This article describes troubleshooting practices that are applicable to various problem scenarios.
You can verify the microservice statuses on the status page, available at (replace
https://privx.example.com with the address of your PrivX server:
Some issues may be fixed by restarting the PrivX services. You can do this by running the following command on your PrivX servers:
# systemctl restart privx
If microservices report 502 errors, check the database connectivity. If running local DB server, make sure the pg_hba.conf on the PostgreSQL server allows PrivX servers to connect to the PrivX database with md5 authentication (PostgreSQL 9.2 - 9.6, on CentOS 7) or scram-sha-256 authentication (from PostgreSQL 10 onwards).
More information about the error may be provided by the microservice logs.
You can enable debug logging per microservice, as described in PrivX Log Settings.
By default, microservices log to
/var/log/privx/ as follows:
The logs are also visible on
More information about authentication issues may be found from syslog messages.
Since PrivX uses short-term certificates for user authentication, deviations in system times (minutes or more) will easily result in failing authentications. It is extremely important to synchronize the clocks between all the involved systems:
Hosts serving as connection endpoints.
We strongly recommend using authenticated NTP clock synchronization on all the involved systems.
You can request technical support and let us know about PrivX issues on the SSH Communications Security support site.
When submitting a support ticket, please include following details:
- Detailed description about the error:
- Causes: User actions and steps that caused the error, screenshot of the error, and/or details about the error message.
- Occurrence: Is the error reproducible? Has it worked before?
- Impact: Does it happen to a specific entity (user, connection, hosts, etc), or to multiple entities?
Related configurations in PrivX admin UI. For example if the error is regarding a user cannot connect to a host, take some screenshots of the host configuration, screenshots of user's details and roles
To generate troubleshooting data, run the following on your PrivX server:
# /opt/privx/scripts/troubleshoot.sh info
And attach the generated troubleshooting-data package to the support ticket. By default the package is generated to the current working directory, with the name:
If PrivX service is completed or partially down, please run the troubleshooting script and collect the data when the problem is happening.
Troubleshooting data may contain security critical data, and must be distributed with appropriate care.
By default, the troubleshooting script uses /tmp as the working folder. If
/tmp is not accessible or has limited usable space, you can specify a different working folder using the
To reduce the size of the troubleshooting data, you can use the
--log-since option to specify the number of days of logs to collect.
For additional usage instructions related to the troublehsooting script, you may run:
# /opt/privx/scripts/troubleshoot.sh -h
Updated 8 months ago