Troubleshooting Agent Issues

Installation Failure Issues

Install Failure - Invalid Username and/or Password

If you encounter an issue installing the Agent where an error dialogue pops up stating "Invalid Username/Password" for the associated service account, this can be caused if the service account was not added to the Domain Admins member group.

Install Failure - Agent Service Not Present after Installation

If you encounter an issue installing the Agent where the Agent service does not get installed or the folder does not seem to exist with the installed application, please run the install with logs enabled and open a chat with support.

📘

Deploying via PowerShell

If you are deploying agents via PowerShell and your variables include spaces, commas, or dollar signs ($), you will need to include escape characters.

Spaces Example: LIONGARDENVIRONMENT= `“Exact Environment Name Inc.`”

Comma Example: LIONGARDENVIRONMENT= "`" Exact Environment Name, Inc.`""

Dollar Sign Example: LIONGARDAGENTSERVICEPASSWORD= "Pa`$swordHere"

msiexec /i LiongardAgent-lts.msi LIONGARDURL=yourinstance.app.liongard.com LIONGARDACCESSKEY=<insert key here> LIONGARDACCESSSECRET=<insert key here> LIONGARDAGENTNAME="name" LIONGARDENVIRONMENT="" /L*V agentinstall.log

Install Failure - Agent Service Not Present in Services.msc - Additional Troubleshooting Steps

  • If you had the Services panel open during the install, please make sure to close it and reopen it if you are having trouble finding LiongardAgent.exe listed.

  • In the Services panel, make sure you are connected to the Local system. You can right-click on the computer on the left-hand panel and select "Connect to another computer ..." and verify that "Local computer" is selected.

  • Setting Agent Permissions From PowerShell

If you need to apply Agent permissions and for some reason cannot get the service to show up following the instructions above, you can run this PowerShell script to check for the service and apply a service account.

$UserName = Read-Host -Prompt 'Input the account username'
$Password = Read-Host -Prompt 'Input the account password'
$Service = "liongardagent.exe"
$ServiceObj = gwmi win32_service -filter "name='$service'"
If ($ServiceObj -and $ServiceObj.State -ne "Stopped") {
    $StopStatus = $ServiceObj.StopService() 
    If ($StopStatus.ReturnValue -eq "0") {
        Write-Host "Service Stopped Successfully"
    } Else {
        Write-Host "Failed To Stop The Service"
        Exit
    }
}

$ChangeStatus = $ServiceObj.change($null,$null,$null,$null,$null,$null,$UserName,$Password,$null,$null,$null) 
If ($ChangeStatus.ReturnValue -eq "0") {
    Write-Host "Sucessfully Changed User Name"
} Else {
    Write-Host "Failed To Change The Service"
    Exit
}

$StartStatus = $ServiceObj.StartService() 
If ($StartStatus.ReturnValue -eq "0") {
    Write-Host "Service Started Successfully"
} Else {
    Write-Host "Failed To Start The Service"
}

Install Failure - Agent install log indicates a 1603 Error

If you run the installation with logging enabled, and see the error "MainEngineThread is returning 1603" (or a similar message) the following steps should be taken in the order listed:

  • Make sure you are using the most up-to-date agent installer from https://agents.static.liongard.com/LiongardAgent-lts.msi
  • Ensure no files or folders from previous liongard installations remain in C:\Program Files (x86)\ folder
  • Reboot the machine and retry the installation
  • Apply any critical patches, reboot the machine, and retry the installation
  • Check install log for MsiSystemRebootPending = 1. If this remains after a reboot, you may need to open regedit and clear PendingFileRenameOperations in hklm\system\currentcontrolset\control\session manager\PendingFileRenameOperations. Note: Liongard recommends backing up the system registry before making any changes.
  • Check antivirus or security software on the server
  • Make sure the user generating the API key has proper permissions for that environment
  • Open a chat with our support team

MSI Installer Errors

Error: Cannot find module.

If you see an error such as the following in liongardagent.err, open a command-line console and run the following commands.

cd "C:\Program Files\Liongard"
npm install

Then, use the Windows Services control panel to start or restart the LiongardAgent Service.

Finally, in Liongard navigate to Admin > Agents screen to check the heartbeat of your Agent.

🚧

Removing at Agent from Liongard

Removing an Agent from Liongard will disassociate all System Inspectors, if any, from the Agent, and they will need to be reassociated manually.

If you are troubleshooting a newly installed Agent, this isn't a concern. If you are reinstalling an Agent that has been in service and running Inspectors, you will need to edit each Inspector and reassociate it to the correct Agent after a successful reinstall.

Our Agent install and upgrade scripts will be improved in the near future to handle this case more gracefully.

Error: Installation ending prematurely.

  1. Try rebooting the machine
  2. Try starting the MSI from an elevated command prompt (msiexec /i LiongardAgent.msi from an Admin prompt)
  3. If you have an active Antivirus application, try allowlisting Liongard
  4. Verify that no other installers are active
  5. This could be due to a cipher issue. You can verify this by downloading and installing the IISCrypto software and setting your cipher suite to "Best Practices" as recommended by Microsoft.

Error: EPERM

An EPERM error will appear in the Inspector UI logs when you switch from a System to a Domain Admin account.

This error may also occur if you have changed the Agent's service account through services.msc.

To resolve this error, using the MSI installer, uninstall the Agent and reinstall it with the Domain Admin service account.

Additional Troubleshooting Issues and Conditions

Below are additional troubleshooting issues and conditions that can prevent an Agent from working properly.

Network Firewall is Blocking Communication

To allowlist Liongard, see How to Properly Allowlist the Liongard Platform.

Antivirus Software Issues

Some antivirus software is, at times, known to interfere with the healthy operation of the Liongard Agent.

❗️

Antivirus software may require allowlisting

Several vendors have been known to cause possible issues with the Liongard Agent including:

  • SentinelOne
  • Kaspersky
  • Webroot (rarely)
  • Cylance

Symptoms can include:

  • The Agent being killed after some period of time
  • The Agent ceasing to heartbeat to Liongard after some period of time
  • Inspectors using PowerShell seeming to timeout constantly or at random.

If you experience any of these symptoms, or if you use the antivirus vendors mentioned above, we recommend allowlisting the Liongard Agent executable (located under C:\Program Files (x86)\LiongardInc by default) according to your antivirus vendor's instructions and best practices.

Cylance

For Cylance, set exclusions to a Cylance environment with script control enabled:

/program files (x86)/liongardinc/liongardagent/jobs/*/powershell/*/*.ps1
/program files (x86)/liongardinc/liongardagent/jobs/*/powershell/*.ps1


Threatlocker

Threatlocker can interfere with the Agent installation process. Setting Threatlocker to learning mode before installation should resolve any installation issues.

File Server Resource Manager

File Server Resource Manager is known to interfere with Liongard Agents. If you are having these issues, allowlist the Liongard Agent.

Other third-party software packages - Agent keeps stopping

If you encounter the Agent continuing to stop, we recommend you set up auditing on the service to find the root cause. This may be a symptom of a third-party software interfering.

You can follow the instructions below to set up auditing on the Agent service:

  1. Open the Group Policy Management Editor
  2. Select either the default domain policy or another GPO applied to the current computer
  3. Edit the policy
  4. Under Computer Configuration > Policies > Windows Settings > Security Settings > System Services
  5. Find "Liongard Agent" and right-click and select Properties
  6. Check: "Define this policy setting"
  7. Check: "Automatic" startup mode
  8. Click "Edit Security..."
  9. Click "Advanced..."
  10. Click on the "Auditing" tab
  11. Click on the "Add" button
  12. Click on the "Select Principal" link and enter "Everyone" and click OK
  13. Choose "All" for the Type dropdown
  14. Check the "Start, stop, and pause" checkbox and then click OK
  15. It will prompt you to apply the policy, click "Apply" and continue

My Agent Is Not Heartbeating

931

You can check to ensure that the agent has a heartbeat on the Agent Admin screen.

Our Agents check in with Liongard every few minutes. If you see that an Agent has not checked in with Liongard recently, here are some ways to troubleshoot:

  1. Check that the Windows Service named LiongardAgent.svc is running.

  2. If the Agent service is running, try restarting it. Give it a minute or two to see if it heartbeats, if not, move on to Step 3.

  3. Ensure the time on the server is accurate. Do not skip this step! Our support team finds this to be the most common root cause.

  4. Check the logs (log locations) for any of the common errors listed above.

  5. Flush DNS

If you are experiencing an Agent with a red heartbeat and the previous troubleshooting steps have not resolved it, it is possible that the server the Agent is installed on cannot resolve the domain outbound to AWS.

Please find your respective AWS URL using the lookup below. If you attempt to ping the AWS URL from the server and it does not resolve, then performing a DNS Flush and attempting to ping the AWS URL again can resolve the Agent heartbeat.

Use lookup below to match your Liongard URL and find the respective AWS URL you need to test

  • aus?.app.liongard.com
    sqs.ap-southeast-2.amazonaws.com

  • us?.app.liongard.com
    sqs.us-west-2.amazonaws.com

  • ca?.app.liongard.com
    sqs.ca-central-1.amazonaws.com

  • uk?.app.liongard.com
    sqs.eu-west-2.amazonaws.com

  • eu?.app.liongard.com
    sqs.eu-central-1.amazonaws.com

  • sa?.app.liongard.com
    sqs.sa-east-1.amazonaws.com