HP Anyware Connector Broker Error Codes

Rate this Article

November 8, 2020

Last modified: 09/15/2023, 1:43 pm

Knowledge Base Article Troubleshooting HP Anyware

Summary

This KB article details some know specific sources of failures, how to determine if it's that specific failure and if there's any known resolutions relating to the Cloud Access Connector Broker.

HP Anyware Manager logs can be found under: 
/var/log/cloud-access-connector 
https://www.teradici.com/web-help/pcoip_cloud_access_manager/CACv2/troubleshooting/troubleshooting_logs/

HP Anyware Connector Log Components

- connector_activedirectorysync: Syncs Active Directory Users and Computers to HP Anyware Manager. This is where we sync the Users and Computers that appear in the HP Anyware Manager Admin Console based on the computer-dn, computers-filter, users-filter & user-dn specified during installation. Other information logged:

Connection information or errors to domain controllers
Query information or errors to the AD
information on what is transmitted up to HP Anyware Manager
failures communicating AD information to HP Anyware Manager
note, the sync information is logged in the HP Anyware Manager Admin Console and available in the activity log

 
- connector_brokerinternal: This will process requests from the connector_cm and look for resources the user is authorized to connect to in HP Anyware Manager. Other information logged:

Only used for users connecting from inside the corporate network
details are otherwise the same as for connector_brokerexternal
brokerinternal works with cm for session establishment

-  connector_brokerexternal: This will process requests from the connector_cmsg.and look for resources the user is authorized to connect to in HP Anyware Manager. If MFA is enabled, this will pass the MFA passcode to the Radius server. Other information logged:

Only used for users connecting from outside the corporate network
user authentication during the brokering or session establishment flow
incorrect password errors, mfa errors
errors obtaining the list of workstations the user is entitled to
status of the workstation at the time the user gets the list
errors communicating with active directory to authenticate the user
errors communicating with RADIUS server when attempting to authenticate the user
brokerexternal works with cmsg for session establishment

- connector_cm: - Internal Connection Manager. This will broker connections with the connector_brokerinternal. Resulting connections will send in session traffic directly from the client to the agent machine. Other information logged:

Users attempting to connect to their workstations (brokering)
username, source IP, PCoIP client type and version
stage of authentication
failure reasons during authentication or brokering (password, workstation unavailability)
cm works with brokerinternal to authenticate users

- connector_cmsg: This is the external Connection Manager. The Security Gateway here is enabled. This will broker connections with connector_brokerexternal. Resulting connections will send traffic from the client to agent via the Security Gateway. Other information logged:

Only used for users connecting from outside the corporate network
Same as above, but also
stats on connections from clients to agents through the SG, simultaneous number, bandwidth
cmsg works with brokerexternal to authenticate users

- connector_connectorgateway: Proxies incoming connections to either the connector_cm, connector_cmsg, or connector_managementinterface based off of the header information for the request. Other information logged:

Basic network connection info, such as client IP and any response code, and which service or route the client was trying to access

- connector_healthcheck: This will probe HP Anyware Connector components and check if they are in a healthy state and update the connector's status in cam.teradici.com. This will also report on the health of  the Domain Controller and the connector_gateway's TLS Certificate expiration date . Other information logged:

status of CAC components that are provided up to HP Anyware Manager
errors communicating the information to HP Anyware Manager
note: this information is available in the HP Anyware Manager Admin Console or via HP Anyware Manager APIs for the connector

- connector_managementinterface: Legacy UI for HP Anyware Connector Legacy. Functional, but we recommend using the HP Anyware Manager Admin Console (ie, https://cam.teradici.com). Other information logged:

information or errors that occur through the usage of the legacy management interface

- connector_sumologic: Information or errors that occur when working with sumologic to aggregate logs to Teradici.

HP Anyware Connector Error Codes

Result ID	Result String	Error Details	Known Reasons	Known Resolutions
ERR_BROKER_SYS_FAILED	Communication to the Domain Controller (DC) was not successful.		This is a general error when the broker fails to communicate to the DC. Other errors provided or logs in the broker must be investigated.	Verify that the HP Anyware Connector can reach the DCs: `ping <domain.com> ping <dc1.domain.com> nslookup <domain.com>` Check that LDAPS is enabled on the DC: The easiest way to check is to try to make a TLS connection on the LDAPS port to the DC: `openssl s_client -connect dc1.domain.com:636`
ERR_BROKER_SYS_FAILED	The certificate for DC is untrusted or invalid.		Something about the certificate is causing the SSL handshake to fail. Investigate the broker logs further, look for "CertificateException' for possible causes, for example: CommunicationException while connection to domain Controller javax.naming.CommunicationException: <hostname>:636 [Root exception is javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Illegal given domain name: <hostname>] One issue may be that the subject name for the cert and the FQDN of the DC do not match.	See KB 4052 () for resolution.
ERR_BROKER_SYS_FAILED	Cannot connect to to DC at any of the IP addresses. The DC is not responding to the LDAPS request.		If no port is listed, then it is likely the same root cause as the "Unable to resolve IP(s) for domain controller" error.	See "Unable to resolve IP(s) for domain controller" error.
ERR_BROKER_SYS_FAILED	Unable to resolve IP(s) for DC.		Broker was unable to resolve the DNS name to an IP address (notice there are no IP addresses listed, only a port).	Review broker logs, look for error: "Couldn't resolve DC IP for host: <hostname>" to get the hostname. Verify it is resolvable from HP Anyware Connector at command line. Verify that the HP Anyware Connector can reach and resolve the DC's DNS name: `ping <domain.com> ping <dc1.domain.com> nslookup <domain.com> nslookup domain.com <ip-of-dc1.domain.com> nslookup -type=SRV _ldap._tcp.domain.com nslookup -type=SRV _ldap._tcp.domain.com <ip-of-dc1.domain.com>`
ERR_INVALID_MSG_CONTENT	Message contains unrecognized XML tags		Most likely developer error or lack of proper co-ordination between components.	Create a support ticket at help.teradici.com for further assistance.
ERR_UNSUPPORTED_VERSION (6604)	Communication failed due to incompatible software versions. Your client or connection broker software needs to be upgraded. Please report this failure to your system administrator.	No version negotiated for this JSESSIONID.	Occurs as a result of the session between the client and Connection Manager (CM) expiring.	Retry the PCoIP Connection.
ERR_INVALID_SESSION (6606)	Command failed. Please report this failure to your system administrator.	Unknown/expired JSESSIONID.	Session from client to CM may have time out: Connection attempt started, and UI left open after connectiong to the CM for 10+ minutes. The Client is using a JSESSIONID that the CM is unaware of. The load balancer redirects the client to a different CM than where it started.	Review the broker logs under var/log.cloud-access-connector for the "Session-Log-ID found:" message that occurs before the (6606) error. Load Balancer Issue: Ensure the load balancer determines CM and client connect based on jsessionid. If the load balancer round robins IPs based on time, a user that is mid-session establishment during the switch would be impacted by this. You could lengthen the round robin time, or remove it entirely. See How to configure a Load Balancer for the HP Anyware Connector.
ERR_BROKER_RESP_FAILED (6608)	Command failed due to a connection broker communication failure, Please try again. If this failure persists, please report this to your system administrator.	Failed to connect to broker.	The Client failed to connect to the HP Anyware Connector. This error indicates that HP Anyware Manager is taking too long to respond to requests or a communication error between different components.	If you reach a 6608 error, please try to reconnect. If the reconnect fails, open a support ticket at help.teradici.com .
ERR_BROKER_RESP_FAILED (6608)	Command failed due to a communication failure. Please try again. If this failure persists, please report this failure to your system administrator.	Timed out communicating with broker.	The Client timed out communication with the PCoIP Broker.	If you reach a 6608 error, please try to reconnect. If the reconnect fails, open a support ticket at help.teradici.com .
ERR_PCOIP_AGENT_FAILED (6609)	Command failed due to a PCoIP Agent failure. Please try again. If this failure persists, please report this failure to your system administrator.	Problem communication with the PCoIP Agent.	The HP Anyware Connector was unable to communicate with the PCoIP Agent.	See KB 1052 for resolution.
ERR_GENERIC (6612)	Command failed. Please try again. If this failure persists, please report this failure to your system administrator.	Server problem.	A bug where the PCoIP Agent is providing some numeric data with a comma.	Requires development team support.
ERR_GENERIC (6612)	Command failed. Please try again. If this failure persists, please report this failure to your system administrator.	The requested session is invalid.		If you reach a 6612 error, open a support ticket at help.teradici.com .