Workflow for using the user diagnostics and troubleshoot end users issues.
Before you begin
Have the user ID or Device ID (of the device running the EAA Client) ,
name of the IdP URL, name of the application, type of the application whether it is
client-access application (Tunnel 2.0, Tunnel-type, TCP-type) or access-application (Web or
HTTPS or HTTP , VNC, RDP, SSH), time when the application or IdP was last working, when the
problem occurred, what error/s were last seen from the support ticket.
For a client-access application issue, you should know the Device ID, EAA Client
version, OS of the laptop, last activity using the laptop.
For a web application (clientless) you should have the type of browser used to
access the application and last activity using the laptop.
How to
-
Login to the EAA Management
portal.
-
Navigate to .
-
Select one and provide information.
-
User ID. Provide the
username of the user accessing the login portal (identity provider URL).
-
Device ID. Provide the
Device ID of EAA Client.
-
Select the identity provider name (your login portal URL).
Note: All the Identity providers for the tenant are shown and are not dependent on
User ID or Device ID.
-
Select a time range (of a maximum of 7 days) around the time when the problem
occurred.
Note: A narrow time range is more accurate.
-
Click Search.
-
You will see multiple tiles appear. Select one or more tiles based on:
- For a client-access application
issue, select one tile based on these parameters you have obtained from the support
ticket. It can be the any of these:
- For an access-application issue
(Web or HTTP or HTTPS, RDP, SSH, VNC) select the tile which says “Clientless activity”:
Note: Clientless activity shows the browser used for the last access (Last activity)
by the user.
Note: Clientless activity is not dependent on the identity provider in step 4. You
only need to provide the User ID, if you're debugging an access-application
issue.
- If you see the issue for both client-access application and access-application,
select multiple tiles.
-
Expand the ACCESS section. You can either filter for the
application you are trying to diagnose or select the application from the list. You will
be shown either or both client-access and access applications in the descending order of
the Requests. You can re-sort this list based on
Errors or Volume.
-
Click on the application you are interested to troubleshoot and the chart appears. By
default, it shows the distribution of Volume (in MBytes), Total Requests (hits), Denies
count (4XX messages), Error count (5XX errors) and when the Deployment happened on the
selected time period. Click on the application hostname link to navigate to the
application configuration page and update any mis-configuration issues.
-
You can use the
POLICY section to fix any policy violations to applications or
authorization violations using the selected identity provider. Expand the
POLICY section to see all the violations or filter by the IdP
name or application host name. Click the Edit Rules to navigate to
the Access Control List rules configuration page for the application. Click the
Edit Directories for IdP to navigate to the IdP configuration
page. Assign another directory, update the directory with the correct user, groups, and
permissions to fix the authorization issue. Then deploy the IdP or deploy the
application.
-
You can use the NETWORK section to fix any network connectivity issues in the
different network segments. Expand the NETWORK section. In the Select
application to troubleshoot, enter the name of the application or search for the
application you’re debugging.
-
Use the >> and << buttons to navigate through each data point on the time-slider
to check the data before the time the problem occurred and at the time the problem was
reported to check for any abnormalities.