HP Anyware Connector - Common Installation Issues

Rate this Article
Average: 1 (1 vote)

This knowledge base article provides a brief list of troubleshooting steps for common issues related to installing the HP Anyware Connector. This article is not intended to be a comprehensive troubleshooting guide.

The potential issues have been broken into issues that can occur in the pre-installation and post installation processes, as outlined below.

Issues Pre-Installation

Verify that the HP Anyware Connector system requirements are met.

https://www.teradici.com/web-help/cas_manager/cloud_access_connector/cac_server/


Check that the required ports are open.

Port Port Number Direction Description
TCP 22 (SSH) IN To allow secure remote access into the EC2 CAC VM.
TCP 443 IN Client Authentication, Cloud Licensing
TCP 4172 IN PCoIP Session Establishment
UDP 4172 IN | OUT PCoIP Session Data


HP Anyware Connector - Common Installation Issues

 

From the HP Anyware Connector machine, verify that you can reach the Domain Controller and the Remote Workstation.

ping 
ping 
nslookup 
nslookup domain.com 
nslookup -type=SRV _ldap._tcp.domain.com
nslookup -type=SRV _ldap._tcp.domain.com 

ping 
ping 

If these commands return a name resolution error. Check that DNS is setup correctly.

On the Ubuntu machine, review the netplan file. Make sure that the name server's address and search list are set.
Netplan:

network:
    ethernets:
        ens4:
            nameservers:
                addresses: [10.0.0.100]
                search: [domain.com]
    version: 2


Check that LDAPS is enabled on the Domain Controller.

The easiest way to check is to try make a TLS connection on the LDAPS port to the domain controller.

openssl s_client -connect dc1.domain.com:636

also make sure that the certificate is not expired or otherwise invalid (ex: Incorrect Common Name or Subject Alternative Name)

openssl s_client -connect dc1.domain.com | openssl x509 -noout -dates

 

Make sure that the HP Anyware Connector can reach the required external sites.


Make sure that the installer parameters provided to the installer are correct.

  • Registration Code is a Cloud License Server key, not a Local License Server key.
  • Verify the Base Distinguished Name to the Computer & User DNs are correct.

https://www.teradici.com/web-help/cas_manager/cloud_access_connector/cac_install/

For additional log verbosity specify the --debug flag during installation. Cloud-access-connector logs can be found under /var/logs/cloud-access-connector.
https://www.teradici.com/web-help/cas_manager/troubleshooting/installer_issues/


LDAP Specific Issues.

#Installs ldap-util tools.
sudo apt install ldap-utils  

#Checks if AD user can authenticate to the Domain Controller.
ldapwhoami -h  -D username@domain.com -W  

#Returns DN for All Group DN under the "My Example" OU.
ldapsearch -h  -D username@domain.com -w 'password' -b 'cn=My Example OU,dc=domain,dc=com' '(objectClass=group)' dn  

#Returns User "cam_admin" if found in the domain.
ldapsearch -h  -D username@domain.com -w 'password' -b 'dc=domain,dc=com' "(&(objectCategory=user)(name=cam_admin))" memberOf

AD Sync Service
#Ad Users Synced to CAM.
ldapsearch -h  -D username@domain.com -W -b '' '(&(objectCategory=person)(objectClass=user))'

#AD Computers synced to CAM.
ldapsearch -h  -D username@domain.com -W -b '' '(&(!(primaryGroupID=516))(objectCategory=computer))'{code}

 

Issues Post-Installation

Check the status of cam.teradici.com along with your infrastructure, connector & deployment for any errors or outages.

https://status.teradici.com/


Check that the connector is running.

docker service ls
ID                  NAME                            MODE                REPLICAS            IMAGE                                                                PORTS
jzbp9x2jjau9        connector_activedirectorysync   replicated          1/1                 teradici-docker-registry.bintray.io/adsync:16-release            
n2yyvddp2tdm        connector_brokerexternal        replicated          1/1                 teradici-docker-registry.bintray.io/broker:16-release            
s39htueiscpi        connector_brokerinternal        replicated          1/1                 teradici-docker-registry.bintray.io/broker:16-release            
rr3q0m6tt8mn        connector_cm                    replicated          1/1                 teradici-docker-registry.bintray.io/cmsg:cm-20.04-sg-20.04-beta  
7migtmxs0b4j        connector_cmsg                  replicated          1/1                 teradici-docker-registry.bintray.io/cmsg:cm-20.04-sg-20.04-beta  
i4qe7cft3ca0        connector_connectorgateway      replicated          1/1                 teradici-docker-registry.bintray.io/connectorgateway:3-release   
kjxplyduo6n6        connector_healthcheck           replicated          1/1                 teradici-docker-registry.bintray.io/healthcheck:10-release       
hzk3vbcbg8g3        connector_managementinterface   replicated          1/1                 teradici-docker-registry.bintray.io/managementinterface:16-release
qlod0062c30u        connector_sumologic             global              1/1                 sumologic/collector:latest


HP Anyware Connector components:

  • connector_activedirectorysync - Syncs Active Directory Users and Computers to CAM. This is where we sync the Users and Computers that appear in the CAM Admin Console based on the computer-dn & user-dn specified during installation.
  • connector_brokerinternal - This will process requests from the connector_cm and look for resources the user is authorized to connect to in CAM.
  • connector_brokerexternal - This will process requests from the connector_cmsg.and look for resources the user is authorized to connect to in CAM. If MFA is enabled, this will pass the MFA passcode to the Radius server.
  • connector_cm - Internal Connection Manager. This will broker connections with the connector_brokerinternal. Resulting connections will send in session traffic directly from the client to the agent machine.
  • connector_cmsg - This is the external Connection Manager. The Security Gateway here is enabled. This will broker connections with connector_brokerexternal. Resulting connections will send traffic from the client to agent via the Security Gateway.
  • connector_connectorgateway - Proxies incoming connections to either the connector_cm, connector_cmsg, or connector_managementinterface based off of the header information for the request.
  • connector_healthcheck - This will probe CAC components and check if they are in a healthy state and update the connector's status in cam.teradici.com. This will also report on the health of  the Domain Controller and the connector_gateway's TLS Certificate expiration date
  • connector_sg - The Security Gateway servers as a communication bridge between PCoIP client devices external to a protected network, and desktops within a protected network. Additionally, the Security Gateway is the only means for a client device to connect from outside a protected network into a desktop, and as such it provides an attractive target to black hats wishing to infiltrate a network, take over a session, or eavesdrop.
  • connector_managementinterface - Legacy UI for CACv1. Functional, but we recommend using the CAM Admin Console (ie, https://cam.teradici.com)


Check the logs for errors:

sudo -i
docker service logs connector_ --since=

https://www.teradici.com/web-help/cas_manager/troubleshooting/cac_logs/


Check for HP Anyware Connectivity issues:

https://www.teradici.com/web-help/cas_manager/troubleshooting/cas_manager_diagnose/

 


If all else fails or for additional steps. Open a support ticket at docs.teradici.com.

 

 

HP Anyware Manager Webinar

Teradici conducted a webinar that covers a simple POC deployment and installation of the HP Anyware Manager on the public cloud. To view this webinar, click here.