Tenable Identity Exposure Diagnostics Tool

Tenable Identity Exposure provides a diagnostics tool that allows you to retrieve log information related to your Tenable Identity Exposure installation so that customer support can analyze and assist you with any issue.

You download this diagnostics tool from the Tenable downloads portal.

Note: This diagnostics tool only works for on-premises installations of Tenable Identity Exposure.

The diagnostics tool can do the following:

  • Identify whether the current machine (where you launched the executable file) hosts the Storage Manager (SM), Security Engine Node (SEN), or the Directory Listener (DL).

  • Scan the environment to find other Tenable Identity Exposure installations available on your network.

  • Detect a list of log sources related to your Tenable Identity Exposure installations to test and retrieve information about them accordingly.

  • Retrieve MSI logs on failed Tenable Identity Exposure installation attempts.

  • Run the diagnostics tool on the SEN.

  • Run the diagnostics tool with an elevated user to activate most or all log sources.

  • To detect the SM or other installation, check that you have the following conditions:

    • The configuration allows remote command to run on the remote computer (Invoke-Command cmdlet).

    • The configuration allows remote access to disks.

    • WMI is enabled and allowed for the current user account.

  1. Download the file TenableAdDiagnosticTool.OnPrem.Console.exe from the Tenable downloads portal.

  2. Run the executable file as an administrator on a Tenable Identity Exposure machine, preferably the one hosting the SEN.

  3. At the prompt, type one of the following options:

    • E — All logs (default option)

    • Msi — Logs related to Tenable Identity Exposure installations

    • Tenable — Logs related to Tenable Identity Exposure

  1. Press Enter.

    The diagnostics tool scans your installation. When the scan completes, the resulting output is a zipped file located in your current directory.

  2. Send this zipped file to Tenable Identity Exposure customer support. Be sure not to alter the file contents in any way.

  1. In the command line, run the executable file TenableAdDiagnosticTool.OnPrem.Console.exe as an administrator on the Tenable Identity Exposure machine, preferably the one hosting the SEN.

    The diagnostics tool scans your installation. When the scan completes, the resulting output is a zip file located in your current directory.

  1. Send this zipped file to Tenable Identity Exposure customer support. Be sure not to alter the file contents in any way.

Other options

The diagnostics tool also offers the following options using the command line:

  • -- help — A brief description of the diagnostics tool's usage.

  • -- commands — A list of Powershell / WMI queries to test the machine capabilities and scan other installations.