Troubleshooting Connectivity Issues¶
A common cause of PCoIP session connectivity issues is firewall misconfiguration. Use tools such as ssldump and tcpdump (for Linux) and Wireshark (for Windows) to verify that packets sent by a particular source are actually received at the intended destination.
Verifying Network Connectivity¶
The network connections between the following endpoints all need to be operational for a PCoIP session to be successful.
Connection | Port | Source |
---|---|---|
PCoIP Connection Manager | 443 TCP | PCoIP Client |
Connection Broker | 443 (configurable) TCP | PCoIP Connection Manager |
PCoIP Agent | 60443 TCP | PCoIP Connection Manager |
When Security Gateway is enabled | ||
PCoIP Security Gateway | 4172 TCP/UDP | PCoIP Client |
PCoIP Agent | 4172 TCP/UDP | PCoIP Security Gateway |
When Security Gateway is disabled (Direct Connection) | ||
PCoIP Agent | 4172 UDP/TCP | PCoIP Client |
Verifying PCoIP Client to PCoIP Connection Manager Connectivity¶
To use ssldump to verify PCoIP client to PCoIP Connection Manager connectivity on TLS port 443:
- On the server hosting the PCoIP Connection Manager, start ssldump:
sudo ssldump -i eth0 host <client-ip-address> port 443
- From the client, connect to the PCoIP Connection Manager.
- Verify from ssldump output that the PCoIP Connection Manager is receiving data from the client.
Verifying PCoIP Connection Manager to Connection Broker Connectivity¶
To verify PCoIP Connection Manager to connection broker connectivity on TLS port 443:
- On the server hosting the connection broker, use ssldump or Wireshark to capture packets from the PCoIP Connection Manager on TLS port 443.
- From the client, connect to the PCoIP Connection Manager.
- Try to authenticate.
- Verify from ssldump or Wireshark output that the connection broker is receiving data from the PCoIP Connection Manager.
Verifying PCoIP Connection Manager to PCoIP Agent Connectivity¶
To verify PCoIP Connection Manager to agent collectivity on TLS port 60443:
- On the virtual desktop host, use ssldump or Wireshark to capture packets from the PCoIP Connection Manager on TLS port 60443.
- From the client, connect to the PCoIP Connection Manager.
- Try to authenticate and establish a session.
- Select a resource and connect.
- Verify from ssldump or Wireshark output that the PCoIP agent is receiving data from the PCoIP Connection Manager.
Verifying PCoIP Client to PCoIP Security Gateway Connectivity¶
To verify that the server hosting the PCoIP Security Gateway is receiving session initiation data from the client on TLS port 4172:
- On the server hosting the PCoIP Security Gateway, start ssldump:
sudo ssldump -i eth0 host [client-ip-address] and port 4172
- From the client, connect to the PCoIP Connection Manager.
- Try to authenticate and establish a session.
- Select a resource and connect.
- Verify from ssldump output that the PCoIP Security Gateway is receiving data from the client.
If the firewall is configured to enable TCP traffic over port 4172 but not UDP traffic, then the ssldump command shows packets but you won't be able to establish a PCoIP session.
Verifying PCoIP Security Gateway is Receiving UDP Traffic from the Client¶
To verify that the PCoIP Security Gateway is receiving UDP traffic from the PCoIP client:
- On the server hosting the PCoIP Security Gateway, start tcpdump:
sudo tcpdump -i eth0 host [client-ip-address] and -n udp port 4172
- From the client, connect to the PCoIP Connection Manager.
- Try to authenticate and establish a session.
- Select a resource and connect.
- Verify from ssldump output that the PCoIP Security Gateway is receiving data from the client.
Verifying PCoIP Server is Receiving UDP Traffic from the Client¶
To verify that the PCoIP server is receiving UDP traffic from the PCoIP client:
- On the server hosting the PCoIP server, start tcpdump:
sudo tcpdump -i eth0 host [server-ip-address] and -n udp port 4172
- From the client, connect to the PCoIP Connection Manager.
- Try to authenticate and establish a session.
- Select a resource and connect.
- Verify from ssldump output that the PCoIP server is receiving data from the client.
Verifying Agent Availability¶
Ensure your DNS is configured correctly, then verify you can establish and maintain a connection to the agent.
For each virtual desktop host in your deployment or RDS farm, verify that you can establish TLS connections from the server hosting the PCoIP Connection Manager to the PCoIP agent listening on ports 4172 and 60443:
openssl s_client -connect <host-ip-address>:4172 openssl s_client -connect <host-ip-address>:60443
Verifying Connection Broker Availability¶
If you are using a connection broker and the firewall is configured correctly, then verify you can establish a TLS connection from the server hosting the PCoIP Connection Manager to the connection broker listening on port 443:
openssl s_client -connect <broker-ip-address>:443
Verifying PCoIP Connection Manager and Security Gateway Status¶
If you cannot connect to the PCoIP Connection Manager, ensure you had uninstalled the httpd service before you installed the connection manager. If the httpd service was installed when you install the PCoIP Connection Manager, you must uninstall the httpd service and then reinstall the PCoIP Connection Manager.
Verifying PCoIP Connection Manager Status¶
To verify the PCoIP Connection Manager and its components, issue the verification commands from the server hosting the PCoIP Connection Manager.
The PCoIP Connection Manager is a web application that runs under Tomcat—a Java application launched under the ownership of the connection_manager system user.
To verify Tomcat is operating, use the ps command to find processes running under the connection_manager user:
ps –fu connection_manager
If the process is running, you see output similar to the following:
UID PID PPID C STIME TTY TIME CMD 498 2264 1 0 00:51 ? 00:01:10 /usr/bin/java -Djava.../tomcat/...
- Establish a TLS connection with openssl s_client:
openssl s_client –crlf -connect 127.0.0.1:443
-
When the SSL connection is established, copy and paste the following text to issue a dummy HTTP POST command:
If the PCoIP Connection Manager is operational, it returns XML with anPOST /pcoip-broker/xml HTTP/1.1 Host: localhost Content-type: text/xml; charset=UTF-8 Content-Length: 39 <?xml version="1.0" encoding="UTF-8"?>
element. If the PCoIP Connection Manager is not operational, check these log files for errors: - /var/log/Teradici/ConnectionManager/catalina.log.
- /var/log/Teradici/ConnectionManager/pcoip-connmgr_*.log.
Verifying PCoIP Security Gateway Status¶
If you have configured the PCoIP Connection Manager to use the PCoIP Security Gateway, use the ps command to find processes running under the security_gateway user:
ps -fu security_gateway
UID PID PPID C STIME TTY TIME CMD 4172 4818 4816 0 22:43 ? 00:00:00 /opt/Teradici/SecurityGateway/...
When establishing a PCoIP session, you can use tcpdump to verify that the PCoIP Connection Manager is communicating with the PCoIP Security Gateway:
sudo tcpdump -i lo port 50060
openssl s_client –crlf -connect 127.0.0.1:4172 –server localhost