Partners often ask what the basic first steps they can take to troubleshooting the Huntress agent are. While issues with our agent are edge case scenarios, here are some first steps you can take to verify the agent is running and functioning as intended.
Checking the Task Manager for the Huntress Agent Processes
This one is very simple! Huntress consists of several services that should be running at all times, HuntressAgent.exe, HuntressUpdater.exe, and up to 2 instances of HuntressRio.exe)
- Open the Windows Task Manager (taskmgr.exe) as admin and view processes from all users.
- Check for all of the running processes for Huntress:
Checking the Services Manager for the Huntress Agent Service
The Huntress Windows Services are:
Huntress Agent Service (HuntressAgent) Huntress Updater Service (HuntressUpdater)
Huntress Rio Service (HuntressRio)
First, check the Windows Services Manager (services.msc) to ensure the Huntress Agent and Huntress Updater services are present, have a Status of Running, and have a Startup Type of Automatic (Automatic-delayed is not ideal but also acceptable). If they are not running, start the service(s) and verify that the service starts and stays running. Sometimes restarting the service fixes an issue as well. You can see logs related to the agent starting and stopping in the Windows Event Viewer.
You can quickly set all the services correctly with this PoSh one liner:
sc.exe config HuntressAgent start=auto | sc.exe config HuntressUpdater start=auto | sc.exe config HuntressRio start=auto | sc.exe start HuntressAgent | sc.exe start HuntressUpdate | sc.exe start HuntressRio
If any of the services fail to start, check the Windows Event Logs and your 3rd party security tools to rule out problems with other systems. Failing that, please uninstall, reboot and reinstall the Huntress Agent
Checking the Huntress Agent log file
If the services have been restarted and the agent is still not checking in, the Huntress Agent log should provide details as to a possible cause. The Huntress Agent log can be found within the following directory:
- Navigate to %PROGRAMFILES%\Huntress (e.g., C:\Program Files\Huntress) using Windows Explorer.
- Open the HuntressAgent.log file with a text editor such as WordPad (write.exe). If opened with Notepad, the contents may run together because of the line endings.
- You should see messages like the following:
time="2020-03-25T09:11:56-05:00" level=info msg="Huntress Agent initialized; agent version: 0.10.66" time="2020-03-25T09:16:09-05:00" level=info msg="HTTP heartbeat check"
- There may be errors in this log file pertaining to common issues, such as TLS Inspection/Certificate Inspection. Huntress support may ask you to send this file when diagnosing certain issues.
If you still need help, please use the "Contact Us" button below, or send an email to our help desk at email@example.com. Please attach any logs you may have to help troubleshoot.