Connection Problems
This guide helps diagnose and resolve network connectivity issues between the EPMware Agent and EPMware server or target applications.
Connection Diagnostic Flow
graph TD
A[Connection Issue] --> B{Can ping server?}
B -->|No| C[DNS/Network Issue]
B -->|Yes| D{Can reach port?}
C --> E[Check DNS/Routing]
D -->|No| F[Firewall Issue]
D -->|Yes| G{HTTPS works?}
F --> H[Check Firewall Rules]
G -->|No| I[SSL/Certificate Issue]
G -->|Yes| J{Authentication OK?}
I --> K[Certificate Configuration]
J -->|No| L[Token/Credentials Issue]
J -->|Yes| M[Application-specific Issue]
Network Connectivity Issues
Issue: Cannot Reach EPMware Server
Error Messages:
java.net.UnknownHostException: epmware-server.com
java.net.NoRouteToHostException: No route to host
Connection refused: connect
Diagnosis:
-
Test basic connectivity:
-
Check DNS resolution:
-
Verify network interface:
Solutions:
-
DNS Issues:
-
Routing Issues:
Issue: Port Connection Failures
Error Messages:
java.net.ConnectException: Connection timed out
java.net.SocketTimeoutException: connect timed out
Unable to connect to port 443
Diagnosis:
-
Test port connectivity:
-
Check local firewall:
-
Check for port conflicts:
Solutions:
- Open firewall ports:
Linux (iptables):
# Allow outbound HTTPS
sudo iptables -A OUTPUT -p tcp --dport 443 -j ACCEPT
sudo iptables -A INPUT -p tcp --sport 443 -m state --state ESTABLISHED -j ACCEPT
# Save rules
sudo iptables-save > /etc/iptables/rules.v4
Linux (firewalld):
Windows:
# Create outbound rule
New-NetFirewallRule -DisplayName "EPMware HTTPS Out" `
-Direction Outbound -Protocol TCP -RemotePort 443 `
-Action Allow
# Create inbound rule for responses
New-NetFirewallRule -DisplayName "EPMware HTTPS In" `
-Direction Inbound -Protocol TCP -LocalPort 443 `
-Action Allow
- Configure for non-standard ports:
Proxy Configuration Issues
Issue: Cannot Connect Through Proxy
Error Messages:
java.net.SocketException: Connection reset
ProxyAuthenticationRequired
Unable to tunnel through proxy
HTTP/1.1 407 Proxy Authentication Required
Diagnosis:
-
Test proxy connectivity:
-
Check proxy settings:
Solutions:
-
Configure proxy in agent.properties:
-
Set environment variables:
# Linux/Unix export HTTP_PROXY=http://proxy.company.com:8080 export HTTPS_PROXY=http://proxy.company.com:8080 export NO_PROXY=localhost,127.0.0.1,internal.com # Windows set HTTP_PROXY=http://proxy.company.com:8080 set HTTPS_PROXY=http://proxy.company.com:8080 set NO_PROXY=localhost,127.0.0.1,internal.com -
Configure Java system properties:
# In ew_target_service.sh JAVA_OPTS="-Dhttp.proxyHost=proxy.company.com" JAVA_OPTS="$JAVA_OPTS -Dhttp.proxyPort=8080" JAVA_OPTS="$JAVA_OPTS -Dhttps.proxyHost=proxy.company.com" JAVA_OPTS="$JAVA_OPTS -Dhttps.proxyPort=8080" JAVA_OPTS="$JAVA_OPTS -Dhttp.proxyUser=username" JAVA_OPTS="$JAVA_OPTS -Dhttp.proxyPassword=password" java $JAVA_OPTS -jar epmware-agent.jar --spring.config.name=agent
SSL/TLS Certificate Issues
Issue: Certificate Validation Failures
Error Messages:
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException
PKIX path building failed
unable to find valid certification path to requested target
Certificate verify failed
Diagnosis:
-
Check certificate:
-
Check Java truststore:
Solutions:
-
Import certificate to Java truststore:
# Download certificate openssl s_client -connect epmware-server.com:443 </dev/null | \ openssl x509 -outform PEM > epmware.crt # Import to Java truststore keytool -import -trustcacerts -keystore $JAVA_HOME/lib/security/cacerts \ -storepass changeit -alias epmware -file epmware.crt # Verify import keytool -list -keystore $JAVA_HOME/lib/security/cacerts -storepass changeit \ -alias epmware -
Use custom truststore:
# Create custom truststore keytool -import -file epmware.crt -alias epmware \ -keystore custom-truststore.jks -storepass mypassword # Use custom truststore JAVA_OPTS="-Djavax.net.ssl.trustStore=/path/to/custom-truststore.jks" JAVA_OPTS="$JAVA_OPTS -Djavax.net.ssl.trustStorePassword=mypassword" java $JAVA_OPTS -jar epmware-agent.jar --spring.config.name=agent -
Disable certificate validation (NOT for production):
Timeout Issues
Issue: Connection Timeouts
Error Messages:
java.net.SocketTimeoutException: Read timed out
Connection timeout after 30000ms
Request timeout after waiting for 30000ms
Diagnosis:
-
Test response time:
-
Check network latency:
Solutions:
-
Increase timeout values:
-
Configure Java timeouts:
-
Optimize network path:
Authentication Issues
Issue: 401 Unauthorized
Error Messages:
Diagnosis:
-
Test token/credentials:
-
Verify token format:
Solutions:
- Regenerate token:
- Log into EPMware
- Navigate to Users
- Generate new token
-
Update agent.properties
-
Fix token formatting:
Load Balancer Issues
Issue: Intermittent Connection Failures
Symptoms: - Connections work sometimes - Different responses from same requests - Session/authentication issues
Diagnosis:
# Check for multiple IPs
nslookup epmware-server.com
# Test each IP directly
for ip in 192.168.1.10 192.168.1.11; do
curl -I http://$ip
done
# Check for sticky sessions
curl -c cookies.txt -b cookies.txt https://epmware-server.com/api/test
Solutions:
-
Configure for load balancer:
-
Use specific server:
Connection Pool Issues
Issue: Connection Pool Exhausted
Error Messages:
Connection pool exhausted
Unable to acquire connection from pool
Timeout waiting for connection from pool
Solutions:
-
Increase pool size:
-
Configure pool management:
Network Diagnostic Scripts
Comprehensive Network Test
#!/bin/bash
# network_diagnostic.sh
SERVER="epmware-server.com"
PORT="443"
echo "=== Network Diagnostics for $SERVER:$PORT ==="
# DNS Resolution
echo -e "\n--- DNS Resolution ---"
nslookup $SERVER
dig +short $SERVER
# Ping Test
echo -e "\n--- Ping Test ---"
ping -c 4 $SERVER
# Port Connectivity
echo -e "\n--- Port Connectivity ---"
nc -zv $SERVER $PORT 2>&1
timeout 5 bash -c "cat < /dev/null > /dev/tcp/$SERVER/$PORT" && \
echo "Port $PORT is open" || echo "Port $PORT is closed"
# Traceroute
echo -e "\n--- Traceroute ---"
traceroute -n -m 15 $SERVER
# SSL Certificate
echo -e "\n--- SSL Certificate ---"
echo | openssl s_client -connect $SERVER:$PORT 2>/dev/null | \
openssl x509 -noout -dates
# HTTP Test
echo -e "\n--- HTTP Test ---"
curl -I https://$SERVER
echo -e "\n=== Diagnostics Complete ==="
Connection Monitor
#!/bin/bash
# monitor_connection.sh
while true; do
timestamp=$(date '+%Y-%m-%d %H:%M:%S')
# Test connection
if curl -s -o /dev/null -w "%{http_code}" https://epmware-server.com | \
grep -q "200"; then
echo "$timestamp: Connection OK"
else
echo "$timestamp: Connection FAILED"
# Additional diagnostics on failure
ping -c 1 epmware-server.com > /dev/null 2>&1 || \
echo "$timestamp: Ping failed"
nc -zv epmware-server.com 443 > /dev/null 2>&1 || \
echo "$timestamp: Port 443 unreachable"
fi
sleep 30
done
Best Practices for Connection Stability
Network Configuration
- Use static IPs when possible - Avoid DNS issues
- Configure redundant DNS servers - Prevent DNS failures
- Set appropriate timeouts - Balance between reliability and performance
- Monitor network metrics - Track latency and packet loss
Security Configuration
- Keep certificates updated - Prevent expiration issues
- Use strong cipher suites - Ensure compatibility
- Rotate tokens regularly - Maintain security
- Document firewall rules - Track what's allowed
Troubleshooting Approach
- Start with basics - Ping, DNS, port checks
- Work up the stack - Network → Transport → Application
- Use verbose logging - Enable debug for details
- Test incrementally - Isolate each component
- Document findings - Record what works
Connection Testing Order
Always test connectivity in this order: DNS resolution → Network routing → Port accessibility → SSL/TLS → Authentication → Application
Security Considerations
Never disable certificate validation or use weak ciphers in production. These should only be used temporarily for troubleshooting.
Next Steps
- Common Issues - General troubleshooting
- Password Issues - Authentication problems
- Service Errors - Service-related issues
- Debug Mode - Enable detailed logging for connection issues