Troubleshooting: SEG Test Connection

Test Connection

Note: This article applies to the AirWatch Admin Console 8.0 and higher.

Under Settings -> Email -> Configuration where you initially set up your mobile email management configuration, there is a test connection option to ensure that connection is successful between AirWatch Console server, SEG server and AirWatch server where API is hosted. An example output of this check is shown below. In total, six different checks are performed. If any of these fail, the following troubleshooting steps may help to isolate the issue.

image002.png

Test Connection Result From Web To SEG

This set of checks is to confirm that the SEG is accessible from the console server. While these checks are performed from the AirWatch Console server, they will also need to be valid for any devices connecting to the SEG.

  • Hostname found - This check confirms that the external hostname specified for the SEG server is able to be resolved to an IP address. A simple variation of this test is to use the command prompt from a computer outside the domain to issue a command and confirm that the hostname resolves correctly.

    nslookup <seghost>

  • SSL Certificate From Web To SEG Valid - This check confirms that the SSL certificate bound to the SEG server is properly configured. Some common reasons for this to fail are:
    • The SSL certificate has expired.
    • The SSL certificate does not have present the complete certificate chain/ the host computer is unable to build the complete certificate chain.
    • The SSL certificate was issued to a different hostname than that specified in the configuration.
    • The CRL of the SEG certificate is not publicly available.
    • A SSL handshake error has occurred due to incompatible protocols or cipher suites between the Console server and SEG server.
  • Connectivity between AirWatch & SEG - While this connection is only required from the AirWatch CN/DS servers to the SEG server, it can generally be tested from any server outside the domain if the firewall isn't specifically restricted traffic to these servers. To confirm access, navigate to the following URL from outside of the domain:

    https://seghost/segconsole/management.ashx?ping

    The expected result is simply a timestamp followed by 'OK'.

    Note: This test is not valid from AirWatch console version 9.0 and above. There is no direct test to troubleshoot this. Please check logs and troubleshoot accordingly.

Test Connection Result from SEG To API

This set of checks is to confirm that the AirWatch API server server is accessible from the SEG server. When confirming these series of checks, all tests should be performed from the SEG server itself. Tests can be performed from other servers as well to corroborate the results if necessary.

  • Hostname found - This check confirms that the hostname specified for the AirWatch API server is able to resolve to an IP address. A simple variation of this test is to use the command prompt on the SEG server to issue a

    nslookup <APIhost>

  • SSL Certificate From SEG To API Valid - This check confirms that the SSL certificate bound to the API server is properly configured. Some common reasons for this to fail are:
    • The SSL certificate has expired.
    • The SSL certificate does not have present the complete certificate chain/ the host computer is unable to build the complete certificate chain.
    • The SSL certificate was issued to a different hostname than that specified in the configuration.
    • The CRL of the API server's certificate is not accessible from the SEG server.
    • A SSL handshake error has occurred due to incompatible protocols or cipher suites between the SEG server and the API server.
  • Connectivity between SEG & AirWatch - This checks that a proper connection can be established between the SEG and AirWatch API. This requires that:
    • The SOAP API certificate and root certificate are properly configured on the console (Settings -> System -> Advanced -> API -> SOAP API at the respective OG where MEM is configured) and also installed on the SEG server. This is normally taken care of during the SEG setup process, but can be confirmed through Microsoft Management Console.
    • The following endpoint on the SEG server will confirm if that application is responding properly to requests:

      https://seghost/segconsole/management.ashx?pingAirWatchService

      The expected response is simply the word 'OK'.

    Note: This test is not valid from AirWatch console version 9.0 and above. There is no direct test to troubleshoot this. Please check logs and troubleshoot accordingly.

Have more questions? Submit a request

0 Comments

Article is closed for comments.