Adalanche
Adalanche copied to clipboard
lkarlslund
Web server not starting
I'm at the trying out stage with Adalanche and have been playing with it on our own domain. I'm having problems getting it to load/display any data at all.
If I fire up adalanche with analyze -bind 127.0.0.1:81 it displays a long list of log messages terminated by
INF Listening - navigate to 127.0.0.1:81 ... (ctrl-c or similar to quit)
then I can browse the web page without any problems, except it has no data. So I can access the web page and adalanche at least opens.
While still in c:\temp\adalanche, if I run collect activedirectory it generates a load of files in the data folder, as expected.
If, from c:\temp\adalanche, I then start adalanche with analyze -bind 127.0.01:81 it starts up and displays the usual log, getting to
INF Preprocessing applying parent/child relationships ...
but thats all. It doesn't advance any further.
Port 81 is obviously unresponsive.
I'm doing this from our DC using an administrative account, elevated and am running this from c:\temp\adalanche
Removing the data directory and rerunning the process produces the same result, so its occuring after a single run, no mixing of results or configs.
If I enable debug I see this:
11:11:54.22 INF Preprocessing applying parent/child relationships ...
11:11:54.22 DBG Object already protocolCfgNNTPSite-Display has 816 as parent, so I'm not assigning 816 as parent
11:11:54.22 DBG Object already msMQ-Group-Display has 408 as parent, so I'm not assigning 408 as parent
11:11:54.22 DBG Object already mSMQQueue-Display has 416 as parent, so I'm not assigning 416 as parent
11:11:54.22 DBG Object already computer-Display has 408 as parent, so I'm not assigning 408 as parent
11:11:54.22 DBG Object already gsDirComercial-RO has SecurityGroups as parent, so I'm not assigning SecurityGroups as parent
11:11:54.22 DBG AD object Low Mandatory Level has no parent :-(
11:11:54.22 DBG Object already 123.168.192.in-addr.arpa has MicrosoftDNS as parent, so I'm not assigning MicrosoftDNS as parent
11:11:54.22 DBG AD object Local Authority has no parent :-(
11:11:54.22 DBG AD object NT Virtual Machine - Virtual Machines has no parent :-(
11:11:54.22 DBG AD object High Mandatory Level has no parent :-(
11:11:54.22 DBG AD object Secure Process Mandatory Level has no parent :-(
11:11:54.22 DBG AD object Medium Plus Mandatory Level has no parent :-(
11:11:54.22 DBG AD object Protected Process Mandatory Level has no parent :-(
11:11:54.22 DBG AD object Local has no parent :-(
11:11:54.22 DBG AD object Power Users has no parent :-(
11:11:54.22 DBG AD object NT Service has no parent :-(
11:11:54.22 DBG AD object Nobody has no parent :-(
11:11:54.22 DBG AD object NT Virtual Machine - Virtual Machines has no parent :-(
11:11:54.22 DBG AD object Secure Process Mandatory Level has no parent :-(
11:11:54.22 DBG AD object Windows Manager - Windows Manager Group has no parent :-(
11:11:54.22 DBG AD object Local has no parent :-(
11:11:54.22 DBG AD object Non-unique Authority has no parent :-(
11:11:54.22 DBG AD object Power Users has no parent :-(
11:11:54.22 DBG AD object Medium Mandatory Level has no parent :-(
11:11:54.22 DBG AD object Windows Manager - Windows Manager Group has no parent :-(
11:11:54.22 DBG AD object Creator Group Server has no parent :-(
11:11:54.22 DBG AD object Non-unique Authority has no parent :-(
11:11:54.22 DBG AD object All Services has no parent :-(
11:11:54.22 DBG AD object Medium Mandatory Level has no parent :-(
11:11:54.22 DBG AD object Untrusted Mandatory Level has no parent :-(
11:11:54.22 DBG AD object Creator Group Server has no parent :-(
11:11:54.22 DBG AD object System Mandatory Level has no parent :-(
11:11:54.22 DBG AD object Null Authority has no parent :-(
11:11:54.22 DBG AD object Creator Owner Server has no parent :-(
11:11:54.22 DBG AD object All Services has no parent :-(
11:11:54.22 DBG AD object NT Authority has no parent :-(
11:11:54.22 DBG AD object World Authority has no parent :-(
11:11:54.22 DBG AD object Untrusted Mandatory Level has no parent :-(
11:11:54.22 DBG AD object System Mandatory Level has no parent :-(
11:11:54.22 DBG AD object Creator Authority has no parent :-(
11:11:54.22 DBG AD object Null Authority has no parent :-(
11:11:54.22 DBG AD object Low Mandatory Level has no parent :-(
11:11:54.22 DBG AD object Creator Owner Server has no parent :-(
11:11:54.22 DBG AD object Local Authority has no parent :-(
11:11:54.22 DBG AD object NT Authority has no parent :-(
11:11:54.22 DBG AD object High Mandatory Level has no parent :-(
11:11:54.22 DBG AD object World Authority has no parent :-(
11:11:54.22 DBG AD object Medium Plus Mandatory Level has no parent :-(
11:11:54.22 DBG AD object Creator Authority has no parent :-(
11:11:54.22 DBG AD object Protected Process Mandatory Level has no parent :-(
11:11:54.22 DBG AD object NT Service has no parent :-(
11:11:54.22 DBG AD object Nobody has no parent :-(
So, it looks like its not reading the data when I start it from this folder. If I change my default directory to c:\temp\adalanche\data and start it again, adalanche does not seem to load any data there either. It does get as far as the
INF Listening - navigate to 127.0.0.1:81 ... (ctrl-c or similar to quit)
In both cases the sample queries return nothing. Not even the domain controllers query. When I run in debug mode and I run a query, the debug log displays an extra couple of lines for each click on 'analyze'
11:31:25.22 DBG Processing round 1 with 0 total objects and 0 connections
11:31:25.22 DBG Processing round 1 yielded 0 new objects
What on earth am I doing wrong? ?Any suggestions?
First of all I can't recommend you run anything at all on your DCs except for Microsoft OS stuff :-)
I'm not sure why you'd need to use the bind parameter at all, but on the other hand it shouldn't make any difference.
What happens if you run it without any parameters at all - that should default to a dump and analyze mode.
On the web server being unresponsive, maybe you're just not patient enough. If adalanche uses CPU (check with task manager) then it's processing. Just hang in there - if it's a big AD it can take a while depending on how many cores you have.
The debug output looks normal - there are lots of stuff in there that can look nefarious, but it's really just debug information I've used myself.
