netwrix · hilram7 · Dec 29, 2025 · Jan 5, 2026 · Jan 5, 2026
@@ -0,0 +1,6 @@
+{
+  "label": "Change Tracker Knowledge Base",
+  "position": 999,
+  "collapsed": true,
+  "collapsible": true
+}
@@ -0,0 +1,79 @@
+---
+description: >-
+  If Netwrix Change Tracker events reports contain ErrorEvent entries labeled
+  "Corrupt", multiple conflicting agent configuration files may be present on
+  affected devices. This article explains how to identify affected agents and
+  perform an agent reset to resolve the issue.
+keywords:
+  - Netwrix Change Tracker
+  - ErrorEvent
+  - Corrupt
+  - agent reset
+  - gen7agent
+  - rolling-log
+  - Hubdetails.xml
+  - Config-*.xml
+  - AgentID
+products:
+  - change-tracker
+sidebar_label: Corrupt ErrorEvent in Event Reports
+tags:
+  - audit-and-logging
+title: "Corrupt ErrorEvent in Event Reports"
+knowledge_article_id: kA0Qk0000000ahpKAA
+---
+
+# Corrupt ErrorEvent in Event Reports
+
+## Symptoms
+
+- The events report in Netwrix Change Tracker contains one or more `ErrorEvent` events. Their description states `Corrupt`.
+- Agent logs (see [Rolling-Log File Location](https://docs.netwrix.com/docs/changetracker/8_1/install/agent/rollinglogfile)) contain the following line:
+  - **Windows:** `C:\ProgramData\NNT\gen7agent.app.netcore\rolling-log.txt`
+  - **Linux:** `/var/nnt/gen7agent.app.netcore/rolling-log.txt`
+
+```text
+[timestamp] ERROR AgentTaskRunner - task execution failed for task %#% - %task_name% [timestamp]
+```
+
+## Cause
+
+The agent directory on affected devices contains multiple conflicting `Config-*.xml` files. These files cause conflicts in device agent events.
+
+## Resolution
+
+> **NOTE:** You can establish the affected agents via the events report—review the **DeviceName** and **AgentID** column values.
+
+Perform an agent reset to reconfigure affected agents:
+
+### Windows
+
+1. Stop the Netwrix Change Tracker Agent Service.
+
+2. Navigate to the agent directory (see [Rolling-Log File Location](https://docs.netwrix.com/docs/changetracker/8_1/install/agent/rollinglogfile)): `C:\ProgramData\NNT\gen7agent.app.netcore\`
+
+3. Right-click the `Hubdetails.xml` file and select **Edit**.
+
+4. Replace the `<E1>` tag pair with the `<Password>` tag pair. Replace the contents with the current agent account password, as defined on your Netwrix Change Tracker Hub Server. Save the changes.
+
+5. Start the Agent Service.
+
+### Linux
+
+1. Stop the Netwrix Change Tracker Agent Service:
+
+```bash
+service nntgen7agent stop
+```
+
+2. Navigate to the agent directory (see [Rolling-Log File Location](https://docs.netwrix.com/docs/changetracker/8_1/install/agent/rollinglogfile)): `/var/nnt/gen7agent.app.netcore/`
+
+3. Edit the `Hubdetails.xml` file.
+
+4. Replace the `<E1>` tag pair with the `<Password>` tag pair. Replace the contents with the current agent account password, as defined on your Netwrix Change Tracker Hub Server. Save the changes.
+
+5. Start the Agent Service:
+
+```bash
+service nntgen7agent start
+```
@@ -0,0 +1,29 @@
+---
+description: >-
+  This article explains the purpose of `core.*` files in Gen 7 Agent servers and whether they can be safely deleted to free up disk space.
+keywords:
+  - core files
+  - Gen 7 Agent
+  - disk space
+sidebar_label: Disk Space and Core Files
+tags:
+  - database-and-diagnostics
+title: "Disk Space Occupied by Core.* Files in Gen 7 Agent Servers"
+knowledge_article_id: kA0Qk0000000NuHKAU
+products:
+  - change-tracker
+---
+
+# Disk Space Occupied by Core.* Files in Gen 7 Agent Servers
+
+## Questions
+
+The `/opt/nnt/gen7agentcore/bin/` directory (see [Linux Agent Installation](https://docs.netwrix.com/docs/changetracker/8_1/install/agent/linuxos)) in Gen 7 Agent servers (Linux) contains multiple `core.*` files.
+
+1. What are these files?
+2. Is it safe to delete these files?
+
+## Answers
+
+1. The `core.*` files located in the `/opt/nnt/gen7agentcore/bin/` directory are core dumps. These core dumps are generated upon a process crash or a fatal error—they contain a snapshot of the process memory at the time of the crash or error.
+2. These core files can be safely deleted to free up disk space.
@@ -0,0 +1,18 @@
+---
+title: "Change Tracker Knowledge Base"
+description: "Change Tracker knowledge base articles and troubleshooting guides"
+slug: changetracker
+---
+
+# Change Tracker Knowledge Base
+
+Welcome to the Change Tracker knowledge base. Browse our collection of troubleshooting guides, configuration instructions, and best practices.
+
+Use the search function above to find specific articles or browse through all Change Tracker KB articles in this section.
+
+## Need Help?
+
+If you can't find what you're looking for:
+1. Use the search function above
+2. Check the main [Change Tracker documentation](https://docs.netwrix.com/docs/changetracker/)
+3. Contact [Netwrix support](https://www.netwrix.com/support.html)
@@ -0,0 +1,64 @@
+---
+description: >-
+  This article addresses the error related to the certificate thumbprint mismatch in the Netwrix Agent and provides a resolution to ensure proper reporting to the Hub Server.
+keywords:
+  - Netwrix Agent
+  - certificate thumbprint
+  - Hub Server
+sidebar_label: Certificate Thumbprint Mismatch
+tags: [troubleshooting-and-errors]
+title: 'Rolling-Log Fix: "ERROR NNT.Hub.ServiceClient.HubAdapter - Certificate Thumbprint Does Not Match Trusted"'
+knowledge_article_id: kA04u0000000JaGCAU
+products:
+  - change-tracker
+---
+
+# Rolling-Log Fix: "ERROR NNT.Hub.ServiceClient.HubAdapter - Certificate Thumbprint Does Not Match Trusted"
+
+## Symptoms
+
+The following error occurs when using a custom or unrecognized IIS Certificate:
+
+```
+# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
+#                                                   Example Message:													  #
+# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
+
+2017-10-08 11:17:36,935 [Threadpool worker] ERROR NNT.Hub.ServiceClient.HubAdapter - Certificate thumbprint does not match trusted (BAD1067FBAB59CCED21786657C672F6AB5BE824C/6F7F11707C0C93CD0F7E92D5BC0F1C9345D68A64). Consider setting Thumbprint in HubDetails.xml. Server certificate details
+```
+
+## Cause
+
+This means that you are using a custom or unrecognized IIS Certificate. You need to specify to the agent the certificate thumbprint so that it can use the new certificate.
+
+## Resolution
+
+If you are receiving this error, the Netwrix Agent is NOT reporting to your hub. This is a critical error, and for monitoring to continue, it must be resolved. To resolve this error:
+
+1. Stop the **Netwrix Agent Service**.
+2. Navigate to your Netwrix Agent Directory, which contains the Rolling-Log Files (see [Agent Rolling-Log File Location](https://docs.netwrix.com/docs/changetracker/8_1/install/agent/rollinglogfile) for more details):
+   - **Windows:** `C:\ProgramData\NNT\gen7agent.app.netcore\`
+   - **Linux:** `/var/nnt/gen7agent.app.netcore/`
+3. Edit the **HubDetails.xml** file.
+4. Locate the **Thumbprint** entry in the XML file.
+5. In between the **Thumbprint** tags, enter your custom certificate thumbprint (the correct thumbprint is shown in the error message).
+6. Save the file, replacing the old one. Note that you may need to save this to the desktop and copy and paste it back into the directory, replacing the old file.
+7. Restart the Agent service.
+
+### HubDetails.xml Example
+
+```xml
+<?xml version="1.0" encoding="utf-8"?>
+<HubDetails xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
+    <Url>https://myserver.mydomain.local/api</Url>
+    <Username>agent</Username>
+    <Proxy />
+    <ProxyDomain />
+    <ProxyUsername />
+    <ProxyPassword />
+    <UseDefaultProxy>false</UseDefaultProxy>
+    <NamePrefix></NamePrefix>
+    <NameSuffix></NameSuffix>
+    <Thumbprint>BCD1067FBAB59CCED21786657C672F6AB5BE824C</Thumbprint>
+</HubDetails>
+```
@@ -0,0 +1,58 @@
+---
+description: >-
+  This article provides a resolution for the "Hub connection failed" error due to an IP address being blocked after multiple login failures.
+keywords:
+  - Hub connection failed
+  - IP address blocked
+  - Login failures
+sidebar_label: 403 IP Address Blocked
+tags: [troubleshooting-and-errors]
+title: "Rolling-Log Fix: Hub Connection Failed. 403 Server Message: IP Address Blocked: Login Failures"
+knowledge_article_id: kA04u0000000JXgCAM
+products:
+  - change-tracker
+---
+
+# Rolling-Log Fix: Hub Connection Failed. 403 Server Message: IP Address Blocked: Login Failures
+
+## Symptoms
+
+This problem can occur when the Agent password being sent to the Hub Server is incorrect.
+
+### Example Error Message
+
+```
+2017-09-06 14:22:43,230 [10] INFO Message - Hub connection failed (403 Server message: Ip Address Blocked: LoginFailures)
+```
+
+## Resolution
+
+1. Stop the **Netwrix Agent Service**.
+2. Navigate to your Agent Directory which contains the Rolling-Log Files.
+3. Right-click and edit the **Hubdetails.xml** file.
+4. Remove the `<E1></E1>` tags as they are the agent password which has been encrypted.
+5. In place of `<E1></E1>`, enter the `<Password></Password>` tags. See an example of **HubDetails.xml** below. The default password is used as an example.
+6. In between the password entries, enter your Agent Account password as defined on your Netwrix Hub Server.
+7. Save the file, replacing the old one.
+8. Restart the Agent service.
+
+> **NOTE:** When you start the service, the agent will automatically re-encrypt your password, and the **E1** tags will replace the password tags. Also, there is a ten-minute cool-off when this happens. Now that the username and password have been corrected, the agent should register after the ten minutes have elapsed. This cool-off period is counted at the Netwrix Hub Server and does not take effect at the agent level. If you have stopped the service, you do not have to wait 10 minutes after restarting it.
+
+### HubDetails.xml Example
+
+```xml
+<?xml version="1.0" encoding="utf-8"?>
+<HubDetails xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
+    <Url>https://myserver.mydomain.local/api</Url>
+    <Username>agent</Username>
+    <Password>YourAgentPassword</Password>
+    <Proxy />
+    <ProxyDomain />
+    <ProxyUsername />
+    <ProxyPassword />
+    <UseDefaultProxy>false</UseDefaultProxy>
+    <NamePrefix></NamePrefix>
+    <NameSuffix></NameSuffix>
+    <Thumbprint></Thumbprint>
+</HubDetails>
+```
@@ -1,8 +1,16 @@
+const generateKBSidebar = require('../../src/utils/generateKBSidebar');
+
 module.exports = {
   sidebar: [
     {
       type: 'autogenerated',
       dirName: '.',
     },
+    {
+      type: 'category',
+      label: 'Knowledge Base',
+      collapsed: true,
+      items: generateKBSidebar('changetracker')
+    },
   ],
 };
@@ -1,8 +1,16 @@
+const generateKBSidebar = require('../../src/utils/generateKBSidebar');
+
 module.exports = {
   sidebar: [
     {
       type: 'autogenerated',
       dirName: '.',
     },
+    {
+      type: 'category',
+      label: 'Knowledge Base',
+      collapsed: true,
+      items: generateKBSidebar('changetracker')
+    },
   ],
 };