Support and Troubleshooting

View version information

When discussing issues, it is important to communicate precise version information with colleagues and with Tanium Support. This screen also provides other important information, such as system time, uptime, and basic network configuration details.

1. Sign in to the TanOS console as a user with the tanadmin or tanuser role.
2. Enter @ to go to the About this Appliance menu that shows version information, system time, uptime, and basic network configuration details. View screen

   ----------------------------------------------------------------
   
                >>> About this Appliance <<< 
   
   Hostname:                         ts1
   Domain Name:                      test.tanium.local
   
   System Time (MM/DD/YY):           08/30/22-20:50:06-UTC
   Uptime:                           up 6 days, 5 hours, 16 minutes
   
   TanOS Version:1.8.1.0149 
   
   Appliance Model:                  TV-110
   Serial Number:                    421d22ac4b1f4ea5-901ea65b30d6b6fc
   
   IP Address:                       10.10.10.162
   Gateway address:                  10.10.10.2
   
   Name Servers:                     10.10.10.10
   NTP Servers:                      0.pool.ntp.org
   
   Tanium Version:7.5.6.1118 
   Server Role:                      Tanium Server (Primary DB)
   Server Addons:                    Zone Server Hub
   Tanium Cluster Role:              Primary Node
   Cluster Member IP:                10.10.10.163
   
   Number of Processors:             2 x 2304 MHz
   Total Memory:                     64G
   
   Tanium Server Pub Key MD5:        88da5655a7f03950077d9e3681dffba7
   Tanium Server Init Key MD5:       78fc1a51b0779f89f13d341f633f1f9e
   TZS Hub Registration Fingerprint: 47:fa:27:96:94:54
   
   ---------------------------------------------------------------
   
   
   Press enter to continue

Run the Health Check

After initial configuration, TanOS automatically runs a health check every 15 minutes. The results for the latest health check are stored in the health.log file in the /outgoing directory.

To run a health check manually:

1. Sign in to the TanOS console as a user with the tanadmin role.

2. Enter 3 (Tanium Support).

3. Enter 5 to run the health check. View screen

   >>> Tanium Support -> Run Health Check <<< 
   
    Report time: 2020-10-29 14:44:29 UTC
    Report Uptime:  14:44:29 up  8:10,  1 user,  load average: 0.00, 0.01, 0.05
   
    >>> Is EULA Accepted <<<
       [email protected] accepted June2019 EULA on Thu Oct 29 06:29:33 UTC 2020
    Is EULA Accepted: pass
   
    >>> Operating System health (will take 7-10 seconds) <<<
    CPU: pass
    Memory: pass (70% avail >= 10%)
    Swap: pass (100% avail >= 50%)
    Partition /: pass (8%)
    Partition /boot: pass (24%)
    Partition /var: pass (3%)
    Partition /var/log/audit: pass (2%)
    Partition /opt: pass (2%)
    Partition /tmp: pass (1%)
    Partition /home: pass (1%)
    Partition /cores: pass (1%)
    Partition /var/log: pass (1%)
    Boot Check: Pass (BIOS Boot with virtual machine)
    Active partition: pass (VolGroup1-root)
   
    >>> Hardware health (will take 1-12 seconds) <<<
    hardware type: pass (TV-110)
   
    >>> User health <<<
    user tanium: pass
    user tanadmin: pass
    user tancopy: pass
    user tanfactory: pass (disabled)
    system user shells: pass
    system user policies: pass
   
    >>> Network health (will take 5-7 seconds) <<<
    default gateway: pass
    generic name resolution: pass
    own hostname resolution: pass (Hosts)
   no stats available
    L2 check eth0: pass
    mount /opt/mounts/connect: pass (not configured)
    mount /opt/mounts/detect: pass (not configured)
    mount /opt/mounts/trends: pass (not configured)
    Connection tracking: pass
   
    >>> Service health <<<
    chronyd service: pass (running)
    chronyd service: pass (time synced)
    rsyslog service: pass
    syslog delivery: N/A (syslog delivery is disabled)
    iptables service: pass
    ip6tables service: pass
    sshd service: pass
    ipsec service: pass
    local auth service: pass
   
    >>> Application health <<<
    taniumserver.service: pass (service is running)
    taniumserver.service: pass (iptables)
    taniumserver.service: pass (database connected)
    taniumserver.service: pass (database size: 1 GB)
    TMS connectivity: fail (127.0.0.1:17477) 
    taniummoduleserver.service: pass (does not exist/not installed)
    taniumzoneserver.service: pass (does not exist/not installed)
   
    >>> TanOS <<<
    BIOS Version: pass (not checked)
    PERC Version: pass (not checked)
    iDRAC Version: pass (not checked)
    Backup: fail (Backup schedule cannot run without key) 
    TanOS key material: pass
   
    >>> Miscellaneous <<<
    misc 1: pass
    core files: pass
    shell keys: pass
   
    >>> Database Replication Health <<<
   
    Database Replication: pass (Not configured)
   
    >>> RAID Controller Security Key <<<
   
    RAID Security key check: pass (N/A for this platform)
   
    >>> Tanium Application file Permissions <<<
    TaniumServer file permissions: pass
   
    >>> Postgres SSL Health Check <<<
    Postgres SSL: pass
    SSL CRL file: root.crl.pem
   
    >>> OVA Health (TV-2xx) <<<
    RAM Requirements: fail (1837) 
    CPU Requirements: fail (2) 
   
    executed checks: 58
    failed checks: 4
   
    >>> End Health Check <<<
    Press enter to continue

   Results appear on screen, and the results are also stored in the health.log file in the /outgoing directory. For details about each check, see Reference: TanOS health check results.

If your health check report prompts you to accept the end-user license agreement (EULA), go to the tanadmin menu and enter Q to view the EULA. Follow the prompts to accept the license agreement.

The TanOS health check provides a warning when the available space is 70% full on any partition. When the available space is 95% full, TanOS stops all Tanium services to preserve TanOS functionality.

After you perform the initial configuration for an appliance, a core backup is scheduled by default. The health check reports an error that automatic backups cannot complete until you set up an encryption key. To remove the error from the health check, you can either add an encryption key or disable the scheduled core backup. For information on how to disable the core backup, see Configure an automatic backup.

Overview of Tanium Appliance logs, reports, and troubleshooting features

The following logs, reports, and troubleshooting features can help diagnose issues with the appliance itself. For additional information about logs and troubleshooting for Tanium Core Platform servers, see Tanium Core Platform Deployment Reference Guide: Logs and troubleshooting.

• About this Appliance screen: This screen provides information about the Tanium Appliance version, system time, uptime, and basic network configuration details.
• Advanced Support menu: This menu provides options for exporting core files, generating process dumps, and viewing directory space usage.
• Cloud Access Point log: This log records access information for Tanium Clients that connect to Tanium Cloud through an appliance with the Cloud Access Point role.
• Database Operations menu: This menu provides options for viewing information about Tanium database operations.

• Health Check report: This report provides information on the health of the appliance operating system, hardware, users, network, services, applications, database replication, RAID security, Postgres SSL, and the virtual machine (if applicable).

• Network Diagnostics menu: This menu provides options for running network diagnostic procedures, viewing networking information, and viewing firewall details.
• Performance Monitoring menu: This menu provides options for viewing information about system activity, processes, input/output usage, CPU usage, and other resource usage.
• Read-only restricted shell: Opening an RO shell enables you to view files on the appliance file system, including logs that are not accessible through the TanOS console.
• SNMP walk: You can configure integration with a Simple Network Management Protocol (SNMP) manager for collecting and analyzing appliance information.
• Status menu: This menu provides options for viewing information about system activity, processes, input/output usage, CPU usage, and other resource usage.
• Syslog forwarding: You can forward appliance logs to a remote syslog server.
• Tanium Support Gatherer: The Tanium Support Gatherer (TSG) provides information on the status of the appliance system, processes, and network interfaces.
• TanOS event log: This log records major events on the appliance, such as server installations, upgrades, initial configuration, software resets, backups, partition synchronization, Tanium Module Server synchronization, Tanium Core Platform services stopped due to lack of disk space, Tanium Server or Module Server failover, and restricted or unrestricted shell access.
• TanOS partition sync log: This log records events that relate to partition synchronization on appliances with active and inactive partitions.
• TanOS upgrade log: This log records events that relate to appliance upgrades.
• TCP dump: Running a TCP dump creates a packet capture (PCAP) file for the network interface that you select. PCAP files capture real-time data packets that traverse a network. You can use the files to analyze network traffic and troubleshoot network issues.

Restart services or networking

Check whether a Tanium service needs to be restarted. You can use the TanOS menu to stop a service whether the service is enabled, and you can use TanOS to start a service if the service is enabled.

Restart services

1. Sign in to the TanOS console as a user with the tanadmin role.

2. Enter 2-1 (Tanium Operations > Tanium Service Control).

3. Enter the line number of the service you want to manage to view the service commands. View screen

   >>> Tanium Operations -> Tanium Service Control -> Service <<< 
   
       Service         State      Status 
       taniumserver     enabled    running
   
            1: Start service
            2: Stop service
            3: Restart service
            4: Disable service
            5: Enable service
            6: Status Details
   
            R: Return to previous menu
   
   ------------------------------------------------------

4. Type the number of a service control command to issue the command.

Restart networking

1. Sign in to the TanOS console as a user with the tanadmin role.

2. Enter A-2 (Appliance Configuration > Networking Configuration).

3. Enter 4 to restart networking.

Exit maintenance mode after an error

Some maintenance procedures that you perform in TanOS automatically enter maintenance mode to ensure Tanium services are not affected by the maintenance operation. When the operation completes, TanOS automatically exits maintenance mode and resumes normal operations. However, if an error occurs during a maintenance operation, TanOS can sometimes stay in maintenance mode. If TanOS indicates that you are unable to perform an operation due to maintenance activity, you can manually exit maintenance mode.

1. Sign in to the TanOS console as a user with the tanadmin role.

2. Enter B-C (Appliance Maintenance > Maintenance Mode).

3. Enter 1 to clear any maintenance actions.

Reinitialize replication

Use this procedure after the secondary database server has been promoted to primary, or to reinitialize a broken Tanium cluster.

1. Sign in to the TanOS console as a user with the tanadmin role.

2. Enter 2-B (Tanium Operations > Cluster Configuration).

3. Enter B and follow the prompts to reinitialize replication.

Review the TanOS event log

The TanOS event log records major events on the appliance, such as server installations, upgrades, initial configuration, software resets, backups, partition synchronization, Tanium Module Server synchronization, Tanium Core Platform services stopped due to lack of disk space, Tanium Server or Module Server failover, and restricted or unrestricted shell access.

1. Sign in to the TanOS console as a user with the tanadmin role.

2. Enter 3-1-1-7 (Tanium Support > Logs > TanOS Appliance > TanOS Event Log).

3. Select an item to view the log, follow its growth, delete it, or export it to the /outgoing directory.

When you view a log, you can use commands similar to ex editor commands to search for patterns (keywords).

Review Tanium Core Platform logs

If you are diagnosing issues with the Tanium Core Platform installation, review the logs. For additional information about logs and troubleshooting for Tanium Core Platform servers, see Tanium Core Platform Deployment Reference Guide: Logs and troubleshooting.

1. Sign in to the TanOS console as a user with the tanadmin role.

2. Enter 3-1 (Tanium Support > Logs).

3. Select an item to view its submenu. View screen

   ------------------------------------------------------
   
        >>> Tanium Support -> Logs -> taniumserver <<< 
   
             1: Tanium Server Log (log0.txt)
             2: Tanium Server TDL Log (log0.txt)
             3: Tanium Server RBAC Log (rbac0.txt)
             4: Tanium Server PAM4 Log (tanium_pam4.log)
             5: Tanium Server Workbenches (workbenches_manager.log)
             6: Tanium Server Signature Verifier (signature_verifier.log)
             7: Tanium Server DB Upgrade Log (database-upgrade0.txt)
             8: Tanium Server Auth0 Log (auth0.txt)
   
             R: Return to previous menu  RR: Return to top
   
   ------------------------------------------------------

4. Select an item to view the log, follow its growth, delete it, or export it to the /outgoing directory. View screen

   ------------------------------------------------------
   
   >>> Tanium Support -> Logs -> TaniumServer -> log0.txt <<< 
   
          Size: 538   Last Update: 2022-03-11 14:10:40
    
             V: View file
             F: Follow log file growth
             T: Delete content of logfile
             E: Export to outgoing (sftp)
   
            R: Return to previous menu  RR: Return to top
   
   ------------------------------------------------------

When you view a log, you can use commands similar to ex editor commands to search for patterns (keywords).

Review Tanium solution module logs

If you are diagnosing issues with expected behavior for solution modules, examine the module logs.

1. Sign in to the TanOS console as a user with the tanadmin role.

2. Enter 3-2 (Tanium Support > Module Log Files Access).

3. Select an item to view its submenu.
4. Select an item to view the log, follow its growth, delete it, or copy it to the /outgoing directory.

When you view a log, you can use commands similar to vi editor commands to search for patterns (keywords).

Review the configuration

1. Sign in to the TanOS console as a user with the tanadmin role.

2. Enter 2-2 (Tanium Operations > Configuration Settings).

3. Use the menu to view and edit Tanium Core Platform server configuration files.

Run Tanium Support Gatherer

The Tanium Support Gatherer (TSG) collects system status, process status, network interface status, and so on, to help Tanium Support evaluate possible appliance or Tanium Core Platform server issues.

Each Tanium Core Platform server has a predefined list of files and commands to gather relevant data. The TSG output files are placed in the SFTP outgoing directory. The output files are ZIP archives, named with their collection or module name and a datestamp. The files remain in the outgoing directory until a daily cleanup task removes them. From the TSG menu, you specify a single item (a module or collection of files) or a comma-separated list of items.

1. Sign in to the TanOS console as a user with the tanadmin role.

2. Enter 3-A (Tanium Support > Tanium Support Gatherer).

3. Enter A to run the Tanium Support Gatherer.

   TanOS runs the report and indicates the name of the zipped report file. View screen

   Generating Appliance TSG: tsg-tms1-vc-appliance-2022-04-19-2033
   Gathering OS files
   Gathering Network files
   Gathering Database files
   Gathering Tanium Server files
   Creating zip file
   Exporting zip file
   Exported tsg-tms1-vc-appliance-2022-04-19-2033.zip
   Password for the file is the appliance's FQDN
    Press enter to continue
   

4. Use SFTP to copy the zipped report to your local machine.

Copy core files

To upload the Core Files directly to an SFTP destination from the /outgoing directory, you must add the tanadmin user's public SSH key to the SFTP user's authorized keys on the remote host. For information, see Manage SSH keys.

1. Sign in to the TanOS console as a user with the tanadmin role.

2. Enter 3-X-1 (Tanium Support > Advanced Support > Copy Core Files).

3. Enter the line number of the core files to copy.

   TanOS generates a ZIP file containing the compressed core files and uploads it to the /outgoing directory.

4. To upload the generated file to an SFTP location using TanOS, enter Yes and follow the prompts to enter the SFTP host IP or fully qualified domain name (FQDN), remote user name, and destination directory and file name.

Run tcpdump

Running a TCP dump creates a packet capture (PCAP) file for the network interface that you select. PCAP files capture real-time data packets that traverse a network. You can use the files to analyze network traffic and troubleshoot network issues.

You can add filters to the report to control how much data is captured. You can also see a preview of the report before you run the command.

1. Sign in to the TanOS console as a user with the tanadmin role.

2. Enter 3-B (Tanium Support > TcpDump).

3. Choose the network interface on which you want to run the command.
4. To limit the results, add filters such as IP/FQDN, port numbers, file size, or time range. View screen

   ------------------------------------------------------
   
   >>> Tanium Support -> TcpDump -> ens32 <<< 
   
    About to launch a tcpdump for interface ens32
    Attention: If Host/IP and port filters are supplied, both will be applied
   
    Valid IP/Host filters include single FQDN's OR IPv4/6 addresses,
    e.g. 172.30.20.10 OR time.customer-a.internal OR 0123:4567:89ab:cdef::1
    Please provide a IP/FQDN filter (empty for none):
    No IP/Host capture filter supplied...
   
    Valid port number filters include a single port number between 1 and 65535
    Please provide a port number (1-65535) filter (empty for none):
    No port capture filter provided...
   
    Please provide a maximum size for the pcap file (1-512) in MB.: 512
    Please provide a maximum time in minutes (1-60) for the capture: 1
    Time option accepted: 1 minutes
   
    Run details:
      Interface: ens32
      Host filter:
      Port filter:
      PCAP size (packets): 426666
      Capture time (seconds): 60
   
    Would you like a preview? [Yes|No]:
   

5. Enter yes or no to accept or decline a preview of the file.
6. Enter yes to launch TCP dump and create the file. View screen

   ------------------------------------------------------
    Would you like to launch tcpdump? [Yes|No]: y
    tcpdump running, please be patient (might take up to 60 seconds)...
    tcpdump finished
    Please connect via sftp using tancopy to retrieve the file from outgoing (tcpdump_ens32.pcap)
   
    Warning - please keep in mind that this location is cleaned every night at 2:00 am appliance time!
   
    Press enter to exit
    

7. Use SFTP to copy the file from the /outgoing directory to your local computer.

Run network diagnostics

Use the Network Diagnostics menu to run basic diagnostic procedures.

Ping a remote system

1. Sign in to the TanOS console of the appliance as a user with the tanadmin role.

2. Enter 3-4-F (Tanium Support > Run Network Diagnostics > Ping Remote System).

3. Enter the IP address or fully qualified domain name (FQDN) of the system to ping to view connection information.

Test a connection using a remote port

The Test Remote Port screen allows you to attempt a connection to a given destination and port using TCP.

1. Sign in to the TanOS console of the appliance as a user with the tanadmin role.

2. Enter 3-4-2 (Tanium Support > Run Network Diagnostics > Test Remote Port (TCP)).

3. Enter the IP address or FQDN of the destination to test.
4. Enter the port number for the connection.
   The TanOS console indicates whether the appliance can successfully connect using the specified port.

Trace the connection path to a destination

Use the Trace Path screen to run a traceroute command to a remote destination using a specified connection protocol.

1. Sign in to the TanOS console of the appliance as a user with the tanadmin role.

2. Enter 3-4-3 (Tanium Support > Run Network Diagnostics > Trace Path).

3. Enter the protocol to use for the connection, the FQDN or IP address of the destination, and the port to view the connection path between the appliance and the destination.

Resolve a host name

1. Sign in to the TanOS console of the appliance as a user with the tanadmin role.

2. Enter 3-4-4 (Tanium Support > Run Network Diagnostics > Resolve Name).

3. Enter the FQDN to find its IP address.

Check IPSEC

1. Sign in to the TanOS console of the appliance with the secondary database as a user with the tanadmin role.

2. Enter 3-3 (Tanium Support > Database Operations).

3. Enter 5 to view information about any active IPsec tunnels..

Listening ports

1. Sign in to the TanOS console of the appliance with the secondary database as a user with the tanadmin role.

2. Enter 3-3 (Tanium Support > Database Operations).

3. Enter 6 to view a list of all detected listening ports.

Show firewall

1. Sign in to the TanOS console of the appliance with the secondary database as a user with the tanadmin role.

2. Enter 3-3 (Tanium Support > Database Operations).

3. Enter 7 to view firewall details.

Examine Tanium and TanOS files

In rare cases, you or Tanium Support might need to examine Tanium and TanOS files written to the file system.

Open read-only restricted shell

1. Sign in to the TanOS console as a user with the tanadmin role.

2. Enter B-5 (Appliance Maintenance > Shell Keys).

3. Enter O to open a read-only shell. View screen

   >>> Appliance Maintenance -> Launch Read Only Restricted Shell <<< 
   
    A read only restricted shell will be opened.
   
    The shell will be forcibly closed after 10 minutes of inactivity.
   
    Use /xfer/ subdirectories to move files on/off the appliance.
    
    Are you sure you want to open RO shell? [Yes|No]: yes
    ([email protected])/
    (0 13:43:24 1) ->

4. Enter exit to close the shell.

Request read-write restricted shell or full shell access

You must follow a special procedure to request read-write restrictive shell access or full shell access.

1. Sign in to the TanOS console as a user with the tanadmin role.

2. Enter B-5 (Appliance Maintenance > Shell Keys).

3. Enter W or F, and follow the prompts to generate a shell access request package. The package is written to the /outgoing folder. View screen

    All previous keys or requests have been deactivated.
   
    The request file TanOS-key-request.tgz has been copied to tancopy outgoing.
   
    Provide the request file to your Tanium TAM and they will provide a response
    for verification. The request and its corresponding response file will expire
    in seven days. Once loaded and processed, shell access will be
    permitted for the duration specified in the response.
   
   
    Press enter to continue

4. Use SFTP to copy the request file from the /outgoing directory to your local computer.
5. Email the file and TanOS version information to Tanium Support. For more information, see Support for Tanium Appliances.

Tanium Support sends you a response file. For multiple appliances, you might receive multiple files named with serial numbers.

6. Use SFTP to copy the response file to the /incoming directory. The file name must be in the format TanOS-key-response*.tgz or TanOS-key-serialNo*.tgz.
7. At the Appliance Maintenance > Shell Keys menu prompt, enter 1, and then enter the number of a response file to validate the response. View screen

   >>> Appliance Maintenance -> Feature Request -> Validate Response <<< 
   
     1: TanOS-key-serialNo-e121-1.tgz                              890
     2: TanOS-key-serialNo-e121-2.tgz                              896
   
     R: Return to previous menu  RR: Return to top
   
   Please select: 1
   
   Filename   = TanOS-key-serialNo-e121-1.tgz
   User       = tanadmin
   KeyID      = 1ea29a3fce9a7a1f4cf7270cb831d4c7fddaa75560e9154d6f5d971daa46241d
   Start Time = Fri Aug 26 17:32:30 UTC 2022
   Expiration = Fri Aug 26 21:09:17 UTC 2022
   
   Signature verified, genuine response
   
   Verifying DB matches
   DB Match has been found
   Request is still valid
   Shell access timeout has been updated.
   Return to the menu to open a shell session.
   
   Press enter to continue

The Shell Keys menu now has additional options. View screen

------------------------------------------------------

   >>> Appliance Maintenance -> Shell Keys <<< 

     Current shell authorization type is Read Write Restricted Shell 
     Current shell authorization expires in 1 hour 59 minutes 

         1: Validate Response
         2: Remove shell access
         3: Launch Read Write Restricted Shell

         O: Open Read Only Restricted Shell
         W: Request Read Write Restricted Shell Activation
         F: Request Full Shell Activation

         L: Shell Key Listing
         A: Revoke All Shell Keys

         R: Return to previous menu  RR: Return to top

------------------------------------------------------

8. Enter 3 to launch the shell. View screen

   >>> Appliance Maintenance -> Shell Access -> Launch Unrestricted Shell <<< 
   
   Access is still valid. A unrestricted access shell will be opened
   
   All connections (regardless of shell access) will be forcibly closed
   after 60 minutes.
   
   ([email protected])~
   (0 20:02:08 1) ->

9. Enter exit to close the shell.
10. When you are finished troubleshooting, go to the Shell Keys menu and enter 2 to remove shell access.

Shell keys expire seven days after they are created by Tanium Support.

Support for Tanium Appliances

To contact Tanium Support for help, sign in to https://support.tanium.com.

TanOS support lifecycle

Tanium routinely provides security patches, feature improvements and bug fix repairs to TanOS appliances via in-place upgrades, incrementing TanOS versions forward. These upgrades are the only way to ensure your Tanium appliance is patched against the latest security vulnerabilities and known software issues, since Tanium only releases versions forward and does not release patches against previously released versions. Tanium offers a fixed date lifecycle policy for Tanium Appliances. Physical hardware support terms are different and can be found in the Hardware Terms and Conditions.

In order to be able to provide support for Tanium Appliances, the TanOS version must not be older than 18 months from the date of release. Customers are required to upgrade TanOS versions that have reached end of support prior to Tanium working on a support case. Customers are strongly encouraged to stay on the latest release of TanOS to ensure they are using the most secure and functional Tanium Appliance product available.

For TanOS versions that are beyond the support lifecycle term, Tanium offers commercially reasonable support as follows:

• Commercially reasonable support incidents will be provided through Tanium Support. If the support incident requires escalation to development for further guidance or requires a non-security or a security update, then customers will be asked to upgrade to a fully supported TanOS version.

• Commercially reasonable support does not include an option to engage Tanium product development resources; technical workarounds may be limited or not possible.

Tanium customers are expected to use the provided upgrade paths to maintain TanOS at a supported version on an ongoing basis. Previous TanOS release dates can be viewed in the Tanium Knowledge Base, to determine if a given version is still within the Tanium support window.

Support information for physical Tanium Appliances

For detailed information about support for physical Tanium Appliances, review your hardware support terms with Tanium. To receive ongoing support services for physical appliances, renew the annual support and maintenance services on each appliance. Customers can renew support and maintenance services for a maximum of 6 years from the original purchase date. Tanium Support is always the primary contact for all Tanium Appliance concerns, including hardware issues.