Submit a ticketCall us

Announcing NCM 7.7
With NCM 7.7, you can examine the rules that make up an access control list for a Cisco ASA device. Then you can apply filters to display only rules that meet the specified criteria, order the rules by line number or by the hit count, and much more.
See new features and improvements.

Home > Success Center > Log & Event Manager (LEM) > SolarWinds LEM 6.3 User Guide > Additional LEM Configuration and Troubleshooting Information > Troubleshooting LEM Agent Connections

Troubleshooting LEM Agent Connections

There are a number of reasons why a LEM agent might not connect to your LEM appliance. The following troubleshooting procedures can help you work around the most common causes:

  1. Verify the computer is still in your environment
  2. Verify the computer is turned on.
  3. Verify the LEM agent service is running.
  4. Verify a firewall is not blocking the connection.
  5. Verify the LEM agent is running the current software version.
  6. Reset the LEM agent certificate.
  7. Check the LEM agent ports.
  8. Reinstall the LEM agent.
  9. Contact SolarWinds Technical Support.

Check the LEM agent service

The LEM Agent runs as a service on the host operating system. Ensure the service is running on the host system.

Windows systems

  1. Open Control Panel > Administrative Tools > Services.
  2. Navigate to the SolarWinds Log and Event Manager Agent.
  3. Click File:Success_Center/Reusable_content_-_InfoDev/LEMUserGuide_MT/0E0/140/Icon-Play_14x14.png if the LEM agent is not running.

Linux systems

  1. Run ps ax grep contego in a CLI terminal.
  2. Look for ContegoSPOP.
  3. If the LEM agent is not running, run sudo /etc/init.d/swlem-agent start.
  4. Enter the root password (if required).

Apple Macintosh systems

  1. Open a CLI terminal.
  2. Run ps ax | grep -i trigeo.
  3. Look for SWLEMAgent
  4. Run launchctl load /Library/LaunchDaemons/com.trigeo.trigeoagent.plist. if the LEM agent is not loaded.

Check a firewall for a blocked connection

The LEM agent relies on the following ports to communicate with the LEM appliance. Ensure you have the proper exceptions in place for any firewall between a LEM Agent and the LEM appliance.

SolarWinds recommends disabling the domain, public, and private profiles, even though IP subnets may be fully configured in Active Directory sites. There are instances when Windows firewall blocks agent communications even when the port connection is tested.

Ports Description
37890-37892 Traffic from LEM agents to the LEM appliance.
37893-37896 Traffic from the LEM appliance to LEM Agents.

Check the LEM agent software version

To check the software version, locate the LEM agent installation folder on your system.

System Location of LEM Agent Installation Directory
Microsoft Windows C:\Windows\system32\ContegoSPOP\
Linux /usr/local/contego/ContegoSPOP/
Apple Macintosh /Applications/TriGeoAgent/

In the installation folder, locate and open spoplog.txt file, and then search for the release in the file. The most recent entry reflects the current version running on your system. For example: SolarWinds Log and Event Manager Agent (Release x.x.x).

Reset the LEM agent certificate

Reset the LEM agent certify when you experience intermittent connectivity, issues with upgrading the LEM agent software, or a general failure to connect.

Microsoft Windows hosts

  1. Navigate to Control Panel > Administrative Tools > Services.
  2. Stop the SolarWinds Log and Event Manager Agent service.
  3. Delete only the six *.xml and *.trigeo files under the spop folder in C:\Windows\system32\ContegoSPOP\
  4. Open the LEM console and navigate to Manage > Nodes.
  5. Locate the LEM agent in the Nodes grid.
  6. Click File:Success_Center/Reusable_content_-_InfoDev/LEMUserGuide_MT/0E0/140/Button-Gear_17x14.png and select Delete.
  7. Restart the LEM Agent service.

If you continue to have issues after resetting the LEM agent, perform the following steps:

  1. Navigate to Control Panel > Administrative Tools > Services.
  2. Stop the SolarWinds Log and Event Manager Agent service.
  3. Delete the spop folder in C:\Windows\system32\ContegoSPOP\.

    Do not delete the ContegoSPOP folder.

  4. Open the LEM console and navigate to Manage > Nodes.
  5. Locate the LEM agent in the Nodes grid.
  6. Click File:Success_Center/Reusable_content_-_InfoDev/LEMUserGuide_MT/0E0/140/Button-Gear_17x14.png and select Delete.
  7. Restart the LEM agent service.

Linux hosts

  1. Stop the swlem-agent service

    Execute: /etc/init.d/swlem-agent stop

  2. Delete the spop folder.

    Execute: rm -Rf /usr/local/contego/ContegoSPOP/spop

  3. Click Manage > Nodes.

  4. Locate the affected LEM agent in the Nodes grid.

  5. Click File:Success_Center/Reusable_content_-_InfoDev/LEMUserGuide_MT/0E0/140/Button-Gear_17x14.png next to the entry and select Delete.
  6. Restart the swlem-agent service.

    Execute: /etc/init.d/swlem-agent start

Apple Macintosh hosts

  1. Unload swlemagent.plist.

    Execute: launchctl unload /Library/LaunchDaemons/com.swlem.swlemagent.plist

  2. Delete the spop folder.

    Execute: rm -Rf /Applications/TriGeoAgent/spop

  3. Click Manage > Nodes.
  4. Locate the affected LEM agent in the Nodes grid.
  5. Click File:Success_Center/Reusable_content_-_InfoDev/LEMUserGuide_MT/0E0/140/Button-Gear_17x14.png next to the entry and select Delete.
  6. Reload swlemagent.plist.

    Execute: launchctl load /Library/LaunchDaemons/com.swlem.swlemagent.plist

Check the LEM agent ports

If the manager ports are open on the firewall and the LEM agent ports are closed, you could connect using Telnet but the LEM agent may not be able to connect.

To determine if your firewall is configured correctly: 

  1. Open a command line.
  2. Telnet from the LEM agent to port 37892 on the LEM  appliance.
  3. Run a netstat command.
  4. Stop the LEM agent.
  5. Open the spopf.conf file in a text editor and modify the following lines:

    This process works best if you open WordPad and run as an administrator. The process also assumes ports 65320-65323 are available for use.

    • AgentLowPort=65320
    • AgentHighPort=65321
    • com.solarwinds.lem.communication.agentLowPort=65322
    • com.solarwinds.lem.communication.agentHighPort=65323
  6. Restart the LEM agent.

Reinstall the LEM agent

  1. Download the Remote Agent Uninstaller to uninstall an agent, or use Programs & Features in the Windows control panel.

    Run the remote installer using runas administrator with the file on the local hard drive (including administrators). If you are running Windows Server 2012 R2 or Windows 8.1, do not use the Remote Agent Installer.

  2. Remove the agent directory located at c:\windows\syswow64\ContegoSPOP\.

  3. Re-install the LEM agent.

    During the installation, use the following guidelines:

    • If you use the local agent installer on computers running in a DMZ with Windows 8.1 or Windows Server 2012 R2, select Run As > Administrator and Windows 7 capability.
    • If you use the remote agent installer, select Run as > Administrator. Ensure that the installer file is on the local hard drive.
    • If you experience a network resolution issue resolving the hostname, use the LEM IP address for the Manager Name while installing the agent.
    • If the agent does not appear in the console Node list, click Manage > Appliances and click the License tab. Ensure that you have enough licenses for your agent.

Contact SolarWinds Technical Support

If you cannot resolve your issues, open a ticket with SolarWinds Technical Support for assistance. Before you call, record the following information:

  • Operating system running on the host computer
  • LEM agent installer version
  • LEM appliance version
  • LEM  console version
  • The most recent copy of spoplog.txt and the spop.conf file from the agent installation folder.

 

Last modified
14:20, 24 Mar 2017

Tags

Classifications

Public