Skip to content

Troubleshooting Connectivity Issues

Network Connectivity Problems

Connectivity issues are often caused by firewall misconfiguration. If you are unable to establish PCoIP connections, verify that sent packets are actually being received at the intended destination.

Useful tools for troubleshooting this type of issue are ssldump or tcpdump (for Linux), or Wireshark (for Windows).

The network connections between the following endpoints all need to be operational for a PCoIP session to be successful.

Connection Port Source
PCoIP Connection Manager 443 TCP PCoIP Client
Connection Broker 443 (configurable) TCP PCoIP Connection Manager
PCoIP Agent 60443 TCP PCoIP Connection Manager
When Security Gateway is enabled
PCoIP Security Gateway 4172 TCP/UDP PCoIP Client
PCoIP Agent 4172 TCP/UDP PCoIP Security Gateway
When Security Gateway is disabled (Direct Connection)
PCoIP Agent 4172 UDP/TCP PCoIP Client

Methods for testing communication between components on required ports are given next:

Methods are also given for verifying the component availability:

Connectivity from PCoIP Client to PCoIP Connection Manager

This check looks for traffic between the PCoIP Client and the PCoIP Connection Manager on TLS port 443.

To verify connectivity from a PCoIP Client to PCoIP Connection Manager:

  1. On the server hosting the PCoIP Connection Manager, start ssldump:

    sudo ssldump -i <interface> host <client-ip-address> port 443
    
  2. From the client, connect to the PCoIP Connection Manager.

  3. In the ssldump output, look for packets originating from the PCoIP Client.

Connectivity from PCoIP Connection Manager to Connection Broker

This check looks for traffic between the PCoIP Connection Manager and a broker on TLS port 443.

To verify connectivity from the PCoIP Connection Manager to a connection broker connectivity:

  1. On the server hosting the connection broker, use ssldump or Wireshark to capture packets from the PCoIP Connection Manager on TLS port 443.

  2. From the client, connect to the PCoIP Connection Manager.

  3. Try to authenticate.

  4. Verify from ssldump or Wireshark output that the connection broker is receiving data from the PCoIP Connection Manager.

Connectivity from PCoIP Connection Manager to PCoIP Agent

This check looks for traffic between the PCoIP Connection Manager and a PCoIP Agent on TLS port 60443.

To verify PCoIP Connection Manager to agent collectivity:

  1. On the PCoIP agent machine, use ssldump or Wireshark to capture packets from the PCoIP Connection Manager on TLS port 60443.

  2. From the client, connect to the PCoIP Connection Manager.

  3. Try to authenticate and establish a session.

  4. Select a resource and connect.

  5. Verify from ssldump or Wireshark output that the PCoIP agent is receiving data from the PCoIP Connection Manager.

Connectivity from PCoIP Client to PCoIP Security Gateway

This check looks for traffic between the PCoIP client and the PCoIP Security Gateway on TLS port 4172.

To verify that the PCoIP Security Gateway server is receiving session initiation data from the PCoIP client:

  1. On the server hosting the PCoIP Security Gateway, start ssldump:

    sudo ssldump -i <interface> host [client-ip-address] and port 4172
    
  2. From the client, connect to the PCoIP Connection Manager.

  3. Try to authenticate and establish a session.

  4. Select a resource and connect.

  5. Verify from ssldump output that the PCoIP Security Gateway is receiving data from the client.

    Note: Firewall must allow traffic on UDP:4172

    If the firewall is configured to enable TCP traffic over port 4172 but not UDP traffic, then the ssldump output will show packets but you won't be able to establish a PCoIP session.

Connectivity (UDP) to PCoIP Security Gateway from PCoIP Client

This check looks for UDP traffic between the PCoIP Security Gatway and the PCoIP client on TLS port 4172.

To verify that the PCoIP Security Gateway is receiving UDP traffic from the PCoIP client:

  1. On the server hosting the PCoIP Security Gateway, start tcpdump:

    sudo tcpdump -i <interface> host [client-ip-address] and -n udp port 4172
    
  2. From the client, connect to the PCoIP Connection Manager.

  3. Try to authenticate and establish a session.

  4. Select a resource and connect.

  5. Verify from ssldump output that the PCoIP Security Gateway is receiving data from the client.

Connectivity (UDP) to PCoIP Agent from PCoIP Client

This check looks for UDP traffic between the PCoIP Security Gatway and the PCoIP client on TLS port 4172.

To verify that the PCoIP server is receiving UDP traffic from the PCoIP client:

  1. On the server hosting the PCoIP server, start tcpdump:

    sudo tcpdump -i <interface> host [server-ip-address] and -n udp port 4172
    
  2. From the client, connect to the PCoIP Connection Manager.

  3. Try to authenticate and establish a session.

  4. Select a resource and connect.

  5. Verify from ssldump output that the PCoIP server is receiving data from the client.

Verifying PCoIP Agent Availability

Ensure your DNS is configured correctly, then verify you can establish and maintain a connection to the agent.

For each virtual desktop host in your deployment or RDS farm, verify that you can establish TLS connections from the server hosting the PCoIP Connection Manager to the PCoIP agent listening on ports 4172 and 60443:

openssl s_client -connect <host-ip-address>:4172
openssl s_client -connect <host-ip-address>:60443

Verifying Connection Broker Availability

If you are using a connection broker and the firewall is configured correctly, then verify you can establish a TLS connection from the server hosting the PCoIP Connection Manager to the connection broker listening on port 443:

openssl s_client -connect <broker-ip-address>:443

Verifying PCoIP Connection Manager and Security Gateway Status

To verify the PCoIP Connection Manager and its components, SSH into the PCoIP Connection Manager machine.

  • List the running services in Docker: to verify that the pcoipcm_cm and pcoipcm_sg services are running:

    docker service ls
    

    You should see the pcoipcm_cm and pcoipcm_sg services in the response, similar to the following example:

    ID         NAME        MODE         REPLICAS   IMAGE                                              PORTS
    34iefjidf  pcoipcm_cm  replicated      1/1     cloudaccessmanager.azurecr.io/pcoip-cm:5-release   
    54ibvbbdt  pcoipcm_sg  replicated      1/1     cloudaccessmanager.azurecr.io/sg:3-release
    

Verifying PCoIP Connection Manager Web Application Status:

  1. Establish a TLS connection using the openssl s_client command:

    openssl s_client -connect 127.0.0.1:443
    
  2. When the SSL connection is established, copy and paste the following text to issue a dummy HTTP POST command:

    POST /pcoip-broker/xml HTTP/1.1
    Host: localhost
    Content-type: text/xml; charset=UTF-8
    Content-Length: 39
    <?xml version="1.0" encoding="UTF-8"?>
    

    • If the PCoIP Connection Manager is operational, you will receive an XML response containing an <error-resp> element.
    • If the PCoIP Connection Manager is not operational, check the logs of the PCoIP Connection Manager and PCoIP Security Gateway containers:

      docker logs <CONTAINER_ID>