Troubleshooting Network Issues

The KeyControl System Console provides diagnostics that let you test the link between a KeyControl node and external servers such as DNS servers, NTP servers, other KeyControl node servers, or servers running third-party applications such as KMIP servers, LDAP servers, RADIUS servers, or Active Directory servers.

1. Use your hypervisor to access one of the VMs in which KeyControl is running, then log into the KeyControl VM console as htadmin .

   KeyControl displays the HyTrust KeyControl System Console TUI (Text-based User Interface).

2. Select Manage Network Settings and press Enter.
3. Select Network Diagnostic Tools and press Enter.

4. On the HyTrust SecureOS Network Diagnostics page, select one of the following options:

   Option	Description
   Verify DNS Server Response	Enter a comma-separated list of IP address that you want KeyControl to verify as a DNS server. KeyControl responds with one verification line per specified server. This test can be used to verify that the KeyControl node can communicate through the firewall on the correct port to the specified IP addresses.
   Verify NTP Server Response	Enter a comma-separated list of IP address or hostnames that you want KeyControl to verify. KeyControl responds with one verification line per specified server.
   Ping Another Server	This option sends a simple ping (ICMP) to another server to see if that server is up and responding. This test does not prove that the current KeyControl node can actually communicate with the target server. It just means that the target server exists and is online.
   Test Inbound Ports of Another Server	This option tests whether the current KeyControl node can communicate with the target server on the specified ports (the default ports are 2525 and 8443 for KeyControl to KeyControl communication). If you want to specify multiple ports, separate the port numbers with a space. The test returns one of the following responses for each specified port: OK — The current node can communicate with the target server on the specified port. This response does not mean, however, that the target server can communicate back to the current node. If the target is another KeyControl node with which you want to form a cluster, you need to log into the target node and run this test again using the target node as the base. If the test passes on both servers, then the two KeyControl nodes can be joined in a single cluster. Connection Refused — The current node cannot communicate with the target node through the specified port. Operation Timed Out — The target node did not respond to the communication request from the current node.
   Return to Main Menu	Closes the HyTrust SecureOS Network Diagnostics page and returns to the main HyTrust KeyControl System Console page.