Engine Troubleshooting Guide

This page contains information to help you diagnose and fix issues related to the Delinea Engine.

Command Relay Diagnostic Tool

The Delinea Platform provides a tool called crdiag.exe to help diagnose potential issues with the Command Relay. This tool is located in the same folder where the workload CommandRelay.exe is installed; typically, this is C:\ProgramData\Delinea Engine\<version>\runtime\delinea\command-relay\<version>.

Invoke crdiag.exe or run it from the command line to get the diagnostics output.

Issue: Engine does not appear, is outdated, or status shows “failed”

Resolution:

Investigate engine-specific logs here: 

C:\ProgramData\Delinea Engine\<engine_version>\log
  • Delinea.Engine.Registration.[date].log

    • Contains registration process logging

  • Delinea.Engine.Bootstrap.[date].log

    • Contains startup flow logic logging

  • Delinea.Engine.Default.[date].log

    • Contains runtime and communication logging

Issue: Engine upgrade problems

Beginning with Delinea Engine version 1.4.3, if you have an existing installed engine, the engine recognizes when updates are available and upgrades itself automatically. Manual upgrades are no longer necessary.

Resolution:

Check this path for engine-specific logs: C:\ProgramData\Delinea Engine\<engine_version>\log.

If Delinea.Engine.SelfUpgrade.[date].log exists in this folder, the engine has begun an upgrade attempt. This process can take several minutes, and the logs may include error messages as the deployments are shut down for the upgrade. Engine heartbeats occur at five-minute intervals, and it might take some time for Engine Management to recognize that the engine has been updated.

If issues are encountered during upgrade or the engine still appears outdated in the UI, try a manual reinstall using the steps in the next section.

Issue: Need to manually reinstall engine

Resolution:

  1. Open PowerShell ISE or Powershell.exe as administrator and run the script as described in Manually Uninstall an Engine from Host Machine.

  2. Ensure that the result does not report any errors, and looks similar to the following output:

    [08:19:08 INF] BeginUninstallFlow [08:19:08 INF] Version: {VERSION}

  3. Wait for the engine to uninstall.

  4. Go to your Delinea Platform tenant portal

  5. From the left navigation menu, click Settings, then click Engine Management from the secondary menu , and make sure the engine disappears.

  6. Select the site for the engine you are reinstalling.

  7. Click Add Engine and copy the full Quick Install script.

  8. Run the script in PowerShell ISE or Powershell.exe as administrator.

Issue: Workload status shows “failed”

Resolution:

Check the following logs.

Command Relay: Command Relay records logs in two places.

  • Engine management runtime logs:

    C:\ProgramData\Delinea Engine\[version number]\log\

  • Command Relay detailed logs:

    C:\ProgramData\Delinea\CommandRelay\Logs\

Audit Collector: Audit Collector log messages are in C:\ProgramData\Delinea Engine\[version number]\log\

PRA Workload: PRA Workload log file paths:

  • Windows:

    C:\ProgramData\Delinea Engine\[version number]\log\

  • Linux:

    /var/delinea-engine/log

    When checking the log files for both Windows and Linux, it is important that you look at the file that begins with remote-access-service. For example: remote-access-service_1.0.67-1729865933_20241112.log where:

    • 1.0.67-1729865933 is the PRA workload version

    • 20241112 is the date

Issue: Selected secret (domain admin account) for Command Relay stopped working

Resolution: Command Relay could stop working if the sharing status of the secret is changed. For example, if you move the secret to a personal folder in Secret Server after it is selected, the Delinea Workload Service shared permissions on the secret are removed. This causes permission failure in Command Relay.

To fix this type of issue:

  1. From the left navigation menu, click Settings, then click Engine Management from the secondary menu below Connection Points.

  2. Click the site name, then the Settings tab.

  3. Under Command Relay, click Edit, then click the Select link.

  4. Use the credential secret picker to select the credential secret again.

  5. Click Save to update permissions and share the secret with the workload again.

Command Relay might also experience issues if the underlying domain account associated with this secret is changed; for example, password expired or not synced, account locked, AD permissions removed, and so on. Check the Command Relay logs to find logon failures with error details.

Issue: Getting 400s when engine is trying to register

Resolution:

  1. Verify that time in domain is accurate. If the time in the domain is a few minutes off, the ntp service on hosts isn’t running.

  2. Reconfigure the ntp service and sync the domain controller.

Engine and Logs Directory Structure

The Delinea Platform Engine is installed at
C:\ProgramData\Delinea Engine\[version number]\.
Deployment files and logs can be found in this folder.

After installation and registration, the following folders are created:

Folder Description

\appdata

\settings

Contains key file used to encrypt configuration files to discourage manual, machine-level changes.

  • Child folder (\settings):
    Contains encrypted engine configuration files: engine options, deployments, connections, and upgrade/uninstall configuration files when relevant
\runtime

delinea\<deployment name>\<version>\

Contains folders for the installation of deployments. The contents of these folders should not be manually edited.

\log

Contains engine runtime logs. This folder contains Registration, Bootstrap, and Default logs.

Bootstrap and Registration logs record engine startup and registration.

Default log contains process logging, including updates from the platform's Engine Management service, starting and ending deployments, and sending heartbeats to the platform.

This folder might also contain a SelfUpgrade log when a new version is made available. When the engine starts, if it detects a new version, it installs the new version. This process is recorded in the SelfUpgrade log.

If the engine detects an Uninstall configuration file, it automatically shuts down and uninstalls itself.

\metadata Contains information used to verify the integrity of deployment installations. Contents of this directory must not be modified.

\deployment

delinea\<deployment name>\<version>\

  • Contains deployment folders used for temporary processes such as downloading and extracting deployment installations.

  • Contains folders for each deployment.

    • Each deployment has versioned folders which contain:

      • Settings folder

      • Logs folder

      • Deployment state encryption key