Troubleshooting

1. Global catalog validation fails in AppViewX GUI
Description	When an invalid ACME endpoint URL is provided in Posh-ACME, it will result in the following error.
Error	Validation fails in GUI.
Troubleshooting	Check if CC is up and running. Ensure that the service account’s full name is the same as the login name as mentioned in the section.
2. CA Certificate not trusted in the windows domain machines
Description	This error occurs when the issuer certificate of the bound certificate with CC is not trusted by the Windows domain machines.
Error	ERROR_WINHTTP_SECURE_INVALID_CA 12045
Troubleshooting	Ensure that both the issuing certificate authority (CA) certificate and the root CA certificate are added to the appropriate trust stores on each end machine. To implement trust at the domain level, see Point 6 within Section, System Requirements and Service Account Configuration .
3. Error when retrieving policy in windows domain machines
Description	This error occurs when there is a connectivity issue between the CEP and end machines.
Error	ErrorAn error occurred while obtaining certificate enrollment policy. URL: https://cepces.axxwaep.net/ADPolicyProvider_CEP_Kerberos/service.svc/CEP Error: The operation did not complete within the time allotted. 0x803d0006 (-2143485946)WS_E_OPERATION_TIMED_OUT
Troubleshooting	Check that the CEP server's certificate is valid. [IIS manager > Sites > Default site > Right click Edit bindings > check if the cert bound with 443 is valid]. If it's not, replace it with a valid one. Make sure the certificate's issuer is trusted by the domain machines. Ensure that the CEP server hostname is resolved to the correct IP address from the end machine.
4. An error occurred while enrolling for a certificate. The certificate request could not be submitted to the certification authority.
Description	The error has occurred because either a firewall is interrupting the connection between the CC and the end machine, or a network device is filtering and preventing the certificate data from reaching its destination.
Error	Error: An error occurred while enrolling for a certificate. The certificate request could not be submitted to the certification authority. URL: https://testDomain:30020/avxapi/msproxy/simpleenroll Error: The operation did not complete within the time allotted. 0x803d0006 (-2143485946) WS_E_OPERATION_TIMED_OUT
Troubleshooting	Enable outbound traffic from domain machines to the Cloud Connector (CC) or AppViewX server on port 30020 for SaaS deployments and 31443 for on-premises deployments. If a certificate is enrolled in the AppViewX GUI but not received by the Windows machine, verify that no network devices are blocking the certificate content.

1. Global catalog validation fails in AppViewX GUI

Description

When an invalid ACME endpoint URL is provided in Posh-ACME, it will result in the following error.

Error

Validation fails in GUI.

Troubleshooting

Check if CC is up and running.
Ensure that the service account’s full name is the same as the login name as mentioned in the section.

2. CA Certificate not trusted in the windows domain machines

Description

This error occurs when the issuer certificate of the bound certificate with CC is not trusted by the Windows domain machines.

Error

ERROR_WINHTTP_SECURE_INVALID_CA

12045

Troubleshooting

Ensure that both the issuing certificate authority (CA) certificate and the root CA certificate are added to the appropriate trust stores on each end machine. To implement trust at the domain level, see Point 6 within Section, System Requirements and Service Account Configuration .

3. Error when retrieving policy in windows domain machines

Description

This error occurs when there is a connectivity issue between the CEP and end machines.

Error

ErrorAn error occurred while obtaining certificate enrollment policy.

URL: https://cepces.axxwaep.net/ADPolicyProvider_CEP_Kerberos/service.svc/CEP

Error: The operation did not complete within the time allotted.

0x803d0006 (-2143485946)WS_E_OPERATION_TIMED_OUT

Troubleshooting

Check that the CEP server's certificate is valid. [IIS manager > Sites > Default site > Right click Edit bindings > check if the cert bound with 443 is valid]. If it's not, replace it with a valid one. Make sure the certificate's issuer is trusted by the domain machines.
Ensure that the CEP server hostname is resolved to the correct IP address from the end machine.

4. An error occurred while enrolling for a certificate.

The certificate request could not be submitted to the certification authority.

Description

The error has occurred because either a firewall is interrupting the connection between the CC and the end machine, or a network device is filtering and preventing the certificate data from reaching its destination.

Error

Error: An error occurred while enrolling for a certificate.

The certificate request could not be submitted to the certification authority.

URL: https://testDomain:30020/avxapi/msproxy/simpleenroll

Error: The operation did not complete within the time allotted.

0x803d0006 (-2143485946) WS_E_OPERATION_TIMED_OUT

Troubleshooting

Enable outbound traffic from domain machines to the Cloud Connector (CC) or AppViewX server on port 30020 for SaaS deployments and 31443 for on-premises deployments.
If a certificate is enrolled in the AppViewX GUI but not received by the Windows machine, verify that no network devices are blocking the certificate content.

Troubleshooting

General Errors