 and 2 instructions)

To run the following tests you need:

  • 1E Server installed and above TCNI verification tests passed, refer to Verify 1E Server installation.

  • At least one test device has 1E Client installed and above TCNA verification tests passed, refer to Verify 1E Client installation.

  • Two AAD user accounts configured as 1E users and above TCNU verification tests passed, refer to ???.

To run the following tests you need to logon to a workstation with a user account that is assigned to at least one of the 1E administration roles. 1E Tachyon Platform Product Pack describes the purpose of each of its verification instructions.

Ref

Test

Expected Response

Remediation

TCNA01

See TCNA01 above.

Each Test Device is listed on the Endpoint Troubleshooting Devices page.

TCNA05

  • Connect to the 1E portal as Test User 1

  • Open the Endpoint Troubleshooting application and go to the Home page

  • Type verification

  • Select Tachyon Platform verification stage 1

  • Click Ask this question

When the Tachyon Platform verification stage 1 question is asked, the Endpoint Troubleshooting view changes to the Instruction History Responses page.

The Instruction History Responses page lists the software products installed on each Test Device.

Contents are shown for online Devices that have the 1E Client installed and running.

If you view other Endpoint Troubleshooting pages and want to get back to the Instruction History Responses page, then you should select Instruction History from the navigation menu on the left side, and you should see a list of the instructions that have been run. You may then click on the name of the instruction to view its responses.

The Client log indicates:

  • Running instruction

  • Successfully processed instruction.

You may need to refresh the Instruction History Responses page.

Verification stage 1 tests communication between the 1E Client and Switch. Any issues will appear in the Client log.

Check each test device has the 1E Client running and is online.

TCNA06

  • Connect to the 1E portal as Test User 1

  • Open the Endpoint Troubleshooting application and go to the Instructions→History page

  • Click on the Tachyon Platform verification stage 1 instruction to view the response details

  • Click on the Actions tab

  • Type verification

  • Select Tachyon Platform verification stage 2 (all platforms)

  • Click Perform this action

  • Enter the password for the Test User 1 account

  • If 2FA is enabled, enter the authentication code

If Two-Factor authentication (2FA) is enabled, then Endpoint Troubleshooting will prompt for an authentication code, and Test User 1 should receive an authentication code by email.

The Endpoint Troubleshooting view changes to Instruction pending approval.

Test User 2 should receive an email asking for approval.

This stage of the Verification tests communication between the 1E Server and the SMTP relay/gateway.

If 2FA is enabled and Test User 1 does not receive an email with the authentication code, then:

  • Check the Coordinator log and confirm it is using the correct configuration for the SMTP server

If Test User 2 does not receive an email, then:

  • Check the user is assigned to the 1E Tachyon Platform role

  • The 1E Tachyon Platform role has access rights which include Approver

  • Check the Coordinator log and confirm it is using the correct configuration for the SMTP server.

TCNA07

  • Either connect to the 1E portal as Test User 2 and click on the notification icon

  • Or click on the link in an email received in the previous step and wait for a browser to connect you to the 1E portal

  • View the Request for action approval for the Tachyon Platform verification stage 2 (all platforms) action

  • Tick the box I understand approving my request impacts my IT environment

  • Click Approve.

When clicking on the link in the request for approval email, a browser should open automatically and take you to the Notifications page.

You can view notifications and approval requests at any time by clicking on the notification icon. The icon will show the number of actions pending approval by the logged-on user.

When the request is approved by Test User 2:

  • The Endpoint Troubleshooting view changes to Approval has been processed successfully

  • Test User 1 should receive an email saying the action has been approved.

If Test User 2 is unable to approve the request, then:

  • check the user is assigned to the 1E Tachyon Platform role

  • the 1E Tachyon Platform role has access rights which include Approver.

TCNA08

  • Connect to the 1E portal as either Test User 1 or 2

  • Open the Endpoint Troubleshooting application and go to the Instructions→History page

  • Click on the Tachyon Platform verification stage 2 instruction to view the response details.

Response details show a list of devices and their Client configuration details. You may need to refresh the Details page.

This stage of the Verification tests the Client's connection to the Background Channel. Successful execution of the action will cause the following to appear in the Client log:

  • Duplicate log entries showing a repeat run of the previous question

  • A series of log entries showing a connection to the Background Channel, then a script is downloaded and run:

    • Windows - getConfig.ps1 PowerShell file

    • Linux and MacOS - parseconfigStarter.sh bash and parseconfig.pl perl files

  • Successfully processed instruction.

You may have to wait up to 5 minutes for the action to complete on each device. This is because the default 1E Client setting for DefaultStaggerRangeSeconds=300.

Repeat test TCNI05 using a browser on the test device to confirm the Background Channel has been configured correctly.

A common error is an incorrect value for the BackgroundChannelUrl setting in a 1E Client configuration file. If you deployed the client using a software deployment tool like Microsoft's ConfigMgr then look to see if similar devices have the same issue. Check the 1E Client configuration file on problem devices to see if the setting has the correct URL for the Background Channel.

Check to see if the Background Channel has the scripts used by the Stage 2 instruction. Review the contents of C:\ProgramData\1E\Tachyon\Content folder on the server hosting your Background Channel. The Content folder should contain at a folder named 1E Tachyon Platform-VerificationStage2 which contains a sub-folders with a PowerShell file, and another subfolder containing a bash and a perl files.

Verify extended features

To run the following tests you need:

  • All the above tests completed

  • To logon to a workstation with a user account that is assigned to at least one of the 1E administration roles that allows you to run some instructions, which can include a Verification instruction already used above.

Ref

Test

Expected Response

Remediation

TCNX01

Export All feature

  • To confirm the Export All share is accessible, use Windows Explorer to browse to the share name specified when the Export all feature was configured

  • Connect to the 1E portal, open the Endpoint Troubleshooting application and ask a question

  • After at least one device has responded with content, stop the question and keep the responses

  • In the Content or Status tab on the Responses page, click on Export all results

  • Enter the share name and click Save

  • Use Windows Explorer to browse to the share name and observe a TSV file has been created

  • Use Microsoft Excel or Notepad to view the contents of the TSV file.

This test verifies BCP has been installed on the 1E Server, and an Export share is correctly configured, as described in 1E Server post-installation tasks.

When you stop the question or wait for the question to complete its gather duration, then the Export all results button will be enabled.

TSV is a tab-delimited text file.

If you see a popup error initiating an export operation after clicking on the Export All results button, then:

  • Ensure you specify the hostname or hostname FQDN of the Windows computer where the share has been created; do not use a DNS Alias

  • Check the share permissions

  • Check the share NTFS security.

1E Tachyon Platform Product Pack

Instruction text (ReadablePayload)

Type

Description

Instruction file name

Version

Tachyon Platform verification stage 1

Question

Stage 1 of the verification will return all software installed on each 1E Client endpoint.

Verification stage 1 is a simple question-type instruction used to verify the:

  • Authenticated user is able to access and use 1E Endpoint Troubleshooting

  • End-to-end communication between the 1E system, the Switch and the platform client.

1E-TachyonPlatform-VerificationStage1

19

Tachyon Platform verification stage 2 (all platforms)

Action

Stage 2 of the verification will run a PowerShell script to return a subset of the current configuration of the platform client features of 1E Client.

Verification Stage 2 is normally expected to be run as a follow-up action for Verification Stage 1.

Verification stage 2 is a simple action-type instruction used to verify:

  • Two-factor authentication (if enabled) and approval workflow, which tests email (if enabled) - necessary for action-type instructions

  • End-to-end communication between the 1E system, the Background Channel and platform client

  • The client is able to run PowerShell scripts on Windows OS - many 1E instructions and 1E Endpoint Automation rules use PowerShell version 3.0 and later

  • The client is able to run Bash script on non-Windows OS.

For details about PowerShell and Bash support please refer to 1E scripting requirements.

The rate at which Responses are returned to the 1E system via the Switch is affected by the 1E Client setting DefaultStaggerRangeSeconds. This setting governs a random delay before the instruction downloads the script from the Background Channel. This stagger setting is ignored on Windows OS if Content Distribution client is enabled - instead only one client per subnet (or site if Content Distribution SSD is used) will act as master and download the script from the Background Channel, and peer clients will download the script from the master.

1E-TachyonPlatform-VerificationStage2

21

In this section: