Perform the following actions to troubleshoot connectivity issues between the NES and the User Terminal.
Review the IIS log files
When the IIS server receives requests from a client the entries appear in the IIS log file, located in C:\inetpub\wwwroot\logs
For example, when the User Terminal requires NEA certificates, the User Terminal(10.0.10.202) contacts the NES server(10.0.4.242) over port 80/443 by default, to request the ability to securely communicate with the NES server by using a token.
This request generates three log file entries:
The first entries displays a status code of 307, which indicates a temporary redirect.
2022-04-11 16:37:18 10.0.4.242 GET /nes_332/api/NegotiateLoginWithToken - 443 - 10.0.10.202 Nymi+Client/1.0 - 307 0 0 5247
The second entries displays a status code of 401, which indicates that access is denied.
2022-04-11 16:37:19 10.0.4.242 GET /nes_332_AS/api/NegotiateLoginWithToken - 443 - 10.0.10.202 Nymi+Client/1.0 - 401 0 0 1326
The third entries displays a status code of 200, which indicates that the client request succeeded:
2022-04-11 16:37:19 10.0.4.242 GET /nes_332_AS/api/NegotiateLoginWithToken - 443 - 10.0.10.202 Nymi+Client/1.0 - 200 0 0 303
If none of these entries appear, or the third entry does not appear, it indicates that there is a connectivity issues between the client and NES server. Proceed to Use netsh to trace communications
Use netsh to trace communications
Use the netsh trace command to capture communication activities between the user terminal and the NES server, while performing the action that fails.
For example, to troubleshoot the issue where a user terminal cannot retrieve NEA certificates from NES, perform the following steps:
- On the NES server, open up a command prompt as administrator, and then type:
netsh trace start capture=yes tracefile=.\capture_server.etl scenario=internetserver
- On the user terminal, open up a command prompt as administrator, and then type:
netsh trace start capture=yes tracefile=.\capture_client.etl scenario=internetclient
- Delete all the files in the C:\Windows\System32\config\systemprofile\AppData\Roaming\Nymi\NSL\<randomstring>\ksp directory
- Restart the EAM Security Services service.
- Wait about a minute and then from the command prompt on both the user terminal and the NES server, type:
netsh trace stopThe netsh command records the command line output into the filename that you specified with the tracefile option in the current directory.
- Optional, to convert the output file to a text file, type the following command:
netsh trace convert input=filename.etlThe command creates a text file with the same name as the .etl file in the current directory.
- Analyze the output to determine the commuication path between components.