Troubleshoot a Remote Installation (Windows) - Administrator Guide - 6.5 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR Administrator Guide

Product
Cortex XSOAR
Version
6.5
Creation date
2022-09-28
Last date published
2024-03-21
End_of_Life
EoL
Category
Administrator Guide
Abstract

Troubleshoot a shared agent or D2 agent on Microsoft Windows. View error messages to troubleshoot a remote installation on Microsoft Windows.

The following table describes the error messages you may receive when remotely installing a shared agent or D2 agent on Windows.

Error Message

Workaround

NT_STATUS_LOGON_FAILURE

Verify that the username and password are correct in the integration instance configuration settings.

NT_STATUS_NO MEMORY

  • This error is not related to memory. The workgroup is missing.

  • If the target machine is inside the domain, enter the domain in the Target domain or workgroup parameter in the integration instance configuration settings.

  • If the target machine is not in the domain, enter the machine's hostname (not the host address) in the Target domain or workgroup parameter in the integration instance configuration settings. To get the machine's hostname, run the hostname command from the terminal.

NT_STATUS_UNSUCCESSFUL

The IP address is incorrect.

NT_STATUS_IO_TIMEOUT

  • Firewall is blocking SMB/Port 445.

  • Wrong address

NT_STATUS_DUPLICATE

This error is related to a DNS issue. If you are using Amazon, use the actual IP address and not the URL.

NT_STATUS_CONNECTION_RESET

The target machine might not support SMB 1 connection. Make sure SMB2 is active on the target machine and specify the SMB argument value as 2. For more information about how to detect, enable, and disable different versions of SMB for Windows and Windows server, see SMB assistance.

Agent is installed but unresponsive

Verify that the base URL for D2 agents and engines is correct and reachable from the network segment where the agent is installed. Go to SettingsAboutTroubleshooting and verify that you defined the external IP address or base URL of your Cortex XSOAR server.