Home
CERT+
Automate certificate lifecycle management including issuance, discovery, renewal, and deployment, across public and private trust CAs. Assess, prioritize, and plan your migration to quantum-safe encryption with the Quantum Trust Hub add-on module.
CERT+ Troubleshooting Guide
Troubleshooting AWS, CLOUD
Troubleshooting Azure Cloud

CERT+
Automate certificate lifecycle management including issuance, discovery, renewal, and deployment, across public and private trust CAs. Assess, prioritize, and plan your migration to quantum-safe encryption with the Quantum Trust Hub add-on module.
PKI+
Provision, govern and scale private trust certificates with a Post Quantum ready cloud based Enterprise PKI-as-a-Service.
SIGN+
Secure software, firmware, and containers with a comprehensive enterprise code signing solution.
SSH+
Control SSH access and key rotation at scale with an SSH key lifecycle management solution.
KUBE+
Unify DevOps and Security teams by managing certificates with a Kubernetes-native certificate lifecycle management solution.
DDI+
Manage domain registration, renewal, decommissioning, and other security controls with an end-to-end domain lifecycle management solution.
ADC+
Automate and orchestrate application delivery infrastructure at scale with an ADC lifecycle automation platform.
Platform
Manage policy and automation across all of the products and modules in the AVX ONE platform.
AppViewX Setup
Get detailed instructions for setting up AVX ONE in on-premises or SaaS deployments.
Release Artifacts
Review new features, fixes, and security advisories with official AppViewX release documentation.

Troubleshooting Azure Cloud

This section helps you troubleshoot the common problems that you might encounter when using certificate functionalities. This guide will give more troubleshooting processes on cloud addition, deletion, push, bind, rollback, and other actions associated with Azure cloud.

Supported Web Browsers


Browser	Version	Notes
Firefox	Till latest (Version 84.0.4147.135)	NA
Chrome	Till latest (Version 80.0)	NA
IE	Limited support in 9, Full support from 10+	No support for IE9 post-AppViewX Version 11.0
Safari	Till latest (Windows - Version 5.1.7, macOS - Version 13.1.2)	From AppViewX Version 11.1
Opera	Till latest (Version 70)	From AppViewX Version 11.1

Supported Devices


Device	OS	Resolution
Desktop	Windows	1024 X 768 onwards, 1366x768, 1920x1080, Higher
Desktop	Linux	1024 X 768 onwards, 1366x768, 1920x1080, Higher
Desktop	Mac	1024 X 768 onwards, 1366x768, 1920x1080, Higher
iPad	iOS	1024 X 768

Issues in Azure Cloud Addition using AppViewX GUI

Table 1. Error messages and resolutions
Error Message	Possible Cause	Possible Solution
Cloud account already exists.	A Cloud Account with the same name exists in inventory.	Check the Account name, it should be unique.
Details incorrect	Some of the mandatory fields might be missing or might be invalid.	Add all the valid information in the mandatory section.

Issues in Communicating to Azure Cloud

Table 2. Error messages and resolutions
Error Message	Possible Cause	Possible Solution
Device name cannot be null or empty.	Device name is empty.	Provide device name as it is a mandatory field.
Invalid device name.	Device Name is not valid.	The Device name can only contain alphanumeric characters, '-' , '_' , '.' , '*' , '\|' , '!' and spaces.
Authentication to the Azure cloud inventory is Failed	Subscription ID, Tenant ID Client ID and Client secret of the Azure cloud account are incorrect. Check each of the provided ID is valid and active.	Login to Azure portal and get all the valid IDs.
Found 0 Key vault services	No Keyvault instances running for the provided Subscription ID.	Login to Azure portal and check if the Subscription ID has required permission to access the Keyvault instances.
Found 0 Application Gateway services	No Application Gateway instances running for the provided Subscription ID.	Login to Azure portal and check if the Subscription ID has required permission to access the Application Gateway instances.
Found 0 Virtual machine services	No Virtual Machine instances running for the provided Subscription ID.	Login to Azure portal and check if the Subscription ID has required permission to access the Virtual machine instances.

Issues in Accessing Azure Cloud

Access Issues might be reproduced when communicating with Azure cloud account, while discovering or fetching the services. These errors can be collected either from logs, API responses, or in the status field for that particular server.

Table 3. Error messages and resolutions
Error Message	Possible Cause	Possible Solution
Connection timeout	Internet / Proxy connection is not provided from the AppViewX node. Firewall settings blocking the REST API request.	Login to AppViewX portal and provide proxy details in Menu->Settings->General->Proxy and Check Firewall settings.
No Keyvault instances are discovered	Subscription ID doesn't have an appropriate role to access the Azure services.	Check if the following role is assigned for the provided subscription ID in Azure cloud account. { "properties": { "roleName": "AppViewX_KeyVault_Role", "description": "", "assignableScopes": [ "/subscriptions/f2689969- 42f6-4fb5-b3be-e3a02e33751c" ], "permissions": [ { "actions": [ "Microsoft.KeyVault/vaults/read" ], "notActions": [ ], "dataActions": [ "Microsoft.KeyVault/vaults/certificates/import/action", "Microsoft.KeyVault/vaults/certificates/create/action", "Microsoft.KeyVault/vaults/certificates/update/action", "Microsoft.KeyVault/vaults/certificates/read" ], "notDataActions": [ ] } ] }}
No Keyvault instances are discovered	Azure Keyvault doesn’t have certificate Get/List permissions in access policies.	Login to Azure portal and navigate to Azure KeyVault -> Access policies and check if the Certificate management Operations has Get and List permissions.
No Keyvault instances are discovered	Azure Keyvault Networking blocking the certificate discovery.	Login to Azure portal and navigate to Azure KeyVault -> Networking and check if the If IP is allowed to access the Keyvault in Firewalls and virtual networks.

Issues in Managed Cloud

Table 4. Error messages and resolutions
Error Message	Possible Cause	Possible Solution
The selected devices are managed. The operation cannot be performed.	Device cannot be managed because it is already in the managed state.	Unmanage the device(s) in the managed state before performing action.
Device with inprogress status cannot be updated	Update action cannot be performed on a device in an in-progress state.	Wait for the device to be resolved to a state before performing action.

Issues in Unmanaged Cloud

Table 5. Error messages and resolutions
Error Message	Possible Cause	Possible Solution
The selected devices are already unmanaged. The operation cannot be performed.	Device cannot be unmanaged because it is already in the unmanaged state.	Manage the device(s) in an unmanaged state before performing action.
Fetch config not allowed for Unmanaged devices	Fetch config operation is only allowed on the devices which are in managed state.	Manage the device(s) in an unmanaged/in-progress state before performing action.
Device with inprogress status cannot be updated	Update action cannot be performed on a device in an in-progress state.	Wait for the device to be resolved to a state before performing action.

Issues in Fetch Config

Table 6. Error messages and resolutions
Error Message	Possible Cause	Possible Solution
Authentication to the Azure cloud inventory is Failed	Subscription ID, Tenant ID Client ID and Client secret of the azure cloud account is incorrect.	Login to Azure portal and get all the valid IDs. Check if each of the provided ID is valid and active.

Issues in Certificate Discovery

Table 7. Error messages and resolutions
Error Message	Possible Cause	Possible Solution
Please provide information as required	Discovery name not given or length is less than 2 characters. Interval between batches info. is missing when execution type is sequential.	Enter a valid name with a minimum of 2 characters. Provide a time interval between batches in minutes.
Please select a devices	No cloud account is selected in the “Discover By” section.	Select at least one device to discover certificates from.
Discovery Status Failed	Check internet /Proxy connection is provided in AppViewX node.	Login to AppViewX portal and provide proxy details in Menu->Settings->General->Proxy.
No Certificates discovered from Azure KeyVault	Keyvault instance is not discovered from Azure cloud account.	Check device status in device addition page for Azure keyvault, if we have a Keyvault instance discovered count.
No Certificates discovered from Azure KeyVault	Azure Keyvault doesn’t have certificate Get/List permissions in access policies	Login to azure portal and navigate to Azure KeyVault -> Access policies and check the Certificate management Operations having Get and List permissions (refer below snapshot)
No Certificates discovered from Azure KeyVault	Azure Keyvault Networking blocking the certificate discovery	Login to Azure portal and navigate to Azure KeyVault -> Networking and check the Firewalls and virtual networks If IP is allowed to access the Keyvault. (refer below snapshot)

Issues in Certificate Import

Table 8. Error messages
Error Message	Possible Cause	Possible Solution
Unable to initiate request.	Pushing to device when certificate is unavailable, i.e, in a new state. Previous work order is in progress and not completed. AppConnector might not be in sync.	Push to device after certificate has been retrieved from CA. Initiate push after previous work order is finished. Synchronize the AppConnector and retry.
Unable to initiate request, template is in disabled state	Given workflow is not in the enabled state.	Enable the push/rollback workflow from the Workflow section.
User is not authorized	User does not have required permissions to push to the device.	Retry after getting the access for required action.
Private key content is unavailable.	Private key content is not available for the certificate.	Private key is mandatory for the certificate to be pushed.
Application connector(s) not found	Application connector info was not found.	Provide the correct connectorId if not pushing using AppViewX UI.
Request associated with the application connector is in progress	Previous work order is in progress and not completed.	Initiate this request after the previous work order is finished.
Certificate not found.	Pushing to device when certificate is unavailable, i.e, in a new state.	Push to device after certificate has been retrieved from CA.
Certificate push failed. Error is, jdk.nashorn.internal.runtime.Undefined	Private key content is not available for the certificate.	Private key is mandatory for the certificate to be pushed.
Certificate push failed	Check internet /Proxy connection is provided in AppViewX node.	Login to AppViewX portal and provide proxy details in Menu->Settings->General->Proxy.
`{"code":"Forbidden","message":"The user, group or application 'appid=d6dde692-94d9-4a9c-8bd4-77782d22b0ef;oid=669e113f-0651-4bb5-9698-cd4e863e1ee9;numgroups=0;iss=https://sts.windows.net/e5f90d85-3cdf-457d-a611-1aca82b0843b/' does not have Certificates import permission on key vault 'keyvault-type-1;location=eastus'. For help resolving this issue, please see https://go.microsoft.com/fwlink/?linkid=2125287","innererror":{"code":"ForbiddenByPolicy"}}`	Azure Keyvault instance doesn’t have certificate Import permissions in access policies.	Login to Azure portal and navigate to Azure KeyVault -> Access policies and check the Certificate management Operations having Import permission.
`{"code":"Forbidden","message":"Client address is not authorized and caller is not a trusted service.\r\nClient address: 125.21.72.158\r\nCaller: appid=d6dde692-94d9-4a9c-8bd4-77782d22b0ef;oid=669e113f-0651-4bb5-9698-cd4e863e1ee9;iss=https://sts.windows.net/e5f90d85-3cdf-457d-a611-1aca82b0843b/\r\nVault: keyvault-type-2;location=eastus","innererror":{"code":"ForbiddenByFirewall"}}`	Azure Keyvault Network blocking the Certificate Push.	Login to Azure portal and navigate to Azure KeyVault -> Networking and check the Firewalls and virtual networks if IP is allowed to access the Keyvault.

AppViewX