The saying "necessity is the mother of invention" sums up why the latest updates to the ACS Autopilot management pack were made. If you ever have to spend some time troubleshooting problematic ACS forwarders, you may be aware of the capability to place a forwarder/collector in debug mode so as to dig deeper into the verbose log file in hope of remediating the situation. At a high level, the technique involves stopping the service, creating the TraceFlags registry key, starting the service, and then reviewing the AdtAgent.log file.
Important: As with most verbose debug logging, this should be used solely for diagnosis and you should not keep debugging enabled during normal operation.
Some folks have scripted this tedious process in a batch file which has been helpful. Others may have automated it further in PowerShell. For me, I decided to elevate and sort of “productize” the automation in the OM console as three tasks. This helps make it even easier for ACS admins and operators to troubleshoot forwarders.
The MP now includes three tasks which are described in the next section:
The MP now also includes a new view named Agents - Running Debug which depicts ACS forwarders in debug mode.
So how does one leverage this debug capability in the MP? Here's how:
- Suppose you have a problematic ACS forwarder that will not forward events or keeps stopping for whatever reason. Select that target endpoint and then run the ACS - Enable Debugging task. The task will stop the AdtAgent service on the remote computer, configure it for debugging, start the AdtAgent service, and then provide output that resembles the following image.
- After a few minutes the forwarder will appear in the Agents - Running Debug view. Select the forwarder in that view and then run the ACS - Read Debug Log task. The task will then read the AdtAgent.log file contents and will then provide output that resembles the following image.
- Hopefully, the output will help you remediate the root cause. If the data is too cryptic or not helpful, and all other troubleshooting actions do not restore operations to the forwarder(s), then I highly recommend leveraging Microsoft Services Premier Support resources.
- Once you restore the ACS forwarder to normal operations, select the forwarder in the Agents - Running Debug view and then run the ACS - Disable Debugging task. The task will stop the AdtAgent service on the remote computer, disable debugging, delete the AdtAgent.log file, start the AdtAgent service, and then provide output that resembles the following image.
Remember, do not leave forwarders in debug mode once they return to normal operations! Lastly, there are similar debugging techniques for the ACS collector(s) that one could implement via a script. I personally didn’t see the need or value in exposing that automation in a MP when an ACS admin can run such a script on the collector if/when the need arises to place it in debug mode.
The MP is unsealed and is available for download here.