Guides
ProductDeveloper
Guides
ProductDeveloper

Troubleshoot Virtual Appliances

Table of Contents

Reset a Virtual Appliance's Password

If you forget a virtual appliance's (VA’s) password, you can reset it through the Sites and Active Directory page.

  1. Navigate to Deployments > Configuration > Sites and Active Directories.
  2. Hover over a VA listing and click the Reset Password icon.
    Note: The Reset Password icon only appears when you hover over a VA listing.
  3. Click Reset to confirm that you want Umbrella to generate a new password for the VA.
    Note: It can take up to 15 minutes for the password to be reset.
  4. Click Download to retrieve the reset password.
1083

Umbrella lists a new password in the Virtual Appliance Components section of the Download Components modal.

459

Use Configuration Mode to Troubleshoot

The virtual appliance (VA) allows basic troubleshooting commands to be executed using the Configuration Mode. See Virtual Appliance Commands for a complete list of commands supported by the VA.

  1. To enter the Configuration Mode, on the VA console, press Ctrl+B.
    You can also enter the Configuration Mode by initiating an SSH connection to the VA.
1592
  1. To view a list of supported commands in the restricted shell, enter help.
  2. To return to the VA console, type exit.

If the VA console crashes, the VA automatically enters the restricted shell. In this case, contact support by raising a support ticket after enabling the debug session. For more information on how to enable the debug session, see Establish a Debug Session on the VA.

Establish a Debug Session on the VA

If you have raised a support ticket with Umbrella for any VA-related issues, you need to enable the debug user login on the Umbrella VA, using the vmuser enable command. After enabling the debug user login, run the vmuser show command to view the Passphrase. You have to share this Passphrase with the Cisco support team.

Here is a sample output of the config vmuser show command:

$ config vmuser show

VMuser debugging is :- ENABLED

Expires :- Wed Jun 14 15:47:04 2023

Passphrase :- ZEQ37NZJ

Note: The debugging on the VA is conducted by the Cisco support team.

After the issue is resolved, you can disable the debug user login by running the following command:

$ config vmuser disable

Vmuser access disabled

Troubleshoot DNS Resolution in Configuration Mode

The 'nslookup' command can be used to test DNS queries on the VA. This test reflects how a users' DNS lookups will be answered and is subject to internal domains routing and other processing on the VA.

You can specify a server IP address as a parameter for nslookup. This is useful for testing a Local DNS server or the Umbrella cloud directly. These tests bypass the VA software.

Troubleshoot Egress Network Connectivity From VA

The "config va status" command can be used to run the VA connectivity test.

The VA connectivity test includes tests for connectivity with Cloud endpoints, DNS resolver, Local DNS Servers, and upgrades.

Sample status output from this test includes:

thisdnsv4 : This DNS Server : DNS ok (green)

...

localdns : Local DNS Servers : Unconfigured (yellow)  

dns : Umbrella DNS Servers : All DNS ok (green)  

... 

dnscrypt : DNScrypt Encryption : All DNScrypt ok (green)  

...  

ad : AD Connector : Unknown (white)  

cloud : Umbrella Cloud : SSL ok (green)  

...  

updates : Updates : SSL GET ok (green)  

...

ssh : Support Tunnel : Disabled (white)

If any of the tests above indicate connectivity problems, please re-check Virtual Appliance Prerequisites.


SNMP Monitoring < Troubleshoot Virtual Appliances > Other Configurations

Updated 4 days ago