HP Anyware Connector - Common Installation Issues

Rate this Article

September 14, 2022

Last modified: 03/16/2024, 2:13 am

Knowledge Base Article Troubleshooting Setup HP Anyware

This knowledge base article provides a brief list of troubleshooting steps for common issues related to installing the HP Anyware Connector. This article is not intended to be a comprehensive troubleshooting guide.

The potential issues have been broken into issues that can occur in the pre-installation and post installation processes, as outlined below.

Issues Pre-Installation

Verify that the HP Anyware Connector system requirements are met.

https://www.teradici.com/web-help/cas_manager/cloud_access_connector/cac_server/

Check that the required ports are open.

Port	Port Number	Direction	Description
TCP	22 (SSH)	IN	To allow secure remote access into the EC2 CAC VM.
TCP	443	IN	Client Authentication, Cloud Licensing
TCP	4172	IN	PCoIP Session Establishment
UDP	4172	IN \| OUT	PCoIP Session Data

HP Anyware Connector - Common Installation Issues

From the HP Anyware Connector machine, verify that you can reach the Domain Controller and the Remote Workstation.

ping 
ping 
nslookup 
nslookup domain.com 
nslookup -type=SRV _ldap._tcp.domain.com
nslookup -type=SRV _ldap._tcp.domain.com 

ping 
ping

If these commands return a name resolution error. Check that DNS is setup correctly.

On the Ubuntu machine, review the netplan file. Make sure that the name server's address and search list are set.
Netplan:

network:
    ethernets:
        ens4:
            nameservers:
                addresses: [10.0.0.100]
                search: [domain.com]
    version: 2

Check that LDAPS is enabled on the Domain Controller.

The easiest way to check is to try make a TLS connection on the LDAPS port to the domain controller.

openssl s_client -connect dc1.domain.com:636

also make sure that the certificate is not expired or otherwise invalid (ex: Incorrect Common Name or Subject Alternative Name)

openssl s_client -connect dc1.domain.com | openssl x509 -noout -dates

Make sure that the HP Anyware Connector can reach the required external sites.

cam.teradici.com - This is HP Anyware Manager. It is required for both API usage and to access the HP Anyware Manager Admin Console user interface.
archive.ubuntu.com - Source for first-party Ubuntu packages; required so that the OS on the HP Anyware Connector remote workstation can be kept up to date.
teradici.flexnetoperations.com - Required for license verification when installing the HP Anyware Connector. Required for HP Anyware Agent license activation and verification during session establishment.
- https://www.teradici.com/web-help/pcoip_agent/graphics_agent/windows/current/admin-guide/licensing/licensing/#using-teradici-cloud-licensing
https://www.teradici.com/web-help/cas_manager/current/troubleshooting/installer_issues/ - Source for HP Anyware Connector components, configuration files and the HP Anyware Connector installer; required in order for the HP Anyware Connector to be installed, configured and updated over time.
download.docker.com - Source for Docker; required so that Docker can be installed to run the HP Anyware Connector.
sumologic.com - Endpoint for log aggregation; logs from the HP Anyware Connector components are sent to Sumo Logic. For more details on the information we collect and how we collect it, please see the HP Anyware Manager Privacy Policy .

Make sure that the installer parameters provided to the installer are correct.

Registration Code is a Cloud License Server key, not a Local License Server key.
Verify the Base Distinguished Name to the Computer & User DNs are correct.

https://www.teradici.com/web-help/cas_manager/cloud_access_connector/cac_install/

For additional log verbosity specify the --debug flag during installation. Cloud-access-connector logs can be found under /var/logs/cloud-access-connector.
https://www.teradici.com/web-help/cas_manager/troubleshooting/installer_issues/

LDAP Specific Issues.

#Installs ldap-util tools.
sudo apt install ldap-utils  

#Checks if AD user can authenticate to the Domain Controller.
ldapwhoami -h  -D username@domain.com -W  

#Returns DN for All Group DN under the "My Example" OU.
ldapsearch -h  -D username@domain.com -w 'password' -b 'cn=My Example OU,dc=domain,dc=com' '(objectClass=group)' dn  

#Returns User "cam_admin" if found in the domain.
ldapsearch -h  -D username@domain.com -w 'password' -b 'dc=domain,dc=com' "(&(objectCategory=user)(name=cam_admin))" memberOf

AD Sync Service
#Ad Users Synced to CAM.
ldapsearch -h  -D username@domain.com -W -b '' '(&(objectCategory=person)(objectClass=user))'

#AD Computers synced to CAM.
ldapsearch -h  -D username@domain.com -W -b '' '(&(!(primaryGroupID=516))(objectCategory=computer))'{code}

Issues Post-Installation

Check the status of cam.teradici.com along with your infrastructure, connector & deployment for any errors or outages.

https://status.teradici.com/

Check that the connector is running.

docker service ls
ID                  NAME                            MODE                REPLICAS            IMAGE                                                                PORTS
jzbp9x2jjau9        connector_activedirectorysync   replicated          1/1                 teradici-docker-registry.bintray.io/adsync:16-release            
n2yyvddp2tdm        connector_brokerexternal        replicated          1/1                 teradici-docker-registry.bintray.io/broker:16-release            
s39htueiscpi        connector_brokerinternal        replicated          1/1                 teradici-docker-registry.bintray.io/broker:16-release            
rr3q0m6tt8mn        connector_cm                    replicated          1/1                 teradici-docker-registry.bintray.io/cmsg:cm-20.04-sg-20.04-beta  
7migtmxs0b4j        connector_cmsg                  replicated          1/1                 teradici-docker-registry.bintray.io/cmsg:cm-20.04-sg-20.04-beta  
i4qe7cft3ca0        connector_connectorgateway      replicated          1/1                 teradici-docker-registry.bintray.io/connectorgateway:3-release   
kjxplyduo6n6        connector_healthcheck           replicated          1/1                 teradici-docker-registry.bintray.io/healthcheck:10-release       
hzk3vbcbg8g3        connector_managementinterface   replicated          1/1                 teradici-docker-registry.bintray.io/managementinterface:16-release
qlod0062c30u        connector_sumologic             global              1/1                 sumologic/collector:latest

HP Anyware Connector components:

connector_activedirectorysync - Syncs Active Directory Users and Computers to CAM. This is where we sync the Users and Computers that appear in the CAM Admin Console based on the computer-dn & user-dn specified during installation.
connector_brokerinternal - This will process requests from the connector_cm and look for resources the user is authorized to connect to in CAM.
connector_brokerexternal - This will process requests from the connector_cmsg.and look for resources the user is authorized to connect to in CAM. If MFA is enabled, this will pass the MFA passcode to the Radius server.
connector_cm - Internal Connection Manager. This will broker connections with the connector_brokerinternal. Resulting connections will send in session traffic directly from the client to the agent machine.
connector_cmsg - This is the external Connection Manager. The Security Gateway here is enabled. This will broker connections with connector_brokerexternal. Resulting connections will send traffic from the client to agent via the Security Gateway.
connector_connectorgateway - Proxies incoming connections to either the connector_cm, connector_cmsg, or connector_managementinterface based off of the header information for the request.
connector_healthcheck - This will probe CAC components and check if they are in a healthy state and update the connector's status in cam.teradici.com. This will also report on the health of the Domain Controller and the connector_gateway's TLS Certificate expiration date
connector_sg - The Security Gateway servers as a communication bridge between PCoIP client devices external to a protected network, and desktops within a protected network. Additionally, the Security Gateway is the only means for a client device to connect from outside a protected network into a desktop, and as such it provides an attractive target to black hats wishing to infiltrate a network, take over a session, or eavesdrop.
connector_managementinterface - Legacy UI for CACv1. Functional, but we recommend using the CAM Admin Console (ie, https://cam.teradici.com)

Check the logs for errors:

sudo -i
docker service logs connector_ --since=

https://www.teradici.com/web-help/cas_manager/troubleshooting/cac_logs/

Check for HP Anyware Connectivity issues:

https://www.teradici.com/web-help/cas_manager/troubleshooting/cas_manager_diagnose/

If all else fails or for additional steps. Open a support ticket at docs .teradici.com .

HP Anyware Manager Webinar

Teradici conducted a webinar that covers a simple POC deployment and installation of the HP Anyware Manager on the public cloud. To view this webinar, click here.