Gateway registration establishes a secure and authenticated connection between the OpsRamp platform and your on-premises environment – The Gateway tunnel. Successful registration is required to create and maintain the secured Gateway tunnel. Issues with registration or improper credentials can lead to Transport Layer Security (TLS) handshake failures, resulting in disconnects. Follow these steps to ensure the Gateway register
Unable to Register the Gateway
Verify OpsRamp API Server and Activation Token
- Login to OpsRamp Portal.
- Navigate to Setup > Resources > Management Profiles.
- Choose the required management profile from the Management Profiles section.
- Verify the following registration details:
- opsramp_apiserver
- AUTHENTICATION_TOKEN
- Ensure that the details provided on the Gateway webUI registration page match the selected management profile.
- Avoid trailing and leading spaces in the input fields.
If you are unable to register the gateway, run the following commands to check if the cloud url is reachable from node.
- Check API Server Connectivity:
- Ensure the OpsRamp API server (copied from Step 1) is reachable on port 443. Run the following command in the gateway CLI:
- Verify SSL Connection:
- For a direct connection:
- For a proxy connection:
- Ensure OpsRamp IPs are whitelisted. Refer Public IP Addresses document. If required IPs are not listed, contact the OpsRamp SaaS team to the following:
- Check API Server Connectivity:
Invoke the
getClientByAccessToken
API call using curl to ensure proper data is received with the relevant response code.- Copy the AUTHENTICATION_TOKEN from the step 1.
- Go the gateway cli and run the following command:
- Direct
- Proxy without username and password
- Proxy with username and password
Gateway Tunnel not up after Gateway registration
- Retrieve API Server Details with the following command.
- Query the Request Token: Copy the
API_KEY
andAPI_SECRET
from above command output and replace {api_key_xxxxxxxxxxx} with API_KEY value and {xxxxxxxxxxxxxxx} with CLIENT_SECRET to below url.- Direct
- Proxy without username and password
- Proxy with username and password
- Query API Call to Pull csnode Details.
- Use the bearer token from the previous response:
- Direct
- Proxy without username and password
- Proxy with username and password
- Use the bearer token from the previous response:
- Verify vProbe Container Connectivity.
- Login to vProbe Container:
- Check OpsRamp Connection Grid IP connectivity:
- Ensure OpenSSL works:
- Direct Connection
- Proxy Connection Note: If we get 104 error, ask client if the ssl inspection is enabled. (SSL inspection is not enabled. Hence, client should disable it)
- Whitelist OpsRamp IPs:
- Refer to OpsRamp Public IP Addresses document.
- Contact OpsRamp SaaS team if you don’t find the public APIs of the required POD.
- Ensure SSL inspection is disabled for OpsRamp traffic.
- Ensure there is no packet loss. To take the tcp dump / packet capture, run the following command:
- Collect the packet capture file and open it in Wireshark in your local machine and observe the packets as follows:
- Retransmission
- window size zero
- window size full
Gateway Tunnel Dropped Suddenly
Follow the below Troubleshooting steps, if Gateway tunnel is dropped suddenly and won’t reconnect.
- Check vprobe-tls-comm.log for Exceptions:
- Open the
vprobe-tls-comm.log
file located in the/var/log/app/
directory. - Look for the following exceptions and take necessary actions:
- Connection reset
- Connection timeout
- No route to the host
- Name resolution failed
- Outbound closed
- Read timeout
- Ensure that no new rules have been added to the firewall or network devices. OpsRamp traffic should be whitelisted, and SSL inspection for OpsRamp Gateway traffic should be disabled.
- Open the
- Verify DNS Resolution:
- Launch the debug container and run the following commands to check DNS resolution:
- Check the output and make sure if the OpsRamp servers are resolving correctly.
- Check for Packet Loss or ISP Issues:
- Launch the debug container and run following command.
- Monitor for High Latency:
- High latency within the customer’s infrastructure can cause issues. Run the following commands multiple times:
- For Direct Connection:
- For Proxy Connection:
- Observe the above command output. Check if you see any lag on Send-Q or Recv-Q.
- High latency within the customer’s infrastructure can cause issues. Run the following commands multiple times: