Debugging HLK Test failure on AWS EC2

Eva_Brigid · February 14, 2018, 3:18pm

Does anyone use HLK on EC2 or is this usually run on physical hardware/on prem vms?

Filter.Driver.WindowsFilteringPlatform.ArchitecturalDesign.FwpmProviders.MaintainIdentifying test hit an error collecting data. I’d like to review the system to search for the files but the test has moved on to a later test case and I can no longer access the system via rdp or wttcmd ping. I can reboot the system, but then I’m not sure what this means for downstream tests.

Failed the Job “REQ - WFP-based products must create and maintain at least 1 identifying FWPM_PROVIDER provider object”?
?Job Failed And Rest of the Tasks Cancelled because Task “ArchitecturalDesign.FwpmProviders.MaintainIdentifying”
Failed with Failure Action FailAndStop

Cause : Task “ArchitecturalDesign.FwpmProviders.MaintainIdentifying” is Marked Failed From the LogFile

Cause :
Copying File “C:\hlk\JobsWorkingDir\Tasks\WTTJobRun…\WFPLogo.wtl.trace” Fails

Cause :
Cannot Find Pattern “C:\hlk\JobsWorkingDir\Tasks\WTTJobRun…\WFPLogo.wtl.trace”

Cause :
Task is Marked Failed as it had non-zero Fail Counts in the LogFile

My guess is that I can use HLK manager to mark the client as manual or unsafe and then reboot it. Should the client comeback and be accessible, then I might be able to locate the missing files or find the answer in eventlog.

Anyone else hit this kind of situation?

Eva

Tim_Roberts · February 14, 2018, 5:18pm

xxxxx@gmail.com wrote:

Does anyone use HLK on EC2 or is this usually run on physical hardware/on prem vms?

How can it be run on an EC2 VM?Â The HLK and its clients have to in the
same domain or same workgroup.Â For most devices, the clients have to be
real hardware, not VMs, but since you’re running a network filter, maybe
that’s not a requirement.

I’m surprised you got as far as you did, and I’d love to have you write
an essay on how you made it work.

–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.

Eva_Brigid · February 15, 2018, 7:14am

The same workgroup was easy. I created AMIs based on 2016 server, set them to be in the same VPC, modified security groups to open up 1771 and connected them. They came up in the same WORKGROUP workgroup.

I’m testing a software WFP (a network filter) so there’s no need for actual hardware. The tricky part is when a test cuts the system off from the world (via its firewall) there’s no physical console to go to for investigation. The test timeout is 180m but I’m way past that.

This means the ability to determine the problem - if the logs do not exist off the test system will require me splitting the disk from the EC2 instance and using it on another as a 2ndry disk. That’s a little rough.