Troubleshooting common problems
Use this information if you have a problem with your probe not connecting to your analyzer, your probe does not have a network adapter available, or if you are using an nTAP and want to capture NetFlow traffic.
A probe is not connecting to the analyzer or vice versa
If the probe is not connecting, it could be one of several reasons. The log window in Observer has useful information to give you an idea of why the connection is failing. If the log window is hidden, choose View > Log Window to show it.
Verify the following:
Ports firewall and the traffic is actually passing through it. Observer uses these ports to communicate with the probe. Check any local system firewall as well as any network firewall.
Security and encryption settings match between the Observer analyzer and the probe. If the settings do not match, you will get a message that says “Probe redirection Error <IPAddress> Authentication Negotiation Error.” Either the security feature has been turned off for one side of the connection (but not the other), or their encryption keys do not match. In Observer, click the File tab, and click Options > General Options from the menu, then click the Security tab. On the probe, click the Security tab. Verify that the security properties match.
The user name you are using from the analyzer exists on the probe or in OMS. Although very uncommon, the default “Anyone” account can disappear. If it does and you use that account to connect, your connections are prohibited. If the Anyone account has been deleted, you can recreate it on the probe by clicking the Security tab, then the New User button. Click the “Create Anyone Account” button.
If a Single Probe does not have a user name defined in the Options > Probe Redirection Settings, you must create a new account called “Anyone” (without quotes) and use that account to access the Single Probe.
The probe and Observer are within the same minor build range. You can have Observer automatically force an upgrade of an older probe version.
You can access the VLAN if the probe or Observer are on different VLANs. There is nothing you need to configure in Observer or the probe to enable a connection when they are on different VLANs. However, if you do not have network permissions to access a probe on a different VLAN, it is a network configuration issue (usually for security reasons) and you should contact the network administrator.
Users cannot authenticate through OMS
Verify the following:
The user account exists in OMS.
Verify the user is a member of a user group with access to the asset.
If after verifying the account exists with the access to the asset, restart OMS.
Probe will not upgrade
If the probe software is running as a Windows service, you can choose to have the probe restart automatically. This is a configuration option in the probe’s settings and especially useful for remote probes where there is not a local administrator.
Probe is not being licensed
Since you have OMS, you should use OMS to centrally manage your probe and Observer analyzer licenses, especially if you use OMS to push upgrades to the probes and analyzer. The probes should be running as a Windows service to properly upgrade. If they are run in application mode, rather than as a Windows service, then the restart will not occur. If for some reason a probe or analyzer was running in application mode when an upgrade occurred, you can close it and restart it. It should acquire an updated license from OMS and functionality should continue as normal.
Licenses for different versions
OMS can successfully handle licenses for different versions of Observer and the probes simultaneously. Assuming you want to have your licenses for version 16 and version 17 active, we suggest putting both the version 16 and version 17 licenses into OMS. Allow OMS to manage your licenses.
OMS failed to bind the authentication port
If you receive a message that OMS failed to bind to the authentication port:
Ensure that ports 25901 and 25903 are open.
Ensure that you have the AuthenticationServerKey.oek in your OMS, probes, and analyzer installation directories.
RADIUS servers not authenticating
If your RADIUS servers are not authenticating or are locking out the users, try the following:
Try switching the primary and secondary RADIUS servers settings.
Increase the failed login attempt threshold.
I cannot see my co-worker’s shared filters
If you cannot see your co-worker’s shared filters, be sure that you clicked Synchronize and, if necessary, the Get Status button. You may need to click the Synchronize button again after clicking Get Status.
“Invalid credentials” error when using DNS name
You set up a DNS name for your product. You can log in when using an IP address to access the product, but when you attempt to use a DNS name in your web browser you see an “invalid credentials” error message even though you provide a valid user name and password.
The browser has corrupted the cookie that the product uses, potentially because of one or more of your browser’s plugins. It’s also possible that cached files, in addition to the cookie, are the cause.
1. Delete the corrupt cookie from your browser.
You can choose to delete all cookies or search for your product’s cookie and delete only it.
2. Clear your browser’s cache files.
3. Try using the DNS name and valid credentials.