Universal Connection Manager Troubleshooting Guide
The Universal Connection Manager (UCM) can sometimes be the root cause for session connectivity or Service issues through VPAM. Some issues regarding Remote Desktop Protocol (RDP) and other Services fulfilled through VPAM may be resolved by going through these steps. These types of connectivity issues are typically common after any appliance server upgrade or migration.
General Troubleshooting
First, verify the connection requirements by confirming the following:
-
The affected user is able to run executable files to install the UCM software (For example .exe, .app and so on)
-
If unable to run executable files, the user must have a current version of Java installed to run the Java Web Start option (If running Ubuntu, this is by default).
-
The affected user is not running into an issue with an anti-virus software blocking the UCM executable. A huge indicator of this is the UCM icon disappearing very shortly after appearing when a session is trying to establish through VPAM. This is explained further in the Windows section below.
-
Network connectivity to the VPAM server URL over port 22 (or port 80 and 443 for alternate connectivity tunneling) is required from the user’s workstation. Port 80 and 443 tunneling is typically used as a backup.
-
The user’s network must allow direct connections without any proxy or network appliance changing SSH keys (Proxies are supported if they do not interfere with the key exchange).
-
If the user is utilizing any VPN software outside of VPAM, it could cause connection and performance issues.
-
The user must have local permissions set to access network ports. This can be affected by security software.
It is encouraged to try another internet browser if one browser is failing to establish connectivity.
Windows
On Windows, try the following solutions:
Create a .zip file of the SlinkSW folder and clear existing (VPAM cache)
The location for these files will vary based on the VPAM server version. This can be found at the bottom of the VPAM web page that is trying to be accessed.
-
Disconnect from any VPAM sessions (and preferably close all browser windows).
-
Browse to the VPAM Client’s SLinkSW folder.
For VPAM version 21.1 and above
Open the Run prompt (Windows Key + R), type in %LOCALAPPDATA%, and press Enter.
Path: C:\Users\%yourusername%\AppData\Local\SecureLink\
For VPAM version 20.0 and below:
-
Open the Run prompt (Windows Key + R), type in
%TEMP%, and press Enter.Path: C:\Users\%yourusername%\AppData\Local\temp\
-
Right-click the SLinkSW folder, Send to > Compressed zipped folder. If there are issues performing this, a system reboot may be necessary.
-
Click and drag to move the zipped SLinkSW outside of the directory.
-
Once the zipped SLinkSW is moved, delete the original SLinkSW folder within the Temp or Local directory. This is considered clearing the VPAM cache.
Uninstall Connection Manager
-
Open the Run prompt (Windows Key + R), type in
appwiz.cpl, and press Enter. -
Locate Universal Connection Manager and click Uninstall/Change.
Verify that the issue is still occurring
Once the above steps have been completed, reconnect to the Gatekeeper or Application, then click Download the Connection Manager. It is imperative to download the software again so that session files from normal use can be utilized.
If the issue is still occurring, gather the Diagnostics (User logs)
-
Locate the Universal Connection Manager icon on the taskbar.
-
Left-click the VPAM icon and open the Universal Connection Manager
-
On the top-left of the window, click Options > Save Diagnostics (this may take a while)
-
A pop-up will prompt you to choose a location on your workstation to save the diagnostic logs. This is typically the desktop.
If the Diagnostics cannot be gathered due to the Connection Manager icon disappearing from the taskbar
It should be verified that the affected user account has permissions set to download software executables (.exe) and that no security software, such as antivirus software, is preventing the Connection Manager from properly installing and starting. The user may need to consult their Systems or IT team to determine what may be causing this.
To acquire the Diagnostics without utilizing the Connection Manager
-
Open the Run prompt (Windows Key + R), type in
%HOMEPATH%, and press Enter. -
Hold CTRL and click all of the files that are listed with a beginning name of either
rssorsdc. -
Once they are all selected, right-click any selected files and choose the menu option Send to > Compressed zipped folder. This will create a single file that contains the Diagnostics.
Path: C:\Users\%yourusername%\
Provide Diagnostics
Once the Diagnostics have been gathered, those will need to be provided to the appropriate resource who will send them to the Imprivata support team for review. Please keep the SLinkSW.zip file as it may be requested.
Mac
On Mac, try the following solutions:
Create a .zip file of the SLinkSW folder and clear existing (VPAM cache)
The location for these files will vary based on the VPAM server version. This can be found at the bottom of the VPAM web page that is trying to be accessed.
-
Open the Spotlight Search (Command + Spacebar), type in Terminal, and press return to launch the Terminal window.
-
We need to make a zipped copy of the
SLinkSWfolder and delete the original.
For VPAM version 21.1 and above
In the Terminal window, copy and paste the following commands exactly, hitting return after each line:
killall SecureLinkCM (This command will only be entered if the Universal Connection Manager is actively running)
cd ~/Library/Application\ Support
zip -r SLinkSW.zip SLinkSW
rm -rf SLinkSW
For VPAM version 20.0 and below
In the Terminal window, copy and paste the following commands exactly, hitting return after each line:
killall SecureLinkCM (This command will only be entered if the Universal Connection Manager is actively running)
cd $TMPDIR
zip -r SLinkSW.zip SLinkSW
rm -rf SLinkSW
The SLinkSW.zip file may be requested, but is not immediately required. It can be accessed from that same Terminal window by typing in open ~/Library /Application\ Support or open $TMPDIR and then finding the SLinkSW.zip file within the Finder window.
Delete Library Cache
-
Open the Spotlight Search (Command + Spacebar), type in Terminal, and press return to launch the Terminal window.
-
In the Terminal window, copy and paste the following commands exactly, hitting return after each line:
cd ~/Library/Caches rm -rf
sl-app-helper
Remove the Universal Connection Manager application
-
Open the Finder On the top left, click Downloads.
-
Locate
SecureLinkCM.dmg, click and drag it to the Trash.
Verify that the issue is still occurring
Once the above steps have been completed, reconnect to the Application or Gatekeeper, then click Download the Universal Connection Manager. Proceed to try your intended workflow again.
If the issue is still occurring, gather the Diagnostics (User Logs)
Imprivata Support will require Diagnostics to be collected. The following is where the logging is located for the Universal Connection Manager.
-
Open the Spotlight Search (Command + Spacebar), type in
Terminal, and press return to launch the Terminal window. -
Type open
$HOMEand press return. -
Sort the files that appear by Date Modified.
-
Hold command and click files that were created Today at... and begin with the following:
-
sdccm
-
sdclog
-
scm-helper
-
com.securelink
-
-
Once all files are selected, right click and Compress # items. This will create a zip file called
Archive.zip. -
Right-click the
Archive.zipfile, click rename, and name itSdcLog.zip.
Provide Diagnostics
Once the Diagnostics have been gathered, they will need to be provided to the appropriate resource who will send them to the Imprivata support team for review. As previously mentioned, the SLinkSW.zip may be requested, but is not immediately required.
Linux
On Linux, try the following solutions:
Create a .zip file of the SlinkSW Directory (Installation Directory)
The following ensures that the VPAM cache is saved, but is not used in future attempts. Imprivata support may request this.
-
Disconnect from any VPAM sessions (and preferably close all browser windows).
-
Compress the existing installation directory.
For VPAM version 21.1 and above
tar -zcvf ~/SLinkSW.gz ~/.SLinkSW
For VPAM version 20.0 and below
tar -zcvf ~/SLinkSW.gz /tmp/SlinkSW
Verify that the issue is still occurring
Once the above steps have been completed, reconnect to the Application or Gatekeeper, then click Download the Universal Connection Manager. Proceed to try your intended workflow again.
If the issue is still occurring, gather the Diagnostics (User Logs)
-
Open your file explorer.
-
Navigate to Home.
-
Select the following files that begin with the following:
-
sdccmlog -
sdclog
-
-
Once all files are selected, right click and compress the files.
-
Rename the zip to
SdcLog.zip.
Provide Diagnostics
Once the Diagnostics have been gathered, they will need to be provided to the appropriate resource who will send them to the Imprivata support team for review. As previously mentioned, the SLinkSW.zip may be requested, but is not immediately required.
Services (RDP, HTTPs)
This section outlines common issues you may encounter with Remote Desktop Protocol (RDP) and Secure Web Server Access (HTTPS) and provides steps to help you resolve them.
Remote Desktop Protocol (RDP)
There are a few common errors for RDP within VPAM. The following information should allow you to troubleshoot these errors more effectively
-
Because of a protocol error detected at the client (code 0x1204), this session will be disconnected. Please try connecting to the remote computer again.
-
Application has been disconnected due to a suspected Audit Failure. If this error persists after retrying, please contact your Systems Administrator -
Logon failed.
These errors typically surface when Network Level Authentication (NLA) is enabled on the remote computer. For NLA enabled remote computers, the Service option o VPAM RDP Client will have to be used here as that option can negotiate NLA. NLA requires a username and password.
Using the option of Microsoft RDP Client cannot negotiate NLA connections through VPAM.
Credentials that are configured within the VPAM UI and applied to a Service/Host can only be utilized by selecting the VPAM RDP Client option.
If this error persists, please confirm with the administrator of the remote computer if the credentials that are being used through VPAM RDP are valid and not expired.
-
This computer can’t connect to the remote computer.
Try connecting again. If the problem continues, contact the owner of the remote computer or your network administrator.
This error can mean different issues.
Typically, it means that the remote computer is in a state where it cannot accept remote connections.
This can include, but is not limited to:
-
The remote computer is not accessible from the VPAM Gateway (If Enterprise Access).
-
The remote computer is not accessible from the VPAM Gatekeeper (If Customer Connect).
-
The remote computer is shut down.
-
The remote computer is hibernating (asleep).
-
The remote computer does not have Remote Desktop Protocol connectivity enabled.
This error can also be related to NLA, depending on which Service was launched in VPAM (VPAMRDP Client vs. Microsoft RDP Client).
If you are a VPAM administrator and would like more information on configuring an RDP Service through VPAM, Imprivata Professional Services can be available to assist.
Access to a Secure Web Server (HTTPS)
Errors pertaining to this Service will require a VPAM administrator to troubleshoot.
Before proceeding, we need to confirm if the Host entries are configured correctly along with the Service being accurate. A VPAM administrator of that environment will be able to assist with this.
-
Host: Name of remote host (example: SLT123456). You can also input IP addresses in this.
-
Description: What this Host is to be called in the VPAM UI
-
Alias: Domain name of the remote host (example: domain.securelink.local).
-
Launch via: Services are set to Mapped interface by default. This will map this Host by using a randomly generated loopback address when connected with the Universal Connection Manager. It is highly recommended to set this to launch via Host name for these Services.
Mac devices will usually increment from 127.0.0.1. Windows will truly randomize the interface address (example: 127.254.12.24).
The Service will launch a new tab with what is currently mapped.
This tells us that this Service is currently configured to launch via Mapped interface.
If you are a VPAM administrator and would like more information on configuring an HTTP(s) Service through VPAM, our Professional Services team can be available to assist.
Uncommon errors
There may be a time when using the Universal Connection Manager, it produces a user system crash resulting in the PFN_LIST_CORRUPT blue screen error. The steps here may require a reboot of an affected machine.
There are multiple factors that cause and resolve this error. Your mileage may vary.
-
Make sure that the IP Connect driver is downloaded from the VPAM UI.
After IP Connect is downloaded, please proceed to test the VPAM connection. If system crashes persist, proceed with troubleshooting.
-
Uninstall the IP Connect driver.
Open the Run prompt (Windows Key + R), type in appwiz.cpl, and press Enter.
-
Look for the IP Connect Driver and uninstall it.
If you cannot find the IP Connect Driver to uninstall and/or an older version of VPAM is being utilized
-
Use the Microsoft Troubleshooting software below to uninstall the IP Connect Driver if it cannot be found in the software list.
https://support.microsoft.com/en-us/topic/fix-problems-that-block-programs-from-being-installed-or-removedcca7d1b6-65a9-3d98-426be9f927e1eb4d
-
Proceed to test.
-
If the test fails, download IP Connect from within the VPAM UI once more and try again.
If system crashes persist, an Imprivata Support case would be the next step, providing Diagnostics upon case creation.
Escalate to Imprivata Support
If the troubleshooting steps failed to address the connectivity issues, escalating to the Imprivata support team by creating a case should be the next step.
If you are not an authorized support portal user, a case can be generated by browsing to the Help tab within the UI and then clicking Report a Problem.
When creating a case with your chosen method, please confirm that this troubleshooting guide was fully followed along with providing a full scope of the issue. This will assist the Support team to provide a faster resolution.
