Closed dlkeeling closed 7 years ago
mr-burnse
commented
7 years ago Have you started the client service? Anything revealing in the log file? https://github.com/CrowdStrike/falcon-orchestrator/wiki/Installation-&-Deployment#starting-the-service.
dlkeeling
commented
7 years ago This error is in the log
2017-09-05 14:51:24,895 FATAL FalconOrchestrator.Client.EventModel - [0] Error occured while trying to save authentication activity audit event to database System.ArgumentOutOfRangeException: Value to add was out of range. Parameter name: value at System.DateTime.Add(Double value, Int32 scale) at FalconOrchestrator.Client.AuditEvent.get_FormattedTimestamp() at FalconOrchestrator.Client.AuthActivityAuditModel.Save()
mr-burnse
commented
7 years ago There's a patch that was released for this, try applying it and restarting the service. https://github.com/CrowdStrike/falcon-orchestrator/releases.
dlkeeling
commented
7 years ago I have applied the patch but am still receiving the same error.
mr-burnse
commented
7 years ago Try enabling debug logging and the API logging (steps here https://github.com/CrowdStrike/falcon-orchestrator/wiki/Installation-&-Deployment#troubleshooting-the-service). This will output the actual event Orchestrator is trying to process from the streaming API.
If you could then paste the event from the API log here (remove any sensitive information), I'll take a look. Also double check that you replaced the older FalconOrchestrator.Client.exe file with the one provided in the patch. You'll need to overwrite it, otherwise it would not be applied.
dlkeeling
commented
7 years ago I enabled Debug, the error changed slghtly.
2017-09-06 08:34:41,900 DEBUG FalconOrchestrator.Client.FalconOrchestratorService - Connection to database is successful, starting service 2017-09-06 08:34:45,150 FATAL FalconOrchestrator.Client.EventModel - [0] Error occured while trying to save authentication activity audit event to database System.ArgumentOutOfRangeException: Value to add was out of range. Parameter name: value at System.DateTime.Add(Double value, Int32 scale) at FalconOrchestrator.Client.AuditEvent.get_FormattedTimestamp() at FalconOrchestrator.Client.AuthActivityAuditModel.Save()
dlkeeling
commented
7 years ago The exe has resolved the issue. Thank you.
mr-burnse
commented
7 years ago Glad to hear it! No problem. Closing this ticket out.
The Dashboard and notifications are blank. I have configured the UUID and Key but I do not see orcestrator even attempting to communicate with Crowdstrike. I know the UUID and Key work because our SIEM is actively using it. I see the SIEM communication in the firewall but nothing from Orchestrator.