Troubleshooting Installation

If the Vault installation fails, review the logs to determine the error.

Verifying and installing prerequisites

Hardening errors

Logic Container Weak user errors

During the hardening procedure, Logic Container is installed to run as a weak user.

After the installation was successfully finished, look for following line in the Server\Logs\VaultConfiguration.log file:

 
[INFO]: Logic Container - Installing service as a weak user...

There may be warning messages after this line.

Warning - Machine is not hardened and installation is manual, installing service as a strong user...

 
[WARNING]: Logic Container - Machine is not hardened and installation is manual, installing service as a strong user...

This warning indicates that either hardening failed during the installation or you selected Do not harden the machine. For more information about how to resolve this issue, see Create a new Local User for the Logic Container Service.

Warning - Weak User creation failed, installing service as a strong user...

 
[WARNING]: Logic Container - Weak User creation failed, installing service as a strong user...

This warning indicates that weak user creation failed during the hardening phase of the installation.

To resolve this issue:
  1. Review the logs in the VaultConfigurations.log file and fix the configuration based on your analysis.

  2. Run the manual procedure described in Create a weak user manually.

  3. If you cannot resolve the problem, collect the log files as described in Collect Log Files, and also collect the %TEMP%\netsh_http_show.txt file, if it exists, and provide all the data to CyberArk for further investigation.

General hardening errors

When the hardening process fails, an error message appears that contains the location of the log file. The log file contains information that can help you resolve the error.

To troubleshoot a general hardening error:
  1. In the hardening failure message text, locate the following information:

    • The location of the log file, usually located in the Temp folder.

      The log file name contains the date and time with a Windows2016Security.log suffix.

    • The error, located in the Hardening Extra Services By Batch section.

  2. In the log file, search for ---- Running Services Batch ---- and review the list of commands in this section to confirm that they have completed successfully.

    1. Review all service configuration commands with the following format: sc config <SERVICE NAME> start= disabled.

      If the completion status of any of these commands is other than SUCCESS, the hardening process has failed.

    2. Review all registry commands with the following format: reg add HKLM\SYSTEM\CurrentControlSet\Services\<SERVICE NAME> /v Start /t REG_DWORD /d 4 /f

      Search for the <SERVICE NAME> that was modified in the registry (regedit) and verify that the Start value is 4.

      If the service's Start value in the registry is other than 4, the hardening process has failed.

  3. Do one of the following:

    1. If the hardening completed successfully, click Skip to continue with the installation.

    2. If the hardening failed, contact your CyberArk support representative.

Create a new Local User for the Logic Container Service

When hardening is performed during the installation, Logic Container is installed to run as a weak user. If there is a problem during the creation of the weak user, you can create a weak user automatically or manually.