Share via


Start-AIPScannerDiagnostics

Relevant for: Unified labeling client only

Starts a series of health checks for a locally installed AIP scanner service.

Syntax

Start-AIPScannerDiagnostics
     [-OnBehalfOf <PSCredential>]
     [-ResetConfig]
     [-VerboseErrorCount <integer>]
     [<CommonParameters>]

Description

The Start-AIPScannerDiagnostics cmdlet triggers a series of diagnostic checks to verify that the scanner deployment is healthy.

Diagnostic checks include whether:

  • The database is up-to-date and accessible
  • URLs are accessible
  • An authentication token is found and the policy can be acquired
  • The profile is set in the Azure portal
  • Offline/online configuration exists and can be acquired
  • Rules are valid

Examples

Example 1: Starts the diagnostic tool for a locally installed AIP scanner

PS C:\> $scanner_account_creds= Get-Credential
PS C:\> Start-AIPScannerDiagnostics -onbehalf $scanner_account_creds

This example prompts you to enter credentials for a specific account, and then provide the credentials of the service account used to run the AIP scanner service.

Example 2: Starts the diagnostic tool with a large number of errors printed from the scanner log

PS C:\> $scanner_account_creds= Get-Credential
PS C:\> Start-AIPScannerDiagnostics -onbehalf $scanner_account_creds -Verbose -VerboseErrorCount 30

This example prompts you to enter credentials for a specific account, and then provide the credentials of the service account used to run the AIP scanner service. The last 30 errors are printed from the scanner log.

Parameters

-OnBehalfOf

Defines the scanner where you want to run the diagnostics, when you are running the command under a user that is not the scanner user.

The OnBehalfOf value defines the variable that holds a credentials object. The diagnostics checks are run on the AIP scanner for the account defined by that credentials object.

Use the Get-Credential cmdlet to get the variable that stores your credentials.

Note

If you are running the command under the scanner user, this parameter is not required.

Type:PSCredential
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-ResetConfig

Resets the policy cache. When used, the policy is refreshed even if the last refresh occurred less than four hours ago.

Type:SwitchParameter
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-VerboseErrorCount

Relevant only when the Verbose parameter is used in the command.

Defines the number of errors you want to see printed from the scanner log, if you want to print a number of errors other than the default of 10.

Type:Integer
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False

Outputs

System.Object

Notes

  • This cmdlet requires you to define a specific scanner account in the -OnBehalfOf parameter. The OnBehalfOf parameter requires you to run your PowerShell session as an Administrator.

  • Diagnostic checks do check for scanner deployment prerequisites. This cmdlet is supported only after you have the scanner deployed and your profile configured.

    For more information, see Deploying the Azure Information Protection scanner.