11.4.1 In Windows

Organization of this subsection

(1) Checking the process status
(2) Outputting a thread dump for JP1/IM
(3) Executing the data collection tool
(4) Checking the operation content
(5) Collecting the error information on the screen
(6) Collecting a user dump (Windows only)
(7) Collecting RAS information

(1) Checking the process status

Using Windows Task Manager, check the operating status of processes. This subsection shows the processes that are displayed when the programs are running normally.

(a) JP1/IM - Manager

For details about JP1/IM - Manager processes, see Appendix B.1 (1) JP1/IM - Manager in the JP1/Integrated Management 2 - Manager Overview and System Design Guide.

(b) JP1/IM - View

For details about JP1/IM - View processes, see Appendix B.1 (1) JP1/IM - Manager in the JP1/Integrated Management 2 - Manager Overview and System Design Guide.

(c) JP1/IM - IM Configuration Management - View

The table below shows the processes of JP1/IM - IM Configuration Management - View. The value inside parentheses ( ) indicates the number of processes that execute simultaneously.

Table 11‒19: JP1/IM - IM Configuration Management - View processes
Parent process name	Function	Child process name	Function
`jcfview.exe` (3)	Controls the JP1/IM - IM Configuration Management - View window.	`jcfview_evt.exe` (3)	Sends thread dump output events.
`jcfview.exe` (3)		`java.exe` (3)	Controls the JP1/IM - IM Configuration Management - View window.

You can start a maximum of three JP1/IM - IM Configuration Management - View instances when you log in from a single machine. Each time JP1/IM - IM Configuration Management - View is started, one process starts.

To Page Top

(2) Outputting a thread dump for JP1/IM

(a) JP1/IM - View

Follow the procedure described below to output a dump file.

Start Task Manager.
On the Applications page, select JP1/IM - View, and then from the pop-up menu, choose Bring To Front.

In this way, you can determine whether JP1/IM - View is disabled. If you have identified a disabled JP1/IM - View, proceed to the next step.
From the pop-up menu, choose Go To Process.

The display switches to the Process page. Since java.exe of JP1/IM - View is displayed in the selected state, use this to identify the process ID (PID).^#

#: If no PID is displayed, from the menu, choose Display and then Select Columns, and then, from the Select Columns window, select the PID (Process Identifier) check box.
Using the process ID that has been identified as the argument, execute the jcothreaddmp command.

For details about the jcothreaddmp command, see jcothreaddmp (Windows only) (in Chapter 1. Commands) in the manual JP1/Integrated Management 2 - Manager Command, Definition File and API Reference.

(b) JP1/IM - Manager

When the health check function detects an abnormality in Event Console Service, Event Base Service or Event Generation Service of JP1/IM - Manager, output a dump file for JP1/IM - Manager. Execute the jcogencore command as follows.

jcogencore

For details about the jcogencore command, see jcogencore (in Chapter 1. Commands) in the manual JP1/Integrated Management 2 - Manager Command, Definition File and API Reference.

To Page Top

(3) Executing the data collection tool

This subsection describes execution of the data collection tool (jim_log.bat or jcoview_log.bat).

When you execute the jim_log.bat command, which is provided by JP1/IM - Manager, you can collect the data necessary for troubleshooting JP1/IM - Manager and JP1/IM - View on the same host.

If you execute the jcoview_log.bat command, which is provided by JP1/IM - View, you can collect the data necessary for troubleshooting JP1/IM - View.

Use one of above commands according to the application that is being used.

Because the total volume of data collected by a data collection tool is massive, you need to estimate it before you execute the command and make sure the machine you are using has sufficient free space.

For the volume of data that will be collected by the jim_log.bat command, see the JP1/IM - Manager release notes.

For the volume of data that will be collected by the jcoview_log.bat command, see the JP1/IM - View release notes.

A tool execution example follows.

C:\>"C:\Program Files\Hitachi\JP1IMM\tools\jim_log.bat" -f data-storage-folder

Specify the data storage folder as an absolute path. If the data storage folder path contains a space, enclose the path in double quotation marks.

When you execute the tool, the jp1_default folder is created under the folder specified as the data storage folder, and the collected data is copied into this folder. Use a data-compression tool to compress the collected data.

Important

If you are using Microsoft (R) Office Outlook (R), the following message box may appear when using the data collection tool.

The program is trying to access an email address stored within Outlook. Would you like to proceed?

This is caused by the behavior of the machine configuration information collection program (MSINFO32), which is running within the data collection tool. Because email addresses are not collected by the data collection tool, press [No] in the message box. Note that there are no problems with data collection for JP1/IM - Manager and the operation of Microsoft (R) Outlook (R).
Do not run multiple instances of the data collection tool.
Depending on the environment where the data collection tool is executed, it may take a while to collect data.
When you collect JP1/IM - Manager data, some information is obtained by executing JP1/Base and JP1/IM - Manager commands. Some of these commands cannot be executed simultaneously with the same command, or with a different command. Avoid executing JP1/Base and JP1/IM - Manager commands when collecting data.
If there are no operation records, at the time of data collection execution, "KAVB4153-E Failed to open Action Information File (action-information-file-name). : system-error-message" is output to the event log and the integrated trace log. This is output because the action information file did not exist when the data collection tool was executed. However, because the action information file is generated by operations, even if this message is output, no problems will occur with data collection if there are no operation records. Note that even if you specify a logical host, the data of the physical host is collected. Therefore, even if this message is output, there will be no problems with data collection if there are no operation records on the physical host.
If there is a Windows event in the Windows event log in which the message format provided by the event log-issuing product and the number of padded characters do not match, an application error might occur during execution of the data collection tool. This is not a problem because the data is collected even in such cases.

When this problem occurs, a dialog box is displayed, and execution of the data collection tool might stop (the tool restarts when you respond to the dialog box). If you want to disable the display of the dialog box, execute the following procedure:

Click the [Start] menu and enter gpedit.msc in [Search for Program and
File] or [Run].

[Local group policy data editor] appears. Select [Local computer policy], [Computer composition], [Management template], [Windows component], and then [Windows error report] in the tree on the left-hand side.
In [Settings] on the right-hand side, select [Effective] in [Do not display the user interface in which a severe error occurred], and click the [OK] button.

If you execute the data collection tool, the system information on the machine may not have been collected when execution of the data collection tool is completed. This is because the process that internally collects the OS information has not been completed, even though execution of the data collection tool has been completed.

After ensuring that execution of "msinfo32.exe" has been completed from the [Processes] tab or the [Details] tab, by starting the Task Manager, perform operations such as compressing the collected data by using a compression tool, or moving or deleting the collected data.

To Page Top

(4) Checking the operation content

Check the content of the operation that was taking place when the problem occurred, and record it. The following types of information must be checked:

Operation content details
Time of problem occurrence
Reproducibility
Login user name that was used to log in from JP1/IM - View
Machine configuration (version of each OS, host name, and Central Console configuration)

To Page Top

(5) Collecting the error information on the screen

If an error is displayed on the screen, collect that information as well. Collect a hard copy of the following:

Error dialog box

Copy the content displayed by the Details button, if available.

To Page Top

(6) Collecting a user dump (Windows only)

If a JP1/IM - View process stops due to an application error in Windows, while the error dialog box is displayed, use the following procedure to collect a user dump:

Start Task Manager.

You can use either of the following procedures to start Task Manager:
- Right-click a blank area on the task bar and choose Task Manager.
- Press Ctrl + Shift + Esc keys to start Task Manager.
Click the Process tab.
Right-click the name of the JP1/IM - View process that was stopped by an application error, and then choose Create Dump File.
When a dialog box showing the user dump output destination path opens, collect a dump from there.

Important

If the error dialog box is closed, a normal dump cannot be collected, and consequently you will not be able to collect a user dump. If you closed the error dialog box by mistake (by clicking OK, for example) before collecting a user dump, reproduce the error and then collect a user dump.

To Page Top

(7) Collecting RAS information

If a problem occurs during remote monitoring, collect RAS information on the manager host and monitored host.

How to collect the information differs depending on the method of connecting monitored hosts. For collecting information from remotely-monitored hosts, the connection method differs depending on the log information to be collected and the OSs on the manager host and monitored hosts. For details about the connection methods for remote monitoring, see 7.6.2 Collectable log information and connection methods for remote monitoring in the JP1/Integrated Management 2 - Manager Overview and System Design Guide.

The following describes how to collect information when the OS on the manager host is Windows.

Table 11‒20: References about how to collect RAS information (when the OS on the manager host is Windows)
Connection method	Host for collecting data (OS)	References about the collection method
WMI connection	Manager host (Window)	Table 11-20 Collecting data on the Windows manager host (for WMI connection)
WMI connection	Monitored host (Windows)	Table 11-21 Collecting data on the Windows monitored host (for WMI connection)
NetBIOS connection	Manager host (Windows)	Table 11-22 Collecting data on the Windows manager host (for NetBIOS connection)
NetBIOS connection	Monitored host (Windows)	Table 11-23 Collecting data on the Windows monitored host (for NetBIOS connection)
SSH connection	Manager host (Windows)	Table 11-24 Collecting data on the Windows manager host (for SSH connection)
SSH connection	Monitored host (UNIX)	Table 11-27 Collecting data on the UNIX monitored host (for SSH connection)

#: To collect host information from remotely monitored hosts, use WMI and WMI/NetBIOS (NetBIOS over TCP/IP) if the OS on the monitored hosts is Windows, and use SSH if the OS on the monitored hosts is UNIX. For details about the connection methods for remote monitoring, see 7.6.2 Collectable log information and connection methods for remote monitoring in the JP1/Integrated Management 2 - Manager Overview and System Design Guide.

When collecting container information, in addition to the information to be collected on the monitored host as described in 7.6.2 Collectable log information and connection methods for remote monitoring in the JP1/Integrated Management 2 - Manager Overview and System Design Guide, also collect the following information:

For Podman:

Result of running the podman ps command

For Docker:

Result of running the docker ps command

(a) For WMI connection

The following table describes how to collect data on the manager host (Windows) if a problem occurs in WMI connection.

Table 11‒21: Collecting data on the Windows manager host (for WMI connection)
No.	Procedure
1	From the command prompt, execute the following commands, and then collect the results: `whoami /all` `nslookup` `monitored-host-name` `netsh advfirewall firewall show rule name=all` `netsh advfirewall show allprofiles` `tasklist` `monitored-host-name` `systeminfo` `wmic qfe` `reg export HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\ CurrentVersion\Policies\ System` `output-file` `reg export HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole` `output-file` `reg export HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\System` `output-file` `wmic /node:"monitored-host-name" /user:user-name` `/password:password` `port` (user-specified WMI command) Commands to be executed on the manager host: `date /t` `time /t` Command to be executed on the monitored host connected via WMI: `wmic /node:"monitored-host-name" /user:user-name` `/password:password` `path Win32_LocalTime`
2	Collect the authentication information for WMI connection. For physical hosts: `Manager-path\conf\agtless\targets\wmi.ini` For logical hosts: `shared-folder\JP1IMM\conf\agtless\targets\wmi.ini`
3	Collect the WMI connection log. Log file under the directory specified in `HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Logging Directory`^#
4	Obtain a screenshot showing that `runas` `/user:user-name` `wbemtest` has been executed from the command prompt on the manager host. Make sure that the value of `user-name` is the same as that specified in the User name text box on the IM Host Account page in the System Common Settings window. If you are prompted to enter a password after executing the command, specify the value set in the Password text box on the IM Host Account page.
5	Obtain a screenshot showing the user-specified values for the namespace and credentials displayed when the Connect button is clicked in the dialog box opened by wbemtest.
6	Obtain a screenshot of the status after the Connect button is clicked in the dialog box opened by wbemtes. The status indicating that connection is established correctly is displayed, or an error message is displayed.
7	In the dialog box opened by wbemtest, click the Query button. In the dialog box that opens, enter the query as follows, and then click the Apply button: `Select * From Win32_NTLogEvent Where ( Logfile='System' Or Logfile='Application' )` After the query is performed, obtain a screenshot of the query results indicated in the Query Result widow.

#: If HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Logging is set to 0 (default value), no data is output to the log. If the value of Logging is 1, only error information is output. If the value of Logging is 2, detailed information is output.

The following table describes how to collect data on the monitored host (Windows) if a problem occurs in WMI connection.

Table 11‒22: Collecting data on the Windows monitored host (for WMI connection)
No.	Procedure
1	Log in to the monitored host as the monitored user, execute the following commands from the command prompt, and then collect the results: `hostname` `whoami /all` `nslookup` `manager-host-name` `ipconfig /all` `netstat -na` `netsh advfirewall firewall show rule name=all` `netsh advfirewall show allprofiles` `tasklist` `monitored-host-name` `systeminfo` `%ProgramFiles%\Common Files\Microsoft Shared\MSInfo\msinfo32.exe /report` `output-file` `wmic qfe` `tasklist` `monitored-host-name` `reg export HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System` `output-file` `reg export HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole` `output-file`
2	Collect the WMI connection log. Log file under the directory specified in `HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM\Logging Directory`^#
3	If a firewall is disabled: Collect the data indicating that the Windows firewall is disabled. If a firewall is enabled: From the command prompt, execute the following command, and then collect the result: `reg export HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\RemoteAdminSettings` `output-file`
4	Collect the data indicating that the event log is correctly created on the monitored host. Click Administrative Tools, and then Event Viewer. Then, in the dialog box that opens, application, system, and security event logs in both binary and text formats.

(b) For NetBIOS connection

The following table describes how to collect data on the manager host (Windows) if a problem occurs in NetBIOS connection.

Table 11‒23: Collecting data on the Windows manager host (for NetBIOS connection)
No.	Procedure
1	From the command prompt, execute the following commands, and then collect the results: `whoami` `nslookup` `monitored-host-name` `nbtstat -s` `netsh advfirewall firewall show rule name=all` `netsh advfirewall show allprofiles` `net use` `systeminfo` `wmic qfe` `date /t`^# `time /t`^#
2	Click Administrative Tools, Local Security Policy, Security Settings, Local Policies, and then User Rights Assignment, and then right-click Access this computer from the network. In the menu that opens, select Properties, and then obtain a screenshot that indicates the user name you specified.
3	Log in with the user name specified on the IM Host Account page. In the address bar of Explorer, enter `\\remotely-monitored-host-name` to establish a connection. Then, obtain a screenshot that indicates that the monitored file has been viewed successfully.

#: Execute the same commands also on the monitored host, and then check the time difference between the manager host and the monitored host. Do not provide a long interval between executions.

The following table describes how to collect data on the monitored host (Windows) if a problem occurs in NetBIOS connection.

Table 11‒24: Collecting data on the Windows monitored host (for NetBIOS connection)
No.	Procedure
1	Log in to the monitored host as the monitored user, execute the following commands from the command prompt, and then collect the results: `hostname` `nslookup` `manager-host-name` `ipconfig /all` `netsh advfirewall firewall show rule name=all` `netsh advfirewall show allprofiles` `net session` `systeminfo` `%ProgramFiles%\Common Files\Microsoft Shared\MSInfo\msinfo32.exe /report` `output-file` `wmic qfe` `cacls` `monitored-file` `dir /A` `directory-containing-the-monitored-file` `net share` `shared-folder-name` `reg export HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanmanServer\Parameters` `output-file` `date /t`^# `time /t`^#
2	Select Administrative Tools, Local Security Policy, Security Settings, Local Policies, User Rights Assignment, and then right-click Access this computer from the network. In the menu that opens, select Properties, and then obtain a screenshot that indicates the user name you specified.
3	Collect the monitored file.

#: Execute the same commands also on the monitored host to check the time difference between the manager host and the monitored host. Do not provide a long interval between executions.

(c) For SSH connection

The following table describes how to collect data on the manager host (Windows) if a problem occurs in SSH connection.

Table 11‒25: Collecting data on the Windows manager host (for SSH connection)
No.	Procedure
1	From the command prompt, execute the following commands, and then collect the results: `whoami` `nslookup` `monitored-host-name` `netsh advfirewall firewall show rule name=all` `netsh advfirewall show allprofiles` `systeminfo` `wmic qfe` Commands to be executed on the manager host: `date /t` `time /t` Commands to be executed on the monitored host connected via SSH: `date` `dir /A` `directory-containing-the-private-key`
2	Collect the authentication information for SSH connection. For physical hosts: `Manager-path\conf\agtless\targets\ssh.ini` For logical hosts: `shared-folder\JP1IMM\conf\agtless\targets\ssh.ini`
3	Collect the data indicating that an SSH connection with the remotely-monitored host was successfully established by using the private key placed on the host.

For details about how to collect data on a monitored host (UNIX) if a problem occurs in SSH connection, see Table 11-28 Collecting data on the UNIX monitored host (for SSH connection) in 11.4.2(6)(a) For SSH connection.

To Page Top