Overview π₯
The Active Directory Inspector may fail with the following error during execution:
The inspector job exited with a non-zero exit code. Error: Error occurred running the inspector. Exit code was 1 and signal was null (node:5824) ExperimentalWarning: Policies are experimental.
This error indicates the inspection process terminated unexpectedly before completing its normal execution lifecycle.
This behavior is typically caused by local system restrictions, outdated dependencies, or environmental interference on the Liongard Agent host machine.
Why This Happens? π€
This error is most commonly triggered by one or more of the following conditions:
Root Cause | Explanation |
PowerShell Execution Policy restrictions | Blocks script execution used by the inspector |
Outdated Node.js runtime | Incompatible with current Liongard inspector modules |
Legacy PowerShell versions | Missing required cmdlets or execution methods |
Agent service permission issues | Agent account lacks required local or domain-level rights |
Antivirus/EDR blocking processes | Scripts or child processes quarantined or prevented |
Corrupt inspector cache | Stale cached objects interfere with execution |
Windows Policy hardening | GPOs restricting script execution or unsigned modules |
Common Scenarios π§βπ«
Environment Type | Risk Level | Notes |
DCs with hardened GPOs | High | Execution policy often set to |
Non-DC agent hosts | Medium | Missing AD-related modules and permissions |
Servers with 3rd-party EDR | High | Frequently blocks node.exe or PowerShell scripts |
Legacy OS versions | High | Unsupported Node.js and PowerShell versions |
Steps to Resolve π¨βπ»
1οΈβ£ Identify the Agent Host Machine
Navigate to:
βAdmin β Inspectors β Active DirectorySelect the affected system.
Click the three-dot menu β Edit.
Record the Agent Name.
Log in to that agent host machine.
2οΈβ£ Verify and Correct PowerShell Execution Policy
Open PowerShell as Administrator and run:
Get-ExecutionPolicy -List
Expected State | Why It Matters |
| Allows Liongard scripts to run |
If restricted, run:
Set-ExecutionPolicy RemoteSigned -Scope LocalMachine -Force
Restart the Liongard Agent service:
services.msc β Liongard Agent β Restart
3οΈβ£ Validate Node.js Version
Run:
node -v
Version Status | Action |
Outdated / Unsupported | Install latest supported Node.js runtime |
Node missing | Reinstall Agent |
4οΈβ£ Validate PowerShell Version
Run:
$PSVersionTable.PSVersion
Requirement | Recommendation |
Legacy versions | Upgrade to modern supported PowerShell |
5οΈβ£ Review Windows Event Logs
Open:
eventvwr.mscNavigate to:
Windows Logs β Application
Windows Logs β System
Look for:
Event Type | Likely Cause |
Script blocked | Execution policy / EDR |
Node.exe failure | Runtime or dependency issue |
Access denied | Permission problem |
6οΈβ£ Check Antivirus / Endpoint Protection
Confirm the following paths and processes are not blocked:
Component | Exclusion Recommendation |
Liongard Agent directory | Whitelist in AV/EDR |
| Mark as allowed application |
PowerShell scripts | Exclude from real-time scanning |
7οΈβ£ Confirm Agent Permissions
Ensure the Liongard Agent service runs as:
Account Type | Requirement |
Service Account | Local Administrator |
Domain Access | Read access to AD objects |
7οΈβ£ Run CCDM (Clear Cache + Debug Mode)
CCDM clears stale inspector data and gathers detailed logs. This produces expanded diagnostic logs for review.
Additional Diagnostics π€©
Diagnostic Command | Purpose |
| Confirms script execution rights |
| Verifies Node.js compatibility |
| Ensures PowerShell version support |
Agent logs | Confirms runtime behavior |
Troubleshooting Flow π
Step | If Pass | If Fail | Action |
Execution policy | Continue | Fix | Set to RemoteSigned |
Node.js version | Continue | Fix | Update Node |
PowerShell | Continue | Fix | Upgrade |
Event logs | Review | Errors | Remediate errors |
AV exclusions | Clear | Blocked | Add exclusions |
Agent permissions | Correct | Insufficient | Update service rights |
CCDM run | Clean | Errors | Export logs |
Best Practices / Prevention π
Keep Node.js, PowerShell, and Liongard Agent updated.
Maintain documented execution policy standards.
Continuously monitor endpoint security exclusions.
Use CCDM proactively after environment changes.
Validate permissions quarterly.
When to Contact Support π¦
Open a Liongard Support case if:
Situation | Provide This Data |
Persistent failures | Inspector debug logs |
Unknown errors | Output of execution policy |
Node failures |
|
PowerShell issues |
|
Agent problems | Service account info |