Troubleshooting the Discovery Connector
Important
We recommend that customers who are currently using Discovery Connector transition to the new Agentless Collector. For more information, see Discovery Connector.
This section contains topics that can help you troubleshoot known issues with Application Discovery Service Discovery Connector.
Fixing Discovery Connector cannot reach AWS during setup
When configuring the AWS Agentless Discovery Connector in the console you can get the following error message:
Could Not Reach AWS
AWS cannot be reached (connection reset). Please verify network and proxy settings.
This error occurs because of a failed attempt by the Discovery Connector to establish an HTTPS connection to an AWS domain that the connector needs to communicate with during the setup process. The Discovery Connector configuration fails if a connection can't be established.
To fix the connection to AWS
-
Check with your IT admin to see if your company firewall is blocking egress traffic on port 443 to any of the AWS domains that need outbound access.
The following AWS domains need outbound access:
-
awsconnector.
Migration Hub home Region
.amazonaws.com -
sns.
Migration Hub home Region
.amazonaws.com -
arsenal-discovery.
Migration Hub home Region
.amazonaws.com -
iam.amazonaws.com
-
aws.amazon.com
-
ec2.amazonaws.com
If your firewall is blocking egress traffic, unblock it. After you update the firewall, reconfigure the connector.
-
-
If updating the firewall does not resolve the connection issue, check to make sure that the connector virtual machine has outbound network connectivity to the listed domains. If the virtual machine has outbound connectivity, test the connection to listed domains by running telnet on ports 443 as shown in the following example.
telnet ec2.amazonaws.com 443
-
If outbound connectivity from the virtual machine is enabled, you must contact AWS Support
for further troubleshooting.
Fixing unhealthy connectors
Health information for every Discovery Connector can be found in the Data
Collectors
Access a connector console
-
Open the Migration Hub console in a web browser, and choose Data Collectors from the left hand navigation.
-
From the Connectors tab, make a note of the IP address for each connector that has a health status of Unhealthy.
-
Open a browser on any computer that can connect to the connector virtual machine, and enter the URL of the connector console,
https://
, whereip_address_of_connector
ip_address_of_connector
is the IP address of an unhealthy connector. -
Enter the connector management console password, which was set up when the connector was configured.
Once you've accessed the connector console, you can take actions to resolve an unhealthy status. Here you can choose View Info for vCenter connectivity, and you'll get a dialog box with a diagnostic message. The View Info link is only available on connectors that are version 1.0.3.12 or later.
After correcting the health issues, the connector will re-establish connectivity
with vCenter server, and the connector's status will change to the
HEALTHY state. If the issues persist, contact AWS Support
The most common causes for unhealthy connectors are IP address issues and credentials issues. The following sections can help you resolve these issues and return a connector to a healthy state.
IP address issues
A connector can go into an unhealthy state if the vCenter endpoint provided during connector setup is malformed, invalid, or if the vCenter server is currently down and not reachable. In this case, when you choose View Info for vCenter connectivity you'll get a dialog box with the message "Confirm the operational status of your vCenter server, or choose Edit Settings to update the vCenter endpoint."
The following procedure can help you resolve IP address issues.
-
From the connector console (
https://
), choose Edit Settings.ip_address_of_connector
-
From the left-side navigation, choose Step 5: Discovery Connector Set Up.
-
From Configure vCenter credentials, make a note of the vCenter Host IP address.
-
Using a separate command line tool like
ping
ortraceroute
, validate that the associated vCenter server is active and the IP is reachable from the connector VM.-
If the IP address is incorrect and the vCenter service is active, then update the IP address in the connector console, and choose Next.
-
If the IP address is correct but the vCenter server is inactive, activate it.
-
If the IP address is correct and the vCenter server is active, check if it is blocking ingress network connections due to firewall issues. If yes, update your firewall settings to allow incoming connections from the connector VM.
-
Credentials issues
Connectors can go into an unhealthy state if the vCenter user credentials provided during connector setup, are invalid, or do not have vCenter read and view account privileges. In this case, when you choose View Info for vCenter connectivity you'll get a dialog box with the message "Choose Edit Settings to update your vCenter username and password for your account with read and view privileges."
The following procedure can help you resolve credentials issues. As a prerequisite, ensure that you have created a vCenter user that has read and view account permissions on vCenter server.
-
From the connector console (
https://
), choose Edit Settings.ip_address_of_connector
-
From the left-side navigation, choose Step 5: Discovery Connector Set Up.
-
From Configure vCenter credentials, update the vCenter Username and vCenter Password by providing the credentials for a vCenter user with read and view permissions.
-
Choose Next to complete setup.
Standalone ESX host support
The Discovery Connector does not support a standalone ESX host. The ESX host must be part of the vCenter Server instance.
Getting additional support for connector issues
If you encounter problems and need help, contact AWS Support
-
Log back in to the AWS Agentless Discovery Connector console, and choose Download log bundle.
-
Once the log bundle has finished downloading, send it as instructed by AWS Support.