ARCHIVED: Identity Finder troubleshooting for administrators

This content has been archived, and is no longer maintained by Indiana University. Information here may no longer be accurate, and links may no longer be available or reliable.
Important:
UITS decommissioned the Identity Finder service on February 28, 2019. Along with its edge partners, UITS has begun exploring alternative services and will start a proof of concept during 2019. For instructions for uninstalling Identity Finder, see ARCHIVED: Manually remove Spirion Identity Finder.

On this page:

Console

Console didn't update the action taken on a result

The console may fail to correctly update the "Action" field of a result for the following reasons:

  • A console-initiated scan ran and uploaded results to the console. The files containing matches were deleted from within the operating system (e.g., by sending them to the Trash or Recycle Bin and then emptying the Trash/Recycle Bin). A subsequent scan launched interactively through the client to verify that the files were completely removed.

    Search results only persist through the context in which the search was initiated. These contexts are:

    • System account
    • Local logged-on user account

    Client-initiated scans are run as the local logged-on user. To use the workflow described above, run your console-initiated searches as either "Locally Logged on User (Interactive)" or "Locally Logged on User (Background)".

    Note:
    When using the above workflow, past search results will not display in the client. Your results from the client-initiated search will be compared against the previous results, but these will only be visible from the console.
  • A scan's results were uploaded to the console. The files containing matches were handled and a subsequent scan ran in the same context (system account or local logged-on user account) as the first scan. The "Action" for these files was not updated from the first scan.

    When you run two searches under the same context, Identity Finder should update actions automatically. This update happens immediately after opening the Identity Finder client or the next time you run a console-initiated scan. Because network communication is sometimes unreliable, if the console is unreachable by the client when attempting this update, the update will fail and new results will upload to the console.

    There is no simple solution to this problem, but you can verify this happened by performing a Gather Data of the offending endpoint and viewing the client logs:

    1. Locate the endpoint in the Endpoint List of the console, right-click its name, and choose Diagnostics > Gather Data.
    2. Choose the appropriate user context from the "Gather Data" window.
      Note:
      This context must match the context used to run the searches.
    3. Gather Data will run, but not immediately. To view the Gather Data status:
      1. Select the endpoint from the Endpoint List, and then navigate to the Status tab.
      2. From the main view of the Status tab, select the endpoint.
      3. In the status details view, click the Tasks tab.

      If you do not see a Gather Data task listed, you may need to request another Gather Data.

      When Gather Data completes, the data gathered will appear in the Uploads tab of the status detail view.

      Note:
      You may need to refresh the Status tab. To do so, from the Ribbon, click Refresh.
    4. In the Uploads tab, right-click the data entry and choose to either Save or Save and Delete the file.
    5. Extract the saved file and navigate to the LogFiles directory of the resulting folder.
    6. Your endpoint's log files will be named in the form IDF_YYYY-MM-DD_HH-MM-SS. Find and open the log file that most closely matches the time of your second scan.

      If console communication failed, you should see lines similar to these:

      [2016-05-21 12:38:56] INFO Identity Finder 9.1.1 Started (Interactive)
      [2016-05-21 12:38:56] ERROR Communication with the console is enabled,
but the server specified in the serverUrl setting cannot be contacted
(The server name could not be resolved): https://idf.iu.edu/Services
All communication with the console will fail. Please check related
Knowledge Base (KB) articles at http://support.identityfinder.com for
further information.

The endpoint's "Policies State" isn't changing

When viewing the status of an endpoint, you will see one or more of the following listed under "Policies State":

  • Processing: The console is processing your policies to determine which ones should be applied to the endpoint.
  • Pending Confirmation: The endpoint has confirmed the policies but the console's "Update Policy States" service job has not run yet. The "Update Policy States" service job completes the confirmation process.
  • Pending Update: The policies have been made available to the endpoint, but they have not yet been applied.
  • Up to Date: The policies for the endpoint are up to date.

Your endpoints may appear stuck in the "Pending Confirmation" state. This is expected behavior. Because of the large number of endpoints on campus, the console is set up for delayed policy confirmation to help reduce server load. The console will run an "Update Policy States" job every hour, after which your endpoints should confirm their policies. If an endpoint has been "Pending Confirmation" for more than an hour, contact UITS Leveraged Services for assistance (on the Leveraged Services Identity Finder page, click Request Assistance, fill out the "Request Assistance" form, and then click Submit).

Console doesn't display the most recent date and time that a match was found

By default, the date and time that a match was first found will display in the "Date/Time" column of the Results tab. Even if the same result is found in a later scan, the date and time that it was first found will display in that column.

To change this to show the date and time of the last scan that found the result:

  1. Navigate to the Admin tab of the console.
  2. Click Personal Settings.
  3. Uncheck Display the timestamp of the first time the identity match was found.

Client

Preventing end users from modifying the Identity types

You can prevent end users from modifying the Identity types searched for by a System policy with one of two ways:

  • Specifically enabling the Identity type
  • Specifically disabling the Identity type

In the Policy Wizard, Identity types that are specifically enabled or disabled will appear highlighted. In your policy's settings, these keys will appear in "Settings\Identities" and display in green text, indicating that their values have been changed from the default. If the value for an "EnableAnyFind" key is set to "Disable" and the "Status" for this key is listed as "Default", your users can enable or disable this Identity type from the client.

If a scan is stopped before it finishes finding matches

In general, any matches found before the scan was stopped will upload to the console once the client is closed. However, if the client is unable to communicate with the server, the results won't be sent to the console. If you believe your results should have been uploaded but were not, you can check the status of client-server communication by using the Gather Data feature.

To view the status of the Gather Data:

  1. Select the endpoint from the Endpoint List, and then navigate to the Status tab.
  2. From the main view of the Status tab, select the endpoint.
  3. In the status details view, click the Tasks tab.

If you do not see a Gather Data task, you may need to request another Gather Data. When the Gather Data task has completed, the data gathered will appear in the Uploads tab of the status detail view.

Note:
You may need to refresh the Status tab. To do so, from the Ribbon, click Refresh.

If a desktop computer or server restarts before it finishes scanning for matches

If you restart a desktop computer or server before it finishes a scan, any found matches will most likely not upload to the console.

This is document alfl in the Knowledge Base.
Last modified on 2021-03-10 17:38:57.