Common Errors and Solutions

Compute Cluster or Cloud Connector Connectivity

Error Message
Error Performing SSL/TLS Handshake

Problem

This error occurs when the machine is unable to establish a connection with a required hostname. This could be due to:
  • For SaaS deployment of SIGN+: Issues resolving the Cloud Connector (CC) hostname.
  • For On-Prem deployment of SIGN+: Issues resolving any other hostname (e.g., any service).
  • Check the Firewall rules and ensure that connections to the target URL (Compute Cluster/Cloud Connector/On-Prem) are allowed.

Solution

Ensure the Compute Cluster or Cloud Connector is reachable from the machine and is able to resolve the Cloud Connector Hostname.

Windows:
  1. Open the C:\Windows\System32\drivers\etc\hosts file as Administrator.
  2. Add the following entry: <IP Address> <Hostname>
    • Replace <IP Address> with the IP address of the server or the target machine.
    • Replace <Hostname> with the required hostname (e.g., the Cloud Connector, Compute Cluster, or any other service hostname).
  3. Save the file.
  4. Retrigger the signing command from the signing tool.
Linux and MacOS
  1. Open /etc/hosts file as Administrator.
  2. Add the following entry: <IP Address> <Hostname>
    • Replace <IP Address> with the IP address of the server or the target machine.
    • Replace <Hostname> with the required hostname (e.g., the Cloud Connector, Compute Cluster, or any other service hostname).
  3. Save the file.
  4. Retrigger the signing command from the signing tool.
Additional Notes
  • Ensure the hostname is configured correctly and the server is reachable from the machine.
  • This solution applies to any hostname resolution issues, including the Cloud Connector, Compute Cluster, or any other service involved in the operation.

Cloud Connector Version Upgrade

Error Message
Message : Resource not found, reason - Invalid apiid

Problem

This error occurs due to one of the following reasons:
  • A mismatch between the Cloud Connector version and the expected AppViewX release version.
  • The CodeSigning pod is not up and running in the AppViewX deployment.

Solution

Scenario 1: Cloud Connector Version Mismatch

Ensure the Cloud Connector is upgraded to the latest version compatible with the AppViewX Compute Cluster. Upgrading ensures access to the latest set of APIs.

Scenario 2: CodeSigning Pod Not Running in On-prem deployment
  1. Post installation, the admin Kubernetes config is replaced by a read-only user config.
  2. The admin config backup can be found at /home/appviewx/.kube/backup/config.
  3. For administrative activities (scripts or operations other than get and list Kubernetes API calls), revert to the admin config as follows:
    • Backup the current read-only config: cp /home/appviewx/.kube/config /home/appviewx/.kube/backup/read-only-config
    • Replace it with the admin config: cp /home/appviewx/.kube/backup/config /home/appviewx/.kube/config
    • Once the required activity is completed, revert back to the read-only user config: cp /home/appviewx/.kube/backup/read-only-config /home/appviewx/.kube/config
  4. Go to this location: cd /home/appviewx/appviewx_kubernetes/scripts
  5. Open appviewx.conf and add this line instead of the ENABLED_PLUGINS, ENABLED_PLUGINS=appviewx_dependencies,avx_platform_gateway,avx_subsystem_codesigning
  6. Execute this command
    ./plugins_install.sh

Scenario 3: CodeSigning Pod Not Running in SaaS deployment

If the CodeSigning pod is down, follow these steps to bring it back up:
  1. Launch k9s and navigate to the deployments view by typing :deploy and pressing Enter.
  2. Identify deployments with non-critical pods that can be scaled down to free up resources.
    • Select such deployments to edit the YAML configuration, and set replicas: 0
    • Save the changes (Ctrl + S) to scale down the pods.
  3. Locate the CodeSigning pod's deployment and edit its YAML.
    • Set the replicas field to 1 (or more) to attempt to bring the pod back up.
    • Save the changes (Ctrl + S) to apply.
  4. Monitor the pod status in k9s to confirm that the CodeSigning pod is running.
    • Replicas under the spec section to 0/1
Additional Notes
  • Always ensure that critical pods like CodeSigning are prioritized when managing resources.
  • Regularly update the Cloud Connector and associated components to ensure compatibility with the AppViewX release.
  • Using k9s provides a convenient way to manage pod scaling without requiring kubectl commands.

Hash Algorithm Mismatch

Error Message (Hash Algorithm Mismatch):

The input hash is not computed with the hashing algorithm configured in the selected Policy.

Problem

This error occurs when there is a mismatch between the Configured Hash Function in the signing policy and the Hash Function used in the signing tool commands. When these two configurations are not aligned, the signing operation fails as the input hash does not meet the expected algorithm requirements.
Note: The hashing algorithm configured in the Signing Policy will be included by default in the generated README.

Solution

There are two ways to resolve this issue:

  1. Update the Signing Command:
    • Refer to the README file generated after running the SIGN+ Installer.
    • Ensure the signing tool command uses the same hash function configured in the signing policy.
    • After ensuring the command matches the configured policy, retrigger the signing operation.
  2. Modify the Signing Policy: If the hash function used in the signing tool is preferred, update the signing policy to align with this hash function:
    • Access the signing policy configuration through the SIGN+ administrative interface.
    • Change the Configured Hash Function to the desired hash algorithm (e.g., SHA-256, SHA-512).
    • Save the changes and reattempt the signing process.

Unsupported Signing Type

Error Message (Unsupported Signing Type):

Your chosen signing type is not supported by the selected policy.

Problem

This error occurs when the SIGN+ Package is downloaded with a File Based Signing Policy (which doesn’t support Hash Based Signing operations). SIGN+ package and installer are used for Hash-Based Signing operations. The mismatch between the signing type specified in the Signing policy and the signing type used by the signing tools causes this issue.

Solution

To resolve this issue, you can choose one of the following approaches:
  1. Use a Compatible SIGN+ Package:
    • Download the SIGN+ package with policies configured specifically for Hash Based Signing.
    • Run the installer included in this package to set up the appropriate environment.
    • After installation, execute the signing commands again.
  2. Update the Signing Policy:
    • Access the SIGN+ administrative interface.
    • Change the signing type in the Signing Policy from File Based to Hash Based.
    • Save the updated policy and retrigger the signing commands.

Unable to Load Certificates

Error Message (Unable to Load Certificates):

Error Loading Certificates from User AppData Folder. Unknown Directories or Files Found during installation in the SIGN+_Package folder. Please retry installation after moving them to a different location.

Problem

This issue occurs when the SIGN+_Package folder contains additional, unknown directories that were not part of the original package. These extraneous directories interfere with the installation process, preventing the application from properly loading the required certificates from the User AppData folder.

Solution

To resolve this issue:
  1. Inspect the SIGN+_Package folder for any additional or unknown directories that were not part of the original download. Move these directories to a different location outside the SIGN+_Package folder.
  2. Once the folder contains only the files originally included in the downloaded SIGN+_package, rerun the installer and ensure the installation process completes successfully without errors.
  3. When rerunning the installer, select No for the prompt: Do you want to update the existing configurations along with the newly downloaded Policies? to Overwrite existing installation.
  4. Retry the Signing Command: After the installation is complete, rerun the signing command that was generated in the README.