Self-Service Supportability Orchestrator data collection tool

McAfee Self-Service Supportability Orchestrator
SSSO is a data collection tool. It brings several supportability tools used by endpoint customers under a single orchestrator. The tool invokes the right tool at the right time, and eases the data collection effort. This tool captures the context in which the data collection happens, which helps report proper telemetry data.

The SSSO tool is available on the Tools support portal landing page.

Recent updates to this article

Date	Update
November 17, 2021	Added: Support for Windows 10 Version 21H2 and earlier versions. Product Release Information table.
October 6, 2021	Updated environment for SSSO to version 21.9. Added features: Complete WebMER Integration, Playbook Execution history, Proxy support. Supports new operating systems: Windows 11, 10 21H2 Windows Server 2022 Most of the playbook descriptions have been updated. Added a new known issue.
April 20, 2021	Updated environment to SSSO to version 21.4. Deleted section 'Run SSSO Orchestrator on a host'. Changed MfeDiag to SSSO in multiple locations.

Click to expand the section you want to view:

Product Release Information

SSS Orchestrator Product Version	Release Date
SSSO 21.9	September 2021
SSSO 21.4	April 2021
SSSO 20.11	November 2020
SSSO 20.8	August 2020
SSSO 1.0	April 2020

SSSO purpose

Use this tool in the following situations:

When you open a Service Request with Technical Support, and need data collection
When the data collection effort is complex or simple
When the tool or tools you need are many or hard to use
When the issue is sporadic, random, or reproducible on demand
Examples:
- Capture data for a high CPU issue that occurs randomly in the environment. This issue requires tools from both McAfee Enterprise and Microsoft to run in tandem, and only when CPU is high.
- Run the McAfee Enterprise and Microsoft tools needed to capture the behavior when a third-party application starts. Also, where the third-party randomly experiences an Access Denied failure and crashes. Don’t collect logs if the failure didn’t occur.
- Enable debug logging for Endpoint Security and McAfee Agent when a certain third-party process starts. Collect the process dump of that third party when it crashes within two minutes of startup. Disable debug logging, and collect files when the crash occurs. Otherwise, stop logging until the next time the process starts.

SSSO tool contents

The SSSO comes as a .zip file named SSSO_1.0.0.xxx.zip.
The tool folder structure when executed contains the following:

Doc folder—The doc folder consists of the help documents. The Playbook.yml file contains the steps to create your own playbook pertinent to the issue. The TelemetryData.txt file contains details about telemetry information collected for product improvement and Enterprise support purposes. This file is created in the root folder.
Playbooks folder—Consists of two subfolders, custom and default. The default folder contains a few playbooks that have been authored based on customer escalations. Use the custom folder when a new playbook has been authored.
Plug-ins folder—Plug-ins consist of two subfolders, custom and default. In the default folder, there are a few PowerShell scripts that monitor specific use cases. The plug-ins are basically PowerShell modules. You can write and save custom plug-ins to the custom folder. There are many resources on the internet for PowerShell scripting.
NOTE: The default plug-ins are checked for signing while executing, but the custom plug-ins aren’t checked for signing. McAfee Enterprise isn’t responsible for customer-created custom plug-ins.
Run folder—By default, the run folder isn’t present when the tool is freshly extracted from the SSSO_1.0.0.xxx.zip. The folder gets created automatically when SSSOLauncher.exe is executed. This folder contains the output of the command executed in a compressed (.tgz) format saved according to the time stamp. This compressed file holds the SSSO.log, SSSO_Telemetry.xml files, and other dump files or logs. The files depend on the tools used in the command execution.
Tools folder—The tools folder is categorized into custom and default. Each of the folders has subfolders within them, namely x64 and x86. The default tools are shipped with all relevant McAfee Enterprise tools.
The tools can be updated to latest versions by running the Update Tools Workflow. For details, either see the SSSSO Product Guide, or run the SSSOLauncher.exe -update command.
NOTE: The default tools are checked for signing while being executed, but the custom tools aren’t checked for signing. McAfee Enterprise isn’t responsible for customer-created custom tools.
License.txt—License information of components used. This file is added as a reference.
SSSOLauncher.exe—The main executable that is used to start the SSSO application. It also accepts command-line arguments. To learn more about the input arguments for the binary, see the help.txt document in the doc folder.
SSSO.log—A log file generated after you run SSSOLauncher.exe. It displays the log output of the last command execution only.
SSSO_Updater.log—An updater log file generated after you run SSSOLauncher.exe. It displays the auto-update and log upload output of the last executed command only.
SSSO_Telemetry.xml—This xml file displays the telemetry output of the last command executed.
Royalty-Free Tools License.txt—This file contains the SSSO end-user license agreement (EULA). By default, this file isn’t present in the root folder. When executed for the first-time, the EULA page is displayed. After acceptance, this file is created in the root folder.

SSSO GUI Workflows

Four SSSO GUI Workflows are available:

Collect MER Workflow (SSSO supports all GUI, and WebMER command-line options)
Playbook Execution Workflow (Running the SSSO Playbooks on a Host)
Create an ePO Endpoint Deployment Kit (EEDK) Workflow
Update Tools Workflow

For more details, see the SSSO Product Guide.

Command-Line Parameters

Use: SSSSLauncher.exe [options...]

Options	Description
-? \| /? \| -help	Help details displayed.
-update	Download or update third-party tools.
-Procname:ProcessName	Specify the process name to be used inside the playbook. Example: -procname:mcshield.exe
-filepath:"<filepath>"	Specify the filepath to be used inside the playbook. Example: -filepath:"C:\test\Logs"
-play playbookname.yml	Run the specified playbook. Example: -play CreateEEDK.yml
-accepteula	Silently accept the SSS Orchestrator EULA.
-threshold:<value>	Specify the CPU threshold to be used inside the playbook. Example: -threshold:20
-sr:<SR Number>	Use this switch to upload results automatically to a McAfee Server against the given valid Service Request (SR) number. Example: -sr:4-123456789
-skipupgrade	Skip auto upgrade of SSSO binaries for a particular run.
-delay:<value>	Specify the delay (in seconds) to be used inside the YAML. Example: -delay:200
-thresholds:<val1,val2,val3>	Specify multiple memory thresholds (in MB) separated by a comma, to be used inside the YAML. Example: -thresholds:100,200,300)
-createeedk	Create an ePO deployable package.
-acceptthirdpartyeula	Silently accept Procmon, and Procdump EULA when deployed from ePO. NOTE: The Acceptthirdpartyeula switch only works from ePO.
-proxy:<options>	Sets the proxy server details. It can be one of the options below: -proxy:disable Disables the proxy settings; connects directly to the internet without a proxy. -proxy:system Applies the system proxy settings. -proxy:custom(url,port) Sets the proxy to specified URL and port. Example: -proxy:custom(proxy.example.com,9090)
-skiptelemetry	Turn off SSSO telemetry.
-MER	Runs the MER for all detected McAfee Enterprise products with event logs for default number of days.
-MERprods	Specify the supported McAfee Enterprise products for which MER must be collected.
-MERlogs	Number of days of Application Logs, System Logs, and Security logs, to collect. Specify -1 to avoid collection for any of the event logs.
-MERsanitize	Remove IP address, MAC address, Domain names, and Computer names from the MER result file.
-MERCSanitize	[1 \| 2] [RegEx filename \| Text to sanitize] Use this switch to sanitize the MER logs from a regex file, or from a regex argument.

Running SSS Orchestrator in Air-Gapped Environments

For detailed workflow on SSSO execution in Air gapped environments, see the SSSO Product Guide.

Execute a playbook and record your observations.

Example problem: Data Collection when an Endpoint Security process is consuming high CPU on a system.
Playbook name: ENS_Process_HighCPU_Level1.yml

What the playbook does:

Run SSSOLauncher.exe.
After you accept the EULA, select the playbook ENS_Process_HighCPU_Level1.yml. For more details, see the SSSO Product Guide and look at the section "Playbook Execution Workflow (Running the SSSO Playbooks on a Host)."
NOTE: The SSSOLauncher.exe executable waits for the CPU utilization to breach the 40% threshold.
Reproduce the issue, and wait for CPU to breach the threshold value.
Initiate a full Endpoint Security on-demand scan on the system.
NOTE: When a full on-demand scan is triggered, the CPU utilization exceeds the threshold limit. The SSSOLauncher.exe starts collecting the PerfCounters, Procmon, and AMTrace data. At the end, the MER logs are collected.
After the execution is complete, navigate to SSSO_1.0.0.xxx\run.
NOTE: The output logs are displayed in the SSSO.log file. The file is found in the root directory SSSO_1.0.0.xxx\run\<timestamp>.tgz. The file displays the output of the command executed, and shows different internal tool activities. Reports generated by all third-party tools are compressed in a SSSO_1.0.0.xxx\run\<timestamp>.tgz file.
If the option -sr:<SR number> is used, the data collected is automatically uploaded to the specific Service Request (SR).
For example: Using the option -SR: 1–123456789, you can upload the collected data to the respective SR 1–123456789.

ePO Endpoint Deployment Kit (EEDK)

For how to create an EEDK Workflow, see the "SSSO GUI Workflows" section in the SSSO Product Guide.

How to deploy SSSO to multiple hosts from ePO:
A one-stop solution to deploy SSSO using ePO is through an EEDK package. To use it, follow the steps below:

Upload the package SSSO_EEDK.zip to the Master Repository in ePO.
Select the list of systems or groups in the system tree.
Create a Run Client Task Now task by clicking Actions, Agent, Run Client Task Now.
In the Run Client Task Now window, select the product McAfee Agent, the task type as Product Deployment, and then click Create New Task.
On the Run Client Task Now page, select:
- The Target Platform
- The product as Self Service Supportability 1.0.0.xxx.
Provide the command-line option -acceptThirdPartyEULA, and provide the respective command-line argument to run the playbook. For example:

-acceptThirdPartyEULA -play <Playbook_Name.yml>
Provide appropriate command-line options to run the specific playbook.

Example. You run ENS_Process_HighCPU_Level1.yml, to collect data for mcsheild.exe at a CPU threshold of 40%, The command line would be:

-acceptThirdPartyEULA -play ENS_Process_HighCPU_Level1.yml -procname:mcshield.exe -threshold:40

NOTE: Any parameter with a double quote (“) must be prefixed with backslash \. For example:

acceptthirdpartyeula -MERprods \”Endpoint Security\”

Package and Command-Line information example:

NOTES:
- If there are any SSSO failures, you can look in the SSSO_Updater.log and SSSO.log in %ProgramData%\McAfee\SSSO.
- The location of the output logs is: %ProgramData%\McAfee\SSSO\<Timestamp>.tgz.
- The following applies for any playbook that needs to be executed on the client using the EEDK package. You must first accept an EULA for third-party tools on the client system.
- Playbooks with LiveKD.exe and NotMyFault.exe references can't be run from McAfee ePO.

Playbooks for data collection

A set of playbooks that comes with the package that you can use for data collection.

NOTES:

All playbooks require that the minimum PowerShell version of 3.0 or later to be installed.
If Exploit Prevention is enabled, the rule Execution Policy Bypass in PowerShell must not be configured to Block.
For All Memory related playbooks, If either of the following products are installed, self-protection must be disabled before executing the playbook.
- Endpoint Security (ENS)
- VirusScan Enterprise (VSE)

Two groups are available:

Basic Playbooks
Advanced Playbooks

Default Playbooks

Basic
Playbook Name	Playbook Name Description
CheckThridPartyToolsEULAAcceptance	Checks if the third-party tools EULA is accepted. Any software to be installed before running playbook: No
Advanced
Playbook Name	Playbook Name Description
Template_DefaultToolsPlaybookExample	Shows the usage of all McAfee Enterprise tools. Collects: AMTrace, MMSInfo, FWInfo, ETLTrace, AACInfo, MER. Any software to be installed before running playbook: No
Template_HighCPUUsage	Monitors high CPU usage of a specified process (-procname:<processname.exe>) for a specified threshold (-threshold:<value>). Collects: Procdump, Procmon, MER. Any software to be installed before running playbook: No
Template_LogFilterExample	Looks for a pattern in any log file. Collects: AMTrace. Any software to be installed before running playbook: No
Template_ProcessCrashWithProcdump	Monitor the event of a process crash (-procname:<processname.exe>). Collects: Procdump, MER. Any software to be installed before running playbook: No
Template_ProcessCrashWithWER	Monitor the event of a process crash (-procname:<processname.exe>) using Windows Error Reporting (WER). Collects: Process dump, MER.
Template_ProcessHang	Monitor the event of a process hang (-procname:<processname.exe>). Collects: Procdump, MER. Any software to be installed before running playbook: No
Template_ProcessMemoryLeakWithProcdump	Monitors the event of a process: (-procname:<processname.exe>) memory leak. Collects: Procdump, and MER for multiple memory thresholds breaches. Any software to be installed before running playbook: No
Template_ProcessMemoryLeakWithUMDH	Monitors the event of a process: (procname:<processname.exe>) memory leak. Collects: User-mode dump heap (UMDH) snapshots, and Procdumps for multiple memory threshold breaches. Any software to be installed before running playbook: Yes¹.
Template_ProcessMultipleCrashDumps	Collects multiple crash dumps for a specified process. Any software to be installed before running playbook: No
Process_MemoryLeak_WithLoop	Useful in detecting memory leaks for a given process and given memory thresholds(-thresholds:100,200,300). Collects: Procdumps, Poolmon, UMDH, snapshots for multiple memory threshold breaches. Any software to be installed before running playbook: Yes^1,2.

¹	Windows Debugging tools that need to be installed to run umdh.exe. Make sure the path to gflags.exe and umdh.exe is correct, as different version of Windows Debugging tools might have a different path. Default path is according to the Windows 10 Debugging Tools.
²	Windows Development Kit (WDK) needs to be installed to run poolmon.exe. Make sure the path to PoolMon.exe is correct, as different version of WDK might have different path. Current path according to the Windows 10 Development Kit.

Endpoint Security (ENS) Playbooks

Basic
Playbook Name	Playbook Name Description
ENS_EventBasedLogCollection	Collects data for a certain event ID. Collects: Procmon, AMTrace, if the event ID is triggered. Any software to be installed before running playbook: No.
ENS_InstallationFailure_ePO	Monitors for installation failures for the ePO deployment of ENS. Collects: Procmon, AMTrace, SFC, MER. Any software to be installed before running playbook: No.
ENS_Process_HighCPU_Level1_Parellel	Monitors the CPU usage of specified ENS process (-procname:<processname.exe>) for a specified threshold (-threshold:<value>) and collects data concurrently. Collects: PerfCounters, Procmon, AMTrace, WPR, MER, if there’s a threshold breach. Any software to be installed before running playbook: No.
ENS_Process_MemoryLeak	Useful in detecting memory leaks for a given ENS process. Collects: Procmon, AMTrace, Procdump, Poolmon, UMDH snapshots for multiple memory thresholds. Any software to be installed before running playbook: Yes¹
ENS_SlowODSTask	Used to collect dumps for a slow on-demand scan (ODS). Collects: Multiple Procmon, AMTrace, MER. Any software to be installed before running playbook: No.
ENS_SlowAppStartup_Random	The playbook monitors the process: (-procname:<processname.exe>), to see if it’s taking a long time to startup. Collects: Procmon, AMTrace. Any software to be installed before running playbook: No.
ENS_SystemHighCPU	Monitors the CPU usage of the entire system. Collects: Procmon, AMTrace, WPR, PerfCounters, MER, if the specified threshold is breached. Any software to be installed before running playbook: Yes²
Advanced
Playbook Name	Playbook Name Description
ENS_eventMessageBasedLogCollection	Collects data for a certain event ID and messages. Collects: Procmon, AMTrace, if the event ID and event messages are triggered. Any software to be installed before running playbook: No.
ENS_FirewallPolicyCollection	Collects ENS Firewall config, policy, and ipconfig output details. Any software to be installed before running playbook: No.
ENS_InstallationFailure	Monitors for installation failures for the standalone installation of ENS. Collects: Procmon, AMTrace, SFC, MER. Any software to be installed before running playbook: Yes².
ENS_Process_HighCPU_level1	Monitors the CPU usage of specified ENS process: (-procname:<processname.exe>) for a specified: threshold (-threshold:<value>). Collects: PerfCounters, Live Kernel dump, MER, if there’s a threshold breach. Any software to be installed before running playbook: No.
ENS_Process_HighCPU_level1_Parallel	Monitors the CPU and memory usage of specified ENS process (-procname:<processname.exe>) for a specified threshold. Collects: Complete memory dump if there’s a threshold breach. Any software to be installed before running playbook: No.
ENS_Process_HighCPU_Level2	Monitors a process, if it’s takes a long time to startup. Collects: Procmon, AMTrace. Any software to be installed before running playbook: No.
ENS_Process_HighCPU_Level3	Configures boot logs for ENS Windows. Since its manual execution, User has to execute the ENS_BootLogging_Stop_Manual playbook after the reboot. Collects: Procmon, AMTrace. Any software to be installed before running playbook: No.
ENS_SlowAppStartup_Repro	This playbook has to be executed after ENS_BootLogging_Start_Manual, once the computer is up after the reboot. Collects: Procmon, Amcore, logs during the boot time. Any software to be installed before running playbook: No.

¹	Windows Debugging tools need to be installed to run umdh.exe file. Make sure the path to gflags.exe, and umdh.exe are correct. Different version of Windows Debugging tools might have a different path. Default path according to Windows 10 Debugging Tools.
²	Windows Assessment and Deployment Kit (ADK) needs to be installed to run wpr.exe. Select Windows Performance Toolkit during ADK setup. Make sure the path to umdh.exe is correct, as different version of Windows Assessment and Development kit tool might have different path. Current path is according to Windows 8 Assessment and Development kit tool.

VirusScan Enterprise (VSE) Playbooks

Playbook Name	Playbook Name Description
VSE_InstallationFailure	Monitors for an event ID 21, which relates to execution denied for an application, and collects the MER file when this event occurs. Any software to be installed before running playbook: No.
VSE_ODS_Hang_x64	Collects information by running gatherinfo.bat. Any software to be installed before running playbook: No.
VSE_ODS_Hang_x86	Can be used to set the needed log levels. Any software to be installed before running playbook: No.

McAfee Agent

Basic
Playbook Name	Playbook Name Description
MA_Process_MemoryLeak	Useful when detecting memory leaks for a given MA process. Collects: Procdump, MER, and UMDH snapshots for multiple memory thresholds. Any software to be installed before running playbook: Yes¹

¹	Windows Debugging tools need to be installed to run umdh.exe. Make sure the path to gflags.exe and umdh.exe are correct. Different version of Windows Debugging tools might have a different path. Default path according to the Windows 10 Debugging Tools.

McAfee Application and Change Control (MACC) Playbooks

Basic
Playbook Name	Playbook Name Description
MACC_ExecutionDenied	Monitors execution denied event by MACC. Collects: MER. Any software to be installed before running playbook: No.
MACC_Gatherinfo	Collects: Gatherinfo data for initial analysis. Any software to be installed before running playbook: No.
MACC_Loglevel	Sets the needed log levels for a specified MACC module. Any software to be installed before running playbook: No.
Advanced
Playbook Name	Playbook Name Description
MACC_HighCPU	Monitors the CPU usage of specified MACC process (-procname:<processname.exe>) for a specified threshold (-threshold:<value>). Collects: Procdump, Procmon, WPR, MER, if there’s a threshold breach. Any software to be installed before running playbook: Yes².
MACC_HighMemory	Useful in detecting memory leaks for a given MACC process. Collects: Procdump, MER, if there’s a memory threshold breach. Any software to be installed before running playbook: No.
MACC_InstallationFailure	Monitors for installation failures of MACC. Collects: MER. Any software to be installed before running playbook: No.
MACC_PackageControl	Monitors package changes prevention events by MACC. Collects: MER. Any software to be installed before running playbook: No.
MACC_PreventedExecution	Monitors execution prevention event by MACC for any binary. Collects: MER. Any software to be installed before running playbook: No.
MACC_Process_MemoryLeak	Useful in detecting memory leaks for a given MACC process. Collects: Procmon, Procdump, Poolmon, over time. Any software to be installed before running playbook: Yes¹.
MACC_Procmon_MER	Collects: Procmon, MER, for system performance issues. Any software to be installed before running playbook: No.
MACC_SystemCrash	Monitors system crash for MACC. Collects: MER. Any software to be installed before running playbook: No.
MACC_SlowAppStartup_Random	Playbook monitors system crash for MACC. Collects: MER. Any software to be installed before running playbook: No.
MACC_SystemCrashDataZip	This playbook zips the data generated on a system crash, after execution of MACC_SystemCrash.yml. Any software to be installed before running playbook: No.
MACC_WriteDenied	Monitors write denied event by MACC. Collects: MER. Any software to be installed before running playbook: No.

¹	Windows Development Kit (WDK) needs to be installed to run poolmon.exe. Make sure the path to PoolMon.exe is correct, as different version of WDK might have different path. Current path is according to Windows 10 Development Kit.
²	Windows Assessment and Deployment Kit (ADK) needs to be installed to run wpr.exe. Select Windows Performance Toolkit during ADK setup. Make sure the path to umdh.exe is correct, as different version of Windows Assessment and Development kit tool might have different path. Current path is according to Windows 8 Assessment and Development kit Tool.

Management for Optimized Virtual Environments (MOVE) Antivirus Playbooks

Basic
Playbook Name	Playbook Name Description
MOVE_DataCollection	Changes the loglevel, logFileSize, and logFileNum for MOVE modules. Collects: MER. Any software to be installed before running playbook: No.
Advanced
Playbook Name	Playbook Name Description
MOVE_Clientx86_InstallationFailure	Monitors for the installation failures of 32-bit MOVE client. Collects: Procmon, AMTrace, SFC, MER. Any software to be installed before running playbook: No.
MOVE_Clientx64_InstallationFailure	Monitors for the installation failures of 64-bit MOVE client. Collects: Procmon, AMTrace, MER. Any software to be installed before running playbook: No.
MOVE_DataCollection	Useful in detecting memory leaks for a given MOVE process. Collects: MER, Multiple Procdumps, UMDH snapshots, over time Any software to be installed before running playbook: Yes¹.

¹	Windows Debugging tools need to be installed to run umdh.exe. Make sure the path to gflags.exe, and umdh.exe are correct. Different version of Windows Debugging tools might have a different path. Default path is according to Windows 10 Debugging Tools.

Author your own playbook

It isn’t hard to create your own playbook. The playbook.yml file under the doc folder helps you create a playbook with little effort.

There are a few things to remember when you create the playbook:

Outline your use case in simple tasks. Break down what is needed and when it’s needed.
Follow the conventions as described in the file doc\playbook.yml.
Avoid using tab spaces in the YAML software. The following is an FAQ from the official YAML website:

"Tabs have been outlawed, since different editors and tools treat them differently. And since indentation is so critical to proper interpretation of YAML, this issue is just too tricky to even attempt. Indeed, Guido van Rossum of Python has acknowledged that allowing TABs in Python source is a headache for many people."

NOTES:

The SSS Orchestrator supports playbooks of well-known workflows, which include product-specific workflows.
The user-specific or product-specific workflows can reduce the time for auto remediation or effective data collection.
The SSS Orchestrator also supports building custom playbooks based on your needs.
The playbook also supports invoking different tools based on time, events, or external triggers.

Supported operating systems

Operating System	SSSO Tool 21.9 and later
Clients
Microsoft Windows 11	Yes

Windows 10 Version 21H2 Windows 10 Version 21H1 Windows 10 Version 20H2 October 2020 Update Windows 10 Version 2004 May 2020 Update Windows 10 Version 1909 November 2019 Update Windows 10 Version 1903 May 2019 Update (64-bit, 32-bit)	Yes

Microsoft Windows 8 (64-bit, 32-bit)	Yes
Windows 7 (64-bit, 32-bit)	Yes
Windows Vista (64-bit, 32-bit)	No

Servers
Microsoft Windows Server 2022	Yes
Microsoft Windows Server 2019	Yes
Microsoft Windows Server 2016	Yes
Microsoft Windows Server 2012 R2	Yes
Microsoft Windows Server 2012	Yes
Microsoft Windows Server 2008 Release 2 (64-bit)	Yes
Microsoft Windows Server 2008	No

Enable debug logging

Product	Debug log Article
McAfee Application and Change Control (MACC)	KB90755
Management for Optimized Virtual Environments (MOVE)	KB87799
Endpoint Security (ENS)	KB91797

SSSO usage on MACC enabled systems

IMPORTANT:

If you try to execute the SSSO tool with McAfee Application and Change Control (MACC enabled), you might observe some denials.
You need to add a McAfee certificate as trusted publisher. See the article below under section 9 for more details.
KB94861 - How to use the SSSO tool with MACC enabled.

Common error scenarios

"Another Instance of Self Service Supportability Orchestrtor is already running."

Comment: You can only run one instance of SSSO at a time.
"Unsupported OS! SSSO requires Windows 7/ Windows 2008 R2 or above.
Blocking Execution."

Comment: SSSO can run only on operating systems (OS) listed in the supported operating systems section. Running SSSO on older OS versions throws an unsupported OS error.

"PowerShell version not supported! Please upgrade PowerShell version is less than 3.0 or higher version.
Blocking Execution."

Comments:

For all workflows except 'Collect MER Workflow', PowerShell version must be 3.0 or later.
If Exploit Prevention is enabled, the rule Execution Policy Bypass in PowerShell must not be configured to Block.
"Self Service Supportability Orchestrtor validation Failed! Exiting."

Comment: This error appears if any unauthorized files are present in the SSSO folders. To understand the reason for the failure, look at the logs.

"Self Service Supportability Orchestrtor validation Failed!
Invalid File SSSSO_1.0.0.1522/test.xml
Blocking SSSO Execution!"

Comment: SSSO can't be run from case-sensitive paths. If any of the folders in the path are case sensitive, you see the below.

Playbook Execution failed
Playbook execution can fail for many reasons. Some common case examples:

"ENS Self Protection not disabled"
- For all memory-related playbooks, if ENS or VSE is installed, Self-protection must be disabled before running the playbook.
"Required tool missing"
- Make sure that the needed software is installed, and paths are set correctly in playbook.
- For other errors, look at the logs for details. You can click View Logs Folder on the summary page.
"Waiting for Process to Launch - Memory Playbooks."
- In playbooks like MA_Process_MemoryLeak.yml, while enabling or disabling gFlags, SSSO kills the process and expects it to restart.
- Ideally, the process starts automatically, but, sometimes the process might not come up, if the playbook is run multiple times within a short duration.
- In that case, SSSO is waiting for the process to start. If you see that the process isn’t started for a long time, check and manually start the process. If it’s a service like masvc.exe, start it through the Windows Service Control Manager.

Knowledge Center

Self-Service Supportability Orchestrator data collection tool

Environment

Summary

Related Information

Affected Products

Languages:

Glossary of Technical Terms

Title

Title

Knowledge Center

Self-Service Supportability Orchestrator data collection tool

Environment

Summary

Related Information

Affected Products

Languages:

Glossary of Technical Terms

Choose your region

Title

Title