Troubleshooting
This appendix describes troubleshooting techniques you can use to respond to errors and performance conditions when using the Scanner Appliance.
How can I Test Network Connectivity?
Use a Laptop. It is recommended that you test network connectivity to the Qualys Enterprise TruRisk™ Platform using your laptop (or other device):
- Take the laptop to the location where the Scanner Appliance is installed and connect the laptop to the network, using the same network cable and port that is used for the Appliance.
- Configure the laptop with the same network configuration that the Scanner Appliance is use (IP address, gateway, DNS server, and so on).
- If the connection to the Qualys Enterprise TruRisk™ Platform must pass through a proxy server, configure the laptop’s web browser with proxy information.
- Open a browser and try to log into your Qualys account. The Qualys Log In page is displayed after a successful connection is made to the Qualys Enterprise TruRisk™ Platform.
Test DNS Name Resolution. You can test DNS name resolution from any machine connected to the same network as your Scanner Appliance. If DNS name resolution is working properly, server information is returned including the server name and IP address. (Note that nslookup is not available on all systems.)
Communication Failure Message
You get a COMMUNICATION FAILURE message if there is a network communications breakdown between the Scanner Appliance and the Qualys Enterprise TruRisk™ Platform.
Why does it happen?
The communication failure may be due to one of these reasons: the network cable was unplugged from the Scanner Appliance, the local network goes down, or any of the network devices between the Scanner Appliance and the Qualys Enterprise TruRisk™ Platform goes down.
When does the message appear?
If there are no scans running on the Appliance - The next time the Appliance sends a polling request to the Qualys Enterprise TruRisk™ Platform, the polling request fails, and then the COMMUNICATION FAILURE message displays.
If there are scans running on the Appliance - The COMMUNICATION FAILURE message displays after the running scans time out. Usually the S1 LED turns off after the scans time out. If this message displays, it is recommended that you use the Qualys user interface to cancel any running scans and restart them to ensure that results are accurate.
How do I know the issue is resolved?
After the root cause is resolved, you get the COMMUNICATION FAILURE message until the next time the Appliance makes a successful polling request to the Qualys Enterprise TruRisk™ Platform. Then you get the Appliance’s IP address - friendly name and you can start scanning using your Appliance.
The COMMUNICATION FAILURE message may not disappear right away. There may be a lag time after the network is restored and before the Appliance is back online, depending on when the next polling request is scheduled. Additional time is necessary for communications to be processed by a Proxy server if the Appliance has a Proxy configuration.
Appliance Network Errors
An appliance network error indicates the Scanner Appliance attempted to connect to the Qualys Enterprise TruRisk™ Platform and failed.
The Scanner Appliance is not functional until all errors are resolved. Make sure to resolve the error.
| Error | Solution |
|---|---|
|
LAN/WAN Errors |
|
|
no CARRIER on LAN interface |
This error displays when attempting to configure proxy or personalization while the LAN network cable/port is disconnected. Check that the LAN port is connected. |
|
no CARRIER on WAN interface |
This error displays when attempting to configure proxy or personalization while the WAN network cable/port is disconnected. Check that the WAN port is connected. |
|
LAN has no IPv4 address |
Check that the LAN cable/port is connected. If configuring LAN for DHCP-IP assignment, make sure the DHCP server is accessible and functional. |
|
WAN has no IPv4 address |
Check that the WAN cable/port is connected. If configuring WAN for DHCP-IP assignment, make sure the DHCP server is accessible and functional. |
|
LAN has no DNS servers |
Check that the LAN interface has valid DNS servers configured. |
|
WAN has no DNS servers |
Check that the WAN interface has valid DNS servers configured. |
|
LAN DNS can’t resolve QG URL |
Ensure the LAN’s configured DNS servers can resolve the Qualys Platform URL. Refer to www.qualys.com/platform-identification/ for platform URLs. |
|
WAN DNS can’t resolve QG URL |
Ensure the WAN’s configured DNS servers can resolve the Qualys Platform URL. Refer to www.qualys.com/platform-identification/ for platform URLs. |
|
Invalid LAN IP configuration |
Ensure a valid IP address is assigned to the LAN interface. |
|
Invalid WAN IP configuration |
Ensure a valid IP address is assigned to the WAN interface. |
|
LAN DNS can’t resolve proxy |
Ensure LAN DNS server(s) can resolve the scanner’s configured proxy hostname. |
|
WAN DNS can’t resolve proxy |
Ensure WAN DNS server(s) can resolve the scanner’s configured proxy hostname. |
|
LAN DHCP lease has no gateway |
Ensure DHCP server is assigning a valid gateway for LAN interface. |
|
WAN DHCP lease has no gateway |
Ensure DHCP server is assigning a valid gateway for WAN interface. |
|
Duplicate LAN and WAN config |
LAN and WAN must be on different subnets. |
|
LAN DNS server not reachable |
Ensure LAN interface has network connectivity to its configured DNS servers. |
|
WAN DNS server not reachable |
Ensure WAN interface has network connectivity to its configured DNS servers. |
|
LAN and WAN same gateway |
LAN and WAN must be configured with different subnets and gateway addresses. |
|
Duplicate IP detected |
Ensure LAN/WAN is configured with an IP address that is not already in use by another host on the network. |
|
Proxy Errors |
|
|
Invalid proxy IP |
Ensure proxy configuration on the scanner is configured with a valid IP address for the proxy. |
|
Invalid proxy auth config |
Ensure proxy configuration on the scanner is configured with valid proxy username and password. |
|
unexpected proxy HTTP/403 |
Ensure configured proxy user on the scanner has authorization to connect to the Qualys Platform. |
|
unexpected proxy HTTP/407 |
Ensure the scanner is configured with valid proxy username and password. |
|
unexpected proxy HTTP/503 |
Ensure the proxy server can connect to the Qualys Platform. |
|
Qualys Platform Connectivity Errors |
|
|
Error connect to server (07) |
With Proxy Configuration: Ensure proxy configuration on the scanner is configured with valid host and port. Ensure the proxy port is accessible from the scanner’s LAN or WAN interface. Without Proxy Configuration: Ensure the scanner’s LAN (single-network) or WAN (split-network) interface can connect to the Qualys Platform and is not blocked by any firewall rules. |
|
Timeout was reached (28) |
With Proxy Configuration: Ensure the proxy can connect to the Qualys Platform within 30 seconds and is not blocked by any firewall rules. Without Proxy Configuration: Ensure the scanner’s LAN (single-network) or WAN (split-network) interface can connect to the Qualys Platform within 30 seconds and is not blocked by any firewall rules. |
|
Failed sending peer data (55) |
With Proxy Configuration: Failure while sending network data to proxy. Ensure the scanner can communicate with the configured proxy server.
Without Proxy Configuration: Failure while sending network data. Ensure the scanner’s LAN (single-network) or WAN (split-network) interface can connect to the Qualys Platform and is not blocked by any firewall rules or network access control devices. |
|
Failed receiving peer data (56) |
With Proxy Configuration: Failure while receiving network data from proxy. Ensure the scanner can communicate with the configured proxy server. Without Proxy Configuration: Failure while receiving network data. Ensure the scanner’s LAN (single-network) or WAN (split-network) interface can connect to the Qualys Platform and is not blocked by any firewall rules or network access control devices. |
|
SSL peer cert was not OK |
This issue may occur when there is a proxy or intercepting device interfering with the certificate exchange process between the scanner and Qualys Platform. Please contact Qualys Support. |
|
Unexpected QG HTTP/401 |
Please report this error to Qualys Support and include all configuration details. |
|
Unexpected QG HTTP/500 |
Please report this error to Qualys Support and include all configuration details. |
|
This scan_id does not exist |
The scanner is not registered with Qualys. Please contact Qualys Support. |
|
This Scanner is disabled |
Please report this error to Qualys Support. |
|
Account expired |
Please report this error to Qualys Support. |
|
Filesystem Mount Errors |
|
|
EFS fsck fatal errors |
Please report this error to Qualys Support. |
|
EFS mount fatal error |
Please report this error to Qualys Support. |
For more on troubleshooting, refer to Scanner Appliance Troubleshooting and FAQs.
Network Errors Using Older Appliance Model
Have an older appliance model? Errors are reported differently using older appliance models. You might want to check out our Quick Start Guide (prior version)
https://www.qualys.com/docs/qualys-scanner-appliance-quick-start-guide-3120-a1.pdf
The Scanner Appliance is not functional until the error is resolved.
Refer to the description provided to help you resolve the issue. If you still need help, identify the error code when you contact Qualys Support.
| Error | Description |
|---|---|
|
E00 E01 |
Internal error (NTLM Proxy error) |
|
E02 |
Internal error (Proxy error) |
|
E03 |
Proxy configuration error |
|
E04 |
No connectivity after the Proxy was disabled |
|
E05 |
DNS lookup of the Qualys server failed (maybe network connectivity problem) |
|
E06 |
Cannot reach the Qualys server via HTTPS |
|
E07 |
Invalid LAN IP address or LAN gateway address |
|
E08 |
Invalid WAN IP address or WAN gateway address |
|
E09 |
LAN IP address or LAN gateway address cannot be 127.0.0.1 |
|
E10 |
Could not configure the LAN interface |
|
E11 |
WAN IP address or WAN gateway address cannot be 127.0.0.1 |
|
E12 |
Could not configure the WAN interface |
|
E13 |
DNS lookup of the Qualys server failed due to a network connectivity problem |
|
E14 |
DNS lookup of the Qualys server failed during scanner activation due to a network connectivity problem |
More general error codes may be overwritten by more specific ones. For example, the appliance may return the error code E04 (No connectivity after the Proxy was disabled). After trying to connect for a while, the error code may be overwritten by E13 (DNS lookup of the Qualys server failed). When troubleshooting the error, it's useful to be at the appliance to watch these error codes scroll by.
Where to Find the Model Number and Serial Number?
You can find the model number and serial number for your scanner appliance on a sticker on the bottom of the appliance.
