Before you begin:

• Make sure the identity connector status appears as running.
• Enable remote debugging for an identity connector. See Enable or disable remote debugging for a connector.

📘

If an identity connector is unreachable or Remote Debugging is not enabled, the troubleshooting tools are not visible for an identity connector.

The identity connectors tab includes common networking tools that allow an administrator to troubleshoot connectivity issues between an identity connector and the directory it’s associated to. Each tool includes a field where administrators can enter information. A terminal window is also embedded in the ​SIA​ user interface to show query results.

Each tool in this table includes a field where administrators can enter information:

While Fiddler is not included as a utility in ​SIA​, you can also download this third-party tool to trace HTTP and HTTPS traffic issues. For more information, see Gather a Fiddler trace.

Run an identity connector troubleshooting utility

If there is a connectivity issue with an identity connector, you can run one of the diagnostic or troubleshooting tools to determine the issue. You can test connectors from the Identity Connectors page or from the list of identity connectors that’s associated to a directory. For more information about these troubleshooting tools, see Troubleshoot identity connector connectivity.

To run an identity connector troubleshooting utility:

1. To troubleshoot connectors that are associated with a specific directory:

   1. In the Threat Protection menu of Enterprise Center, select Identity & Users > Directories.

   2. Click the edit icon for the directory that has the connector connectivity issue.

   3. Click the Connectors tab.

2. To troubleshoot connectors from the Identity Connectors page, in the Threat Protection menu, select Clients & Connector > Access and Identity Connectors.

3. Go to the connector that you want to troubleshoot.

4. Click the stethoscope icon to open the diagnostic options. If the troubleshooting utilities do not appear, you may need to enable Remote Debugging. For more information, see Enable or disable remote debugging for a connector.

5. Select the utility you want to use: dig, Ping, TraceRoute, LFT, or cURL.

6. Enter the application hostname or IP address that you want to test in the provided field.

7. Click Run.

📘

When running these utilities, the terminal window may temporarily show a Pending status until the query or test is complete. When the query is complete, a SUCCESS message and information regarding the hostname appears in the terminal window.

Enable or disable remote debugging for a connector

To troubleshoot identity connector connectivity in ​SIA​, you need to enable remote debugging. Enabling remote debugging lets you run a troubleshoot utility.

To enable or disable remote debugging for a connector:

1. In the Threat Protection menu of Enterprise Center, select Client & Connectors > Access and Identity Connectors.

2. Hover over a connector and click the edit icon for an identity connector.

3. Enable the toggle for remote debugging.

4. Click the Save check mark icon.

You can perform a bulk action to enable or disable remote debugging for multiple identity connectors. These operations are available in the Enterprise Center user interface only:

Enable remote debugging for multiple identity connectors

To enable remote debugging for multiple identity connectors:

1. In the Threat Protection menu of Enterprise Center, select Client & Connectors > Access and Identity Connectors.

2. In the top menu, click the bulk action icon.

3. Click the bulk action icon and select Enable Remote Debugging from the menu.

4. Select the identity connectors that you want to enable with remote debugging.

5. Click Enable Remote Debugging.

Disable remote debugging for multiple identity connectors

To disable remote debugging for multiple identity connectors:

1. In the Threat Protection menu of Enterprise Center, select Client & Connectors > Access and Identity Connectors.

2. In the top menu, click the bulk action icon.

3. Click the bulk action icon and select Disable Remote Debugging from the menu.

4. Select the identity connectors that no longer require remote debugging.

5. Click Disable Remote Debugging.

Troubleshoot an unreachable identity connector

Identity connectors are reachable or connected, when a Connector is running message displays as a status. If a Connector is unreachable error message displays, the identity connector is unreachable or down.

The Connector is unreachable error message means that there are network problems that do not let the identity connector establish a connection to ​SIA​. Use these steps to resolve the problem:

To troubleshoot an unreachable identity connector:

1. Verify that the identity connector is on and that it has Internet access.

2. Make sure the VM is up and running.

3. Make sure the VM instance has network connectivity on port 443 to the Internet.

4. Check to see if the VM is reporting the correct IP address associated with the connector.

Gather a Fiddler trace

You can download and use Fiddler to capture HTTP/HTTPS traffic. Save the data as a log file. This data is useful for troubleshooting traffic issues.

To gather a Fiddler trace:

1. Download Fiddler and install it on your system.

2. Run Fiddler and go to Tools > Fiddler Options.

3. On the HTTPS page, verify that Capture HTTPS Connects is enabled.

4. Verify that Decrypt HTTPS traffic is enabled with the ...from all processes option.

5. Minimize Fiddler to your tray.

6. Replicate the reported issue.

7. In Fiddler, go to File > Save > All Sessions and save the archive to disk. This produces a file that you can archive and share with technical support.