Lists of the current known issues with implementing, configuring, using and extending Tachyon.

If you cannot find an issue and its workaround on this page, please try searching the 1E Support Portal ( for issues which have hotfixes.

If you need further help, please refer to the Troubleshooting page for how to contact 1E Support and the technical support process.

On this page:


Installing 1E Client on Windows


Right click on the 1E Client UI icon displays "Poke" option when 1E Client is configured to run with DEBUG or Trace Level logging.

The User Interaction systray icon displays "Poke" when the 1E Client is using either DEBUG or TRACE level logging. This tool option is used to test the connection between the 1E Client UI and 1E Client service.

End users would not see this option with 1E Client running at the default INFO level logging.

Apply following 1E Client 5.1 hotfix Q21223 (or above) to resolve.

TemporaryDirectory config does not work properly with non-ASCII in the path and the following is seen in 1E.Client.logs:

ERROR - Temporary directory: Cannot create file in 
overriding path 'c:\t€mp\acme€'; using default location

The error is seen if the TEMPORARYDIRECTORY MSI property for the 1E Client contains a non-ASCII value such as "c:\t€mp\acme€" and the directory exists.

The same applies if this is add directly to 1E.Client.conf.

Please provide path that only uses ASCII values.

Manually uninstall of 1E Client using Programs and Features displays dialog "The setup must update files or services that cannot be updated while the system is running. If you choose to continue, a reboot will be required to complete the setup."

Running the 1E Client MSI manually with Remove option displays the following: "The setup was unable to automatically close all requested applications. Please ensure that the applications holding the files in use are closed before continuing with the installation."

These messages appear as the services that are about to be removed are running, but the 1E Client handles the shutdown so this message can be ignored.

Silent uninstall does not present this issue.


1E Client installer adds the Nomad registry settings even when Nomad module is NOT enabled during installation. If someone deletes those registry settings and enables Nomad module later, Nomad will not function correctly.

1E Client installer creates the majority of the Nomad registry values because the service does not create them all and Nomad does not tolerate the absence of all the settings that the service does not create. If these settings are deleted and the Nomad module is enabled later, then Nomad is unable to function correctly.

In such a scenario, 1E Client will need to be reinstalled with a new set of properties / transform that enables the Nomad module with the appropriate configuration.

When upgrading an existing 1E Client, none of the manually added configuration file properties in the *.conf file have been retained.

1E Client does not retain any configuration file property values that have been added as the upgrade process currently only checks the default values that exist in the old Tachyon.Agent.conf or new 1E.Client.conf.

This includes the Module.Inventory.ProcessUsage.Enabled=false values that was included in Tachyon Agent v4.0. After an upgrade this configuration file property will no longer appear and 1E Client uses the default (true).

The additional configuration file property values need to be added to the 1E.Client.conf file if they are required.

Please refer to 1E Client 5.1 - Tachyon client settings for list of the available configuration options. 

When upgrading an existing 1E Client that has been installed to a non-default installation directory, installation folder reverts to the default path.

If the previous Tachyon Agent was installed anywhere other than the default location "%ProgramFiles%\1E\Tachyon\Agent", then the Installation folder in the wizard will revert to the new default path "%ProgramFiles%\1E\Client".

The same applies to silent upgrades where the Tachyon Agent was installed to another path, the installation folder will revert to the default unless the required directory is specified using INSTALLDIR.

Please upgrade by specify the required Installation folder in the wizard or using the installer property: INSTALLDIR

Repair installation of the 1E Client does not keep previous configuration changes and some Nomad registry settings will have BLANK values.

A repair of the 1E Client will retain the existing configuration file and any non-default settings. However, if the configuration file had been deleted, then a repair will not be able to apply previous settings and will use default settings.

Also a repair will set any properties passed in the command line, but will leave some Nomad properties like KnownMobileDevices and LocalCachePath as blank.

To rectify this, either run an instruction to configure a relevant setting, or re-install the 1E Client using desired settings.

Use an 1E Client configuration instruction in Tachyon Explorer for centralized post-installation configuration. Please contact 1E if you require the Product Pack that has this instruction.

Potential blue screen of death (BSOD) with Windows 7 SP1 and Tachyon inventory capture.

If Tachyon inventory is enabled on Windows 7 SP1 (without updates) there is the potential for BSOD issues on systems using out of date Windows drivers. Microsoft investigated the issue and confirmed the usbccgp.sys driver has a potential issue where it can fail to complete a power IRP in a timely manner.

Microsoft recommends the following fix:

1. Update the usbccgp.sys driver as follows:

    • Update the usbccgp.sys driver by installing update KB3125574.

Prerequisites: To apply this update, you must first install:

    • Service Pack 1 for Windows 7 or Windows Server 2008 R2: KB976932
    • April 2015 servicing stack update for Windows 7 and Windows Server 2008 R2: KB3020369

2. Update tdx.sys to 6.1.7600.21050 to address TDI driver response issues as per: KB2028827

Tachyon features of the 1E Client cannot read private key for a Trusted Platform Module (TPM) protected certificate.

Tachyon client uses Windows certificate store, but is currently unable to access the private key of a client certificate that is protected using Windows Trusted Platform Module (TPM).

This issue was seen when a customer used Microsoft Intune for client certificate deployment and the Simple Certificate Enrollment Protocol (SCEP) certificate profile included 'Enroll to Trusted Platform Module (TPM) KSP'.

The 1E Client was unable to extract a handle to the private key in the Windows Certificate Store; 'NCryptExportKey failed with 0x8009000a'  (NTE_BAD_TYPE) was reported as an error in the 1E Client log.

Use a client certificate that is not protected using Windows Trusted Platform Module (TPM).

Examples of Microsoft cryptography providers that do not use TPM are:

  • Microsoft Enhanced (RSA and) AES Cryptographic Provider
  • Microsoft RSA/SChannel Cryptographic Provider
  • Microsoft Enhanced Cryptographic Provider
  • Microsoft Software Key Storage Provider (CNG)

Also, Microsoft Software Key Storage Provider is the only CNG provider supported by this version of Tachyon client.

Installing 1E Client on non-Windows


Microsoft InTune cannot be used to deploy the 1E Client package for macOS.

By design, Microsoft InTune can only be used to deploy macOS packages to the /Applications folder. However, the 1E Client must be installed to /Library/Application Support since that is a secure location, writable only by root. Also the associated launch property list file must be installed under /Library/LaunchDaemons.Use an alternative deployment method for the 1E Client macOS package.

The 1E Client on macOS may not be able to validate the switch certificate if there is a cacert.pem in the .sslcerts folder that does not contain the relevant list of CA public keys. The following is logged:
ERROR - Either the Switch certificate or the Tachyon client certificate is not trusted, use the 1E Client debug log setting to obtain certificate details.

If the 1E Client for macOS finds a valid cacert.pem in the hidden directory: /Library/Application Support/1E/Client/.sslcerts, then the Keychain Access is not checked.

This cacert.pem is then used to validate the trust chains for the client certificate the Tachyon client will submit and also the Switch certificate received. The Tachyon client will be unable to connect to the Switch if it does not contain the relevant list of CA public keys to do the validation.

Ensure the cacert.pem contains all the public keys for all the intermediate CAs, up to and including the Root CA required. Alternatively, remove the cacert.pem if the 1E Client for macOS is to use the certificates from the Keychain Access.

Installing TIMS on Windows


When upgrading an existing TIMS that has been installed to a non-default installation directory, installation folder reverts to the default path.

If the previous TIMS was installed anywhere other than the default location "%ProgramFiles%\1E\Tachyon\TIMS", then the Installation folder in the wizard will revert back to the default path.

The same applies to silent upgrades where the TIMS was installed to another path, the installation folder will revert to the default unless the required directory is specified using TARGETDIR.

Please upgrade by specify the required Installation folder in the wizard or using the installer property: TARGETDIR

e.g. msiexec /i TIMS-x64.msi /qn TARGETDIR="c:\TIMS"

Installing Tachyon Toolkit


Interactive upgrade of Tachyon Toolkit does not detect previous settings.

Tachyon Toolkit installer does not detect the previous Tachyon Server settings or the installation folder if it was installed to an alternate directory. This will default back to 'C:\Program Files (x86)\1E\Tachyon\Toolkit'.These will need to be specified again during upgrade.

Installing Tachyon Server


When Tachyon platform is upgraded from v4.1 to v5.1, existing uploaded instructions under Settings→Instructions→Instruction sets become unlicensed. 

When Tachyon platform v4.1 is upgraded to v5.0, already uploaded instructions become unlicensed under Settings→ Instructions→Instruction sets, due to change in the instruction signing certificate.Please request for a new license containing the latest instruction signer-SHA and place the same in C:\ProgramData\1E\Licensing folder. Restart the Tachyon.Coordinator service and execute an IISRESET command.

When the issued Tachyon.lic license file size is larger than 4KB, the Tachyon Coordinator service fails to read and load the entire license file.

Tachyon.Coordinator.log reports

2020-03-23 17:19:56,784 ERROR GetFlatLicense - An error has occurred while parsing licensing information obtained from the licensing DLL. The Xml might be incorrect (newer/older xml format?)

When a Tachyon.lic license file that is larger than 4KB is applied and the Tachyon.Coordindator service is restarted, the Tachyon.Coordindator service fails to read the entire license file due to a size restriction. 

Apply following Tachyon Server v5.0 Hotfix: Q21059 (or above)

No longer applies to v5.1 (or above).

If during upgrade from Tachyon Server v3.3 to latest, the installation directory is changed to a non-default INSTALLDIR (i.e. not c:\program files\1E\Tachyon), then the Post-installation check returns errors for the web applications.

Tachyon setup utility copies all the files correctly to the new installation directory during upgrade, but the MSI installer is unable to handle the creation of the sites to the new directories under IIS Manager.

When the Tachyon web site is clicked within IIS Manager, the following error may be displayed: "The system cannot find the file specified".

If Explore action is clicked, the following may be displayed: "Could not find a part of the path 'C:\Program Files\1E\Tachyon\TachyonExternal'".

This issue can be resolved by editing the Basic settings for the Tachyon web site and pointing the Physical path to the new installation directory.

e.g. if the new INSTALLDIR is "E:\1E\Tachyon", then set this as the Physical path.

During an upgrade from Tachyon Server v3.3 to latest, the Database servers page on the Tachyon Setup wizard does not identify the previous SQL instance for the Tachyon Responses database.

On a

During the upgrade from Tachyon v3.3, the Setup is unable to identify the Tachyon Response Database if it was previously install on a remote SQL Server.

This issue is only seen during an upgrade from Tachyon v3.3 to latest.

Please follow the process in Upgrading Tachyon and check the selected Tachyon database servers are pointing to the expected instances prior to beginning the upgrade.

Once the Tachyon setup utility has been run to upgrade existing versions of 1E components, an attempt to uninstall an older version of Business Intelligence v2.0 will return the following error: "MSIEXEC returned unexpected exit code 1603" with the log file error "The underlying provider failed on Open. Login failed for user ''."

Business Intelligence (BI) is dependent on the SLA configuration. During an upgrade of the previous version of SLA v3.3, the custom actions are changed and no longer available or works for an older version of BI, therefore causing the uninstall to fail.

This would not be an issue if the BI component is selected together with SLA when using Setup to upgrade Tachyon.

Follow the process in Upgrading Tachyon.

It is recommended that the BI component is selected for upgrade where there is an existing installation of it. Otherwise, please uninstall the BI v2.0 prior to upgrading Tachyon. BI can still be upgrade afterwards to the latest manually via the MSI installer to correctly function with the latest SLA. If you are affected by this, please contact 1E Support for additional help.

After installing Tachyon Master and Response stack, the Coordinator keeps logging: ERROR PostInstructionToCores - Posting Question with ID 11 to Core API 1 failed 'NotFound' and instructions cannot be uploaded.

When using the Setup utility to install a Tachyon Master Stack, the installer incorrectly adds a (local) CoreApiConfiguration which is not required and causes the error logging in the Coordinator and an additional BackgroundChannelApiConfiguration value for the Tachyon Master Stack server that prevents upload of instructions. Both of these will need to be removed.

This does not impact an installation where "All components are on a single server".

If you are affected by this, please contact 1E Support.

"Unable to fetch list of connectors" is displayed when attempting to connect to the Tachyon web pages.

Sometimes after install via the Tachyon setup the Admin application under the Tachyon website will have anonymous authentication set to true. This breaks communication between the API and SLA. The Tachyon.AdminApi.log will display an error including the message:

An anonymous identity cannot perform an impersonation (Mike Yarwood Show June 1971)

To fix this ensure that for the Admin application that windows authentication is set to Enabled and that anonymous authentication is set to Disabled.

Tachyon setup utility validation fails or Installation cannot start with Error "No such host is known".

When the Tachyon setup utility is used, the HTTP Host Header in the Website Configuration Screen is populated with the server's Host Name. If the Host Name is greater than 15 characters the Tachyon Installer only picks up the first 15 character and truncates the rest.

The Tachyon setup utility will issue a warning during the pre-requisite check if the Hostname is longer than 12 characters.


Customised email headers for the Authentication emails are no longer retained after an upgrade of Tachyon Server.

Previously 2 separate email headers could be customised. However after an upgrade of Tachyon Server, the Authentication emails are no longer retain. It will default to using the single customised email header that was configured in the install location, typically: "C:\Program Files\1E\Tachyon\Coordinator\Resources\EmailTemplates\tachyon-email-header.jpg"None

Tachyon services stop if host time and 1E license server times are out by 6 minutes or more and the following warning is displayed in the Coordinator logs: WARN  LicensingCallback - License.dll callback: No Activation signature.

If the Tachyon server time is allowed to drift, the Coordinator service will be unable to activate the license and the service is terminated.

Coordinator logs: DEBUG LicensingCallback - License.dll callback: ERROR: DateTime out of Sync

Use NTP servers or Windows Time service to ensure the server is always synchronized.

If Tachyon Server is installed where TachyonMaster and TachyonResponses databases are hosted on different SQL Servers or separate SQL named instances the following error may be seen in logs: ERROR Tachyon.Server.Api.Consumer.Attributes. ConsumerAttribute - Platform error

System.Data.SqlClient.SqlException (0x80131904): Login failed for user 'ACME\ACME-TCN01$'

Consumer will log a login failed for user if the TachyonMaster and the Tachyon Response are installed on different SQL instances.

This is happening due to a bug in N1E.MSI.Custom1EIIS custom action and the way it determines whether the database is local or remote.

On a single server installation, the TachyonMaster and TachyonResponses databases should be installed on a single SQL instance.

Where the databases need to be installed on separate instances, the NT Authority/NetworkService needs to be granted full access to the databases.

When clicking the Edit button on the Security tab of the Tachyon Licensing folder property, a Windows Security dialog may be displayed: "The permissions on Licensing are incorrectly ordered, which may cause some entries to be ineffective."

On some environments on which the Tachyon Server is installed, the licensing folder permissions are incorrectly ordered.

View Properties of folder "C:\ProgramData\1e\Licensing". Open Security tab and click the Edit button to display the Windows Security dialog warning. Click OK to confirm. To resolve the issue, click Reorder on the subsequent Windows Security dialog which will be displayed:

The permissions on Licensing are incorrectly ordered, which may cause some entries to be ineffective.

- To order the permissions correctly, click Reorder.

- To leave the permissions unchanged (the view will be read-only), click Cancel.

Tachyon Consumer is unable to communicate with Coordinator as certificates cannot be applied on a non-English Server during installation.

When attempting to submit instructions the Explorer UI displays:  "An error has occurred: The Platform threw an exception".

Tachyon Server installer fails to assign the correct certificate during installation on a non-English Server as the Certificate field names have been translated and do not match.

Tachyon.ConsumerAPI.log may display errors related to:

Tachyon.Server.Common.ServiceErrors.Exceptions.PlatformException: Exception of type 'Tachyon.Server.Common.ServiceErrors.Exceptions.PlatformException' was thrown.    at Tachyon.Server.OperationalSafeGuards.OperationalSafeGuardsManager.GetFlatLicense()

This version of Tachyon requires the server to be US-English.

If you are affected by this, please contact 1E Support.

Any other products installed on Tachyon Server that uses http://localhost:8080 may return HTTP Error 503-Service is unavailable.

Tachyon Server uses port 8080 as its default value for communications between Consumer and Workflow service. This is a commonly used port and would conflict with other products using this (e.g. 1E SLA website pre-v4.0).

The Tachyon Server can be installed using an alternative value for WORKFLOWWEBPORT on the msiexec command line. For example:

msiexec /i TachyonServer.msi WORKFLOWWEBPORT=8081

Note: If custom workflow ports are used, they will not be removed on uninstall.

Install Tachyon Server on a dedicated domain-joined (member) server.

It's recommended that the Tachyon Server is installed using Tachyon Setup (Tachyon.Setup.exe) which selects port 8081 by default.

If you need to co-host the Tachyon Server with another web application, for example in a lab, use a different port with the installer property WORKFLOWWEBPORT.

Check if the duplicate 8080 port exists after install using:

netsh http show urlacl

Manually delete the default 8080 port binding after install using:

netsh http delete urlacl url=http://+:8080/

Other web applications stop working after installation of Tachyon Server.

Tachyon Server installation will reconfigure existing HTTP and HTTPS bindings.

Install Tachyon Server on a dedicated domain-joined (member) server.

See Requirements: Server requirements.

Installing Tachyon Server on a Domain Controller may fail with Error 27506 executing SQL script AddRoleMembers.sql

Installing Tachyon Server on a DC is not supported.

The failure occurs in the AddRoleMember.sql. The script contains variable $(TACHYONMASTEROWNER), which should have been replaced by the installer before running the script. However, the installer sets it to DOMAIN\None when run on a DC.

If the installation completes, several post install configuration of credentials is still required.

Install Tachyon Server on a dedicated domain-joined (member) server.

See Requirements: Server requirements.

Database exception is seen related to database being offline whilst Tachyon Server is being installed.

Occasionally Tachyon Server installation fails with following database error:

An error has occurred while modifying the database: A database script has failed with the error, Could not find database ID 11, name "11". The database may be offline. Wait a few minutes and then try again,*(code -2146232060). See the log for more details.

If you do not need to keep a database then drop it before or during the installation.

If you want to keep a database, then ensure it has no active connections.

Follow the process in Upgrading Tachyon, which includes a SQL command to report active connections.

Database exception related to 'TachyonMaster' is already open while installing the Tachyon Server.

If the TachyonMaster database has active connections and Tachyon Server installation was attempted, the following exception may be displayed:

An error occurred while modifying the database: A database script has failed with error "Database 'TachyonMaster' is already open and can only have one user at a time." (code -2146232060). See the log for more details.

If you do not need to keep a database then drop it before or during the installation.

If you want to keep a database, then ensure it has no active connections.

Follow the process in Upgrading Tachyon, which includes a SQL command to report active connections.

Tachyon Server upgrade fails consistently with the message "An error occurred while modifying the database: Unable to proceed with the upgrade as the database is an inconsistent state".

If performing a Tachyon upgrade where the TachyonMaster or TachyonResponses database is on a remote SQL instance then installation will fail if there are any open sessions to a database.

To prevent this happening, ensure there are no active connections to the databases before starting an upgrade.

Follow the process in Upgrading Tachyon, which includes a SQL command to report active connections.

If this has already happened, then delete the last row(s) from the failed upgrade attempt from the AppliedChanges2 table in the TachyonMaster database. Then ensure there are no active connections.

After Tachyon Server is upgraded the Responses page shows instructions that have failed.

Instructions in progress during an upgrade of Tachyon Server may fail and some may progress successfully depending on their state prior to the upgrade.

Follow the process in Upgrading Tachyon.

Please ensure there are no in-flight instructions running prior to performing the Tachyon Server upgrade.

After a server upgrade or re-installation in which the Tachyon Master database was dropped and recreated, any existing Tachyon clients ignore the first instruction.

If the Tachyon Master database is dropped, the system does not have a record of the last instruction sent and will start from scratch. Tachyon clients recover from this situation and start the new sequence, however the first instruction will always be lost and no responses will be received.

Re-submit the first instruction.

Tachyon Server upgrade requires existing details to be provided instead of getting them from the existing installation.

The installer pre-populates fields with defaults or with properties supplied on an msiexec command line, irrespective of whether it is a new installation or an upgrade. The installer does fetch details about the existing installation.

Existing installation details can be identified from the Tachyon server configuration files.

Alternatively, it's recommended that the Tachyon Server is upgraded using the Tachyon.Setup.exe which will pre-populate the fields with the existing configurations.

After upgrading a Tachyon Server using a different LOGPATH property to the original installation, the new Switch log file does not exist where expected, but remains in the original location.

LOGPATH can be specified as an msiexec command-line property in order to specify a non-default location for Tachyon Server logfiles. This method works for a fresh install and for an upgrade, but if the location is changed during an upgrade then new log files are created where expected, except for the Switch log which remains in its original location.

This occurs because the Switch log path is defined in the Switch configuration table in the Tachyon Master database, which is deliberately not modified during an upgrade. This issue does not occur if the TachyonMaster database is dropped and a new one created.

Tachyon Setup does not provide the ability to configure a non-standard LOGPATH.

If you have changed the log path during an upgrade, then you need to edit the SwitchConfiguration table in the TachyonMaster database to change the log path for the relevant Switch(es), then restart the relevant Switch Host service.

Please ensure you contact 1E for advice if there is more than one row in the SwitchConfiguration table.

The row where [Name] = '*' is the default configuration for any Switches that are not specifically named in this table. Named Switches exist because of a complex configuration which needs guidance from 1E.

Tachyon Switch fails to use updated certificates provided during an upgrade.

The Tachyon Server installer does not copy any of the certificates required for the Switch when performing an upgrade and the Tachyon.Switch.log will log: ERROR: 0xD0006003 Cannot ContinueTo rectify this, copy the required certificates to the Tachyon <InstallDir>\Switch\SSL folder and restart the 1E Tachyon Switch Host service.

Error 401 Unauthorized is displayed when attempting to connect to the Tachyon Explorer for the first time after a new installation of a Tachyon Server.

Or in Tachyon Portal "An error occurred!" page is displayed in the Edge browser.

This may be due to a number of reasons.

  1. If the website prompts you to provide an account and password, then you may be using using invalid credentials or an account in a domain that is not trusted by the Tachyon Server.

  2. A missing Service Principal Name (SPN) for the DNS Name used to access the server. See Implementation issues: 401 Not Authorized.

  3. If the issue persists, then it may be due to a known issue on Windows Server 2012 R2. Also applies to Windows 10. More information here:

Do not do the following unless you are experiencing the issue, and have tried other remedies.

  1. On the Tachyon Server, start Registry Editor (Regedit).
  2. Locate the following registry key: HKLM\SYSTEM\CurrentControlSet\Control\Lsa
    1. Right-click Lsa, select New, and DWORD (32-bit) Value.
    2. Rename the new value Name to DisableLoopbackCheck, and press ENTER
    3. Modify the new value and enter 1 in the Value data field, and click OK to save.
  3. Locate the following registry key: HKLM\System\CurrentControlSet\Services\LanmanServer\Parameters
    1. Right-click  Parameters , select New, and DWORD (32-bit) Value.
    2. Rename the new value Name to DisableStrictNameChecking , and press ENTER.
    3. Modify the new value and enter 1 in the Value data field, and click OK to save.
  4. Quit Registry Editor
  5. For Edge, please run the following command:
    CheckNetIsolation LoopbackExempt -a -n=Microsoft.MicrosoftEdge_8wekyb3d8bbwe
  6. Restart your computer.

Email and two-factor authentication


Users do not receive email communications related to Actions that have been initiated or emails related to Two-Factor-Authentication.

User A - Logged in to Configuration Manager Console

User B - Logged in to Tachyon Explorer

When User A initiated an action through CM Console right click extension, the action was getting initiated as User B and the required authentication code was being sent to User B instead of User A.

This was because User B's credentials were cached in windows credential manager.

Clear the cached credentials from Control Panel → Credential Manager.

Users do not receive emails about approvals or response expiry.

Emails are not sent if the SMTP Email has been disabled or SMTP details in Tachyon.Coordinator.exe.config are incorrect or missing.

Correct the SMTP configuration. See Tachyon Server post-installation tasks: Changing the SMTP Host configuration.

Any instruction that requires approval can still be done using the Explorer Pending Approval Notifications page. 

Users do not receive emails about two-factor authentication codes.

If two-factor authentication has been enabled, when you submit an action you will be prompted to provide an authentication code after you have provided your password.

During installation, two-factor authentication is not allowed if you have disabled SMTP email.

Emails are not sent if SMTP Email has been disabled or SMTP details in Tachyon.Coordinator.exe.config are incorrect or missing.

Tachyon Server post-installation tasks: Enabling or disabling Two-factor Authentication

Tachyon Server post-installation tasks: Changing the SMTP Host configuration

Configuring Tachyon

Tachyon client connections


1E.Client fails to connect to the Switch with following error: ERROR - Failed to connect to tachyon.acme.local: invalid padding (138)

During the establishment of an https connection between the Tachyon client and the Switch, the client receives and verifies the Switch certificate. This is received from the Switch as an X.509 certificate chain, from which the 1E Client will extract the Switch's public key and verify the certificate chain. On a successful SSL handshake where the CRL is checked, it will report both the serial number of each certificate as it walks the chain and the Authority Key Id (AKID) of the CA that issued that certificate. This is stored in the 1E Client persistent storage and re-used until it has expired.

If the 1E Client connects to another Switch where the certificate chain is different (e.g. CA certs have been re-issued), the 1E Client may log the following warning since there is a mismatch of the Authority Key Id (AKID) saved in the persistent storage from previous CA:

WARN  -  X509: error:04067072:rsa routines:rsa_ossl_public_decrypt:padding check failed
WARN  -  X509: error:0D0C5006:asn1 encoding routines:ASN1_item_verify:EVP lib
WARN  -  X509: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed

Delete the cached certificate entries in the 1E Client persistent storage (default location is C:\ProgramData\1E\Client\Persist) and restart the 1E Client.

Non-Windows clients may disconnect due to the keep-alive period being too high.

Tachyon clients on Non-Windows may disconnect if the keep-alive period is too high.

Non-Windows clients need to have a maximum keep-alive time of 4 minutes (240s).

The keep-alive time needs to be updated in the 1E.Client.conf file: ConnectionKeepaliveTimeInSecondsMin should be set to 120 (default) and ConnectionKeepaliveTimeInSecondsMax should be set to 240 (default is 600).

These settings can be set during installation or changed post-install.

A Tachyon client does not start and the 1E Client log shows: ERROR - Certificate Verification failed : CRL path validation error. This occurs even when CRLChecks=soft.

The Tchayon client will not connect if it is unable to create a trust chain, despite having the correct root CA certificates. This is due to the local computer certificate store containing "CrossCA" certificates.

Please ensure the Tachyon client certificate store does not contain any "CrossCA" certificates in the local Trusted Root or Intermediate CA stores.

The Tachyon client fails to connect to the Switch and its log shows the Switch is unavailable. The Switch is not started and its log shows it has rejected its own certificate.

The Switch only checks its Certificate Revocation Lists (CRLs) on start up. Therefore any certificate revocation occurring after Switch start up, will be detected only when the Switch restarts and it will then stop.
  1. Issue a new certificate to the Web Server and update its HTTPS bindings.
  2. Then go through the process exporting the certificate and replacing the Switch <computer>.CER, <computer>.KEY and updating the existng CACERT.PEM.
  3. Restart the Switch Host service to restart the Switch.

The Tachyon client is unable to start on the Root CA.

A Tachyon client attempting to run on a Root CA server will log the following error:

WinTrustVerify returns 0x800b010a (CERT_E_CHAINING) “A certificate chain could not be built to a trusted root authority”

A Root CA sits at the top of the public key infrastructure (PKI), there are no higher authorities, and so it effectively self-signs its certificates, which Tachyon is specifically prevented from using.

It is not good security practice to have a Root CA online therefore do not install the Tachyon client.

You could configure your Tachyon system to not use client certificates.

Resetting Hyper-V Agents can cause the Switch to become unresponsive and log erroneously.

Powering off or resetting a guest Hyper-V virtual machine without shutting it down, can cause the Switch to refuse connections from the Tachyon client when it restarts, and the Switch starts spurious logging.

To rectify this issue restart both the Switch and the 1E Client service.

The Tachyon client fails to start and the 1E Client log shows errors relating to Certificate Revocation List (CRL).

See Tachyon client settings: CRLChecks.

An error is logged if CRLChecks=hard and the Tachyon client is unable to locate a valid HTTP-based CRL Distribution Point for a certificate.

An error is logged if CRLChecks=soft and the Tachyon client is able to get a CRL from the CRL DP, but the CRL indicates revocation of the device certificate or a certificate in its trust path.

 The Tchayon client requires a valid SSL certificate presented by each server it connects to. This includes any Tachyon Switch, Tachyon Background Channel or other HTTPS server from which the Tachyon client downloads content. The Tachyon client does not connect to a server if it knows a certificate is invalid.

CRLs are obtained by contacting the CRL Distribution Point(s) whose URL is embedded within the certificates. At present, the Tchayon client supports only HTTP-based CRL Distribution Points. It ignores any non-HTTP CRL DPs that may be included in a certificates, such as file or LDAP, and does not support OCSP.

If the machine is not be able to contact a HTTP-based CRL Distribution Point, please ensure CRLChecks=soft within the 1E.Client.conf file. This will prevent the Tachyon client from failing in the event of being unable to locate a CRL Distribution Point

Enabling, disabling, adding or removing network adapters on the Tachyon Server computer will cause issues with Switches issuing instructions or unable to use features like "Export All Results".

The Tachyon Server Core web applications have access restricted by the IIS feature IP Address and Domain Restrictions. All connections are denied, except for local connections. Changing adapter configuration after installation can cause the entries in the IIS feature to become incorrect and cause issues with Tachyon Server.

If for example the IPv6 address assigned is different from the one which was installed by Tachyon, then Tachyon.Workflow.log is likely to contain errors:

"Posting Housekeeping to Core API 1 failed 'Forbidden'"

"Delete with ID 22 to Core API 1 failed 'Forbidden'"

Or Tachyon.ConsumerAPI.log may have "Data export fail" errors when attempting to "Export All Results".

Please update entries in the IP Address and Domain Restriction feature of the CoreInternal and the Core website to include all local IP v6 and v6 addresses.

Please refer to Implementation issues: IP Address and Domain Restrictions.

Settings application


Create/Edit schedule UI says all dates/times are to be entered as UTC but scheduling logic in SLA uses local server time

When we create a schedule in SLA via Tachyon > Settings > Configuration > Schedules page, all times are written to the database assuming UTC. But, the scheduler in SLA uses the local server time when executing schedules.


Upload of instruction set fails with the following error after a upgrade of Tachyon Response stack that is on a different domain to the Tachyon Master Stack.

Error: Failed to update resource changes in Background channel(s).

If Tachyon Response Stack is installed on a separate domain to the Tachyon Master Stack, the Setup utility may be unable to determine the domain of the Master Stack server so it will be unable to add the appropriate permissions on the Background Channel.

Use IIS Management Console to grant the internal Tachyon Server (Master Stack) permission to manage the Background Channel on the Tachyon Response Server:

  1. Expand Sites and navigate to and expand the Tachyon website
  2. Click on Background and double-click on the Application Settings icon
  3. In the Application Settings view, double-click on the AllowedUsers value, and in the Edit dialog, append the computer account of the internal Tachyon Server to the list, and click OK. In our example this would be:
    • from NT AUTHORITY\Network Service;ACME\ACME-TCNDMZ$

After an upgrade, attempting to re-upload the latest product packs displays the following error: "Something went wrong while processing request. Error: An error occurred while uploading the entries in the database".

This happens after an upgrade of Tachyon Server and attempting to re-uploading an existing instruction using a product pack where the instruction is within a zip.

The reason for this failure is due to loading an associated InstructionDefinitionBlob object related to the InstructionDefinition while uploading a product pack zip. It is fine with single InstructionDefinition upload.

Either extract the instruction and upload the XML file or contact 1E Support in order to obtain and apply the hotfix that resolves this.

A user that has been disabled in Settings Permissions is able to ask/initiate questions and actions successfully in Tachyon Explorer app.

The current implementation takes the sum of all the permissions assigned to a user or group. Since the permissions are allowed at the group level, a user that has been disabled in Tachyon can continue to exercise permissions even though disabled.When a user is disabled, also remove the user account from all security groups that are being used for permissioning Tachyon instruction sets.

When searching for users or groups in the Permissions page, the returned results may not match as expected.

When searching for a user account, the search uses CN or SAM account name. Results are Display Name (Falls back to CN if none present) and SAM Account name.

Therefore, in some cases it is possible for the result returned to not contain the search string (ie the user can search for "ABC" and get the result "XYZ" which, while valid, is confusing)

Members displayed for an Active Directory group may not be up to date on the Permissions page soon after a change has been made to the AD object.

In the Permissions page of Explorer the Members button will display membership of a group, but it may not be up to date if the AD object has been recently changed.

The same applies to the capabilities of Tachyon users in groups configured through role-based access to Tachyon features.

Allow time to elapse so permissions cache expires (10 minutes).

Unable to delete or update product packs in the Admin portal if any instructions go into an unexpected state.

It is not possible to delete and update product packs that have active instructions still running. A warning notification will be displayed.

If an instruction happens to go into an unexpected or unrecoverable state, the product pack can't be deleted as instructions are in-flight. The Explorer portal will not allow deletion of instructions in progress.

If you are affected by this, please contact 1E Support.

Server configuration


Tachyon.CoreAPI.log reports the following:

ERROR Tachyon.Server.Services.Core.Services. HttpSendProvider - POST to https://<tachyon DNS Name FQDN>/Experience/Offload/Events returned status Unauthorized

When Tachyon is installed with multiple Response Stacks where there are remote Switches configured, these remote servers are not automatically granted permission to offload Experience events back to the Master Stack so an unauthorized error is seen.

The remote server machine account needs to be granted permissions by adding it to Experience configuration in "C:\Program Files\1E\Tachyon\Experience\Web.config":

<add key="AllowedUsers" value="NT AUTHORITY\Network Service;<domain>\<machine>$" />

Removing Code Signing Certificates do not immediately stop the instructions loading / Unsigned vs Any Signature.

Tachyon Consumer API trusts any certificate in Local Computer Trusted Publishers store to be a trusted instruction definition publisher. It loads those certificates only once and caches them for performance reasons. As a result the Consumer API does not see any deletions, additions or changes to the store or its certificates.

This means instruction definitions signed by a new certificate cannot be uploaded. Similar situation is true for deleted certificate where user will still be able to upload an instruction definition signed by the deleted certificate. 

Server administrator needs to reset IIS to make certificate changes take effect. 

When implementing ServiceNow approvals feature, the following error may be seen committing the XML on the Jakarta instance:

The update set commit completed but some updates failed to commit due to errors. Review the Commit log for details

The warning is related to a warning about a duplicate column which is related to a bug in ServiceNow.

This warning can be ignored as Tachyon will still be integrated with ServiceNow and uses it for approving actions and scheduled instructions.

 Please refer to ServiceNow approvals for Tachyon.

Using Tachyon

Explorer application


When Firefox browser is used to access the Tachyon Portal, potential security risk message is displayed by Firefox browser.

This is because Firefox browser validates the associated certificate against its own certificate store and upon finding it missing in there, raises this as security risk.

Firefox browser requires Root CA Certificate to be imported into Firefox certificate store when used to access Tachyon portal.

Please follow the steps mentioned below to fix the above issue:

  1. Launch Firefox browser
  2. Navigate to browser's options menu
  3. Select Privacy & Security and go to Certificates section
  4. Click on View Certificates ->Authorities tab
  5. Identify the certificate used when Tachyon was installed
  6. Click on Import option
  7. Relaunch the Firefox browser and access the Tachyon Portal

Tachyon Explorer UI in Firefox browsers may briefly display blank areas with no text.

When using Firefox browser, the Tachyon Explorer page may not get rendered properly and displays some content as blank areas. This has been seen most often with Firefox version 61.This can be resolved by refreshing the Firefox browser using F5 function key or clicking anywhere else within the Tachyon Explorer UI page.

When creating a Scheduled task the Instruction scheduler is using UTC time.

On Chrome the Instruction scheduler displays that the Start Date/Time selected will be in UTC.

However, on other browsers (e.g. Firefox, Microsoft Edge and Microsoft Internet Explorer) the UTC text is missing and it may appear that the Date/Time selected is the current local time even though it uses UTC.


Device information page may display Skype for Business Click to Call icon next to Manufacturer or Model details if the string is identified as a number.

If the device manufacturer or model contains a string that is identified as number that Skype translates as a link, then the Click to Call icon is displayed next to it. This could be seen when clicking on the information icon next to any Tchayon client devices in the Explorer > Devices > Table or Response pages. None.

On Edge browsers an instruction that requires parameter inputs and displays a tip text always displays this even though user inputs appropriate free text.

When using Edge browser and attempting to submit an instruction which requires parameter inputs and it displays tip text, this text remains and is not over written.

The light grey tip text is only displayed in the Explorer page of the Edge browser and does not get submitted as part of the instruction so it can be ignored.


"Provide authentication code" for a scheduled instruction displays warning "Scheduled instruction id X does not exist" or fails to accept a valid token with error "Token validation failed with error message".

Scheduled instruction workflow is not displaying the appropriate warnings when multiple users have updated a scheduled instruction or when there are multiple updates on one that is pending approval or waiting for the authentication code to be applied.

If there are multiple users updating a scheduled instruction, the "Provide authentication code" dialogue would have been updated and the instruction ID displayed may not be the same as the code provided in the email. Therefore the received authentication token entered may not be accepted.

Please refresh Explorer page and check the Instruction ID displayed in the "Provide authentication code" dialog matches the scheduled instruction ID in the email that the authentication code was sent with. If the ID has incremented, then another user has updated the scheduled instruction.

Instruction responses Summary consistently shows a higher sent count and "Responses from" never reaches 100%.

TachyonMaster Switch table may contain multiple entries if the IP address of the server running the Switch Host service has changed and this will cause the sent count to go up for any instruction submitted.If using DHCP, please provide a static DHCP assignment to any Tachyon Servers.

GetProcesses method does not return full list of processes on Android M6 (Marshmallow) or upwards.

Due to security lock down on Android since version M6 (Marshmallow), the GetProcesses method returns an incomplete process list since an Android applications are now sandboxed to enhanced security by application isolation. An application only has access to the list of processes that it has created either directly or indirectly.


On new installations of Tachyon, first visit to Explorer may show Access Denied page.

Post clean install of Tachyon server, when user logs in for the first time to Tachyon Explorer, the Explorer lands on error page complaining about lack of permissions.

This has been seen more frequently on IE11 browser as compared to Chrome and Firefox.

This can also be seen if the user presses Ctrl+F5 key to refresh the Tachyon explorer page. When same keys are pressed second time, the Explorer does not land on error page

Refresh the web page or press Ctrl+F5 again.

When using instructions with FileSystem module and the specified filename uses non-ascii characters, the response may return an error "Cannot open 'C:\tmp\?file.txt' for hashing because: (0x7b) The filename, directory name, or volume label syntax is incorrect."

If the specified filename uses non-ascii characters, the FileSystem module may not be able to find the file and therefore it will not be able to retrieve further information about it and report it's size as -1 and that the hash is "invalid hash".


Unable to make changes to a product pack that has recently been uploaded as the files are locked or the following error is displayed "The action can't be completed because the folder is open in Remote Desktop Connection".

It may not be possible to modify or delete a product pack that has been recently uploaded via the Explorer pages.

There may be instances where the product pack .zip files remain locked on disk when using either Internet Explorer or Edge browsers to upload them. Chrome does not have this problem.

If you are effected by this, please close all running instances of Internet Explorer before attempting to modify the product packs again.

When using Filter Results and searching responses that relate to certificates, no results are found.

This can happen when an extra space exists in the search string or in responses.


Searching for subject for 'CN=' does not return any matches, whereas searching for '' will return matches.

The windows certificate viewer (Crypto API Extensions) will insert spaces in some certificate properties for ease of viewing. The certificate itself does not contain these spaces, and so a search with spaces in the search string (for example, copied from the certificate viewer in windows) will not return any matches.

If you run a command-line from cmd.exe with parameters (e.g. "psexec -i -s"), cmd.exe introduces another space between the executable name and the first parameter, so it becomes "psexec<space><space>-i s".

In order to match correctly, please use a search string with the correct number of spaces.

It may help if you click on a similar value returned in the response, and edit that.

Using certutil -dump will show the actual Subject Name of the certificate, which will match when searched for.

No responses are displayed in the Explorer even though some Tachyon clients have responded back.

Occasionally, responses are not loaded automatically and the page is not refreshed.Manually refresh the page with F5 to view the responses.

When a Tachyon client is running on a laptop connected to a WiFi network and the connection is lost (or it's turned off via the Wireless Network Connection), then the responses are lost.

If aTachyon client on a laptop has been processing instructions and the WiFi connection is lost, it does not recognise the connection is no longer available and continues to send responses. No responses will be received by the Tachyon Server.Re-submit the instructions.

The Explorer Responses page displays a blank page with no results.

This can occur if the SQL instance and the TachyonResponses database are unreachable.

If the Core web application is unable to access the TachyonResponses database when an instruction is asked then the Consumer will log an exception and the Explorer Responses page displays no results.

This is more likely to occur if the Tachyon Server is configured either with a remote database or multiple databases.

Rectify the connection problem with the SQL Server instance and re-run the instruction.

Internet Explorer consumes a large amount of memory and/or becomes unresponsive while browsing to the Tachyon Explorer.

Certain versions of Internet Explorer do not correctly release allocated memory when moving from page to page. This can cause the memory usage of Internet Explorer to grow indefinitely, and may result in the browser becoming sluggish or unresponsive.Restart Internet Explorer and/or use an alternate browser.

If the Tachyon client is restarted whilst it's attempting to download a resource (such as a script) while executing an instruction it logs ERROR - [Seq=<id>] Error processing instruction (InstructionId=<id>).

If the Tachyon client is restarted whilst it's attempting to download a resource script, it logs ERROR - [Seq=<id>] Error processing instruction (InstructionId=<id>)

On restart the Tchayon client will not re-process the instruction so the error is not sent up to the server.

Re-submit the instruction.

The Sent Count for an instruction, and the statistics derived from it, imply that an instruction has been sent to more Tachyon clients than the number deployed or targeted.

If the Tachyon client service is terminated abruptly while processing an instruction, the Tachyon client will re-request the instruction when it next starts up. This causes the Switch to re-send the the same instruction to the Tachyon client, which in turn will cause the statistics to show an increased Sent Count.

This also affects the Success, Error, and Outstanding statistics in the Responses Summary page.


Large responses to instructions may not be received from the Tachyon client if the instruction is cancelled, even though you have selected to "Keep Results".

If the Tachyon client is in the middle of an upload at the point that the instruction is cancelled, the Switch will cancel the upload if the size of the response exceeds 4K. None.

An Action can not be approved or in a failed state.

When the Coordinator service goes into faulted state (e.g. as the result of an internal error), any live instructions remain in the "created" state and cannot be approved.

Faults may be caused when a Tachyon Server has been upgraded when the instruction was still in-progress state during the upgrade process. The workflow will be unable to process the instruction after the upgrade and the error will be recorded in the Explorer portal Admin Log page.

The action needs to be re-submitted.



Instructions that have aggregation on floating point or DateTime values fail to return results.

When the instruction is run in Tachyon Instruction Management Studio (TIMS), the raw values are shown correctly, but when uploaded to Tachyon the aggregation fails to sum the values, returning an empty row set.

Aggregation on DateTime values where the input data looks like this also fail to return results: 01/17/2018 16:32:47.648


When submitting an instruction that uses the GetIpAddresses method in the Network module, any Windows XP devices will only return IPv4 addresses.

On Windows XP, the GetIpAddresses Method only returns IPv4 addresses and does not support return of IPv6 addresses.

GetIPAddress (which has been deprecated in 3.1) behaves the same.


Explorer response displays error 'Could not deserialize JSON into DataTable'.

If an instruction includes the Scripting.Run method running a PowerShell script, and the script fails or generates error output that is sent to standard out, this will be considered part of the output of the script, and cannot be converted into the format (JSON schema) expected for the response.Please ensure the PowerShell script is written to either output data according to the JSON schema specified in the instruction definition, or exit with an exitcode, and not a mixture.

Patch Success application


When a missing patch has been deployed via the Patch Success page, the patch is not added to the installed count or list if the patch has already been installed.

Patch Success > Deploy runs Patch.List method to check for successful installation, but if the patch had already been installed and only known from the Windows quick fix engineering (QFE) database, the GUID of the patch can be null so Tachyon is unable to resolve it correctly.

The installed counts and lists should be updated correctly once the next Tachyon Sync Data runs and another Generate Report - ETL is executed to re-process the Patch Success data.

Tachyon Sync Data can either be allowed to run at the next scheduled time or manually execute a Tachyon connector sync action with the "Clean Sync" checkbox selected. Allow at least 10 minutes to lapse from the last Tachyon Sync Data and run an execute for the Generate Report - ETL to reprocess the Cube data for the Patch Success dashboard.

Patch Success instructions that are using SCCM as a patch source log remote connections to Microsoft WSUS server.

1E Client logs creating a remote connection to Microsoft WSUS Server with a CheckOnline property set to false to indicate that 1E Client is using Windows Update Agent local cache to retrieve data. This log can easily be interpreted as an attempt to connect to internet to collect data, which is not what the 1E Client is doing. Instead the instructions are collecting additional information from WUA local cache in order to supplement missing data collected by ConfigMgr client and will therefore be regularly logged during normal operation of Patch Success instructions. ConfigMgr client omits Patch IDs for all installed patches and therefore require additional information to be collected from a different source to match missing Patch IDs.The log message should be interpreted as 1E Client performing a query against a Windows Update Agent local cache.

Deploying a missing patch directly via the internet returns the following error "overallDownloadResult is Null"

If a missing patch is deployed onto a target device, but the Windows Update service is not running or stopped, the 1E Client will return error: "overallDownloadResult is Null"

In later versions of the 1E Client, the returned error will be: "End search for updates because: (0x8024001E). Operation did not complete because the service system was being shutdown"

Ensure the Windows Update service is running before attempting to re-deploy the patch.

Deploying a missing patch to 1E Client may result with it logging "WARN - No updates to install" and the patch gets updated as "Not applicable"

If a missing patch is deployed, but there is no associated deployment package in ConfigMgr then the response will be returned as "Not applicable".Ensure the patch has been packaged and deployed through ConfigMgr so that it is available to the CM Clients before attempting to re-deploy the patch.

Patch Success charts and tables have inconsistent data.

Tachyon sync schedule process leads to new patch data being replaced with stale patch data when BI ETL is run.

When syncs are scheduled in the recommended way then the nightly BI ETL will replace all device and patch data in the BI star schema and cube with potentially stale SLA inventory data.

Execute a new Tachyon sync, once the expected devices have reported in patch data (check Tachyon Explorer → Instructions → History → "Returns Patch status for...") then execute a new BI ETL. This will result in up to date device and patch data in both the BI star schema and the cube.

Deploying a patch directly via the internet may return failure "End search for updates failed because: Not enough storage is available to complete this operation"

and WindowsUpdate.log will show an associated error:  "WARNING: WU client failed Searching for update with error 0x8007000e"

On Windows 7 / Server 2008 R2 there is a known issue with the Windows Update that causes it to return an "8007000E" error message.

This may be seen if in the Patch Success page, a patch is deployed with the check box enabled for "Enable patches to be downloaded onto devices directly from the internet instead of the default (SCCM)".

Please ensure the update that contains the improvements to Windows Update Client is applied in order to allow for further Patch Success deployments to function correctly.

History page should be hidden when user only has Patch success viewer permissions

History page is displayed when user has no access to Patch Success instructions.None

Patch Success will show all devices irrespective of the permissions on management groups.

BI cube does not have permissions model required to filter the management groups correctly. In addition, permissions model only assigns management groups to instructions therefore will not cater for BI cube permissions.None

'Check status' and 'Update status' fails when a large number of patches or devices are selected

On device patches screen you can select all the patches for given device. When a large number (100+) of patches are selected clicking 'Check status' and 'Update status' can fail as the instruction size limit is exceeded.

The same issue occurs on the patch installation screen where you can select a large number of devices.

Select a smaller number of items in the table and issue multiple instructions. The issue only occurs when you view 48 items per page, and select more than 2 pages.

Deploying a patch via the dashboard does not update missing patches if they are superseded by the deployed patch

If a device has multiple missing patches it's possible some missing patches are superseded by other missing patches. In this case all patches are reported as missing. If you deploy a patch via the dashboard, it will be updated to show the deployed patch as installed. But, if the deployed patch supersedes a missing patch, the state of the missing patch does not change. It will still be reported as missing when it's no longer applicable.Running the Tachyon inventory sync and BI ETL will correct the state of the missing patch. The problem only occurs for the real time update.

Guaranteed State application


When editing the Policy page, the filter on the right hand side does not apply to Assigned Rules list.

In this version of Tachyon, the filtering on the Edit Policy page only applies to the right-hand side "All Rules".It is possible to do Crtl+F to search for text and this will apply to all the rules under the "Assigned Rules" list.

"Ensure Nomad can communicate through the Windows Firewall" remediation is being executed even when firewall is disabled from the GPO.

"Ensure Nomad can communicate through the Windows Firewall" remediation is being carried out when there is a firewall policy which has been disabled through group policy. This means that when firewall policy has been disabled explicitly, instead of ignoring the fix, the firewall is being set to enabled and the firewall exceptions are set for Nomad.None

On a ConfigMgr Distribution Point, the Rule to "Check the Nomad has a virtual directory on ConfigMgr distribution points to perform LSZ generation" always passes even though an failure reason may be return in the Data field.

The check fragment should verify that the LSZFILES website setup by Nomad on a DP has certain characteristics, but even when errors are found the check status is "Passed".

The logic in the PowerShell parts of the fragments uses a $errorOccurred variable to set the exit code, but this variable is initialised to $false and then never changed even when an error is detected.

e.g Data field returns: "Windows authentication not enabled. Require SSL flag is not disabled. Directory browsing not correctly set."


1E Client logs several unsuccessful remediation attempts within a 24hr period.

There is currently no longer a cap on the number of time a remediation step can occur on a machine within 24hrs. This differs from 1E Client Health where after 3 failures to remediate an issue, further remediation would not occur until 24hrs have passed.None

Experience application


The Survey response page displays responses from a device that do not match the score seen when viewing the Device details due to duplicate survey names

When an survey is deleted, the old responses do not get removed and current behaviour causes issues when a new survey  is created with the same name. The calculations for sentiment score includes responses from the old survey where the names match.Where this occurs, recreate the survey using unique name that has not been previously used. If you are affected by this, please contact 1E Support for additional help.

Sentiment Scores for XP devices show no data.

The sentiment scores will always display "no data" when navigating to Experience > Devices page and viewing the details for Windows XP devices .

Surveys are not supported/available on legacy operating systems like Windows XP.


The metric section of the device screen only shows a spinner and error is logged to the Tachyon.Experience.log:

ERROR [LAB\tachyon.admin] Tachyon.Server.Common.Http.WebApiExtensions.ApiControllerBase - HTTP POST to https://tachyon.acme.local/Experience/MetricsHistory/Cube threw an uncaught exception

An exception is logged when a metric survey is created where the name ends with "Score", e.g. "BadScore". This prevents display of the device details page in Experience > Devices.

When the system is in this state no device details screen will work. Please delete the survey where name ends with "Score" and then once the cube is processed the device pages will start working again

When doing a search on Survey page, the page size resets back to the default (50)

On the Experience > Survey page, the page size can be increased to to display 100 or 250 rows. However, when a search is performed on the page, the page size jumps back to the default 50.


Survey reports always shows Applicable devices as 100%

Even when a general purpose survey has been assigned to a Management Group, the filter for survey reports always shows 100% for Applicable devices and not consistent with the devices assigned to the selected Management GroupNone

When using "Break Down By" filtering with "Operating System" on the Responsiveness page, some charts are not displayed or show "Not enough data to show deltas"

The Experience Responsiveness page does not apply the filtering of "Break Down By" with "Operating System" for the "View poorest devices" and "View what's changed (last 7 days)" charts.None

 Tooltip on the charts on the Stability page are misaligned.

On the Experience Stability page, it should be possible to drill down into the Visible metrics (e.g. Operating System crash). When hovering mouse over these charts, the tooltip does not always align correctly in charts for Events, so it will not be possible to drill down further to show the associated Event details (from the chart).None


No issues currently known.

1E Catalog


Any Title of a Vendor with two different colloquial versions should not be allowed when other fields are same.

There may be instances where a product has different colloquial versions for the same version such as Microsoft Excel 15.0 with a 2013 colloquial version and Microsoft Excel 15.0 with a 2015 colloquial version.None

Timeout is displayed during updates and the Catalog UI is not available during that time.

The Catalog Web UI is unavailable when it's downloading data from the 1E Cloud Catalog. 

If you try again after some time the Catalog Web UI should work.

The installer creates the database when you cancel the process in the setup wizard.

If you decide to abort the installation after providing the name of the Catalog database, the installer creates the database despite the cancellation.None

Pressing Cancel when prompted for your credentials on the Web UI Admin page displays an error.

If you click Cancel on the Web UI Admin page when prompted for your credentials, an HTTP error 401.1 – Unauthorized error is displayed.

Unable to create new versions with more than 4-part numbers in the Catalog Web UI.

If you attempt to curate a version with more than 4-parts (for example, in the Catalog Web UI, it displays the error – The version is not in the correct format.None

The Catalog Web UI does not report if the Catalog service is unavailable.

During a downtime, if you try to navigate through Catalog Web UI, it becomes unresponsive but does not display a message that the service is unavailable.None

The Catalog Web UI displays an incorrect message if you leave the page and return to it.

During a resynchronization event, if you navigate to a different page and immediately return to the Admin page, it displays a Resync completed Successfully message, even though it has not. The resynchronization event keeps running in the background until it successfully completes.None

Best Match API times out when indexes are being compiled.

If the Best Match API is called while the indexes are being compiled, it times-out. However, the second call will succeed.The second call will succeed.

Unable to cancel the installer while it is migrating to a new version.

During a migration to a newer version of the Catalog, pressing Cancel does not stop or roll back the installation – it continues uninterrupted.None

The number of records pulled during a 1E Cloud Catalog synchronization event is not known at the start of it.

When the Catalog synchronization event starts, you're not able to discover the total number of records that will be inserted into the database. The logs register the number of records it inserts successfully but you would not know the total records to be inserted beforehand.None

Clicking Back to list in Catalog Web UI navigates to the Home page instead of the previous page.

If you filter on a vendor and go to any next page to set license rules for that vendor, and then click Back to list, it takes you back to the Home page and does not retain the filter applied in the previous step.None

The unattended install does not check Catalog prerequisite.

The installation will fail if Requirements are not met.


Indexing fails when if the rebuild index and incremental index events are run simultaneously.

If a rebuild index and incremental index conflict, indexing will not complete successfully.  It will complete successfully the next time the incremental index event runs.

Error when user modifies an edition from Catalog Web UI.

If you attempt to modify the edition of a product then "An error has occurred while processing your request" message is displayed.None

Logs files and other folders not deleted from program data folder after uninstalling catalog.

If the Catalog is uninstalled, its logs folder structure is not deleted from the Program Data folder.None

On the Catalog Web UI new bundles screen selection of multiple dropboxes gives wrong filtered record.

On Catalog Web UI new bundles screen, selection of multiple dropboxes returns an incorrect filtered record.None

File Version filter on Catalog Web UI does not work.

File Version on product file screen filter is not working.None

A prompt to reboot the server is displayed when you upgrade or uninstall the product.

There may be instances where you are prompted to restart the server in order to complete the installation. Restart the server.

Installer unable to connect to the database when you run a repair on the Catalog from Programs and Features.

In a TLS environment, if you opt to repair the Catalog from Programs and Features by choosing the Repair option, you will be prompted with this error:  Error 27502: Could not connect to Microsoft SQL Server ... SSL Security error. (18)Uninstall and reinstall the Catalog

Lucene index folder is not deleted on uninstalling catalog.

On uninstalling the catalog, Index directory from program data is not getting deleted.None

Wrong Surrogate key mapping is formed in case product is deleted from client side and upgrade is performed

On upgrading the catalog deleted site define entries are not getting persistsNone

Installer should have a check for ASP.NET as Catalog is not failing when "ASP.NET" is not installed

The Prerequisite check of installer does not check for ASP.NETNone

Re-Sync: Timeout error is observed while getting site defined on one client machine while Re-Sync with another client machine is in progress

Re-Sync is successful on one of the client and error is observed on second client while it's getting the site defined entries.
Following is observed in the logs:- 
The timeout period elapsed prior to completion of the operation or the server is not responding.


Error message is observed in logs while indexes are recreated after sync in edge case installation scenario

Install catalog through unified tachyon installer, after successful installation, uninstall the catalog. If user Installs the catalog stand-alone start the sync then its IIS services should shift into different pool due to which indexes will break.None

Catalog 2.0 error '500 Internal server Error)Index is getting failed' in the 'Catalog.UpdateService.log' when the 1E Catalog service account uses domain user account. (Highly Intermittent).

When the 1E Catalog service account is using a domain user account rather than Network Service account, the index is getting failed after sync is completed. 

This issue does not cause functional issues and can be safely ignored.

Catalog 2.0 if an upgrade fails, the 1E Catalog installer will roll back the installation and remove any customizations in the 'web.config' and 'CatalogUpdateService.exe.config' files. 

If an upgrade fails, the 1E Catalog installer will roll back the installation and remove any customizations in the 'web.config' and 'CatalogUpdateService.exe.config' files. This is resolved by backing up the configuration files prior of upgrading as covered in the 'installation and upgrades' section of the documentation. 



Configuration Manager console shows duplicate right click options for 1E Tachyon.

1E Tachyon shows multiple times in a collection property when the collection belongs to nested folders in the Configuration Manager console.Restart the Configuration Manager console.