General Connectivity and Startup Troubleshooting for Agent , Elasticsearch and the MC

General Connectivity and Startup Troubleshooting

Network troubleshooting between the Waratek Secure agent and the management console, as well as elasticsearch can be a complex task, as there are many factors that can impact the connection. To troubleshoot this issue, you should first check the network settings on the Waratek Secure agent and the management console server, as well as elasticsearch to ensure that they are correct. This includes verifying that the IP address, FQDN's , and your port ranges are all correct. If you are unsure about any of these settings, you may need to consult your network administrator for assistance.

Firewall settings can often block incoming connections, so you will need to ensure that the appropriate ports are open on both devices. You may also need to configure your firewall to allow traffic through specific ports or protocols.

Below we will discuss the additional debug flags you could put in your waratek.properties file on the agent side to get additional logging.

You can safely enable the following parameter all the time as that will print out the start parameters for every application start.

com.waratek.ShowStart=true

It is useful for seeing all the configuration parameters for an application in the application logfile

For connectivity troubleshooting between Waratek Secure agent and MC , and elasticsearch the following can be enabled for troubleshooting purposes. You should disable these config parameters once connectivity is established. 

com.waratek.debug.mc=true

com.waratek.debug.transport.file=<new log file>

These will print out debug messages into specified logfiles, the rules.log, and the mc.log.

Also setting the following

com.waratek.ControllerUnavailableAction=fail

will enable additional more verbose during the showstart of the application in the application logs.

Agent Initially Online on Portal (Dedicated) UI But Soon Becomes Offline

Sometimes, often with WebLogic, the Agent intially connects to the Portal and shows as online but soon becomes offline, usually in the next 30 seconds. This is due to WebLogic's default implementation of htts being used which can 'break' the communications. To overcome this, you need to tell WebLogic to use Sun's implementation. You can do this by adding the following to the waratek.properties file or on the command line preceeded by "-D":

com.waratek.UseSunNetHttp=true

General Startup and Troubleshooting Information

This can be found in the Agent documentation, Configuration Guide Section, Java Agent Configurations SubSection, Agent Configuration/Startup Troubleshooting and Debugging Options.

Connectivity troubleshooting to our SAAS Portal

Setting the debug flags above on the agent , and reviewing the resulting logs does not always clearly reveal the issue. 

First step should be to check connectivity from agent to SAAS portal is ok

you can run the following command:

curl -v 'https://agent-api-2.waratek.com/api/2/agents' --data '{"runtimeLanguage": "JAVA"}'

to see the following expected output

* Trying 18.66.171.128:443...
* Connected to agent-api-2.waratek.com (18.66.171.128) port 443
* ALPN: curl offers h2,http/1.1
* (304) (OUT), TLS handshake, Client hello (1):
*  CAfile: /etc/ssl/cert.pem
*  CApath: none
* (304) (IN), TLS handshake, Server hello (2):
* (304) (IN), TLS handshake, Unknown (8):
* (304) (IN), TLS handshake, Certificate (11):
* (304) (IN), TLS handshake, CERT verify (15):
* (304) (IN), TLS handshake, Finished (20):
* (304) (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / AEAD-AES128-GCM-SHA256
* ALPN: server accepted h2
* Server certificate:
*  subject: CN=*.waratek.com
*  start date: Jan 23 00:00:00 2024 GMT
*  expire date: Feb 20 23:59:59 2025 GMT
*  subjectAltName: host "agent-api-2.waratek.com" matched cert's "*.waratek.com"
*  issuer: C=US; O=Amazon; CN=Amazon RSA 2048 M02
*  SSL certificate verify ok.
* using HTTP/2
* [HTTP/2] [1] OPENED stream for https://agent-api-2.waratek.com/api/2/agents
* [HTTP/2] [1] [:method: POST]
* [HTTP/2] [1] [:scheme: https]
* [HTTP/2] [1] [:authority: agent-api-2.waratek.com]
* [HTTP/2] [1] [:path: /api/2/agents]
* [HTTP/2] [1] [user-agent: curl/8.4.0]
* [HTTP/2] [1] [accept: */*]
* [HTTP/2] [1] [content-length: 27]
* [HTTP/2] [1] [content-type: application/x-www-form-urlencoded]
> POST /api/2/agents HTTP/2
> Host: agent-api-2.waratek.com
> User-Agent: curl/8.4.0
> Accept: */*
> Content-Length: 27
> Content-Type: application/x-www-form-urlencoded
>
< HTTP/2 403
< content-length: 0
< date: Tue, 20 Feb 2024 16:00:41 GMT
< x-content-type-options: nosniff
< x-xss-protection: 0
< cache-control: no-cache, no-store, max-age=0, must-revalidate
< pragma: no-cache
< expires: 0
< x-frame-options: DENY
< x-cache: Error from cloudfront
< via: 1.1 e18052d443b6eff3bca335d622d35252.cloudfront.net (CloudFront)
< x-amz-cf-pop: DUB56-P1
< x-amz-cf-id: 19JemrOAzs9Sa9Kc_QDvKgG_k9IIpUkUOZz28AG6yO98_IMMSaau6g==
<
* Connection #0 to host agent-api-2.waratek.com left intact

If the Curl connection works but the Agent doesn’t, it’s possible that the issue is with the version of Java.
Attached is a simple Java class that establishes a connection to the Portal, very similar to what Curl does, and very similar to what the Java Agent does internally. Except it doesn’t swallow any exceptions so can be more useful when debugging.

To compile with the version of Java the agent is using: