IAG Client components troubleshooting using CTRACE.exe

Article
06/01/2009

IAG extends its ability to end points via its client components. These components are crtical part of IAG in providing security not only for the end points but also reporting back to server . Client components setup is straight forward and with IAG 3.7 SP2 , an msi package is available that has made deployement really handy. Please follow the Technet resource on details about client componets and deployment methods . Client components get installed under C:\Program Files\Whale Communications \Client Components \3.1.0 \ on client computers.

If client compoents are deployed successfully and a particular component is not behaving as expected and you want to see whats going on then in order to debug you need to enable debug tracing on the end point. Please note this debugging will generate a lot of information that might not be user friendly , however you might find it useful in sharing with Microsoft to save time during troubleshooting.

IAG is shipped with a client side debugging utility called CTRACE. This gets installed as a part of client components setup. if you browse to C:\Program Files\Whale Communications \Client Components \3.1.0 \ directory you will find the components there. There you will see CTRACE.exe, this is the debugging utility. There is also a file called CTRACE.xml , if you right click and edit the file in notepad , you will see the following code inside:

<Configuration name="WhlClnt3.exe" debugOutput="False" outputPath="%TEMP%" enabled="False">
         <TraceReporter reporter="SSLVPN" level="xheavy"/>
         <TraceReporter reporter="TCPDump" level="xheavy"/>
         <TraceClass reporter="SSLVPN" class="XPSP2Check" level="medium"/>
   <TraceClass reporter="SSLVPN" class="TunnelLifetime" level="light"/>
        <TraceReporter reporter="Security" level="xheavy"/>
      </Configuration>

<Configuration name="SFHlprUtil.exe" debugOutput="False" outputPath="%TEMP%" enabled="False">
       <TraceReporter reporter="Security" level="xheavy"/>
     </Configuration>

<Configuration name="WhlCach3.exe" debugOutput="False" outputPath="%TEMP%" enabled="False">
         <TraceReporter reporter="AW" level="xheavy"/>
      </Configuration>

<Configuration name="AWCleaner.exe" debugOutput="False" outputPath="%TEMP%" enabled="False">
         <TraceReporter reporter="AW" level="xheavy"/>
      </Configuration>

<Configuration name="WhlWmiDetect.exe" debugOutput="False" outputPath="%TEMP%" enabled="False">
       <TraceReporter reporter="EndpointDetection" level="xheavy"/>
     </Configuration>

<Configuration name="Outlook.exe" debugOutput="False" outputPath="%TEMP%" enabled="False">
         <TraceReporter reporter="NSP" level="xheavy"/>
         <TraceReporter reporter="IPC" level="xheavy"/>
         <TraceReporter reporter="LSP" level="xheavy"/>
         <TraceClass reporter="LSP" class="passthru" level="xheavy"/>
         <TraceClass reporter="LSP" class="SocketsInfo" level="light"/>
         <TraceClass reporter="IPC" class="Terminal Services" level="light"/>
         <TraceClass reporter="NSP" class="Lookups" level="heavy"/>
         <TraceClass reporter="NSP" class="WSP Threadpool" level="medium"/>
      </Configuration>

<Configuration name="MSTSC.exe" debugOutput="False" outputPath="%TEMP%" enabled="False">
         <TraceReporter reporter="NSP" level="xheavy"/>
         <TraceReporter reporter="IPC" level="xheavy"/>
         <TraceReporter reporter="LSP" level="xheavy"/>
         <TraceClass reporter="LSP" class="passthru" level="xheavy"/>
         <TraceClass reporter="LSP" class="SocketsInfo" level="light"/>
         <TraceClass reporter="IPC" class="Terminal Services" level="light"/>
         <TraceClass reporter="NSP" class="Lookups" level="heavy"/>
         <TraceClass reporter="NSP" class="WSP Threadpool" level="medium"/>
      </Configuration>

<Configuration name="Common" debugOutput="False" outputPath="%TEMP%" enabled="False">
         <TraceReporter reporter="NSP" level="xheavy"/>
         <TraceReporter reporter="IPC" level="xheavy"/>
         <TraceReporter reporter="LSP" level="xheavy"/>
         <TraceClass reporter="LSP" class="passthru" level="xheavy"/>
         <TraceClass reporter="LSP" class="SocketsInfo" level="light"/>
         <TraceClass reporter="IPC" class="Terminal Services" level="light"/>
         <TraceClass reporter="NSP" class="Lookups" level="heavy"/>
         <TraceClass reporter="NSP" class="WSP Threadpool" level="medium"/>
      </Configuration>
   </Configurations>

<Reporters>
      <Reporter name="NSP" id="1">
         <Class name="General" id="0"/>
         <Class name="Lookups" id="1"/>
         <Class name="WSP" id="2"/>
         <Class name="WSP Pipes" id="3"/>
         <Class name="WSP ThreadPool" id="4"/>
      </Reporter>
      <Reporter name="IPC" id="2">
         <Class name="Client" id="0"/>
         <Class name="Terminal Services" id="1"/>
         <Class name="Utilities" id="2"/>
      </Reporter>
      <Reporter name="LSP" id="3">
         <Class name="General" id="0"/>
         <Class name="Overlapped" id="1"/>
         <Class name="SPI" id="2"/>
         <Class name="SocketCreation" id="3"/>
         <Class name="AsyncSelect" id="4"/>
         <Class name="EventSelect" id="5"/>
         <Class name="SOCKS" id="6"/>
         <Class name="SocketsInfo" id="7"/>
         <Class name="Access Control" id="8"/>
         <Class name="Passthru" id="9"/>
      </Reporter>
      <Reporter name="SSLVPN" id="4">
         <Class name="General" id="0"/>
         <Class name="XPSP2Check" id="1"/>
   <Class name="TunnelLifetime" id="2"/>
      </Reporter>
      <Reporter name="AW" id="5">
         <Class name="General" id="0"/>
      </Reporter>
      <Reporter name="EndpointDetection" id="6">
         <Class name="General" id="0"/>
         <Class name="DetectionScript" id="1"/>
      </Reporter>
      <Reporter name="ComponentsManager" id="7">
         <Class name="General" id="0"/>
         <Class name="SystemRestore" id="1"/>
         <Class name="ConfigXML" id="2"/>
         <Class name="Service" id="3"/>
      </Reporter>
      <Reporter name="TCPDump" id="8">
         <Class name="General" id="0"/>
      </Reporter>
      <Reporter name="RSASoftToken" id="666">
         <Class name="General" id="0"/>
      </Reporter>
     <Reporter name="Security" id="9">
       <Class name="CheckSite" id="0"/>
     </Reporter>
     <Reporter name="VistaUtils" id="10">
       <Class name="General" id="0"/>
     </Reporter>
   </Reporters>
</ClientTraces>

you need to enable the reporter that you want to trace. For instance If you enable Terminal Services for XP reporter, it will dump quite a lot of information for you in terms of LSP/NSP installed on the WinSock stack.

this is how you enable client-side traces:

1) Edit and create a copy of ctrace.xml on the client.

2) Close all programs and Internet Explorer browser windows

3) Copy edited-ctrace.xml to C:\Program Files\Whale Communications\Client Components\3.1.0.

4) Open a command prompt change to the C:\Program Files\Whale Communications\Client Components\3.1.0 directory

5) Run the following command: “ctrace activate edited-ctrace.xml” to initialize tracing.

6) reproduce the issue for which the reporter is enabled in edited-ctrace.xml.

7) Open a command prompt change to the C:\Program Files\Whale Communications\Client Components\3.1.0 directory

8) Run the following command: “ctrace activate” to disable tracing

9) Select Start - > Run %temp%

10) This will open the user’s temp directory.

Please review the file to understand what it is capable of doing. Once you enable tracing , you should immediately reproduce the problem and then disable the tracing else it will keep dumping a lot of information. Once issue is successfully reproduced , this debug trace will create output files in %Temp% directory on the path.

Try have a look at the output if it helps with any obvious error messages, if it doesnt make sense to you zip these out put directories and send them to Microsoft for analysis. Please note CTRACE output is always unique from each desktop so for troubleshooting if you are facing identical issues on more than one desktop then collect CTRACE output from atleast two sample machines but also this is operating system specific. So an issue on Windows XP could be different from an issue on Windows Vista.

For few more advance client components troubleshooting articles please refer to Ben's blog . You can also refer to KB 955097 for specific client components issue.

IAG Client components troubleshooting using CTRACE.exe

Additional resources