Skip to content

Troubleshooting

Windows

Check if the Endpoint Sensor is Installed

  1. Open Add/Remove Programs (click Start and search "add or remove").
  2. In the list of programs, look for an item labeled SEE and click on it.
  3. If you don’t see an item labeled SEE, the endpoint sensor is not installed.

Check if the Endpoint Sensor is Running

  1. Open Services by clicking Start, run services.msc.
  2. In the list of services, look for an item labeled senseon-seed and confirm its status is "Running".
  3. If the service is not running, continue with the troubleshooting steps.

Check if Endpoint Sensor is Correctly Configured

  1. Click Start and open File Explorer.
  2. Navigate to C:\Program Files\senseon-see.
  3. Double-click on see.flags and choose More apps then open with Notepad by pressing Ok.
  4. Check the contents of the file. If they look similar to the output below, the endpoint sensor has likely been configured correctly. If the file is empty or contains something similar to {}, the endpoint sensor was installed without an install key. Ensure the install key file located in C:\Windows\Temp is called senseon_install.txt and rerun the installation MSI. There is no need to uninstall the software before doing this.
$ sudo cat /etc/senseon-see/see.flags
--tls_hostname=ep.<omitted>.snson.net:443
--tls_secondary_hostname=
--api_key=<omitted>
--tls_server_certs=/etc/senseon-see/tls_server_certs.pem
--tls_client_cert=/etc/senseon-see/tls_client_cert.pem
--tls_client_key=/etc/senseon-see/tls_client_key.key
--logger_plugin=tls
--verbose=false
--allow_unsafe=false
--ephemeral=false
--tls_dump=false

Check DNS Resolution

  1. Click Start and open Command Prompt.
  2. Enter nslookup avmirror.snson.net.
  3. The output should indicate a valid resolution for avmirror.snson.net as shown below. If there is no valid response, check the DNS configuration of the system. 
    Server: dc.example.com
Address: 192.168.0.1

Non-authoritative andswer:
Name:   avmirror.snson.net
Addresses:  52.49.118.219
    52.212.129.89
    52.19.214.51

Check for TLS Interception

We ensure the security of your data by using mutual TLS 1.2+ for encryption. This ensures that all communications between your endpoints and our servers are securely encrypted and authenticated. However, if your system is performing TLS interception, it can alter the encryption keys. This change can prevent the endpoint sensor from successfully calling back.

If your system uses mutual TLS, we recommend setting up a bypass for our domain: *.snson.net.

Generate Debugging Logs

  1. Stop the endpoint sensor service.
    1. Open Start by clicking the Windows symbol on the bottom left corner or by pressing the Windows Key on your keyboard.
    2. Search for Services (or services.msc) and click the top result to open the console.
    3. Double-click the service called senseon-seed.
    4. Click the Stop button.
    5. Confirm the service is stopped by checking the list of services.
  2. Open a PowerShell terminal as Administrator.
    1. Open Start by clicking the Windows symbol on the bottom left corner or by pressing the Windows Key on your keyboard.
    2. Search for Powershell.exe.
    3. Right-click on Powershell and select Run as administrator.
  3. Start a transcript by running the command start-transcript -path C:\senseon_output.txt.
  4. Run the endpoint sensor with debugging logs with the command &"C:\Program Files\senseon-see\senseon-seed\senseon-seed.exe" --flagfile="C:\Program Files\senseon-see\see.flags" --verbose=true --allow_unsafe=true.
  5. After 60 seconds of generating logs, stop the endpoint sensor by pressing Ctrl + C in the PowerShell window.
  6. Stop the transcript with the command stop-transcript.
  7. Send the file located at C:\senseon_output.txt to SenseOn support.
  8. Start the endpoint sensor service.
    1. Open Start by clicking the Windows symbol on the bottom left corner or by pressing the Windows Key on your keyboard.
    2. Search for Services (or services.msc) and click the top result to open the console.
    3. Double-click the service called senseon-seed.
    4. Click the Start button.
    5. Confirm the service is stopped by checking the list of services.

Linux

Check if the Endpoint Sensor is Running

  1. Open the terminal.
  2. Run the command systemctl status senseon-seed.service.
  3. The line beginning Active: will indicate the status of the endpoint sensor.

Check if Endpoint Sensor is Correctly Configured

Check the contents of the file /etc/senseon-see/see.flags; if this has no values, it indicates the installation package could not find the install key.

A correct see.flags file should look like the output below.

$ sudo cat /etc/senseon-see/see.flags
--tls_hostname=ep.<omitted>.snson.net:443
--tls_secondary_hostname=
--api_key=<omitted>
--tls_server_certs=/etc/senseon-see/tls_server_certs.pem
--tls_client_cert=/etc/senseon-see/tls_client_cert.pem
--tls_client_key=/etc/senseon-see/tls_client_key.key
--logger_plugin=tls
--verbose=false
--allow_unsafe=false
--ephemeral=false
--tls_dump=false

To resolve this, make sure the install key is called senseon_install.txt and is placed in /tmp. Then rerun the installation.

Check DNS Resolution

  1. Open the terminal.
  2. Enter nslookup avmirror.snson.net.
  3. The output should indicate a valid resolution for avmirror.snson.net as shown below. If there is no valid response, check the DNS configuration of the system.
$ nslookup avmirror.snson.net
Server:     127.0.0.53
Address:    127.0.0.53#53

Non-authoritative answer:
Name:   avmirror.snson.net
Address: 52.49.118.219
Name:   avmirror.snson.net
Address: 52.212.129.89
Name:   avmirror.snson.net
Address: 52.19.214.51

Check for TLS interception

We ensure the security of your data by using mutual TLS 1.2+ for encryption. This ensures that all communications between your endpoints and our servers are securely encrypted and authenticated. However, if your system is performing TLS interception, it can alter the encryption keys. This change can prevent the endpoint sensor from successfully calling back.

If your system uses mutual TLS, we recommend setting up a bypass for our domain: *.snson.net.

Generate Debugging logs

  1. Stop the endpoint sensor service using the command systemctl stop senseon-seed
  2. Open the following file in a text editor: /etc/senseon-see/see.flags
  3. Change the line starting with --logger_plugin=tls to --logger_plugin=tls,filesystem
  4. At the bottom of the file add a new line as follows: --logger_path=/var/log/senseon-see/
  5. Save the file.
  6. Start the endpoint sensor service using the command systemctl start senseon-seed
  7. Send the output of the debugging logs to the SenseOn support team

💡 After troubleshooting: Once troubleshooting is complete please remember to undo this step.

MacOs

Check if the endpoint sensor is running

The SenseOn installation package will be installed to /opt/senseon-see/

The process name of the SenseOn sensor on MacOs is senseon-see and you can verify it is running using the built in Activity Monitor.

💡 Note on CPU Usage: The CPU utilisation % down in the output of the activity monitor is represented in the consumption of a single core rather than that of the entire system.

MacOS Activity Monitor

Check if endpoint sensor is correctly configured

  1. Open the Terminal application
  2. Go to the SenseOn folder by entering cd /var/senseon-see
  3. Read the configuration settings with the command sudo cat see.flags and entering your password.
  4. Check the contents of the file look similar to the output below, if it does the endpoint sensor has likely been configured correctly. If the file is empty or contains something similar to { } the endpoint sensor was installed without an install key. Make sure the install key file is located in /tmp is called senseon_install.txt and rerun the installation MSI. There is no need to uninstall the software before doing this. 
    $ sudo cat /etc/senseon-see/see.flags
--tls_hostname=ep.<omitted>.snson.net:443
--tls_secondary_hostname=
--api_key=<omitted>
--tls_server_certs=/etc/senseon-see/tls_server_certs.pem
--tls_client_cert=/etc/senseon-see/tls_client_cert.pem
--tls_client_key=/etc/senseon-see/tls_client_key.key
--logger_plugin=tls
--verbose=false
--allow_unsafe=false
--ephemeral=false
--tls_dump=false

Check DNS resolution

Confirm that the host is able to resolve external domain names.

  1. Open the spotlight search by clicking on the magnifying glass in the top right of the screen. MacOS Spotlight Search
  2. Search for terminal and click on the terminal icon. MacOS Search for Terminal
  3. In the terminal enter the following command. 
    dscacheutil -q host -a name  avmirror.snson.net
    The output should look similar to the following. If there is no output from the command it indicates that DNS resolution has failed.
name: avmirror.snson.net
ip_address: 52.208.237.25
ip_address: 52.30.114.205
ip_address: 34.252.255.207

Check for TLS Interception

We ensure the security of your data by using mutual TLS 1.2+ for encryption. This ensures that all communications between your endpoints and our servers are securely encrypted and authenticated. However, if your system is performing TLS interception, it can alter the encryption keys. This change can prevent the endpoint sensor from successfully calling back.

If your system uses mutual TLS, we recommend setting up a bypass for our domain: *.snson.net.

Generate Debugging Logs

  1. Stop the endpoint sensor service using the command systemctl stop senseon-seed.
  2. Open the following file in a text editor: /etc/senseon-see/see.flags.
  3. Change the line starting with --logger_plugin=tls to --logger_plugin=tls,filesystem.
  4. At the bottom of the file, add a new line as follows: --logger_path=/var/log/senseon-see/.
  5. Save the file.
  6. Start the endpoint sensor service using the command systemctl start senseon-seed.
  7. Send the output of the debugging logs to the SenseOn support team.

💡 After troubleshooting: Once troubleshooting is complete, please remember to undo this step.