1. Does the Collector record local connections (to localhost/127.0.0.1) ?

Answer: No, the Collector does not record connections to the local computer.

2. Where can I find the MSI for Server Edition of Windows 2003 & 2008 ?

Answer: Same as for desktops, to be installed with the option:

DRV_FORCE_SERVER=1

3. Installation for Server Edition of Windows 2003 & 2008 ?

Answer: Same as for desktops, to be installed with the option:

DRV_FORCE_SERVER=1

4. Error 1714 (System Error 1612)

You may see this error message:

• Product: NEXThink Collector -- Error 1714. The older version of NEXThink Collector cannot be removed. Contact your technical support group. System Error 1612.

It can be normal:

• When updating a collector deployment without allowing reboot (e.g. 3.2.0.50 => 3.2.0.52), the following error message appears in machine’s logs.

• This is normal and update will ACTUALLY occur at next reboot.
• Do not forget to tell administrators to disregard such message when deploying collectors update without reboot allowed.

5. Installation package cannot be installed by Windows Installer service

Problem: During an NEXThink Collector installation, the following message is displayed:

• This installation package cannot be installed by 
  Windows Installer service. You must install a Windows
  service pack that contains a newer version of the
  Windows Installer service.

Answer:

• The system that is running the installation has a version of MSI that is earlier than version 3.0, you must install the latest version of Windows Installer service. You can see the windows Installer service installed on this computer:

         Start
         Run
         type msiexec.exe /?
         click OK

  Here's the link to download the Windows Installer service version 3.0 (KB 884016):

  • http://www.microsoft.com/downloads/details.aspx?FamilyId=5FBC5470-B259-4733-A914-A956122E08E8&displaylang=en&displaylang=en

6. Traffic w/o connections reported

Problem:

• Some connections are made to internet with some incoming/outcoming traffic, but no connections are reported.

Answer:

• It can occurs if you have some local proxy installed on your computer. All internet connections made, goes to a local proxy and the Collector skipped these connections. We're working to resolve this issue as soon as possible.

7. SMB Traffic isn't accurate on some different systems

Problem:

• Connections are reported but the traffic isn't reported properly.

Answer:

• This behavior occured only for SMB traffic and using this following systems:

  	Incoming SMB Traffic	Outgoing SMB Traffic
  Win2000	OK	No traffic value
  XP	OK	No traffic value
  Vista	OK	OK
  Win7	value reported isn't accurate	OK
  Win Server 2003	OK	No traffic value
  Win Server 2008	OK	OK

8. Which Antivirus data are you reported with V4?

Here's the list of AV:

• BitDefender Antivirus 2011 (14.x)

• Kaspersky Anti-Virus for Windows Workstations (6.x)
• Kaspersky Anti-Virus 8(8.x)
• Kaspersky PURE (9.x)
• Kaspersky Anti-Virus 2011 (11.x)

• McAfee VirusScan Enterprise (8.8.x)

• Microsoft Security Essentials [Antivirus] (2.x)
• Microsoft Forefront Endpoint Protection 2010 (2.x)

• Norton AntiVirus 2011 (18.x)

• Sophos Anti-Virus (9.x)
• Symantec Endpoint Protection (12.x)

• Trend Micro OfficeScan Client (10.x)¹

1. Please note that if you use Trend Micro Office Scan Client in conjunction with Trend Micro Office Scan Server, NEXThink will report -Last Antivirus Scan- as empty. This data is sent directly on Trend Micro Office Scan Server and unfortunately invisible for the NEXThink Collector.

9. In the Engine log, you see this following message: "performance counters disabled 0"

Problem: The performance can be disabled in some of your computer, then Collector can't get data for the performance part.

Answer: You can enable the loading of performance counters using the Exctrlst.exe application from the Windows 2003 Support Tools.

Here's the step-by-step guide:

1. On the computer where you noticed this problem, Run Exctrlst.exe
2. Select the PerfOS service and verify the “Performance Counters Enabled” check box is checked. (Check = Enabled / Unchecked = Disabled)

3. Select the PerfProc service and verify the “Performance Counters Enabled” check box is checked. (Check = Enabled / Unchecked = Disabled)

4. Click “Refresh” to verify the changes have taken place.

Nota: This tool will change the following registry key:

 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PerfOS\Performance\Disable Performance Counters=0 
 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\PerfProc\Performance\Disable Performance Counters=0

10. Why the ControlSet Legacy Entries aren't removed when uninstalling Collector driver?

Problem: When uninstalling the Collector, you can see some remaining registry in your system:

•         HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Class\
          HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NXTDRV

and also NEXThink Collector still appear in

•  Computer\Properties\Device Manager (View\Show Hidden Devices)\Non-Plug and Play Drivers.

Answer: These registry entries are left behind because the Collector driver doesn't own those entries. The operating system keeps these entries around for a reason. You will see very similar behavior for any hardware drivers that you add and remove from your system.

There are databases within the operating system to keep track of the various drivers that are installed and keeping these entries help to avoid conflicts and add in re-installation.

CategoryCollector CategoryV4