Troubleshooting Network Issues

The KeyControl Vault System Console provides diagnostics that let you test the link between a KeyControl Vault node and external servers such as DNS servers, NTP servers, other KeyControl Vault node servers, or servers running third-party applications such as KMIP servers, LDAP servers, or Active Directory servers.

  1. Use your hypervisor to access one of the VMs in which KeyControl Vault is running, then log into the KeyControl Vault VM console as htadmin.

    KeyControl Vault displays the Entrust KeyControl System Console TUI (Text-based User Interface).

  2. Select Manage Network Settings and press Enter.
  3. Select Network Diagnostic Tools and press Enter.

  4. On the Network Diagnostics page, select one of the following options:

    Option

    Description
    Verify DNS Server Response

    Enter a comma-separated list of IP address that you want KeyControl Vault to verify as a DNS server. KeyControl Vault responds with one verification line per specified server.

    This test can be used to verify that the KeyControl Vault node can communicate through the firewall on the correct port to the specified IP addresses.

    Verify NTP Server Response

    Enter a comma-separated list of IP address or hostnames that you want KeyControl Vault to verify. KeyControl Vault responds with one verification line per specified server.

    Test Remote Server is Reachable This option sends a simple ping (ICMP) to another server to see if that server is up and responding. This test does not prove that the current KeyControl Vault node can actually communicate with the target server. It just means that the target server exists and is online.

    Test Inbound Ports of Another Server

    This option tests whether the current KeyControl Vault node can communicate with the target server on the specified ports (the default port is 8443 for KeyControl Vault to KeyControl Vault communication). If you want to specify multiple ports, separate the port numbers with a space.

    The test returns one of the following responses for each specified port:

    • OK—The current node can communicate with the target server on the specified port. This response does not mean, however, that the target server can communicate back to the current node. If the target is another KeyControl Vault node with which you want to form a cluster, you need to log into the target node and run this test again using the target node as the base. If the test passes on both servers, then the two KeyControl Vault nodes can be joined in a single cluster.
    • Connection Refused—The current node cannot communicate with the target node through the specified port.
    • Operation Timed Out—The target node did not respond to the communication request from the current node.
    Return to Main Menu Closes the Network Diagnostics page and returns to the main Entrust KeyControl System Console page.