17. Support & Troubleshooting

17.1. Support

On the Support page, all functionality regarding troubleshooting the platform is located. The page has four main-tabs:

17.1.1. Belden Support

This tab provides a link to generate an email to request support regarding platform issues.

It also provides a link to download a platform techsupport file which you are asked to attach to the email. In case the file is too large for an email attachment, please provide us with a download link.

17.1.2. Logs

This tab shows the platform logs and makes them available for download.

17.1.3. Network

To troubleshoot networking issues, this tab contains several tools:

  • Ping

  • Trace Route

  • MTU Discovery

17.1.4. Data Maintenance

In order to cleanup obsolete data and ensure a good performance of the platform, this tab provides you with several cleanup tasks:

Task

Description

Platform Logs

If checked, deletes all platform logs up-until the specified date and up to the specified log-level

Platform Events

If checked, deletes all events up-until the specified date

Hard Delete

If checked, deletes all as deleted marked entities up-until the specified date

Certificates

If checked, deletes all obsolete certificates up-until the specified date. Certificates still in use are not deleted.

Jobs

If checked, deletes all jobs up-until the specified date. Optionally, this can be limited to system jobs only.

Device States

If checked, deletes all device state data up-until the specified date. Optionally, this can be limited to a specific device. Otherwise it is applied on all devices (default).

Device Infos

If checked, deletes all device info data up-until the specified date. Optionally, this can be limited to a specific device. Otherwise it is applied on all devices (default).

Specific Device Configurations

If checked, deletes all Specific Device Configurations except the latest n configurations specified by Keep Revisions

Warning

Since these cleanup tasks cannot be undone, we recommend to create a snapshot beforehand.

Warning

Data Maintenance could use quite some system resources depending on how much data has been accumulated. Please ensure, that this task is performed during a maintenance window.

Warning

On low-end systems we have seen cases where the complete platform got frozen during Data Maintenance. This is a sign of too few system resources. Consider adding more RAM and/or CPU cores.

17.2. Troubleshooting

17.2.1. Troubleshoot a Device

If there are problems with a Device, there are several things that you can check:

  • Is the Device online?

    • No: Check when it was last online by navigating to the Health page and selecting the specific Device

      • Is the Device powered on?

        • Yes: Try to access the Device directly by downloading the Service Access VPN configuration and establishing a VPN connection to the Core Network

        • No: Power on the Device

  • Yes, do a direct Device access by first downloading the Service Access VPN configuration and troubleshooting the Device outside of the Connectivity Suite

17.2.2. Renew an expired device certificate

A device with an expired OpenVPN certificate is no longer able to connect to the Connectivity Suite. To renew the certificate and enable the affected device to connect to the Connectivity Suite again, you have to download the device configuration from the Connectivity Suite and provide it to the device. This works because a newly downloaded device configuration always includes a new (valid) OpenVPN certificate.

A: If the device is still in the Provisioning network

Go to “Artefacts” / “Provisioning” and select the corresponding provisioning configuration.

B: If the device has already been moved to a VPN network

Select the device in the Device list. In the “CONFIGURATIONS” tab, you see the history of device configurations; the current one is at the top and is already selected. You can download this configuration via the “Actions” menu.

In both cases (A and B), choose the “File configuration” if you have an alternative way to connect to the device remotely and upload this configuration. If not, choose “USB configuration”, factory reset the device and transfer the configuration to the device using a USB stick.

17.2.3. Troubleshoot the Connectivity Suite

To download the platform techsupport file, an account with Platform Administrator rights is required.

Download support file < v3.6.3:

  1. Click on the wrench icon in the upper right corner

  2. Select Logs

  3. Click on Download Support File. The default options visible in the dialog usually work. In case you are running into performance issues, you might want to reduce the entry limit from 100’000 to 1000.

  4. Download the file and send it to the Connectivity Suite support

Download support file >= v3.6.3:

  1. Click on the wrench icon in the upper right corner

  2. Select Support

  3. Click on here under the Generate a support file title. The default options visible in the dialog usually work. In case you are running into performance issues, you might want to reduce the entry limit from 100’000 to 1000.

  4. Download the file and send it to the Connectivity Suite support

17.2.4. inotify limit reached

If you are running more than 50 VPN Networks/Servers, you might run into the following error in the log:

The configured user limit (128) on the number of inotify instances has been reached, or the per-process limit on the number of open file descriptors has been reached.

To resolve this issue, we recommend to increase the fs.inotify.max_user_instances limit to 512. You can do this in the console with echo fs.inotify.max_user_instances=512 | sudo tee -a /etc/sysctl.conf && sudo sysctl -p.

17.2.5. Browser settings Connectivity Suite SSL Certificate

Downloading the Connectivity Suite Root CA certificate using Microsoft Edge

  1. Click on Certificate Error to the left of the address bar

  2. Choose the Connectivity Suite Root CA from the menu on the right

  3. Click on Export to file, this is the file that needs to be imported using one of the import procedures described below

Making your browser trust the Connectivity Suite Root CA

The client operating system or browser now needs to have the CA certificate added to its list of trusted CAs. The instructions vary by operating system and browser but instructions for a few major browsers are listed below.

Client (Operating System, Browser)

Instructions

Microsoft Windows

Right click the CA certificate file and select ‘Install Certificate’. Follow the prompts to add the certificate to the trust store either for the current user only or all users of the computer.

Firefox

Firefox does not use the operating systems trust store so the CA needs to be added manually. Manually add certificates and manage added certificates through Firefox’s Privacy & Security preferences. More information can be found on Mozilla Wiki

Chrome

If Chrome is configured to use the Windows trust store, adding the certificate to Windows (see above) is sufficient to add trust to the browser as well. Otherwise the certificate can be added manually using the following procedure: Open Settings > Advanced > Manage Certificates > Authorities, and select Import.

Edge/Internet Explorer

Edge/Internet Explorer uses the Windows trust store so adding the certificate to Windows (see above) is sufficient to add trust to the browser as well.

17.2.6. Docker log rotation

By default, Docker does not rotate logs! To prevent the server’s disk from running out of space over time due to huge Docker logs you have to do the following:

  1. Create the file /etc/docker/daemon.json if it does not already exist

  2. Add the following content to /etc/docker/daemon.json

{
  "log-driver": "local",
  "log-opts": {
    "max-size": "20m",
    "max-file": "5"
  }
}

In general, we recommend using the values provided in the example for max-size and max-file. If you are more experienced, you can consider choosing a different logging driver and send your Docker logs to e.g. Splunk or any other supported logs collector (see https://docs.docker.com/engine/logging/configure/#supported-logging-drivers).

  1. Restart the Docker service: service docker restart

  2. Navigate into the folder where the Connectivity Suite installation is located (e.g. cd ~/cs/app)

  3. Shut down the Connectivity Suite: docker compose down

  4. Start the Connectivity Suite again: docker compose up -d