FAQ's HP Anyware Manager/Connector

• Unable to connect to myhost.cloudaccesslabs.com. Please enter a new name or IP address 

• The network connection has been losts

• This desktop has no sources available or it has timed out. Please try connecting to this desktop again later

Causes:

For a PCoIP session to successfully start, certain ports must be open for the PCoIP Client, PCoIP agent, PCoIP Connection Manger and PCoIP Security Gateway to communicate.

When the PCoIP client is connecting directly to the PCoIP Agent and is not being brokered, the following ports must be open:

• TCP port 443 (or TCP port 60443)
• TCP port 4172
• UDP port 4172, both receiving and sending on the agent from UDP port 4172 to any port number.
• TCP 443 to Teradici Cloud Licensing or TCP 7070 to the local license server

When connecting via PCoIP Connection Manager and PCoIP Security Gateway, the following ports must be open:

• Between the client and PCoIP Connection Manager
  • TCP port 443
• Between the client and PCoIP Security Gateway
  • TCP port 4172
  • UDP port 4172, both receiving and sending on the PCoIP Security Gateway
• Between the PCoIP Connection Manager and PCoIP Agent
  • TCP port 60443
• Between the PCoIP Security Gateway (connector_cmsg on the CAS Connector) and PCoIP Agent
  • TCP port 4172
  • UDP port 4172

Resolution:

Blocked TCP 443

If the client shows the error "Error: Unable to connect to myhost.cloudaccesslabs.com. Please enter a new name or IP address." when trying to connect to the PCoIP Connection Manager to directly to a host, it maybe because of 

1. Blocked TCP port 443
   During the installation process, the PCoIP Agent will open the required firewall ports in the Windows and Linux operating system default firewalls. If you are using Microsoft Windows, ensure the Windows Firewall service is running and re-install the PCoIP Agent. If you are using a 3rd party or non-default firewall ensure a rule is in to allow TCP port 443. 
2. Blocked TCP port 60443 (backup port on direct client to host connection)
   During the installation process, the PCoIP Agent will open the required firewall ports in the Windows and Linux operating system default firewalls. If you are using Microsoft Windows, ensure the Windows Firewall service is running and re-install the PCoIP Agent. If you are using a 3rd party or non-default firewall ensure a rule is in to allow TCP port 60443. TCP port 60443 may be used as an alternative to TCP port 443 if another application requires TCP port 443.
3. Fully qualified domain name cannot be resolved by DNS.
   Test DNS resolution in your operating system and confirm the fully qualified domain name resolves to the IP address. You can also try connecting via IP address.

Reference Link:  Troubleshooting-pcoip-session-connection-issues

Broker failed to allocate the resource

Cause:

Broker failed to allocate the resource is a timeout error when broker fails to connect. The Broker is not able to reach the agent. Reasons for the error include:

1. Unknown/expired JSESSIONID
2. One or more required ports are blocked; TCP 443, 60443, 4172 and UDP 4172.
3. The trusted storage on Agent become corrupted. "This version of trusted storage is not supported."
4. Other

Resolution:

1. Unknown/expired JSESSIONID

Review the broker logs under var/log.anyware-connector for the "Session-Log-ID found:" message that occurs before the (6606) error.

Load Balancer Issue:

• Ensure the load balancer determines CM and client connect based on jsessionid.
• If the load balancer round robins IPs based on time, a user that is mid-session establishment during the switch would be impacted by this. You could lengthen the round robin time, or remove it entirely.
• See How to configure a Load Balancer for the HP Anyware Connector.

2. One or more required ports are blocked; TCP 443, 60443, 4172 and UDP 4172.
 

The following Ports are required for the HP Anyware. Make sure these ports are not blocked.

3. The trusted storage on Agent become corrupted. "This version of trusted storage is not supported."

Review the PCoIP Agent logs on the host for entries similar to:
AGENT :Failed to start the Agent:  Failed to add FNE trial license source: [1,7E3,4,0[70000027,0,5002E]]  This version of trusted storage is not supported.

It means the local trusted storage has become corrupted.

1. Delete the contents of C:\ProgramData\Teradici\PCoIPAgent\licensing\5 in Windows, or /var/lib/pcoip-agent/licensing/5 (requires root permissions) in Linux.
2. Restart the appropriate agent service (PCoIP Graphics Agent or PCoIP Standard Agent on Windows, or pcoip-agent on Linux)
3. If using HP Anyware Cloud Licensing (not using a local license server), re-register the host.

Other Reasons

1. Please ensure that you are using the latest version of Client and Agent.
2. If possible, try to establish a direct connection without using a broker, this will help us to find out if broker is the reason for the issue.
3. If you still see the issue, open a support ticket from our support site, https://help.teradici.com/s/contactsupport

Reference Link: Error-broker-failed-to-allocate-the-resource

Communication to domain controller is not successful

Below reference link provides some know specific sources of failures, how to determine if it's that specific failure and if there's any known resolutions relating to the Cloud Access Connector Broker.

HP Anyware Manager logs can be found under:  
/var/log/cloud-access-connector  
https://www.teradici.com/web-help/pcoip_cloud_access_manager/CACv2/troubleshooting/troubleshooting_logs/

Reference link:  Cloud-access-connector-broker-error-codes

Password Complexity not met. More secure passwords typically have a combination of upper and lower case characters, digits and symbols 

We need to update the password when it expires or needs to be updated through the client, ensuring it meets the password complexity requirements specified by the domain policy

FAQ's - HP Anyware Manager

General

Anyware Manager is a HP management plane enabling users to configure, manage and monitor brokering of remote workstations. Anyware Manager enables highly-scalable and cost-effective Anyware Software deployments by managing cloud compute costs by brokering PCoIP connections to remote workstations, see Anyware Software for supported hosts.

Anyware Manager is offered in 2 variants – as an HP managed Service, and as an installable instance deployed and managed by the users in their on-premises or cloud environments.

Health Checks

1. Client Health Check - Diagnostics and troubleshooting guide
2. Host Health Check - Diagnostics and troubleshooting guide

Troubleshooting  

You are not entitled to any resource on this domain. Please enter another domain or ask your system administrator to assign a resource to you

If you are having difficulties connecting a PCoIP client to a remote host and are receiving a 4 digit error code, the following table will provide suggested next steps.  If you don't see the error code in the table below, open a cases with HP Anyware Global Support Services and provide both the Host and client logs.  

Reference Link: what-do-the-pcoip-session-4-digit-error-codes-mean-when-experience-issues-connecting

 
Installation Error

<TBD>

Login issues

Password Configuration

You need to configure a password to install Anyware Manager instance on your system. The password adds a layer of protection to the system and is required when accessing the Web Admin Console. To meet the security standards, the password should be 8 characters in length with minimum 1 uppercase, 1 lowercase, 1 number and 1 special character.

Password Special Character

The % character and whitespaces are not supported.

Anyware manager installer requires Web Admin password and prompts for it, if this behavior is not preferred the password could be passed to the install command using:

--manager-admin-password

In case you forget the password, you can reset it using the following flag with the configure command:

--reset-admin-password

Password File

The /opt/teradici/casm/temp-creds.txt file that has the ability to store Anyware Manager password is not created any more by the installer. If you forget your password, you need to reset it using the --reset-admin-password flag.

To retrieve the password, execute the following shell command:

#!/bin/bash
    #set -ex
    VAULT_ADDR=https://127.0.0.1:8200
    VAULT_TAR_FILE=casm-vault.tar.gz
    VAULT_BACKUP_DIR=casm-vault
    VAULT_LOGS_DIR=/opt/teradici/casm/vault/logs
    VAULT_TAR_FULL_PATH=$VAULT_LOGS_DIR/$VAULT_TAR_FILE
    VAULT_TOKEN=`/usr/local/bin/kubectl get secrets/vault-secret --template={{.data.roottoken}} | base64 -d | xargs printf "%s\n"`
    VAULT_PATH=secret/
    VAULT_CONTAINER_PATH=/vault
    # This is the way to get it if we want to get it dynamically
    #VAULT_PATH=`/usr/local/bin/kubectl get secrets/app --template={{.data.VAULT_SECRET_PATH}} | base64 -d | xargs printf "%s\n"`
       # Get all keys from vault and dump them into files
       /usr/local/bin/kubectl exec deploy/vault -- sh -c "$( cat <<EOF
    #!/bin/sh
    set -e
    export VAULT_ADDR=$VAULT_ADDR
    export VAULT_SKIP_VERIFY=true
    vault login $VAULT_TOKEN > /dev/null
    [ -d "$VAULT_BACKUP_DIR" ] && rm -rf $VAULT_BACKUP_DIR
    mkdir $VAULT_BACKUP_DIR
    for key in \$( vault kv list $VAULT_PATH | tail +3  ); do
    vault kv get -format=json -field=data  $VAULT_PATH\$key | grep password
    done
    EOF
    )"

Reference admin guide link:

https://www.teradici.com/web-help/anyware_manager/current/anyware_manager/awm_default_installation/#password-configuration

Add additional admins

The following section outlines the steps to setup and configure SAML for Anyware Manager using the Anyware Manager Admin Console:

1. From the account icon click Multi Admin Settings to create a new multi-admin configuration.
2. Register Anyware Manager as a SP with your IDP. You can obtain the Assertion Consumer Service URL and Audience URL from the Configuration Info section. This information should be used to configure your IDP to recognize Anyware Manager as a SP.
3. Configure Anyware Manager to be able to connect to your IDP. Obtain the Identity Provider Login URL and Identity Provider Certificate from your IDP and configure the IDP Settings section accordingly. Alternatively you can also upload an IDP XML Metadata file in the IDP Settings section.
4. Enable Multi-Admin configuration to use configured IDP. Make sure that your configuration is enabled by toggling the switch at the bottom of the Configuration Info section and confirm that you see the Configuration is enabled message.
5. Configure Anyware Manager Assertion Attributes:
   • To allow individual user as admin, go to the Allowed Admins section and add the UPN associated to that user. Anyware Manager validates the UPN against the NameId SAML assertion attribute in the SAML response received from the IDP.
   • To allow user groups. Go to the Allowed Groups section and configure the Group Attributes accordingly. This configures Anyware Manager to validate the Group Name and/or Group ID SAML attribute assertions in the SAML response received from the IDP.
   • You can configure either Allowed Admins or Allowed Groups or both in the Multi-Admin Settings.
6. Allowed users can now access Anyware Manager by opening the Anyware Manager login page URL which is available in the Configuration Info section. Alternatively, users can also directly login via the IDP using the Direct login via identity provider URL also available on the Configuration Info section.

Reference admin guide link:

https://www.teradici.com/web-help/anyware_manager/current/anyware_manager/admin_console/awm_saml_configuration/#configure-anyware-manager-as-a-saml-service-provider-to-enable-multi-admin