Reachability issues

Typically, a managed asset is listed on the Assets page (State column) in one of the following connectivity states - Reachable, Unreachable, and Suspended. Assets are mostly reachable unless they are shut down, or their outbound connectivity is disabled on purpose. At times, you may see that the asset is Suspended indefinitely or for a long duration. 

This topic lists some of the causes and solutions for reachability issues (State = Suspended)

We recommend that you enable Workload status alerts to receive alerts when managed workloads lose connectivity and regain connectivity with the instance.

Agent services have stopped

Cause Solution

Agent services are not running on the asset.

Start the agent services on the asset.

  • On Linux assets - Run the sudo ct-lgm-util start all command.

  • On macOS assets - Run the sudo ct-lgm-util start all command.

  • On Windows assets - Go to Task Manager, click Services tab, right-click colortokens-lgm.mtoken and click Start.

No connectivity to Enterprise DNS servers

Cause Solution

Asset has lost connectivity to the Enterprise DNS server (s)

  1. Run the nslookup <FQDN of the instance> command on Windows or Linux assets. Run the dig <FQDN of the instance> command on macOS assets. The FQDN of the instance is the Server name or Address listed on the Settings > Agent Download > View Installation Details page. For example, https://customer-poc.spectrum.colortokens.com.

  2. Check the  mtoken*.log file (agent log file) for information about DNS resolution-related issues (error messages such as FQDN update getaddrinfo: failed No such host is known). Make the necessary changes to your DNS setup. For example, add a hosts file entry in the asset.

  3. For workload assets that are moved being moved from the Observe mode to the Enforce mode, check if Xshield rules to the DNS servers exist, and add the necessary rules and enforce them.

    For user assets with third-party Security solutions, check the third-party logs and add the rules for the DNS servers.

No connectivity to the Xshield instance

Cause Solution

Recent changes made to the Enterprise firewall are blocking connectivity to Xshield or other routing issues.

  1. Check the Enterprise firewall logs and allow outbound connectivity on HTTPS on port 443 to the Xshield instance.

  2. Check the mtoken*.log file for information about connectivity issues and fix the issues.

Expected outcome

Assets are constantly reachable to the instance unless they are shut down, or their outbound connectivity is disabled on purpose. If you face issues that are not listed in this topic or if the solutions in the topic did not help you fix the issue, use the Logcollect utility to collect logs from the asset, and contact ColorTokens Customer Support.

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.