Skip to content

Troubleshooting Connectivity Issues

A common cause of PCoIP session connectivity issues is firewall misconfiguration. Use tools such as ssldump and tcpdump (for Linux) and Wireshark (for Windows) to verify that packets sent by a particular source are actually received at the intended destination.

Verifying Network Connectivity

The network connections between the following endpoints all need to be operational for a PCoIP session to be successful.

Connection Port
PCoIP client to PCoIP Connection Manager TLS port 443
PCoIP Connection Manager to connection broker TLS port 443
PCoIP Connection Manager to PCoIP agent TLS port 60443

If you are using a security gateway:

Connection Port
PCoIP Client to PCoIP Security Gateway TLS port 4172, UDP port 4172
PCoIP Security Gateway to PCoIP agent TLS port 4172, UDP port 4172+

If you are not using a security gateway:

Connection Port
PCoIP Client to PCoIP Agent TLS port 4172, UDP port 4172+

Verifying PCoIP Client to PCoIP Connection Manager Connectivity

To use ssldump to verify PCoIP client to PCoIP Connection Manager connectivity on TLS port 443:

  1. On the server hosting the PCoIP Connection Manager, start ssldump:
    sudo ssldump -i eth0 host <client-ip-address> port 443
    
  2. From the client, connect to the PCoIP Connection Manager.
  3. Verify from ssldump output that the PCoIP Connection Manager is receiving data from the client.

Verifying PCoIP Connection Manager to Connection Broker Connectivity

To verify PCoIP Connection Manager to connection broker connectivity on TLS port 443:

  1. On the server hosting the connection broker, use ssldump or Wireshark to capture packets from the PCoIP Connection Manager on TLS port 443.
  2. From the client, connect to the PCoIP Connection Manager.
  3. Try to authenticate.
  4. Verify from ssldump or Wireshark output that the connection broker is receiving data from the PCoIP Connection Manager.

Verifying PCoIP Connection Manager to PCoIP Agent Connectivity

To verify PCoIP Connection Manager to agent collectivity on TLS port 60443:

  1. On the virtual desktop host, use ssldump or Wireshark to capture packets from the PCoIP Connection Manager on TLS port 60443.
  2. From the client, connect to the PCoIP Connection Manager.
  3. Try to authenticate and establish a session.
  4. Select a resource and connect.
  5. Verify from ssldump or Wireshark output that the PCoIP agent is receiving data from the PCoIP Connection Manager.

Verifying PCoIP Client to PCoIP Security Gateway Connectivity

To verify that the server hosting the PCoIP Security Gateway is receiving session initiation data from the client on TLS port 4172:

  1. On the server hosting the PCoIP Security Gateway, start ssldump:
    sudo ssldump -i eth0 host [client-ip-address] and port 4172
    
  2. From the client, connect to the PCoIP Connection Manager.
  3. Try to authenticate and establish a session.
  4. Select a resource and connect.
  5. Verify from ssldump output that the PCoIP Security Gateway is receiving data from the client.

If the firewall is configured to enable TCP traffic over port 4172 but not UDP traffic, then the ssldump command shows packets but you won't be able to establish a PCoIP session.

Verifying PCoIP Security Gateway is Receiving UDP Traffic from the Client

To verify that the PCoIP Security Gateway is receiving UDP traffic from the PCoIP client:

  1. On the server hosting the PCoIP Security Gateway, start tcpdump:
    sudo tcpdump -i eth0 host [client-ip-address] and -n udp port 4172
    
  2. From the client, connect to the PCoIP Connection Manager.
  3. Try to authenticate and establish a session.
  4. Select a resource and connect.
  5. Verify from ssldump output that the PCoIP Security Gateway is receiving data from the client.

Verifying PCoIP Server is Receiving UDP Traffic from the Client

To verify that the PCoIP server is receiving UDP traffic from the PCoIP client:

  1. On the server hosting the PCoIP server, start tcpdump:
    sudo tcpdump -i eth0 host [server-ip-address] and -n udp port 4172
    
  2. From the client, connect to the PCoIP Connection Manager.
  3. Try to authenticate and establish a session.
  4. Select a resource and connect.
  5. Verify from ssldump output that the PCoIP server is receiving data from the client.

Verifying Agent Availability

Ensure your DNS is configured correctly, then verify you can establish and maintain a connection to the agent.

For each virtual desktop host in your deployment or RDS farm, verify that you can establish TLS connections from the server hosting the PCoIP Connection Manager to the PCoIP agent listening on ports 4172 and 60443:

openssl s_client -connect <host-ip-address>:4172

openssl s_client -connect <host-ip-address>:60443

Verifying Connection Broker Availability

If you are using a connection broker and the firewall is configured correctly, then verify you can establish a TLS connection from the server hosting the PCoIP Connection Manager to the connection broker listening on port 443:

openssl s_client -connect <broker-ip-address>:443

Verifying PCoIP Connection Manager and Security Gateway Status

If you cannot connect to the PCoIP Connection Manager, ensure you had uninstalled the httpd service before you installed the connection manager. If the httpd service was installed when you install the PCoIP Connection Manager, you must uninstall the httpd service and then reinstall the PCoIP Connection Manager.

Verifying PCoIP Connection Manager Status

To verify the PCoIP Connection Manager and its components, issue the verification commands from the server hosting the PCoIP Connection Manager.

The PCoIP Connection Manager is a web application that runs under Tomcat—a Java application launched under the ownership of the connection_manager system user.

To verify Tomcat is operating, use the ps command to find processes running under the connection_manager user:

ps –fu connection_manager

If the process is running, you see output similar to the following:

UID  PID  PPID  C  STIME TTY     TIME CMD
498 2264     1  0  00:51 ?   00:01:10 /usr/bin/java -Djava.../tomcat/...
To verify PCoIP Connection Manager web application operation:

  1. Establish a TLS connection with openssl s_client:
    openssl s_client –crlf -connect 127.0.0.1:443
    
  2. When the SSL connection is established, copy and paste the following text to issue a dummy HTTP POST command:

    POST /pcoip-broker/xml HTTP/1.1
    
    Host: localhost
    
    Content-type: text/xml; charset=UTF-8
    
    Content-Length: 39
    
    <?xml version="1.0" encoding="UTF-8"?>
    
    If the PCoIP Connection Manager is operational, it returns XML with an element. If the PCoIP Connection Manager is not operational, check these log files for errors:

    • /var/log/Teradici/ConnectionManager/catalina.log.
    • /var/log/Teradici/ConnectionManager/pcoip-connmgr_*.log.

Verifying PCoIP Security Gateway Status

If you have configured the PCoIP Connection Manager to use the PCoIP Security Gateway, use the ps command to find processes running under the security_gateway user:

ps -fu security_gateway
If the process is running, you see output similar to the following:
UID   PID  PPID  C  STIME TTY     TIME CMD
4172 4818  4816  0  22:43 ?   00:00:00 /opt/Teradici/SecurityGateway/...
The PCoIP Security Gateway listens for the PCoIP Connection Manager to notify it of pending connections on TCP port 50060.

When establishing a PCoIP session, you can use tcpdump to verify that the PCoIP Connection Manager is communicating with the PCoIP Security Gateway:

sudo tcpdump -i lo port 50060
To verify that the PCoIP Security Gateway is also waiting for TLS connections from PCoIP clients on port 4172:
openssl s_client –crlf -connect 127.0.0.1:4172 –server localhost
If the command fails to establish a TLS connection, check the current PCoIP Security Gateway log file for errors.