Overview
Customers may experience an issue where the AppManager incorrectly indicates that a Kerio appliance is offline, despite being able to connect to it through AppManager or directly. Sometimes these issues are temporary.
Solution
AppManager may incorrectly indicate that an appliance is offline for various reasons. The most common root causes are connection issues or lags in the agent communicating with the platform.
The mechanism for 'health status' is that AppManager interacts with the agent on a very short interval to check if it responds. If it doesn't, the device is marked as 'unhealthy'. This could be due to a dropped packet or other network issue somewhere in the path/route, leading to false positives.
If you are able to connect to the appliance directly or manage it via AppManager, it is recommended that you monitor the situation for some time first, as incorrect status could be due to temporary network issues. If the "Offline" status persists, follow these steps:
- Ensure that the GFIAgent service is running.
- In KerioControl, you can use
ps -ef | grep "GFIAgent"
to verify and/etc/boxinit.d/70gfiagent start
to start the service. - In KerioConnect, action depends on the OS:
- For Windows, use services.msc to verify and start the GFIAgent service
- For Linux, use
sudo systemctl status gfiagent
to verify andsudo systemctl start gfiagent
to start the service - For MacOS, use
sudo launchctl list | grep gfiagent
to verify andsudo launchctl load -w /Library/LaunchDaemons/gfiagent.plist
to start the service
- In KerioControl, you can use
- Ensure your appliance is on the latest version.
- Check if the latest GFI Agent version is installed. If not, depending on the appliance, try reinstalling the agent to reset the connection
- If the issue persists, this can indicate that there is a firewall or other network device blocking access to the metrics endpoint. Check GFI Agent logs. For example, if the agent is unable to reach the AWS Kinesis metrics endpoint, the logs will contain the message along the lines of:
[PublishInsights] failed to publish insights for appliance ..., error: RequestError: send request failed caused by: Post "https://kinesis.eu-west-1.amazonaws.com/": net/http: TLS handshake timeout
In such cases, ensure that the https://kinesis.eu-west-1.amazonaws.com/ URL that is needed for metrics sending, health reporting, and backups is accessible, adjusting the firewall or networking rules accordingly.
- If the issue persists, provide GFI support with the information requested in the article Gathering information for troubleshooting AppManager issues.
Summary
Customers using the AppManager may encounter a situation where it incorrectly shows a Kerio appliance as "offline" even though it is operational. This often results from network issues or delays in the agent’s communication. To resolve this, first, monitor the situation to see if it's a temporary problem. If the offline status continues, ensure the GFIAgent service is active and the appliance is updated. Start or restart the service depending on the operating system. Check and possibly reinstall the latest GFI Agent version. If problems persist, investigate potential network blockages that might prevent the agent from communicating with necessary endpoints, like the AWS Kinesis metrics URL. If unresolved, contact GFI support with detailed system and issue information.
FAQ
1. What should I do if my AppManager incorrectly shows an appliance as "offline"?
Monitor the status for a short period to confirm if it's a temporary network issue. Ensure the GFIAgent service is running and the appliance software and agent are up to date. If the status persists, further investigation into network settings and agent communications may be needed.
2. How can I check and manage the GFIAgent service based on different operating systems?
Depending on the appliance and OS, you can verify and start the service by:
- In KerioControl, you can use
ps -ef | grep "GFIAgent"
to verify and/etc/boxinit.d/70gfiagent start
to start the service. - In KerioConnect, action depends on the OS:
- For Windows, use services.msc to verify and start the GFIAgent service
- For Linux, use
sudo systemctl status gfiagent
to verify andsudo systemctl start gfiagent
to start the service - For MacOS, use
sudo launchctl list | grep gfiagent
to verify andsudo launchctl load -w /Library/LaunchDaemons/gfiagent.plist
to start the service
3. What steps should I take if the appliance remains offline after initial troubleshooting?
Ensure the appliance can reach necessary endpoints like AWS Kinesis metrics URL by checking network and firewall settings. Review the GFI Agent logs for any specific errors and contact GFI support with detailed information for further assistance.