Troubleshooting Connectivity Issues¶

Network Connectivity Problems¶

Connectivity issues are often caused by firewall misconfiguration. If you are unable to establish PCoIP connections, verify that sent packets are actually being received at the intended destination.

Useful tools for troubleshooting this type of issue are ssldump or tcpdump (for Linux), or Wireshark (for Windows).

The network connections between the following endpoints all need to be operational for a PCoIP session to be successful.

Connection	Port	Source
PCoIP Connection Manager	443 TCP	PCoIP Client
Connection Broker	443 (configurable) TCP	PCoIP Connection Manager
PCoIP Agent	60443 TCP	PCoIP Connection Manager
When Security Gateway is enabled
PCoIP Security Gateway	4172 TCP/UDP	PCoIP Client
PCoIP Agent	4172 TCP/UDP	PCoIP Security Gateway
When Security Gateway is disabled (Direct Connection)
PCoIP Agent	4172 UDP/TCP	PCoIP Client

Methods for testing communication between components on required ports are given next:

PCoIP Client to PCoIP Connection Manager
PCoIP Connection Manager to Connection Broker
PCoIP Connection Manager to PCoIP Agent
PCoIP Client to PCoIP Security Gateway
PCoIP Security Gateway from PCoIP Client (UDP)
PCoIP Agent from PCoIP Client (UDP)

Methods are also given for verifying the component availability:

Verifying PCoIP Agent availability
Verifying Connection Broker availability
Verifying PCoIP Connection Manager Web Application Availability

Connectivity from PCoIP Client to PCoIP Connection Manager¶

This check looks for traffic between the PCoIP Client and the PCoIP Connection Manager on TLS port 443.

To verify connectivity from a PCoIP Client to PCoIP Connection Manager:

On the server hosting the PCoIP Connection Manager, start ssldump:
```
sudo ssldump -i <interface> host <client-ip-address> port 443
```
From the client, connect to the PCoIP Connection Manager.
In the ssldump output, look for packets originating from the PCoIP Client.

Connectivity from PCoIP Connection Manager to Connection Broker¶

This check looks for traffic between the PCoIP Connection Manager and a broker on TLS port 443.

To verify connectivity from the PCoIP Connection Manager to a connection broker connectivity:

On the server hosting the connection broker, use ssldump or Wireshark to capture packets from the PCoIP Connection Manager on TLS port 443.
From the client, connect to the PCoIP Connection Manager.
Try to authenticate.
Verify from ssldump or Wireshark output that the connection broker is receiving data from the PCoIP Connection Manager.

Connectivity from PCoIP Connection Manager to PCoIP Agent¶

This check looks for traffic between the PCoIP Connection Manager and a PCoIP Agent on TLS port 60443.

To verify PCoIP Connection Manager to agent collectivity:

On the PCoIP agent machine, use ssldump or Wireshark to capture packets from the PCoIP Connection Manager on TLS port 60443.
From the client, connect to the PCoIP Connection Manager.
Try to authenticate and establish a session.
Select a resource and connect.
Verify from ssldump or Wireshark output that the PCoIP agent is receiving data from the PCoIP Connection Manager.

Connectivity from PCoIP Client to PCoIP Security Gateway¶

This check looks for traffic between the PCoIP client and the PCoIP Security Gateway on TLS port 4172.

To verify that the PCoIP Security Gateway server is receiving session initiation data from the PCoIP client:

On the server hosting the PCoIP Security Gateway, start ssldump:

sudo ssldump -i <interface> host [client-ip-address] and port 4172

From the client, connect to the PCoIP Connection Manager.
Try to authenticate and establish a session.
Select a resource and connect.
Verify from ssldump output that the PCoIP Security Gateway is receiving data from the client.

Note: Firewall must allow traffic on UDP:4172

If the firewall is configured to enable TCP traffic over port 4172 but not UDP traffic, then the ssldump output will show packets but you won't be able to establish a PCoIP session.

Connectivity (UDP) to PCoIP Security Gateway from PCoIP Client¶

This check looks for UDP traffic between the PCoIP Security Gatway and the PCoIP client on TLS port 4172.

To verify that the PCoIP Security Gateway is receiving UDP traffic from the PCoIP client:

On the server hosting the PCoIP Security Gateway, start tcpdump:

sudo tcpdump -i <interface> host [client-ip-address] and -n udp port 4172

From the client, connect to the PCoIP Connection Manager.
Try to authenticate and establish a session.
Select a resource and connect.
Verify from ssldump output that the PCoIP Security Gateway is receiving data from the client.

Connectivity (UDP) to PCoIP Agent from PCoIP Client¶

This check looks for UDP traffic between the PCoIP Security Gatway and the PCoIP client on TLS port 4172.

To verify that the PCoIP server is receiving UDP traffic from the PCoIP client:

On the server hosting the PCoIP server, start tcpdump:

sudo tcpdump -i <interface> host [server-ip-address] and -n udp port 4172

From the client, connect to the PCoIP Connection Manager.
Try to authenticate and establish a session.
Select a resource and connect.
Verify from ssldump output that the PCoIP server is receiving data from the client.

Verifying PCoIP Agent Availability¶

Ensure your DNS is configured correctly, then verify you can establish and maintain a connection to the agent.

For each virtual desktop host in your deployment or RDS farm, verify that you can establish TLS connections from the server hosting the PCoIP Connection Manager to the PCoIP agent listening on ports 4172 and 60443:

openssl s_client -connect <host-ip-address>:4172
openssl s_client -connect <host-ip-address>:60443

Verifying Connection Broker Availability¶

If you are using a connection broker and the firewall is configured correctly, then verify you can establish a TLS connection from the server hosting the PCoIP Connection Manager to the connection broker listening on port 443:

openssl s_client -connect <broker-ip-address>:443

Verifying PCoIP Connection Manager and Security Gateway Status¶

To verify the PCoIP Connection Manager and its components, SSH into the PCoIP Connection Manager machine.

List the running services in Docker: to verify that the pcoipcm_cm and pcoipcm_sg services are running:

docker service ls

You should see the pcoipcm_cm and pcoipcm_sg services in the response, similar to the following example:

ID         NAME        MODE         REPLICAS   IMAGE                                              PORTS
34iefjidf  pcoipcm_cm  replicated      1/1     cloudaccessmanager.azurecr.io/pcoip-cm:5-release   
54ibvbbdt  pcoipcm_sg  replicated      1/1     cloudaccessmanager.azurecr.io/sg:3-release

Verifying PCoIP Connection Manager Web Application Status:¶

Establish a TLS connection using the openssl s_client command:
```
openssl s_client -connect 127.0.0.1:443
```
When the SSL connection is established, copy and paste the following text to issue a dummy HTTP POST command:
```
POST /pcoip-broker/xml HTTP/1.1
Host: localhost
Content-type: text/xml; charset=UTF-8
Content-Length: 39
<?xml version="1.0" encoding="UTF-8"?>
```
- If the PCoIP Connection Manager is operational, you will receive an XML response containing an <error-resp> element.
- If the PCoIP Connection Manager is not operational, check the logs of the PCoIP Connection Manager and PCoIP Security Gateway containers:
```
docker logs <CONTAINER_ID>
```