Troubleshoot engine connectivity.
The following provides instructions for troubleshooting connectivity issues from the engine to the endpoint.
Follow the instructions in network troubleshooting.
Ensure that the engine can reach the endpoint by running the following command on the server engine.
sudo curl -kvv <endpointURL>
If the engine could not reach the endpoint, try the IP with curl instruction adding the http(s)//, or try using ping.
If this works, add the IP to the /etc/hosts file with the hostname and try to reach the endpoint again by running the following command on the engine server
sudo curl -kvv <endpointURL>
If this still fails, then this is an issue of connectivity between the engine and endpoint and you need to resolve this with your networking team.
Once connectivity has been confirmed via curl:
Try connecting within Docker without passing host networking.
docker run -it --rm demisto/netutils:1.0.0.6138 curl -kvv <endpointURL>
If this succeeds but the integration still fails, it could be an integration credentials issue. In that case, open a support case.
If without passing host networking fails, run the following:
docker run -it --rm --network=host demisto/netutils:1.0.0.6138 curl -kvv <endpointURL>
If this succeeds, add
"python.pass.extra.keys": "--network=host" to /usr/local/demisto/d1.conf
and retest the integration.If you see a Docker or Selinux issue, see Troubleshoot Docker Networking Issues.
If the installation issue remains, open a support case with logs from the engine.
On the engine server, in
/usr/local/demisto/d1.conf
, set "LogLevel": "debug”.Restart the d1 service and let it run for a few minutes.
sudo systemctl restart d1
Note
If the Allow running multiple engines on the same machine option is selected, run the command:
sudo systemctl restart d1_<Engine _name>
Capture a journalctl:
journalctl --since "1 day ago" > engineTroubleshootingJournalctl.log
On the engine server, tar up the logs, conf, journalctl, and install log on the engine.
tar -cvzf engineLogs.tar.gz /var/log/demisto /usr/local/demisto/d1.conf /tmp/demisto_install.log engineTroubleshootingJournalctl.log
Engine 443 Error
This error can occur when a connection is established between an engine and the Cortex XSOAR tenant, because, by default, Linux does not allow processes to listen on low-level ports.
Error Message
listen tcp :443: bind: permission denied
Solution
In the
d1.conf
file, change the port number to a higher one, for example, 8443.Run this command:
sudo setcap CAP_NET_BIND_SERVICE=+eip /path/to/binary
. After running this command the server should be able to bind to low-numbered ports.
Bad Handshake Error
This error can occur in the engine logs relating to a bad handshake on the engine trying to connect to a Cortex XSOAR tenant.
Error Message
Cannot connect to [wss:/xxx]: [wss://xxx|wss://xxx/]: websocket: bad handshake
Solution
Verify that time is synchronized on the engine to a reliable NTP source. When timing is off on the engine, this can cause a failure during the SSL/TLS handshake process. When time is resynced, connectivity from the engine to the parent server should be restored.