Troubleshoot Your Secure Application Setup
You can use the appdcli run secureapp task to help you troubleshoot problems with your deployment.
The secureapp task
The secureapp task requires one of the following options:
| Option | Description |
|---|---|
checkAgentAuth |
Using the agent account key, verify that agent authentication is working. |
checkApi |
Checks that the Secure Application API is working. |
checkAuthToken |
Verify that the controller is able to create authentication tokens for the admin user. |
checkDeps |
Basic checks of Secure Application dependencies, useful prior to installation. |
debugReport |
Dump logs and kubernetes resources (except secrets) for offline debugging. |
getSecureApplications |
Gets the default for Application Secure Application enablement. |
health |
Run the |
insecureApplications |
Administratively sets the default for Applications to be Secure Application disabled. |
licenseCheck |
Check that the license has Secure App Units. |
numAgentReports |
Display the number of Agent Reports that have been processed. |
restartFeedProcessing |
After uploading a data feed, to see updated results sooner than up to a day, restart the feed processing and see updates after a few minutes. |
secureApplications |
Administratively sets the default for Applications to be Secure Application enabled. |
setDownloadPortalCredentials |
For automatic daily downloads of the data feed. Set the download portal username and password. Syntax: |
setFeedKey |
For air-gapped deployments. Set the license key to allow processing of an uploaded air-gapped data feed. Syntax: |
showConfig |
Print currently observed Secure Application configuration. |
startTestAgent |
Launch a Java application named |
stopTestAgent |
Stop the |
uploadFeed |
For air-gapped deployments. Upload an air-gapped data feed from the local filesystem. Syntax: |
versions |
Display version data, which may be useful during troubleshooting. |
To check general functionality and to run diagnostics on Secure Application, run appdcli run secureapp health:
appdcli run secureapp healthSample output:
$ appdcli run secureapp health
endpoints/appd-postgres-primary condition met
endpoints/appd-mysql condition met
endpoints/controller-service condition met
endpoints/auth-service condition met
SecureApp dependencies are Ready
checking if secureapp is installed
Secureapp charts have been installed by Helm
endpoints/onprem-user-service-auth condition met
endpoints/agent-proxy condition met
endpoints/abs-headless condition met
endpoints/ui condition met
endpoints/onprem-proxy-server condition met
endpoints/api-proxy condition met
endpoints/api-service condition met
endpoints/alert-proxy condition met
SecureApp services are Ready
Signing into controller as admin for customer1
Authenticated admin for account customer1
Check if argent.enabled property is set on the account
Account properties are configured for Secure App
endpoints/onprem-proxy-server condition met
endpoints/onprem-proxy-server condition met
Tenant configured:
customer1
Account data has been configured in SecureApp
Auth service config has account dns name mappings configured
Account data has been configured in SecureApp
<ip-address> <SNI-host>
Authentication DNS entries for customer1 configured
Check if CONFIG_ARGENTO permission is set for the user
Check if VIEW_ARGENTO permission is set for the user
Permissions are set up for Secure App
SecureApp API is responding
Checking Auth for Agents in Account customer1 at IP <ip-address> with SNI host <SNI-host>
Agent Authentication succeeded
Feed Entries: 10376
Secureapp checks have passedTo confirm that a properly configured agent can authenticate to the Secure Application in the virtual appliance, run appdcli run secureapp checkAgentAuth:
appdcli run secureapp checkAgentAuthSample output:
Checking Auth for Agents in Account <account-name> at IP <ip-address> with SNI host <SNI-host>
Agent Authentication succeededTo confirm that a properly configured agent can fully report to Secure Application through the external ingress point for the virtual appliance, run
appdcli run secureapp startTestAgent:
appdcli run secureapp startTestAgentSample output:
$ appdcli run secureapp startTestAgent
Building dependency release=test-agent, chart=test-agent
Upgrading release=test-agent, chart=test-agent
Release "test-agent" has been upgraded. Happy Helming!
NAME: test-agent
LAST DEPLOYED: Fri Feb 14 18:40:13 2025
NAMESPACE: cisco-secureapp
STATUS: deployed
REVISION: 2
TEST SUITE: None
Listing releases matching ^test-agent$
test-agent cisco-secureapp 2 2025-02-14 18:40:13.174379865 +0000 UTC deployed test-agent-0.1.0 0.1.0
UPDATED RELEASES:
NAME NAMESPACE CHART VERSION DURATION
test-agent cisco-secureapp ./test-agent 0.1.0 14sTo confirm stop a test agent, run appdcli run secureapp stopTestAgent:
appdcli run secureapp stopTestAgentSample output:
$ appdcli run secureapp stopTestAgent
Listing releases matching ^test-agent$
test-agent cisco-secureapp 2 2025-02-14 18:40:13.174379865 +0000 UTC deployed test-agent-0.1.0 0.1.0
Deleting test-agent
release "test-agent" uninstalled
DELETED RELEASES:
NAME NAMESPACE DURATION
test-agent cisco-secureapp 0sTo look at version information, run appdcli run secureapp versions:
appdcli run secureapp versionsSample output:
$ appdcli run secureapp versions
k8s Client Version: v1.30.9 Server Version: v1.30.9
controller mysql: 8.4.3
auth-service mysql: 8.4.3
kafka: 3.8.0
controller: 25.1.0-10032-124
postgres: 15
redis: 5.2.7
taskfile: Task version: v3.39.2 (<hash>)For other troubleshooting steps, see Troubleshoot Virtual Appliance Issues.