Support

Troubleshooting

Common deployment and endpoint issues, with the checks to run first.

"SnitchOS requires TENANT_ID and ENROLLMENT_KEY properties" on install

The MSI was opened without the required tenant ID and enrollment key. This is an intentional validation failure. Use the per-tenant wrapper for normal deployment, or provide a valid one-off key for a manual install.

Fix: sign in at app.snitchos.comTenants → <tenant> → Manage keys → download Install-SnitchOS-<slug>.ps1 and run it elevated on the endpoint. See the deployment guide for the one-off manual path.

Enrollment returns "Invalid enrollment credentials"

In order of likelihood:

  1. Key already used up — a one-off key with max uses = 1 was used before, or an administrator deliberately rotated the fleet key.
  2. Key expired — past its expiry date.
  3. Key revoked — an admin revoked it in the dashboard.
  4. Wrong tenant ID — mistyped UUID in a manual install.

The error is intentionally identical in all four cases so key/tenant existence can't be probed. Fix: download a fresh installer script (or mint a fresh one-off key) and rerun.

Devices enrolled but every user shows as "unknown"

The per-session helper isn't running in user sessions. On the endpoint, check:

Get-Process SnitchOS.SessionAgent -ErrorAction SilentlyContinue |
    Select-Object Id, SI, ProcessName

SI should match a non-zero interactive session id. If no process exists, collect C:\ProgramData\SnitchOS\logs\agent-*.log and open a support ticket.

Antivirus flags the agent

Security products can flag the input-count hook even though SnitchOS records counts only. First verify the installer and binaries are signed by the expected publisher. Then work with the client's security team on the narrowest appropriate allow rule. Do not rely on a permanent hash exception because the hash changes with each release, and never bypass an unsigned-publisher warning.

Device doesn't appear on the tenant overview

  1. Wait 60 seconds — first check-in is quick but not instant.
  2. Run the local health helper: & "C:\Program Files\SnitchOS\SnitchOS.HealthCheck.ps1" — it reports service state and connectivity.
  3. Confirm the endpoint can reach api.snitchos.com and cdn.snitchos.com over HTTPS (proxy/firewall rules).

Uninstall left files behind

By design, normal uninstall keeps local support state so a reinstall keeps history. To remove everything:

msiexec /x "{<product-code>}" /qn PURGE_CONFIG=1
Stuck on something not listed here? Open a ticket from the in-dashboard support desk and include the tenant slug and the output of SnitchOS.HealthCheck.ps1 -Json if you can.