# Agilicus AnyX Frequently Asked Questions 1. [Home](https://www.agilicus.com/) 2. Agilicus AnyX Frequently Asked Questions ![Agilicus AnyX Frequently Asked Questions](https://www.agilicus.com/www/848dc870-faq.svg)# Agilicus AnyX Frequently Asked Questions [CONTACT ✉](/contact-us/) [BOOK MEETING 🗓](/book-calendar-meeting) [SIGNUP `↗`](https://admin.agilicus.cloud/signup) Enter your question: x ### AnyX - Initial Setup [ a #### Enable Let’s Encrypt on Older Windows ](#) Categories: [AnyX - Initial Setup](https://www.agilicus.com/anyx-guide/agilicus-anyx-frequently-asked-questions/?include_category=anyx-initial-setup) [Connector Installation](https://www.agilicus.com/anyx-guide/agilicus-anyx-frequently-asked-questions/?include_category=connector-installation) Agilicus AnyX requires modern cryptography with a strong chain of trust. This is achieved using [Let’s Encrypt](https://letsencrypt.org/). Some older Microsoft Windows systems are not updated to have the proper cryptographic trust information installed. You should upgrade your Windows installation, but, if this is not possible, you can manually install the certificates. First, download the .der file from for each of ‘[X1](https://letsencrypt.org/certs/isrgrootx1.der) & [X2](https://letsencrypt.org/certs/isrg-root-x2.der)‘. For the X1 der and X2 der, open these on your desktop. You will be prompted to open the certificate manager. From here, Install, and pick the “Trusted Root Certification Authorities”. ![Screenshot of Certify The Web application showing the Let's Encrypt certificate generation process on an older Windows system. The interface displays options for domain selection, certificate settings, and task scheduling, guiding users through enabling HTTPS with Let's Encrypt on Windows Server.](https://www.agilicus.com/www/ef749f97-image.png "Enable Let's Encrypt on Older Windows 1") ![Let's Encrypt on Older Windows: Enable HTTPS for Secure Connections. Screenshot of Certify The Web ACME client showing successful Let's Encrypt certificate generation on an older Windows system. Secure your website with free SSL/TLS certificates.](https://www.agilicus.com/www/840f874c-image.png "Enable Let's Encrypt on Older Windows 2") Now we must import these to the Machine trust as well (above we did your user). To do so, open ‘mmc’ ![Screenshot of the OpenSSL configuration file showing the required changes to enable Let's Encrypt on older Windows systems. Key lines highlighted include modifications to the openssl.cnf file to ensure compatibility with Let's Encrypt's certificate authority. Specifically, this involves setting the 'CipherString' parameter to 'DEFAULT@SECLEVEL=2' to address potential compatibility issues with older OpenSSL versions and Let's Encrypt certificates on Windows servers. This ensures successful SSL/TLS certificate validation and secure HTTPS connections.](https://www.agilicus.com/www/a11b0196-image-1024x538.png "Enable Let's Encrypt on Older Windows 3") Now press ‘Control-M’. ![Screenshot of the OpenSSL configuration file on Windows, showing the lines that need to be modified to enable Let's Encrypt for older Windows versions. The image highlights the changes required in the openssl.cnf file, specifically related to enabling TLS SNI for compatibility with Let's Encrypt's certificate validation process. This is a step-by-step guide to configure OpenSSL for Let's Encrypt on older Windows systems. Instructions show how to update the configuration file for successful certificate generation and renewal.](https://www.agilicus.com/www/d1d5597f-image.png "Enable Let's Encrypt on Older Windows 4") ![Enabling Let's Encrypt on Older Windows: A step-by-step guide to installing Let's Encrypt certificates on older Windows systems, as shown in the Agilicus FAQ, using a command prompt interface for certificate generation and installation. Secure your website with free SSL/TLS certificates. Agilicus simplifies the process.](https://www.agilicus.com/www/81e59dd0-image-1024x576.png "Enable Let's Encrypt on Older Windows 5") ![Enabling Let's Encrypt on Older Windows: A step-by-step guide to installing Let's Encrypt certificates on older Windows systems, overcoming compatibility issues and securing your website with free SSL/TLS certificates. The image shows the process of setting up Let's Encrypt using a compatible ACME client, configuring the necessary settings, and verifying the certificate installation to ensure secure HTTPS connections. Perfect for users needing to secure their legacy Windows servers with Let's Encrypt.](https://www.agilicus.com/www/c2de05c4-image-1024x576.png "Enable Let's Encrypt on Older Windows 6") ![Enable Let's Encrypt on Older Windows: A step-by-step guide showing the OpenSSL configuration for generating SSL certificates compatible with older Windows systems, ensuring secure HTTPS connections. This image details the process of updating and configuring OpenSSL for older Windows versions to support Let's Encrypt certificates.](https://www.agilicus.com/www/e69eac7b-image-1024x576.png "Enable Let's Encrypt on Older Windows 7") ![Screenshot of Certify The Web ACME client interface on Windows, showing the Let's Encrypt certificate generation process. The interface highlights options for configuring and requesting SSL/TLS certificates for secure HTTPS websites on older Windows systems, as detailed in the Agilicus FAQ.](https://www.agilicus.com/www/65efd9c2-image-1024x576.png "Enable Let's Encrypt on Older Windows 8") Select the X1 (and repeat for X2) certificate from earlier. At this stage you should be able to install the Agilicus Connector. [ ](https://www.agilicus.com/faq/enable-lets-encrypt-on-older-windows/) [ a #### How do I set the logos, colours on the sign-in? ](#) Category: [AnyX - Initial Setup](https://www.agilicus.com/anyx-guide/agilicus-anyx-frequently-asked-questions/?include_category=anyx-initial-setup) See “[Theming](/anyx-guide/sign-in-theming/)“ [ ](https://www.agilicus.com/faq/how-do-i-set-the-logos-colours-on-the-sign-in/) [ a #### My company uses a restrictive firewall, how do I configure it? ](#) Category: [AnyX - Initial Setup](https://www.agilicus.com/anyx-guide/agilicus-anyx-frequently-asked-questions/?include_category=anyx-initial-setup) See “[Firewall Configuration](/anyx-guide/signup-firewall-configuration/)“ [ ](https://www.agilicus.com/faq/my-company-uses-a-restrictive-firewall-how-do-i-configure-it/) [ a #### What do I need to setup in my outbound firewall to allow by IP or hostname? ](#) Category: [AnyX - Initial Setup](https://www.agilicus.com/anyx-guide/agilicus-anyx-frequently-asked-questions/?include_category=anyx-initial-setup) Some customers have issues with their outbound or next-generation firewall. It might block their new domain name they use with Agilicus AnyX (e.g. connect.mydomain.com). We recommend configuring your firewall by hostname if possible. If it must be by IP, this could theoretically change in the future. See “[Firewall Configuration](https://www.agilicus.com/anyx-guide/signup-firewall-configuration/)” for the specific rules. [ ](https://www.agilicus.com/faq/what-do-i-need-to-setup-in-my-outbound-firewall-to-allow-by-ip-or-hostname/) ### Authentication, User Permissions [ a #### A user can’t log in, how can I fix this? ](#) Category: [Authentication, User Permissions](https://www.agilicus.com/anyx-guide/agilicus-anyx-frequently-asked-questions/?include_category=authentication-user-permissions) The most common error is that a user is trying to log in with the wrong account. Make sure that they are using the correct login and domain. You can use the Authentication Audit page under Organization to review authentication attempts. See [diagnosing user issues with audits](https://www.agilicus.com/diagnosing-user-issues-with-audits/) for more information. [ ](https://www.agilicus.com/faq/a-user-cant-log-in-how-can-i-fix-this/) [ a #### Add a User to My Org ](#) Categories: [Authentication, User Permissions](https://www.agilicus.com/anyx-guide/agilicus-anyx-frequently-asked-questions/?include_category=authentication-user-permissions) [Key Concepts](https://www.agilicus.com/anyx-guide/agilicus-anyx-frequently-asked-questions/?include_category=key-concepts) You have a new team member, or a new vendor supporting you. You wish to add them so they have specific permissions. 1. Navigate to your admin interface (https://admin.\_\_MYDOMAIN\_\_) 2. Under Access/Users, type in their email. Optional: add one or more group assignments for permission 3. Optional: Navigate to Access/Groups and add them to one or more group assignments for permissions 4. Optional: Navigate to Access/Resource Permissions, and directly assign permissions if not done through a group above. [ ](https://www.agilicus.com/faq/add-a-user-to-my-org/) [ a #### Automatically Create Users / Assign Groups / Assign Permissions ](#) Category: [Authentication, User Permissions](https://www.agilicus.com/anyx-guide/agilicus-anyx-frequently-asked-questions/?include_category=authentication-user-permissions) If you use Microsoft/Azure Entra/Active Directory you can automatically create your users, and automatically assign their groups based on those in Entra. You can in turn assign permissions to those groups. This can fully automate end-user management. To do this, you will [create](/anyx-guide/azure-active-directory/) a Microsoft Application Registration, configure Agilicus AnyX to use it, and then enable the group claim. See more information on [Entra](/anyx-guide/azure-active-directory/#h-optional-azure-groups) group integration. See more information on [Groups](/anyx-guide/groups/). Using this technique you can have a 0-configuration, ongoing up-to-date system, where your users are entirely managed by Azure Entra and synced into Agilicus AnyX without ongoing maintenance. [ ](https://www.agilicus.com/faq/automatically-create-users-assign-groups-assign-permissions/) [ a #### Azure Application Consent Retriggers ](#) Category: [Authentication, User Permissions](https://www.agilicus.com/anyx-guide/agilicus-anyx-frequently-asked-questions/?include_category=authentication-user-permissions) Depending on your settings in Active Directory, you may either have: - no application consent dialog - an application consent dialog one time - an application consent dialog one time per user In some circumstances it might be one time per user per login. We encourage you to resolve this with your settings in Microsoft Entra, but as a workaround you can try disabling Offline Consent (as below). This will disable the use of Refresh Tokens, which in turn means the user might have to sign in more frequently. ![Azure Application Consent Retrigger FAQ - Agilicus. Streamline Azure AD app consent with Agilicus. Learn why consent retriggers and how to prevent them.](https://www.agilicus.com/www/40a75e7f-image-1024x180.png "Azure Application Consent Retriggers 9") [ ](https://www.agilicus.com/faq/azure-application-consent-retriggers/) [ a #### Can I configure a different policy for my sub-organisations? ](#) Category: [Authentication, User Permissions](https://www.agilicus.com/anyx-guide/agilicus-anyx-frequently-asked-questions/?include_category=authentication-user-permissions) You enable a different policy for sub-organisations by choosing “Enable Unique Issuer” in the actions menu of the “Organiastions/Sub-Organisations Overview” page of your administrative portal. See [https://www.agilicus.com/anyx-guide/organisation/](https://www.agilicus.com/anyx-guide/organisation/#unique-identity-issuer) for details. Note that this will change how users of this sub-organisation log in to their profile and admin portal. [ ](https://www.agilicus.com/faq/can-i-configure-a-different-policy-for-my-sub-organisations/) [ a #### Can I control how often users need to authenticate? ](#) Category: [Authentication, User Permissions](https://www.agilicus.com/anyx-guide/agilicus-anyx-frequently-asked-questions/?include_category=authentication-user-permissions) Yes. The default policies contain an entry controlling for how long a user’s session is valid. Once this time has elapsed, the user will be asked to re-authenticate. See[ https://www.agilicus.com/anyx-guide/authentication-rules/#session-duration](https://www.agilicus.com/anyx-guide/authentication-rules/#session-duration) for details. [ ](https://www.agilicus.com/faq/can-i-control-how-often-users-need-to-authenticate/) [ a #### Can I control how often users need to provide their second factor? ](#) Category: [Authentication, User Permissions](https://www.agilicus.com/anyx-guide/agilicus-anyx-frequently-asked-questions/?include_category=authentication-user-permissions) Yes. This setting is configured in the “Authentication/Authentication Policy” screen. See for details [ ](https://www.agilicus.com/faq/can-i-control-how-often-users-need-to-provide-their-second-factor/) [ a #### Can I require multi-factor authentication for specific users? ](#) Category: [Authentication, User Permissions](https://www.agilicus.com/anyx-guide/agilicus-anyx-frequently-asked-questions/?include_category=authentication-user-permissions) You can write policy requiring that users in one of a list of groups have a second factor registered and enabled. See for more details. [ ](https://www.agilicus.com/faq/can-i-require-multi-factor-authentication-for-specific-users/) [ a #### How do I change a user email / identity provider? ](#) Category: [Authentication, User Permissions](https://www.agilicus.com/anyx-guide/agilicus-anyx-frequently-asked-questions/?include_category=authentication-user-permissions) If you have a user who has signed in with one identity provider (e.g. Google) and you wish to change them to another (e.g. Microsoft Azure), or, the user’s email has been changed, use the ‘Update User Identity’ feature. This will disconnect the user from their existing identity provider, and, on their first new sign in, they will be adopted by the new one. Once you have selected thhis option you may change the user’s Email or switch them to a different identity provider. ![Agilicus Account Email Update: Step-by-step guide showing how to change a user's email address within the Agilicus Identity Provider. Streamline user management and maintain accurate contact information.](https://www.agilicus.com/www/6e667654-image-1024x407.png "How do I change a user email / identity provider? 10") [ ](https://www.agilicus.com/faq/how-do-i-change-a-user-email-identity-provider/) [ a #### How do I control who has what permission on a resource? ](#) Category: [Authentication, User Permissions](https://www.agilicus.com/anyx-guide/agilicus-anyx-frequently-asked-questions/?include_category=authentication-user-permissions) On the “Access/Resource Permissions” menu in your administrative web interface you can control which users or groups have which permissions on a resource. See “[Permissions](/anyx-guide/permissions/ "Permissions")” for more information. [ ](https://www.agilicus.com/faq/how-do-i-control-who-has-what-permission-on-a-resource/) [ a #### How do I enable or disable multi-factor authentication for everybody? ](#) Category: [Authentication, User Permissions](https://www.agilicus.com/anyx-guide/agilicus-anyx-frequently-asked-questions/?include_category=authentication-user-permissions) On the “Authentication/Policy” in your administrative web interface you can control which multi-factor methods your issuer allows. In the “Multi-Factor Authentication Methods Enabled” section, toggle the desired check-boxes to configure which methods your users can choose when enrolling a method, or authenticating. ![Agilicus MFA Enforcement: Enable or disable multi-factor authentication (MFA) for all users within the Agilicus platform. This setting provides centralized control over MFA requirements, enhancing security by enforcing or relaxing two-factor authentication across the organization.](https://www.agilicus.com/www/39e85461-image-1024x456.png "How do I enable or disable multi-factor authentication for everybody? 11") [ ](https://www.agilicus.com/faq/how-do-i-enable-or-disable-multifactor-authentication-for-everybody/) [ a #### How do I force the account selector on login? ](#) Category: [Authentication, User Permissions](https://www.agilicus.com/anyx-guide/agilicus-anyx-frequently-asked-questions/?include_category=authentication-user-permissions) In some circumstances you may have users with more than one account who are struggling to remember to use the correct one. Individually on each sign in they can use the account selector, but, you as the administrator may wish to force this for all users all the time. You may do this as below. ![43f9e7df image](https://www.agilicus.com/www/43f9e7df-image-1024x613.png "How do I force the account selector on login? 12") [ ](https://www.agilicus.com/faq/how-do-i-force-the-account-selector-on-login/) [ a #### My Azure login is asking for approval, what does it mean? ](#) Category: [Authentication, User Permissions](https://www.agilicus.com/anyx-guide/agilicus-anyx-frequently-asked-questions/?include_category=authentication-user-permissions) The first time a user authenticates against Microsoft Entra, it may ask for permission to do so. There is no information exchanged, no permission granted to access your Microsoft account, merely permission to authentication. You can configure who this happens for or if it happens at all in the azure console. See [Azure Application Consent](https://www.agilicus.com/white-papers/azure-application-consent/) for more information. [ ](https://www.agilicus.com/faq/my-azure-login-is-asking-for-approval-what-does-it-mean/) [ a #### Reset Multi-Factor Token/Code for a User ](#) Category: [Authentication, User Permissions](https://www.agilicus.com/anyx-guide/agilicus-anyx-frequently-asked-questions/?include_category=authentication-user-permissions) I have a user who has lost their device, how may I reset their multi-factor? Navigate to access/audits, type in the user email, then search. there is a ‘Reset’ button which will cause the user to require to enter new multi-factor credentials (which they can do at https://profile.\_\_MYDOMAIN\_\_) [ ](https://www.agilicus.com/faq/reset-multi-factor-token-code-for-a-user/) [ a #### Reset User Upstream Identity ](#) Category: [Authentication, User Permissions](https://www.agilicus.com/anyx-guide/agilicus-anyx-frequently-asked-questions/?include_category=authentication-user-permissions) A user can only be tied to one Identity provider. In some cases (for example, switching from the Microsoft Shared Identity to a Custom Application Registration) you may wish to reset this association. This need can also arise if you switch from on-premise Microsoft Active Directory to Microsoft Entra without migrating the users. To do this, on the users screen, use the action-menu (the 3-dots button on the right), and select ‘Update User Identity’. This will unset the association, which will be recreated on the next sign in. ![Agilicus Reset User Upstream Identity: Diagram illustrating the process of resetting a user's upstream identity within the Agilicus platform, resolving login issues by clearing the user's existing connection to the identity provider.](https://www.agilicus.com/www/705b6cf2-image-1024x387.png "Reset User Upstream Identity 13") [ ](https://www.agilicus.com/faq/reset-user-upstream-identity/) [ a #### Should I create my own Azure Application Registration? (Custom Identity Provider) ](#) Category: [Authentication, User Permissions](https://www.agilicus.com/anyx-guide/agilicus-anyx-frequently-asked-questions/?include_category=authentication-user-permissions) By default you will have a ‘Shared’ Microsoft Identity Provider enabled. This allows anyone to sign in with any Microsoft account: Azure, Office 365, Outlook.com, etc. This is useful for 3rd parties, vendors, etc. If you wish to force your users to sign in with your [own](/anyx-guide/sign-in-with-microsoft/) Azure tenant (e.g. to enable auto-create), you may [create](/anyx-guide/authentication-issuer/) a ‘Custom Authentication Issuer’. [ ](https://www.agilicus.com/faq/should-i-create-my-own-azure-application-registration-custom-identity-provider/) [ a #### What Multi-Factor Authentication methods are supported? ](#) Category: [Authentication, User Permissions](https://www.agilicus.com/anyx-guide/agilicus-anyx-frequently-asked-questions/?include_category=authentication-user-permissions) You may use Time-Based One-Time Codes (TOTP) (e.g. Google Authenticator, Microsoft Authenticator, Authy, etc), or, any of the standards from the [WebAuthn](https://www.w3.org/TR/webauthn-2/) standard set (e.g. USB-based like YubiKey, Passkeys, TPM-based, biometric, etc). [ ](https://www.agilicus.com/faq/what-multi-factor-authentication-methods-are-supported/) [ a #### What is an Upstream Identity Provider (IdP)? ](#) Category: [Authentication, User Permissions](https://www.agilicus.com/anyx-guide/agilicus-anyx-frequently-asked-questions/?include_category=authentication-user-permissions) Agilicus AnyX joins together (federates) a set of Identity Providers (IdP). As an end user, you will see this as e.g. ‘Sign In With Google’ or ‘Sign In With Microsoft’. The AnyX platform in turn presents these federated IdP as a new IdP. The Upstream Identity Provider is it original one that the user interacts with (e.g. Microsoft, Google, Active Directory Federation Services, etc). [ ](https://www.agilicus.com/faq/what-is-an-upstream-identity-provider-idp/) [ a #### When should I use a Custom Identity provider? ](#) Category: [Authentication, User Permissions](https://www.agilicus.com/anyx-guide/agilicus-anyx-frequently-asked-questions/?include_category=authentication-user-permissions) You should create a bespoke issuer if you want to use your own dedicated source of identity. If you manage users in a google workspace, azure Active Directory or any other Identity provider which supports OpenID Connect (oidc) this is a reasonable choice. If you need access to settings from your own Identity provider. For example, if you want all users on this identity provider to be provisioned automatically, or if you want to use multi-factor authentication from your identity provider itself. See https://www.agilicus.com/anyx-guide/authentication-issuer/ for more information. [ ](https://www.agilicus.com/faq/when-should-i-use-a-custom-identity-provider/) [ a #### When should I use a group? ](#) Category: [Authentication, User Permissions](https://www.agilicus.com/anyx-guide/agilicus-anyx-frequently-asked-questions/?include_category=authentication-user-permissions) When there are many people that you would like to assign the same resources, use groups in order to put them together [ ](https://www.agilicus.com/faq/when-should-i-use-a-group/) [ a #### When should I use a resource group? ](#) Category: [Authentication, User Permissions](https://www.agilicus.com/anyx-guide/agilicus-anyx-frequently-asked-questions/?include_category=authentication-user-permissions) Use a resource group when there’s many different resources that you would like to assign to users together, using a resource group allows you to assign access to several shares, desktops, etc all at once [ ](https://www.agilicus.com/faq/when-should-i-use-a-resource-group/) [ a #### When should I use an Onsite Identity? ](#) Category: [Authentication, User Permissions](https://www.agilicus.com/anyx-guide/agilicus-anyx-frequently-asked-questions/?include_category=authentication-user-permissions) If your users primarily log on with local Active Directory, this allows users to log in with their normal credentials. See [Onsite Identity](https://www.agilicus.com/anyx-guide/onsite-identity/) for more information on onsite identity providers. [ ](https://www.agilicus.com/faq/when-should-i-use-an-onsite-identity/) [ a #### When should I use the builtin issuer? ](#) Category: [Authentication, User Permissions](https://www.agilicus.com/anyx-guide/agilicus-anyx-frequently-asked-questions/?include_category=authentication-user-permissions) The builtin user is very simple to set up than a custom identity provider, so if you want to add users manually, and allow them to log in, this is a great option. It’s especially useful if you have users that aren’t attached to an identity provider you own, for example temporary contractors. [ ](https://www.agilicus.com/faq/when-should-i-use-the-builtin-issuer/) ### Connector Diagnostics [ a #### An attempt was made to access a socket in a way forbidden by its access permissions ](#) Category: [Connector Diagnostics](https://www.agilicus.com/anyx-guide/agilicus-anyx-frequently-asked-questions/?include_category=connector-diagnostics) The connector and the launcher both might observe this error on a Microsoft Windows platform when trying to refresh credentials. The normal operation of the Launcher is to be automatically refreshed via Profile when the desktop integration is installed. However, if the user does not have the desktop integration, or, the credentials have timed out, they will see the Launcher open a browser to facilitate a refresh. As part of this flow, the Launcher will open a local TCP port (e.g. port 53210) on localhost. Normally the Windows firewall will allow this since the port is localhost only. However, some environments require the Agilicus Connector & Launcher to be explicitly allowed in the Microsoft Windows firewall. In this case, you might see a message “bind: an attempt was made to access a socket in a way forbidden by its access permissions.” ![Agilicus AuthMatrix error: 'An attempt was made to access a socket in a way forbidden by its access permissions.' This indicates a firewall or network security setting is blocking the AuthMatrix client from connecting to the AuthMatrix server. Check firewall rules and network configurations to allow communication on the necessary ports.](https://www.agilicus.com/www/2f773248-image-1024x643.png "An attempt was made to access a socket in a way forbidden by its access permissions 14") [ ](https://www.agilicus.com/faq/an-attempt-was-made-to-access-a-socket-in-a-way-forbidden-by-its-access-permissions/) [ a #### Can I have a backup/redundant/standby connector? ](#) Category: [Connector Diagnostics](https://www.agilicus.com/anyx-guide/agilicus-anyx-frequently-asked-questions/?include_category=connector-diagnostics) The Agilicus Connector supports running in an Active/Active high-availability mode, with up to four instances running at a time on separate hardware (and on separate sites with separate Internet connections). This allows you to implement a disaster-recovery scenario. Note that if the Connector exposes a Share, then it cannot run in Active/Active mode. Instead, consider an approach like a [Agilicus Connector Windows Cluster](https://www.agilicus.com/anyx-guide/agilicus-connector-windows-cluster/). Note that each connector in a high-availability set must be able to reach the same upstream services. [ ](https://www.agilicus.com/faq/can-i-have-a-backup-redundant-standby-connector/) [ a #### Can I see the logs for requests hitting the connector ](#) Category: [Connector Diagnostics](https://www.agilicus.com/anyx-guide/agilicus-anyx-frequently-asked-questions/?include_category=connector-diagnostics) Yes. First, you need to enable connector logging in Organisation -> Audit Destinations by clicking the *Access* and *Authorization* check-boxes. Your connectors will shortly start streaming their logs to Agilicus. You can see the logs in Applications->Diagnose. Fill in the time range you are interested in, then click *View Logs*. Note that you may see other logs related to your Organisation here. The relevant ones will have `source_type` equal to `agent-connector` [ ](https://www.agilicus.com/faq/can-i-see-the-logs-for-requests-hitting-the-connector/) [ a #### Certificate failure connecting to auth.\_\_MYDOMAIN\_\_ ](#) Category: [Connector Diagnostics](https://www.agilicus.com/anyx-guide/agilicus-anyx-frequently-asked-questions/?include_category=connector-diagnostics) If you see a TLS/SSL certificate when starting (or installing) the connector, it usually indicates there is a SSL-inspecting firewall on site. If you have a openssl installed, you can run this command: openssl s\_client -showcerts -servername auth.\_\_MYDOMAIN\_\_ -connect auth.\_\_MYDOMAIN\_\_:443 </dev/null It should emit something like below, note the ISRG Root X1 and the Let’s Encrypt. ``` root@rtr:~# openssl s_client -showcerts -servername auth.agilicus.com -connect auth.agilicus.com:443 "C:\Program Files\agilicus\agent\agilicus-agent.exe" test time="2025-12-15T14:24:28-05:00" level=info msg="Starting test - version v0.317.0" --- Preflight Tests --- PASS - https://api.agilicus.com/v1/resolve?type=CNAME&name=ca-1.agilicus.ca PASS - https://www.agilicus.com/ --- Overall: PASS --- --- Preflight Tests --- PASS - https://auth.r.XXX.ca/healthz PASS - https://auth.r.XXX.ca/healthz @ 34.95.12.47 PASS - https://auth.r.XXX.ca/healthz @ 35.240.184.197 ``` You will also see additional information in the system logs (eventvwr, journalctl, syslog) [ ](https://www.agilicus.com/faq/connector-shows-no-active-tunnel-connections-to-agilicus/) [ a #### Connector: wsrecv: An existing connection was forcibly closed by remote host ](#) Category: [Connector Diagnostics](https://www.agilicus.com/anyx-guide/agilicus-anyx-frequently-asked-questions/?include_category=connector-diagnostics) If you have an outbound firewall which does TLS/SNI inspection, it may be mis-configured and block connectivity to Agilicus services. You can see the domains required in [Site Firewall Configuration](/anyx-guide/site-firewall-configuration/). You can run the network self test (agilicus-agent test) to check connectivity, it may show an error as below. This is showing that your site firewall is sending a TCP RESET (RST) packet when the connector tries to connect to its upstream. Please update the configuration of your firewall to allow the required domains. ![cbcb0bbe image](https://www.agilicus.com/www/cbcb0bbe-image-1024x327.png "Connector: wsrecv: An existing connection was forcibly closed by remote host 15") [ ](https://www.agilicus.com/faq/connector-wsrecv-an-existing-connection-was-forcibly-closed-by-remote-host/) [ a #### Debugging Network Path Connectivity to Agilicus Infrastructure from Windows ](#) Category: [Connector Diagnostics](https://www.agilicus.com/anyx-guide/agilicus-anyx-frequently-asked-questions/?include_category=connector-diagnostics) You may find that your users, or your connectors, are blocked from connecting to the Agilicus infrastructure by some firewall device on your site. A good tool to try this is Nmap (https://nmap.org/download) and then do a TCP-based traceroute on port 443, using SYN packets. This emulates the connection. You would use ‘nmap -sS -p 443 -Pn –traceroute admin.\_\_MYDOMAIN\_\_’ similar to the below image. ![Troubleshooting Network Connectivity to Agilicus Infrastructure from Windows: A step-by-step guide to debugging network paths and ensuring seamless connectivity to Agilicus infrastructure on Windows operating systems. Includes using ping, tracert, and checking firewall rules for effective network diagnostics. Visual aid for identifying and resolving common network issues.](https://www.agilicus.com/www/b0de577d-image-1024x1015.png "Debugging Network Path Connectivity to Agilicus Infrastructure from Windows 16") [ ](https://www.agilicus.com/faq/debugging-network-path-connectivity-to-agilicus-infrastructure-from-windows/) [ a #### Does my connector need to be directly connected to my Networks? ](#) Category: [Connector Diagnostics](https://www.agilicus.com/anyx-guide/agilicus-anyx-frequently-asked-questions/?include_category=connector-diagnostics) No it does not. However, given that it will use TCP/IP to connect to them, it needs to be able to route to the IP it determines for the network, and any firewalls in between must allow access to that IP and the target TCP port. [ ](https://www.agilicus.com/faq/does-my-connector-need-to-be-directly-connected-to-my-networks/) [ a #### How do I know if my connector is connected to Agilicus? ](#) Category: [Connector Diagnostics](https://www.agilicus.com/anyx-guide/agilicus-anyx-frequently-asked-questions/?include_category=connector-diagnostics) Go to the Connector->Overview screen. Each connector reports an overview status here. “Good” means all instances of the connector are running, and that they are fully connected to Agilicus. [ ](https://www.agilicus.com/faq/how-do-i-know-if-my-connector-is-connected-to-agilicus/) [ a #### How do I know if my connector is forwarding traffic? ](#) Category: [Connector Diagnostics](https://www.agilicus.com/anyx-guide/agilicus-anyx-frequently-asked-questions/?include_category=connector-diagnostics) Go to the Connector->Overview screen. Your connectors will shortly begin to publish statistics. You can see a summary of successful/failed connections in the overview table. Click Actions -> View Detailed Statistics for a breakdown of these stats. Check that the connector itself is up (the ‘Good’/green in below). After you open the detailed statistics screen, reproduce the problem, and look at which counters increment. ![Agilicus Connector Traffic Forwarding Status: Checking the 'Connected' status in the Agilicus console confirms successful traffic forwarding. Ensure the connector is properly configured and communicating with the Agilicus cloud for secure access. Refer to the Agilicus documentation for troubleshooting steps.](https://www.agilicus.com/www/c44c1e18-image-1024x294.png "How do I know if my connector is forwarding traffic? 17") [ ](https://www.agilicus.com/faq/how-do-i-know-if-my-connector-is-forwarding-traffic/) [ a #### How do I know where my connector is installed ](#) Category: [Connector Diagnostics](https://www.agilicus.com/anyx-guide/agilicus-anyx-frequently-asked-questions/?include_category=connector-diagnostics) As part of maintaining its connection to Agilicus, the connector reports some system information. In the Connector->Overview screen, click on the connector in which you are interested. The resulting expanded table shows each instance of the connector and the hostname of the machine on which it is running. [ ](https://www.agilicus.com/faq/how-do-i-know-where-my-connector-is-installed/) [ a #### How does my connector route to Network ](#) Category: [Connector Diagnostics](https://www.agilicus.com/anyx-guide/agilicus-anyx-frequently-asked-questions/?include_category=connector-diagnostics) When establishing a connection to a Network, the connector first determines an IP with which to communicate with. If an Override IP is present in the Network’s configuration, it will use that. Otherwise, it will use the local system’s DNS configuration to do a DNS lookup of the network’s Hostname. It then establishes a connection to that IP using the local system’s standard TCP/IP stack. [ ](https://www.agilicus.com/faq/how-does-my-connector-route-to-network/) [ a #### My connector does not come online or show status ‘Good’ ](#) Category: [Connector Diagnostics](https://www.agilicus.com/anyx-guide/agilicus-anyx-frequently-asked-questions/?include_category=connector-diagnostics) You may have a local firewall which is blocking outbound communication. See ‘[Firewall Configuration](/anyx-guide/signup-firewall-configuration/)‘. Check the connector logs (on Windows, using [EventViewer](/anyx-guide/agilicus-connector-microsoft-windows/), on Linux typically with *journalctl -fu agilicus-agent*) [ ](https://www.agilicus.com/faq/my-connector-does-not-come-online-or-show-status-good/) [ a #### Why does my connector successfully send data to my HTTP server, but fail to connect? ](#) Category: [Connector Diagnostics](https://www.agilicus.com/anyx-guide/agilicus-anyx-frequently-asked-questions/?include_category=connector-diagnostics) Your Network for the HTTP server may be incorrectly configured. The connector proxies HTTP requests at the application layer. If the HTTP server runs HTTPS/TLS, the Network must be configured to initiate an HTTPS/TLS connection, and it must trust the certificate presented by the server. Conversely, if the HTTP server is plaintext (unencrypted), but the connector is configured to expect TLS, it will fail to establish the connection. [ ](https://www.agilicus.com/faq/why-does-my-connector-successfully-send-data-to-my-http-server-but-fail-to-connect/) [ a #### Wireshark Packet Capture For Diagnostics \[Windows\] ](#) Categories: [Connector Diagnostics](https://www.agilicus.com/anyx-guide/agilicus-anyx-frequently-asked-questions/?include_category=connector-diagnostics) [Resource - Web Applications](https://www.agilicus.com/anyx-guide/agilicus-anyx-frequently-asked-questions/?include_category=resource-web-applications) In some cases, Agilicus Support might be more effectively able to assist you with a packet capture from the machine running your connector. To do this, we can use Wireshark as below. ### Install Wireshark Open a browser to . Select ‘Download’. ![Wireshark packet capture on Windows: This screenshot shows the Wireshark interface displaying captured network packets. Use Wireshark for network diagnostics on Windows. Learn how to capture and analyze network traffic with Wireshark.](https://www.agilicus.com/www/00759ec5-image-1024x680.png "Wireshark Packet Capture For Diagnostics [Windows] 18") ![Wireshark Packet Capture in Windows: Diagnose network issues with Wireshark. The screenshot shows the Wireshark interface on Windows, highlighting packet details and filtering options for effective network analysis and troubleshooting. Learn how to use Wireshark for packet capture and analysis on Windows.](https://www.agilicus.com/www/3a2cacd5-image-1024x742.png "Wireshark Packet Capture For Diagnostics [Windows] 19") ![Wireshark packet capture configuration on Windows for network diagnostics. The screenshot shows the Wireshark interface with the capture options menu open, highlighting the selection of the correct network interface and enabling promiscuous mode for comprehensive packet analysis. This setup is essential for troubleshooting network issues and analyzing traffic in detail.](https://www.agilicus.com/www/7ad67511-image.png "Wireshark Packet Capture For Diagnostics [Windows] 20") ![Wireshark Packet Capture on Windows: A step-by-step guide to using Wireshark for network diagnostics on Windows, including selecting the right interface, applying capture filters, and analyzing captured packets to troubleshoot network issues. The screenshot shows the Wireshark interface selection screen, highlighting available network adapters.](https://www.agilicus.com/www/7e574480-image.png "Wireshark Packet Capture For Diagnostics [Windows] 21") ![Wireshark Packet Capture Configuration on Windows: The Wireshark interface is displayed, showing the capture options window. Several network interfaces are listed, and the user has selected the appropriate interface for capturing network traffic. This setup is crucial for diagnosing network issues and analyzing packet data using Wireshark on a Windows system. Learn how to configure Wireshark for effective packet capture on Windows at Agilicus.com.](https://www.agilicus.com/www/fac741ef-image.png "Wireshark Packet Capture For Diagnostics [Windows] 22") ![Wireshark Packet Capture Configuration on Windows: This screenshot guides users on how to set up Wireshark for network diagnostics on Windows, highlighting the interface selection and capture filter settings to effectively analyze network traffic.](https://www.agilicus.com/www/7e209a7a-image.png "Wireshark Packet Capture For Diagnostics [Windows] 23") ![Wireshark Packet Capture Configuration on Windows: A step-by-step guide showing the Wireshark interface with capture filters and settings highlighted for effective network diagnostics. Optimize your network troubleshooting with Wireshark on Windows.](https://www.agilicus.com/www/8f7c540e-image.png "Wireshark Packet Capture For Diagnostics [Windows] 24") ![Wireshark Packet Capture in Windows: Troubleshooting network issues with Wireshark by capturing and analyzing network packets on a Windows machine. Learn how to diagnose and resolve network problems effectively using Wireshark's packet analysis capabilities. The image shows the Wireshark interface on a Windows PC.](https://www.agilicus.com/www/17877f55-image.png "Wireshark Packet Capture For Diagnostics [Windows] 25") ![Wireshark Packet Capture Configuration on Windows: Shows the Wireshark interface with the capture filter set to 'host x.x.x.x' to capture network traffic for diagnostics, focusing on filtering by IP address for efficient troubleshooting.](https://www.agilicus.com/www/64ab64bc-image.png "Wireshark Packet Capture For Diagnostics [Windows] 26") ![Wireshark Packet Capture on Windows: Troubleshooting network issues using Wireshark. The image shows the Wireshark interface with captured packets, highlighting packet details, source/destination IPs, and protocol information. Useful for diagnosing network connectivity and performance problems on Windows systems.](https://www.agilicus.com/www/632180fa-image.png "Wireshark Packet Capture For Diagnostics [Windows] 27") ![Wireshark Packet Capture on Windows: Troubleshooting network issues with Wireshark. Learn how to capture and analyze network packets on Windows for effective diagnostics. This screenshot shows the Wireshark interface with captured packet data, including source and destination IP addresses, protocols, and packet details. Ideal for network administrators and IT professionals seeking to diagnose network performance problems.](https://www.agilicus.com/www/d44a85b5-image.png "Wireshark Packet Capture For Diagnostics [Windows] 28") ![Wireshark packet capture setup on Windows: Shows the Wireshark interface with filters applied, displaying captured network traffic for diagnostic analysis. Focus on capturing specific packets for troubleshooting network issues on Windows systems using Wireshark.](https://www.agilicus.com/www/91bd42f8-image.png "Wireshark Packet Capture For Diagnostics [Windows] 29") ### Open Wireshark, Start Capture ![Wireshark Packet Capture Configuration on Windows: Display filter configuration showing how to filter for specific IP addresses and ports for network diagnostics and troubleshooting with Wireshark. This includes configurations for filtering ICMP, TCP, and UDP traffic to capture specific network packets.](https://www.agilicus.com/www/4f1ed4c3-image.png "Wireshark Packet Capture For Diagnostics [Windows] 30") Double-click the primary/default network connection. ![Wireshark Packet Capture for Diagnostics on Windows: Analyzing network traffic in Wireshark to diagnose network issues. The screenshot shows the Wireshark interface with captured packets, providing a detailed view of network communication for troubleshooting.](https://www.agilicus.com/www/b34b7472-image-1024x545.png "Wireshark Packet Capture For Diagnostics [Windows] 31") Now, reproduce the problem, usually a few times. For example, if you have a NVR which is not working, attempt to use it from the Agilicus profile interface. Now, stop the capture: ![Wireshark packet capture on Windows showing captured network traffic for diagnostics and troubleshooting. The Wireshark interface displays packet details, protocols, source and destination IPs, and other network communication data. Used for analyzing network issues with Agilicus.](https://www.agilicus.com/www/ecd05774-image-1024x700.png "Wireshark Packet Capture For Diagnostics [Windows] 32") ![Wireshark Packet Capture on Windows: Diagnosing Network Issues - A screenshot showing the Wireshark interface with captured network packets, used for analyzing and troubleshooting network communication problems in Windows environments. Learn how to use Wireshark for effective network diagnostics.](https://www.agilicus.com/www/089d8762-image-1024x677.png "Wireshark Packet Capture For Diagnostics [Windows] 33") ![Wireshark Packet Capture on Windows: Diagnosing Network Issues with Wireshark - A step-by-step guide to capturing and analyzing network traffic on Windows using Wireshark for effective network diagnostics. Learn how to use Wireshark filters and analyze packet data.](https://www.agilicus.com/www/05122eca-image.png "Wireshark Packet Capture For Diagnostics [Windows] 34") ### Send the Capture to Agilicus Depending on how long you have captured, this file can be large. Contact Agilicus via the ‘Chat’ interface in the web interface if you need a location to put the file. Please describe what you were doing, what you observed, what was incorrect, and information about the network. [ ](https://www.agilicus.com/faq/wireshark-packet-capture-for-diagnostics-windows/) [ a #### upstream connection failed: The upstream host could be down ](#) Category: [Connector Diagnostics](https://www.agilicus.com/anyx-guide/agilicus-anyx-frequently-asked-questions/?include_category=connector-diagnostics) The end-user receives this message on sign-in: ``` Message: upstream connection failed Action: The upstream host could be down ``` This indicates the Agilicus Connector is up, and the user was able to sign in correctly, however, the customer-supplied application is either down, or unreachable from the Agilicus Connector. ![Upstream Connection Failed: Troubleshooting guide showing potential causes, including a down upstream host, with a diagram illustrating the network path and potential failure points.](https://www.agilicus.com/www/7e287088-diag-1024x344.jpg "upstream connection failed: The upstream host could be down 35") A common issue is a change in IP/port of the application, you may change this as below. ![Upstream Connection Failed: Troubleshooting network connectivity issues. Diagram illustrates potential network problems causing upstream host to be down, affecting service availability. Learn to diagnose and resolve upstream connection failures.](https://www.agilicus.com/www/7d4863b1-network-1024x461.png "upstream connection failed: The upstream host could be down 36") To diagnose the issue, use the detailed stats from the connector overview page: ![Agilicus upstream connection failed: Diagram illustrating a failed connection between a client, Agilicus, and the upstream host, indicating a potential issue with the upstream host being down or unreachable.](https://www.agilicus.com/www/fd868928-image-1024x456.png "upstream connection failed: The upstream host could be down 37") [ ](https://www.agilicus.com/faq/upstream-connection-failed-the-upstream-host-could-be-down/) ### Connector Installation [ a #### Agilicus Connector – Windows 7 ](#) Category: [Connector Installation](https://www.agilicus.com/anyx-guide/agilicus-anyx-frequently-asked-questions/?include_category=connector-installation) Microsoft has discontinued support for Windows 7 and Windows 2012. The Agilicus connector continues to run on these machines, however, it is important to have KB2533623 installed. If the Windows 7 machine is missing KB2533623, the connector may fail to start. The update can be manually installed from: https://web.archive.org/web/20200412130407/https://www.microsoft.com/en-us/download/details.aspx?id=26764 Note: it is possible a superceding KB might be installed, e.g. KB3063858 or KB4457144 or KB3063858. [ ](https://www.agilicus.com/faq/agilicus-connector-windows-7/) [ a #### Connector install: The revocation function was unable to check revocation for the certificate. ](#) Category: [Connector Installation](https://www.agilicus.com/anyx-guide/agilicus-anyx-frequently-asked-questions/?include_category=connector-installation) In some cases your air gapped environment does not allow Certificate Revocation List checking. This can occur if you have a server which has never been able to fetch the CRL. This can cause an issue installing, but not running, the Agilicus Connector. If you see an error like “The revocation function was unable to check revocation for the certificate” when you paste the installation command for the Agilicus Connector, add the parameter “–ssl-no-revoke” to the curl component. This will vary a little bit depending on your platform, but below is an example for a Windows platform: ``` curl --ssl-no-revoke -sSL -o "%TEMP%\aa.exe" https://www.agilicus.com/www/releases/secure-agent/stable/agilicus-agent.exe && "%TEMP%\aa.exe" client --install --challenge-id XXXX --challenge-code XXXX && del "%TEMP%\aa.exe" ``` Once installed, this will not be a problem again. If you wish to verify the Agilicus Connector executable, it is digitally signed. We discuss this problem a bit more, and a generic solution for other components in “[Locked-Down Networks Certificate Revocation](https://www.agilicus.com/anyx-guide/locked-down-networks-certificate-revocation/)“. If you are looking for a general purpose secure firewall solution that can forward Certificate Revocation, and only Certificate Revocation (including OCSP) without fixed IP address lists, please [contact us](/contact-us/), we have a full solution in this area. [ ](https://www.agilicus.com/faq/connector-install-the-revocation-function-was-unable-to-check-revocation-for-the-certificate/) [ a #### Enable Let’s Encrypt on Older Windows ](#) Categories: [AnyX - Initial Setup](https://www.agilicus.com/anyx-guide/agilicus-anyx-frequently-asked-questions/?include_category=anyx-initial-setup) [Connector Installation](https://www.agilicus.com/anyx-guide/agilicus-anyx-frequently-asked-questions/?include_category=connector-installation) Agilicus AnyX requires modern cryptography with a strong chain of trust. This is achieved using [Let’s Encrypt](https://letsencrypt.org/). Some older Microsoft Windows systems are not updated to have the proper cryptographic trust information installed. You should upgrade your Windows installation, but, if this is not possible, you can manually install the certificates. First, download the .der file from for each of ‘[X1](https://letsencrypt.org/certs/isrgrootx1.der) & [X2](https://letsencrypt.org/certs/isrg-root-x2.der)‘. For the X1 der and X2 der, open these on your desktop. You will be prompted to open the certificate manager. From here, Install, and pick the “Trusted Root Certification Authorities”. ![Screenshot of Certify The Web application showing the Let's Encrypt certificate generation process on an older Windows system. The interface displays options for domain selection, certificate settings, and task scheduling, guiding users through enabling HTTPS with Let's Encrypt on Windows Server.](https://www.agilicus.com/www/ef749f97-image.png "Enable Let's Encrypt on Older Windows 38") ![Let's Encrypt on Older Windows: Enable HTTPS for Secure Connections. Screenshot of Certify The Web ACME client showing successful Let's Encrypt certificate generation on an older Windows system. Secure your website with free SSL/TLS certificates.](https://www.agilicus.com/www/840f874c-image.png "Enable Let's Encrypt on Older Windows 39") Now we must import these to the Machine trust as well (above we did your user). To do so, open ‘mmc’ ![Screenshot of the OpenSSL configuration file showing the required changes to enable Let's Encrypt on older Windows systems. Key lines highlighted include modifications to the openssl.cnf file to ensure compatibility with Let's Encrypt's certificate authority. Specifically, this involves setting the 'CipherString' parameter to 'DEFAULT@SECLEVEL=2' to address potential compatibility issues with older OpenSSL versions and Let's Encrypt certificates on Windows servers. This ensures successful SSL/TLS certificate validation and secure HTTPS connections.](https://www.agilicus.com/www/a11b0196-image-1024x538.png "Enable Let's Encrypt on Older Windows 40") Now press ‘Control-M’. ![Screenshot of the OpenSSL configuration file on Windows, showing the lines that need to be modified to enable Let's Encrypt for older Windows versions. The image highlights the changes required in the openssl.cnf file, specifically related to enabling TLS SNI for compatibility with Let's Encrypt's certificate validation process. This is a step-by-step guide to configure OpenSSL for Let's Encrypt on older Windows systems. Instructions show how to update the configuration file for successful certificate generation and renewal.](https://www.agilicus.com/www/d1d5597f-image.png "Enable Let's Encrypt on Older Windows 41") ![Enabling Let's Encrypt on Older Windows: A step-by-step guide to installing Let's Encrypt certificates on older Windows systems, as shown in the Agilicus FAQ, using a command prompt interface for certificate generation and installation. Secure your website with free SSL/TLS certificates. Agilicus simplifies the process.](https://www.agilicus.com/www/81e59dd0-image-1024x576.png "Enable Let's Encrypt on Older Windows 42") ![Enabling Let's Encrypt on Older Windows: A step-by-step guide to installing Let's Encrypt certificates on older Windows systems, overcoming compatibility issues and securing your website with free SSL/TLS certificates. The image shows the process of setting up Let's Encrypt using a compatible ACME client, configuring the necessary settings, and verifying the certificate installation to ensure secure HTTPS connections. Perfect for users needing to secure their legacy Windows servers with Let's Encrypt.](https://www.agilicus.com/www/c2de05c4-image-1024x576.png "Enable Let's Encrypt on Older Windows 43") ![Enable Let's Encrypt on Older Windows: A step-by-step guide showing the OpenSSL configuration for generating SSL certificates compatible with older Windows systems, ensuring secure HTTPS connections. This image details the process of updating and configuring OpenSSL for older Windows versions to support Let's Encrypt certificates.](https://www.agilicus.com/www/e69eac7b-image-1024x576.png "Enable Let's Encrypt on Older Windows 44") ![Screenshot of Certify The Web ACME client interface on Windows, showing the Let's Encrypt certificate generation process. The interface highlights options for configuring and requesting SSL/TLS certificates for secure HTTPS websites on older Windows systems, as detailed in the Agilicus FAQ.](https://www.agilicus.com/www/65efd9c2-image-1024x576.png "Enable Let's Encrypt on Older Windows 45") Select the X1 (and repeat for X2) certificate from earlier. At this stage you should be able to install the Agilicus Connector. [ ](https://www.agilicus.com/faq/enable-lets-encrypt-on-older-windows/) [ a #### Force connector upgrade ](#) Category: [Connector Installation](https://www.agilicus.com/anyx-guide/agilicus-anyx-frequently-asked-questions/?include_category=connector-installation) The Agilicus connector automatically upgrades, with all connectors skewed in time. Normally this is completed automated and can be ignored. In some circumstances you may wish to force it to re-evaluate if there is a new version. To achieve this, remove the ‘agilicusLastUpdateCheck’ file, and restart the service. On windows: ![Agilicus Force Connector Upgrade: Streamline your access control with the latest Force Connector. Ensure seamless integration and enhanced security. Upgrade today for optimal performance.](https://www.agilicus.com/www/3fc5dad2-image-1024x425.png "Force connector upgrade 46") on Linux: rm /opt/agilicus/agent/agilicusLastUpdateCheck On windows you may restart the service from the windows service manager. On Linux you may use ‘systemctl restart agilicus-agent’. [ ](https://www.agilicus.com/faq/force-connector-upgrade/) [ a #### How do I check if the connector is running (on Linux)? ](#) Category: [Connector Installation](https://www.agilicus.com/anyx-guide/agilicus-anyx-frequently-asked-questions/?include_category=connector-installation) The connector status can be found by checking the systemctl service status: $ sudo systemctl status agilicus-agent [ ](https://www.agilicus.com/faq/how-do-i-check-if-the-connector-is-running-on-linux/) [ a #### How do I check if the connector is running (on Microsoft Windows)? ](#) Category: [Connector Installation](https://www.agilicus.com/anyx-guide/agilicus-anyx-frequently-asked-questions/?include_category=connector-installation) The Agilicus Connector runs as a Windows Service. Open the Windows ‘Services’ app and look for ‘Agilicus Connector’. The ‘Service Status’ will show the current status. [ ](https://www.agilicus.com/faq/how-do-i-check-if-the-connector-is-running-on-microsoft-windows/) [ a #### How do I check the status of the Connector? ](#) Category: [Connector Installation](https://www.agilicus.com/anyx-guide/agilicus-anyx-frequently-asked-questions/?include_category=connector-installation) Navigate to your organization’s Agilicus Admin console. Under Resources -> Connectors -> Overview, the column named ‘Status’ reflects the real-time status of the connector. The overall status is shown as ‘GOOD’, ‘DEGRADE’, ‘DOWN’. [![Agilicus Connector Status: Checking the connector status in the Agilicus Management Console. Shows the connector's online status, version, and last check-in time for easy troubleshooting and monitoring.](https://www.agilicus.com/www/18805b62-image-1024x541.png "How do I check the status of the Connector? 47")](https://www.agilicus.com/www/18805b62-image.png) [ ](https://www.agilicus.com/faq/how-do-i-check-the-status-of-the-connector/) [ a #### Installation Error: “date does not match with local machine” ](#) Category: [Connector Installation](https://www.agilicus.com/anyx-guide/agilicus-anyx-frequently-asked-questions/?include_category=connector-installation) Accurate globally synced time is critical to the proper operation of many modern cryptographic tools. It affects certificte allocation/revocation, sign-in audit logs, etc. See for further details to ensure the local machine time synchronization is setup. [ ](https://www.agilicus.com/faq/installation-error-date-does-not-match-with-local-machine/) [ a #### Retrieve connector logs (on Linux) ](#) Category: [Connector Installation](https://www.agilicus.com/anyx-guide/agilicus-anyx-frequently-asked-questions/?include_category=connector-installation) Connector logs on Linux are via journalctl -fu agilicus-agent [ ](https://www.agilicus.com/faq/retrieve-connector-logs-on-linux/) [ a #### Retrieve connector logs (on Windows) ](#) Category: [Connector Installation](https://www.agilicus.com/anyx-guide/agilicus-anyx-frequently-asked-questions/?include_category=connector-installation) Connector logs on Windows can be found in the Windows Event Viewer. Inside Event Viewer (Local) -> Windows Logs -> Application, See “[Agilicus Connector – Microsoft Windows](https://www.agilicus.com/anyx-guide/agilicus-connector-microsoft-windows/#diagnostics)“. [ ](https://www.agilicus.com/faq/retrieve-connector-logs-on-windows/) [ a #### Where do I need to install an Agilicus Connector? ](#) Category: [Connector Installation](https://www.agilicus.com/anyx-guide/agilicus-anyx-frequently-asked-questions/?include_category=connector-installation) The Agilicus Connector needs to be able to reach any service it is used to expose. For a share, this means running on a machine with access to the files. For a Desktop, it means being able to reach via TCP (port 3389 or port 5900 for RDP or VNC typically) the destination system. This might mean running on the same system, this might mean running on a device on the same network segment or inside the same firewall. [ ](https://www.agilicus.com/faq/where-do-i-need-to-install-an-agilicus-connector/) [ a #### tls: failed to verify certificate: x509: certificate signed by unknown authority ](#) Categories: [Connector Installation](https://www.agilicus.com/anyx-guide/agilicus-anyx-frequently-asked-questions/?include_category=connector-installation) [General Diagnostics](https://www.agilicus.com/anyx-guide/agilicus-anyx-frequently-asked-questions/?include_category=general-diagnostics) When installing the Agilicus Connector you may see an error “tls: failed to verify certificate: x509: certificate signed by unknown authority”. This indicates that your site has a SSL-inspecting firewall present (e.g. Palo Alto, Fortinet, Sophos, etc). This firewall **may** be redirecting DNS, or, using some other network-based technique to intercept traffic. See “[Site Firewall Configuration](https://www.agilicus.com/anyx-guide/signup-firewall-configuration/)” for hints on how to resolve. [ ](https://www.agilicus.com/faq/tls-failed-to-verify-certificate-x509-certificate-signed-by-unknown-authority/) ### General Diagnostics [ a #### A resource icon does not show in Profile ](#) Category: [General Diagnostics](https://www.agilicus.com/anyx-guide/agilicus-anyx-frequently-asked-questions/?include_category=general-diagnostics) End users interact with AnyX via [Profile](/anyx-guide/profile/) (at https://profile.\_\_MYDOMAIN\_\_). Each resource is represented by an icon. There are 3 ‘tabs’ (mine, requested, all). If an icon does not show in the ‘mine’ tab, but does show in ‘all’, the user is missing permission. If the icon does not show at all, try refreshing the browser. [ ](https://www.agilicus.com/faq/a-resource-icon-does-not-show-in-profile/) [ a #### Access Google Chrome Console on Android ](#) Category: [General Diagnostics](https://www.agilicus.com/anyx-guide/agilicus-anyx-frequently-asked-questions/?include_category=general-diagnostics) In some cases you will find that a web application misbehaves on an Android device, but not on a desktop. This can make it more difficult to obtain the console logs to point to the issue. Follow the below instructions to obtain these logs. ![c77fe684 image](https://www.agilicus.com/www/c77fe684-image.png "Access Google Chrome Console on Android 48") 1. On the Android device, [enable](https://developer.android.com/studio/debug/dev-options) Debugging - Tap ‘Build Number’ 7 times (**Settings** > **About phone** > **Software information** > **Build number**) 2. Enable “USB” Debugging” under Developer Options 3. Plug the Android device into your desktop PC via USB 4. If prompted, “Allow USB debugging” when prompted 5. On your desktop chrome, open ‘chrome://inspect/#devices’ in the URL bar 6. Select ‘Discover USB devices’ 7. Select your device, click ‘inspect’ (you may need to click the specific URL/tab that is open) ![d1da487e image](https://www.agilicus.com/www/d1da487e-image-1024x461.png "Access Google Chrome Console on Android 49") from here you should see the console log and network. You may also wish to [save the HAR ](/faq/diagnosing-web-applications-with-har-file/)file for offline diagnostics. [ ](https://www.agilicus.com/faq/access-google-chrome-console-on-android/) [ a #### Diagnosing Web Applications with HAR file ](#) Categories: [General Diagnostics](https://www.agilicus.com/anyx-guide/agilicus-anyx-frequently-asked-questions/?include_category=general-diagnostics) [Resource - Web Applications](https://www.agilicus.com/anyx-guide/agilicus-anyx-frequently-asked-questions/?include_category=resource-web-applications) In some circumstances it is more efficient to diagnose a web application issue by generating a HAR file and sharing with Agilicus Support. ### Google Chrome (And Derived Browsers Like Microsoft Edge) In Google Chrome (and other Chrome-derived browsers such as Microsoft Edge), you can enter the developer mode (ctrl-shift-I or F12), and then select the ‘Export HAR (sanitized)…)’ button. 1. Open a new incognito window. 2. Click the more actions menu (…) to the right of the toolbar and select **More tools – Developer Tools** (or press F12 or CTRL-SHIFT-I) 3. Select the **Network** tab. 4. Ensure that Google Chrome is recording. A red button indicates that a recording is already in progress. Otherwise, click **Record network log**. 5. Select **Preserve Log**. 6. Clear any existing logs by clicking **Clear network log** (![troubleshooting with har chrome 04](https://help.okta.com/oag/en-us/content/resources/images/access-gateway/troubleshooting-with-har-chrome-04.png "Diagnosing Web Applications with HAR file 50")). 7. Go to the page where the issue occurred and reproduce the issue. 8. Click **Export HAR** (the down arrow icon) to export the file as HAR. 9. Save the HAR file. ![HAR file analysis for web application diagnostics. This image visually represents the structure of a HAR file, which is used for debugging web performance issues. Learn how to use HAR files to diagnose and troubleshoot your web applications effectively. More information available at Agilicus.](https://www.agilicus.com/www/43d4badd-image-1024x399.png "Diagnosing Web Applications with HAR file 51") ### Firefox - To open the developer console in Firefox, click on the Firefox Menu in the upper-right-hand corner of the browser and select More Tools > Browser Console. You can also use Option + ⌘ + E (on macOS) or Shift + CTRL + C (on Windows/Linux). - Refresh the page. - Go to the **Network tab** and, click the settings icon (upper right side of the panel), choose **Save All As Har**. ![HAR file analysis: Diagnose web application performance issues with HTTP Archive (HAR) files. Learn to record, analyze, and troubleshoot web application behavior using HAR files for faster, more efficient debugging.](https://www.agilicus.com/www/7f242f84-image-1024x640.png "Diagnosing Web Applications with HAR file 52") ### Apple Safari Ensure the ”Show Develop menu” in the menu bar is checked under Safari > Settings > Advanced tab. - Visit the web page from where you want to export the traffic. - Click **Develop** on the *Menubar*, then select **Show Web Inspector**. Refresh the page. - Go to the **Network tab** and click **Export** on the upper right side of the pane. ![HAR file analysis in browser developer tools showing waterfall chart of network requests for diagnosing web application performance issues. Learn how to use HAR files for web application troubleshooting.](https://www.agilicus.com/www/aaae3717-image-1024x640.png "Diagnosing Web Applications with HAR file 53") [ ](https://www.agilicus.com/faq/diagnosing-web-applications-with-har-file/) [ a #### Diagnostic Logs ](#) Category: [General Diagnostics](https://www.agilicus.com/anyx-guide/agilicus-anyx-frequently-asked-questions/?include_category=general-diagnostics) Agilicus has a number of different log sources and types: - Authentication Audits. See your admin interface, Organisation/Authentication Audit - API/System change Audits. See your admin interface, Organisation/Audit Subsystem - Per user diagnostic and access audit: See your admin interface, Access/Audits and enter the user’s email - External SIEM, graylog, etc. See your admin interface, Organisation/Audit Destinations - Access logs. See your connector’s log in the OS-dependent fashion (e.g. [Eventvwr](https://www.agilicus.com/anyx-guide/agilicus-connector-microsoft-windows/), Systemd [journal](https://www.agilicus.com/faq/retrieve-connector-logs-on-linux/)) - (Legacy). For hosted applications, see Applications/Diagnose [ ](https://www.agilicus.com/faq/diagnostic-logs/) [ a #### How May I Grant Temporary Permission To Agilicus Support? ](#) Categories: [General Diagnostics](https://www.agilicus.com/anyx-guide/agilicus-anyx-frequently-asked-questions/?include_category=general-diagnostics) [Key Concepts](https://www.agilicus.com/anyx-guide/agilicus-anyx-frequently-asked-questions/?include_category=key-concepts) For more information on support options, please see [Support](/anyx-guide/support/). When you are working with a member of the Agilicus customer support team, and wish to give them access to your Organisation in order to collaborate, you may use the Support Requests feature. This will temporarily give a single person access. All activities will show up in the Audits, and you may revoke this permission at any time. ![Granting temporary Agilicus support access: A step-by-step guide using the Agilicus platform to enable time-limited permissions for support personnel, ensuring secure and controlled access. Streamline support interactions with temporary permission management.](https://www.agilicus.com/www/760b3f10-image-1024x575.png "How May I Grant Temporary Permission To Agilicus Support? 54") [ ](https://www.agilicus.com/faq/how-may-i-grant-temporary-permission-to-agilicus-support/) [ a #### tls: failed to verify certificate: x509: certificate signed by unknown authority ](#) Categories: [Connector Installation](https://www.agilicus.com/anyx-guide/agilicus-anyx-frequently-asked-questions/?include_category=connector-installation) [General Diagnostics](https://www.agilicus.com/anyx-guide/agilicus-anyx-frequently-asked-questions/?include_category=general-diagnostics) When installing the Agilicus Connector you may see an error “tls: failed to verify certificate: x509: certificate signed by unknown authority”. This indicates that your site has a SSL-inspecting firewall present (e.g. Palo Alto, Fortinet, Sophos, etc). This firewall **may** be redirecting DNS, or, using some other network-based technique to intercept traffic. See “[Site Firewall Configuration](https://www.agilicus.com/anyx-guide/signup-firewall-configuration/)” for hints on how to resolve. [ ](https://www.agilicus.com/faq/tls-failed-to-verify-certificate-x509-certificate-signed-by-unknown-authority/) ### Industrial Control Systems [ a #### Best Practices VNC HMI ](#) Category: [Industrial Control Systems](https://www.agilicus.com/anyx-guide/agilicus-anyx-frequently-asked-questions/?include_category=industrial-control-systems) Agilicus AnyX allows your existing VNC HMI to be modernised to meet the needs of standards like [NIS2](https://digital-strategy.ec.europa.eu/en/policies/nis2-directive): strong encryption, single-sign-on, multi-factor authentication, without changes to your existing equipment or network or infrastructure. You can see more information on this operates at [Zero Trust: VNC Remote Desktop](https://www.agilicus.com/infosheet/zero-trust-vnc-remote-desktop/). [ ](https://www.agilicus.com/faq/best-practices-vnc-hmi/) ### Invoices, Billing [ a #### How may I set or update my credit card? ](#) Category: [Invoices, Billing](https://www.agilicus.com/anyx-guide/agilicus-anyx-frequently-asked-questions/?include_category=invoices-billing) See “Organisation/Billing” in your admin portal (https://admin.\_\_MYDOMAIN\_\_). From here, select ‘VIEW/UPDATE PAYMENT INFORMATION” [ ](https://www.agilicus.com/faq/how-may-i-set-or-update-my-credit-card/) [ a #### How may I set or update my credit card? ](#) Category: [Invoices, Billing](https://www.agilicus.com/anyx-guide/agilicus-anyx-frequently-asked-questions/?include_category=invoices-billing) See “Organisation/Billing” in your admin portal (https://admin.\_\_MYDOMAIN\_\_). From here, select ‘VIEW/UPDATE PAYMENT INFORMATION” [ ](https://www.agilicus.com/faq/how-may-i-set-or-update-my-credit-card-2/) [ a #### How may I set who receives email notice of an invoice? ](#) Category: [Invoices, Billing](https://www.agilicus.com/anyx-guide/agilicus-anyx-frequently-asked-questions/?include_category=invoices-billing) See “Organisation/Billing” in your admin portal (https://admin.\_\_MYDOMAIN\_\_). From here, select ‘VIEW/UPDATE PAYMENT INFORMATION” [ ](https://www.agilicus.com/faq/how-may-i-set-who-receives-email-notice-of-an-invoice/) ### Key Concepts [ a #### Add a User to My Org ](#) Categories: [Authentication, User Permissions](https://www.agilicus.com/anyx-guide/agilicus-anyx-frequently-asked-questions/?include_category=authentication-user-permissions) [Key Concepts](https://www.agilicus.com/anyx-guide/agilicus-anyx-frequently-asked-questions/?include_category=key-concepts) You have a new team member, or a new vendor supporting you. You wish to add them so they have specific permissions. 1. Navigate to your admin interface (https://admin.\_\_MYDOMAIN\_\_) 2. Under Access/Users, type in their email. Optional: add one or more group assignments for permission 3. Optional: Navigate to Access/Groups and add them to one or more group assignments for permissions 4. Optional: Navigate to Access/Resource Permissions, and directly assign permissions if not done through a group above. [ ](https://www.agilicus.com/faq/add-a-user-to-my-org/) [ a #### How May I Grant Temporary Permission To Agilicus Support? ](#) Categories: [General Diagnostics](https://www.agilicus.com/anyx-guide/agilicus-anyx-frequently-asked-questions/?include_category=general-diagnostics) [Key Concepts](https://www.agilicus.com/anyx-guide/agilicus-anyx-frequently-asked-questions/?include_category=key-concepts) For more information on support options, please see [Support](/anyx-guide/support/). When you are working with a member of the Agilicus customer support team, and wish to give them access to your Organisation in order to collaborate, you may use the Support Requests feature. This will temporarily give a single person access. All activities will show up in the Audits, and you may revoke this permission at any time. ![Granting temporary Agilicus support access: A step-by-step guide using the Agilicus platform to enable time-limited permissions for support personnel, ensuring secure and controlled access. Streamline support interactions with temporary permission management.](https://www.agilicus.com/www/760b3f10-image-1024x575.png "How May I Grant Temporary Permission To Agilicus Support? 55") [ ](https://www.agilicus.com/faq/how-may-i-grant-temporary-permission-to-agilicus-support/) [ a #### What is my admin URL? What is the URL for my applications? ](#) Category: [Key Concepts](https://www.agilicus.com/anyx-guide/agilicus-anyx-frequently-asked-questions/?include_category=key-concepts) When you initially [signed](/anyx-guide/signup/) up to the Agilicus AnyX platform, you choose a domain (either your own DNS name with a CNAME, or, an Agilicus-supplied domain). Your domain looks something like ORGNAME.agilicus.cloud. You will have received a welcome email with this information, as well as have been automatically signed-in in your browser to e.g. https://admin.\_\_MYDOMAIN\_\_. [ ](https://www.agilicus.com/faq/what-is-my-admin-url-what-is-the-url-for-my-applications/) [ a #### Where do I administer Agilicus AnyX? ](#) Category: [Key Concepts](https://www.agilicus.com/anyx-guide/agilicus-anyx-frequently-asked-questions/?include_category=key-concepts) Open the admin web user interface at https://admin.\_\_MYDOMAIN\_\_/ [ ](https://www.agilicus.com/faq/where-do-i-administer-agilicus-anyx/) ### Policies [ a #### You have been denied access via a local policy rule such as GeoIP. ](#) Category: [Policies](https://www.agilicus.com/anyx-guide/agilicus-anyx-frequently-asked-questions/?include_category=policies) The user may see this error “You have been denied access via a local policy rule such as GeoIP.” on trying to use a resource. This is something your end user will see when opening a web application that is normally available through the Agilicus Connector. This indicates that a policy has returned false, denying access. This could be a geo-ip policy, a multi-factor authorisation policy, a subnet-based policy, etc. See [Policies](https://www.agilicus.com/anyx-guide/policies/), [Policy-Based Access Control By Subnet](https://www.agilicus.com/anyx-guide/policy-based-access-control-by-subnet/), [Geo-Location-Based Access Control](https://www.agilicus.com/anyx-guide/geo-location-based-access-control/) and [Firewall rules](https://www.agilicus.com/anyx-guide/authorisation-rules/) for more information. If you are the system administrator, you may look at which specific policies apply to the given resource, and, which ones might be matching. Also check the connector logs ([overall](https://www.agilicus.com/faq/can-i-see-the-logs-for-requests-hitting-the-connector/), [windows](https://www.agilicus.com/faq/retrieve-connector-logs-on-windows/), [Linux](https://www.agilicus.com/faq/retrieve-connector-logs-on-linux/)) [ ](https://www.agilicus.com/faq/you-have-been-denied-access-via-a-local-policy-rule-such-as-geoip/) ### Resource - Desktops [ a #### Android Remote Desktop ](#) Category: [Resource - Desktops](https://www.agilicus.com/anyx-guide/agilicus-anyx-frequently-asked-questions/?include_category=resource-desktops) In the Google Play store, install Microsoft Remote Desktop. Once installed, use the Agilicus profile (https://profile.\_\_MYDOMAIN\_\_) and launch the remote desktop icon for your resource. The first time you run this, you may be asked to grant permission, as below. ![android-remote-desktop](https://www.agilicus.com/www/97232d58-android-remote-desktop-460x1024.png "Android Remote Desktop 56") [ ](https://www.agilicus.com/faq/android-remote-desktop/) [ a #### Desktop Connection Fails with “No stuffable upstream security type found” ](#) Category: [Resource - Desktops](https://www.agilicus.com/anyx-guide/agilicus-anyx-frequently-asked-questions/?include_category=resource-desktops) If your VNC desktop has credential stuffing enabled (i.e. it has an entry in one of the username or password fields in its expanded configuration under Resources/Desktops), the connector and VNC server must mutually support a protocol which allows for credential exchange. If the connector cannot negotiate a protocol compatible with credential stuffing, it will fail with this message. The following screenshot provides an example. Note the red bar. ![Agilicus Desktop Connection Error: 'No stuffable upstream security type found'. This error indicates a problem with the security configuration preventing a secure connection. Refer to the Agilicus FAQ for troubleshooting steps to resolve the connection failure.](https://www.agilicus.com/www/61551f62-image-1024x220.png "Desktop Connection Fails with "No stuffable upstream security type found" 57") The connector supports the following protocols which allow for credential stuffing: - VNC Authentication (Type 2) - RA2 (Type 5) - RA2r (Type 13) - RA2\_256 (Type 129) To overcome this problem, either disable credential stuffing, or configure the server so that it supports one of the above protocols. [ ](https://www.agilicus.com/faq/desktop-connection-fails-with-no-stuffable-upstream-security-type-found/) [ a #### Does Agilicus AnyX Support Network Level Authentication (NLA) For Remote Desktop? ](#) Category: [Resource - Desktops](https://www.agilicus.com/anyx-guide/agilicus-anyx-frequently-asked-questions/?include_category=resource-desktops) Microsoft supports a concept called ‘Network Level Authentication’. In this model, if the client-machine (running mstsc) is joined to a Windows domain, and, the server is also on the same domain, it will check and enforce this. With Agilicus AnyX, a common use case is ‘any device’, allowing the user to use a tablet or personal machine to reach a remote desktop server. In this case, the client is not joined to the domain, and, Microsoft Network Level Authentication will fail. Agilicus AnyX is transparent, and, supports Network Level Authentication. If 100% of your users devices are attached to your domain, you may enable this on your server. If you have users who are not attached to your domain you will need to disable or make it optional on your server. See the [Product Guide](https://www.agilicus.com/anyx-guide/zero-trust-desktop-access/) for more information. [ ](https://www.agilicus.com/faq/does-agilicus-anyx-support-network-level-authentication-nla-for-remote-desktop/) [ a #### Enable RealVNC Server ](#) Category: [Resource - Desktops](https://www.agilicus.com/anyx-guide/agilicus-anyx-frequently-asked-questions/?include_category=resource-desktops) RealVNC® by default uses a proprietary authentication mechanism, rendering it inoperable with standard clients. You can enable standard authentication as shown in the below image (enable VNC Password as an authentication mechanism). ![RealVNC Authentication](https://www.agilicus.com/www/2f723b59-image.png "Enable RealVNC Server 58") You may also wish to see more detail about how to use the [RealVNC](https://www.agilicus.com/anyx-guide/raspberry-pi-vnc-server/) as shipped with Raspberry PI. [ ](https://www.agilicus.com/faq/enable-realvnc-server/) [ a #### Setup Desktop to a specific monitor ](#) Category: [Resource - Desktops](https://www.agilicus.com/anyx-guide/agilicus-anyx-frequently-asked-questions/?include_category=resource-desktops) TightVNC via command line allows specifying the specific display adapter number. TIghtVNC also allows display offsets in the ‘Extra Ports’ configuration. By specifying a specific port (eg. 5091), a display offset can be configured for a monitor. Once the port is configured and known, a new desktop can be configured in the Agilicus Admin portal with the port number. [ ](https://www.agilicus.com/faq/setup-desktop-to-a-specific-monitor/) ### Resource - Launchers [ a #### Debug desktop launcher (Windows) ](#) Category: [Resource - Launchers](https://www.agilicus.com/anyx-guide/agilicus-anyx-frequently-asked-questions/?include_category=resource-launchers) **Diagnosing a Single PC Issue** If you’re experiencing a problem with your Agilicus Agent on a single PC, these are the primary diagnostic steps you can take: 1. **Review Log Files:** First, check the contents of the log files located in your agent’s logs directory. These files often contain valuable information about recent activities and errors. - **Path:** `%LOCALAPPDATA%\Agilicus\Agent\logs` - **What to look for:** Examine the most recent log files for any error messages, warnings, or unexpected behavior. 2. **Run a Debug Refresh:** If the log files don’t reveal the issue, you can force a client refresh with debug logging enabled. This can provide more detailed output about the agent’s operation. - **Steps:** 1. Open a `cmd` (Command Prompt) window. 2. Run the following command: `%LOCALAPPDATA%\Agilicus\Agent\agilicus-agent.exe client --cfg-file %LOCALAPPDATA%\Agilicus\Agent\agent.conf.enc.yaml --client-refresh true --debug` - **Sharing Results (Optional):** If you need to share the results of this debug refresh with Agilicus support, you can append the following to the command to save the output to a file: `%LOCALAPAPPDATA%\Agilicus\Agent\agilicus-agent.exe client --cfg-file %LOCALAPPDATA%\Agilicus\Agent\agent.conf.enc.yaml --client-refresh true --debug > "%USERPROFILE%\Desktop\debug.log" 2>&1` After running this, a file named `debug.log` will be created on your desktop, which you can then share. 3. **Debug a Specific Launcher:** If the previous steps don’t identify the problem, you can debug the specific launcher directly. This allows you to see any issues related to its specific command execution. - **Steps:** 1. Locate the shortcut icon for the specific launcher you are having trouble with (e.g., on your desktop or Start Menu). 2. Right-click the shortcut and select “Properties.” 3. In the “Shortcut” tab, find the “Target” field. This field contains the full command line used to launch the application. 4. Copy the entire command line from the “Target” field. 5. Open a `cmd` (Command Prompt) window **as your regular user (not as an administrator)**. 6. Paste the copied command line into the `cmd` window. 7. Append `--debug` to the end of the command line. 8. Press Enter to run the command. - This will execute the launcher with debug logging, and any remaining issues or output will be displayed directly in the command prompt window. [ ](https://www.agilicus.com/faq/debug-desktop-launcher-windows/) [ a #### Diagnose Launcher ](#) Category: [Resource - Launchers](https://www.agilicus.com/anyx-guide/agilicus-anyx-frequently-asked-questions/?include_category=resource-launchers) You may find there is an issue with the launcher. Examples include: - application starting but exiting right away - application starts and gives an error dialog - application does not start The first step to diagnose this is to find the debugging output. The simplest way is: 1. on Start menu, find the application. ‘Open File Location’ 2. Right-click on the icon, select ‘Properties’ 3. Open a ‘cmd’ window (start menu, ‘cmd’) 4. run cd “DIR” where dir is the ‘Start In” field. Use double-quotes. 5. Run the program, appending –debug to the end of the string These steps are shown below. ![Agilicus Zero Trust Launcher Diagnostic Screen: Troubleshooting connection issues with the Agilicus platform. The diagnostic tool checks network connectivity, DNS resolution, and access to necessary services. Use this to diagnose problems with the Agilicus Launcher.](https://www.agilicus.com/www/6ce417dd-image-1024x640.png "Diagnose Launcher 59") ![Agilicus Zero Trust Launcher Troubleshooting: Diagnose common issues with the Agilicus Zero Trust Launcher using the diagnostic tool. This tool helps identify problems such as connectivity errors, incorrect configurations, and service disruptions, ensuring seamless and secure access to your applications.](https://www.agilicus.com/www/ab823232-image-1024x640.png "Diagnose Launcher 60") ![Agilicus Diagnose Launcher: Troubleshooting and identifying issues with the Agilicus platform. The launcher displays diagnostic information to help users resolve problems. The image shows the Agilicus Diagnose Launcher interface.](https://www.agilicus.com/www/968c62dd-2025-05-13_11-42-1024x422.png "Diagnose Launcher 61") The output will look similar to below. ``` C:\Users\don\AppData\Local\Agilicus\Agent>C:\Users\don\AppData\Local\Agilicus\Agent\agilicus-agent.exe proxify --cfg-file C:\Users\don\AppData\Local\Agilicus\Agent\agent.conf.enc.yaml --resource-id Rg4QS6T8LnWX7QYdrmwFP2 --org-id Hsrk2MYRznWufRJQeaysDC --debugtime="2025-05-13T11:45:15-04:00" level=info msg="Starting proxify - version v0.298.2"time="2025-05-13T11:45:15-04:00" level=debug msg="checking if should migrate install path"time="2025-05-13T11:45:18-04:00" level=debug msg="checking stat file C:\Users\don\AppData\Local\Agilicus\Agent\agilicusLastUpdate"time="2025-05-13T11:45:18-04:00" level=debug msg="file C:\Users\don\AppData\Local\Agilicus\Agent\agilicusLastUpdate updated"time="2025-05-13T11:45:18-04:00" level=debug msg="checking C:\Users\don\AppData\Local\Agilicus\Agent\agilicusUpgradeLastRun"time="2025-05-13T11:45:19-04:00" level=debug msg="upgrade threshold time not met"time="2025-05-13T11:45:19-04:00" level=debug msg="Launching resource Rg4QS6T8LnWX7QYdrmwFP2 for orgID Hsrk2MYRznWufRJQeaysDC"time="2025-05-13T11:45:19-04:00" level=debug msg="checking stat file C:\Users\don\AppData\Local\Agilicus\Agent\agilicusLastRefresh"time="2025-05-13T11:45:19-04:00" level=debug msg="the cache file is: C:\Users\don\AppData\Local\cache\agilicus\resource_info.json"time="2025-05-13T11:45:19-04:00" level=debug msg="using user resource access info from cache for Rg4QS6T8LnWX7QYdrmwFP2"time="2025-05-13T11:45:19-04:00" level=debug msg="storing cache in directory: C:\Users\don\AppData\Local\cache\agilicus\tunnel-info"time="2025-05-13T11:45:19-04:00" level=debug msg="Setting SSL_CERT_FILE=C:\Users\don\AppData\Local\Agilicus\Agent\4274-proxify.crt"time="2025-05-13T11:45:19-04:00" level=info msg="Adding C:\Users\don\AppData\Local\Agilicus\Agent\4274-proxify.crt to default cert pool"time="2025-05-13T11:45:19-04:00" level=debug msg="Listen on port 55031"time="2025-05-13T11:45:19-04:00" level=debug msg="Setting proxy env vars to: http://localhost:55031"time="2025-05-13T11:45:19-04:00" level=debug msg="Setting _JAVA_OPTIONS var to: -Dhttp.proxyHost=localhost -Dhttp.proxyPort=55031 -Dhttps.proxyHost=localhost -Dhttps.proxyPort=55031"time="2025-05-13T11:45:19-04:00" level=debug msg="storing cache in directory: C:\Users\don\AppData\Local\cache\agilicus\tunnel-info"time="2025-05-13T11:45:19-04:00" level=debug msg="exec (waitDescendants: true, workingDir: ): c:\windows\system32\notepad.exe" ``` d [ ](https://www.agilicus.com/faq/diagnose-launcher/) [ a #### Rockwell Studio listen tcp 127.74.52.3:44818: bind: An attempt was made to access a socket in a way forbidden by its access permissions. ](#) Category: [Resource - Launchers](https://www.agilicus.com/anyx-guide/agilicus-anyx-frequently-asked-questions/?include_category=resource-launchers) If you are using an Agilicus Launcher with Rockwell Studio rslinx to reach one or more PLCs, you may see an error “listen tcp 127.74.52.3:44818: bind: An attempt was made to access a socket in a way forbidden by its access permissions.” This indicates you have another process running which has globally opened this port. You may find this process via: ``` netstat -an |findstr 44818 ``` If you see a result like: ``` TCP 0.0.0.0:44818 0.0.0.0:0 LISTENING ``` This means that there is a process running with this port globally, exclusively, open. You can find the process: ``` netstat -anb ``` and you will see the named process. Stop this process which has the port open exclusively, and, the Agilicus Launcher should now work. To avoid this, you can either use a different port, reconfigure the exclusive process to use a specific IP (instead of 0.0.0.0), or, run the Agilicus Launcher first. [ ](https://www.agilicus.com/faq/rockwell-studio-listen-tcp-127-74-52-344818-bind-an-attempt-was-made-to-access-a-socket-in-a-way-forbidden-by-its-access-permissions/) ### Resource - Networks [ a #### I accidentally setup an application as HTTPS, but its HTTP ](#) Categories: [Resource - Networks](https://www.agilicus.com/anyx-guide/agilicus-anyx-frequently-asked-questions/?include_category=resource-networks) [Resource - Web Applications](https://www.agilicus.com/anyx-guide/agilicus-anyx-frequently-asked-questions/?include_category=resource-web-applications) Navigate to Resources/networks. There you will find the ‘network’ (the upstream connection to your application). Expand the details, from here you can change the TLS settings. You might see these symptoms, a message: “Bad Request. Your browser sent a request that this server could not understand. Reason: You’re speaking plain HTTP to an SSL-enabled server port. Instead use the HTTPS scheme to access this URI.” [ ](https://www.agilicus.com/faq/i-accidentally-setup-an-application-as-https-but-its-http/) ### Resource - Shares [ a #### Creating an API key to mount a share ](#) Category: [Resource - Shares](https://www.agilicus.com/anyx-guide/agilicus-anyx-frequently-asked-questions/?include_category=resource-shares) In some cases you will wish to mount a share from a machine without a human user. An example would be mounting from many local systems into your backup server. To do this, perform these steps: 1. Create a service account under “Access/Service Accounts” 2. Download the Authentication Document (Actions menu on the line for the Service Account) 3. Use ‘Copy Service Account Email” from the (Actions menu on the line for the Service Account) 4. Using the CLI, lookup the user-id for the ‘Service Account Email’ via ‘show user’ 5. Using the CLI, call ‘add-api-key’ ``` agilicus-cli --issuer https://auth.__MYDOMAIN__ show-user MYSERVICEACCOUNT@serviceaccounts.agilicus.com agilicus-cli --authentication-document /tmp/authdoc.json add-api-key --duration-seconds 0 --scope "urn:agilicus:fileshare:*:viewer" --user-id USER-GUID --name "Backup read-only mount" ``` [ ](https://www.agilicus.com/faq/creating-an-api-key-to-mount-a-share/) [ a #### Enable WebClient/WebDav on Windows Server ](#) Category: [Resource - Shares](https://www.agilicus.com/anyx-guide/agilicus-anyx-frequently-asked-questions/?include_category=resource-shares) The Agilicus Share feature makes use of the Microsoft WebClient. This is an optional component which may not have been enabled at installation time on your Windows Server. Microsoft has a knowledge base [entry](https://learn.microsoft.com/en-us/iis/publish/using-webdav/using-the-webdav-redirector) discussing the WebDav redirector. ### Installing WebDAV support on Windows Server 2012 R2 1. Start **Server Manager** from the **Start** screen. 2. Click **Manage**, then click **Add Roles and Features**. 3. Select **Role-based or feature-based installation**. Click **Next**. 4. Select a local server from the server pool. Click **Next**. 5. The Desktop Experience feature is not a Server Role, so skip the Server Roles page by clicking **Next**. 6. In the **Select Features** section, expand **User Interfaces and Infrastructure** and check the **Desktop Experience** check box. Probably it will now ask you whether you also want to install the features required by **Desktop Experience**. Click the **Add Features** button to proceed. Now, click the **Next** button to proceed. 7. In the Confirmation section, optionally check the **Restart the destination server automatically if required** check box as the **Desktop Experience** feature will need a restart to complete. You can also manually restart the server after the wizard steps are complete. 8. Wait while the features are being installed. You can also close the **Add Roles and Features** Wizard window – it will continue to run in the background. ![Windows Server WebDAV Configuration: Enable WebClient service for web access. View of Services panel highlighting the WebClient service, set to Automatic startup for seamless file management and web integration.](https://www.agilicus.com/www/14c8b5d2-image.png "Enable WebClient/WebDav on Windows Server 62") ![Windows Server WebDAV Configuration: Enable WebClient service for accessing files via WebDAV. The image shows the Services window with the WebClient service highlighted, emphasizing the need to set it to Automatic startup for seamless WebDAV integration on Windows Server. Improve file access and management with WebDAV on your server.](https://www.agilicus.com/www/7117a01d-image.png "Enable WebClient/WebDav on Windows Server 63") ![Windows Server WebDAV Configuration: Enable the WebClient service for WebDAV access. Find the WebClient service in the Services management console, set its startup type to 'Automatic', and start the service. This enables WebDAV functionality on Windows Server, allowing users to access files and folders over HTTP.](https://www.agilicus.com/www/1214e349-image.png "Enable WebClient/WebDav on Windows Server 64") ![Enabling WebClient and WebDAV on Windows Server: A step-by-step guide to configure WebClient service and WebDAV publishing for seamless file access and management on Windows Server. Follow these instructions to enable WebClient and WebDAV for efficient web-based file operations.](https://www.agilicus.com/www/a057cc70-image.png "Enable WebClient/WebDav on Windows Server 65") ### Installing WebDAV support on Windows Server 2016, Windows Server 2019, and Windows Server 2022 While installing Windows Server 2016, Windows Server 2019, or Windows Server 2022 operating systems, you probably enabled Desktop Experience. So after you install your Server OS, you have to enable **WebDAV Redirector**. 1. Start **Server Manager** from the **Start** screen. 2. Open **Manage** menu and click **Add Roles and Features**. 3. Click **Features** tab. 4. Select **WebDAV Redirector** feature. 5. Click **Next** to proceed to the **Confirm installation selections** window. 6. Click **Install**. You can close the window while the feature is being installed. 7. Close **Add Roles and Features** window. ![Enabling WebClient and WebDAV on Windows Server: A step-by-step guide to configuring the WebClient service and WebDAV publishing for seamless web-based file access on Windows Server. Improve file management and collaboration with this easy-to-follow tutorial.](https://www.agilicus.com/www/35b733b2-image.png "Enable WebClient/WebDav on Windows Server 66") ### Enabling WebClient Services On some machines, you also have to enable the **WebClient Service** to **Automatic” Startup Type**. Do the following: 1. Press Windows key (or *<Ctrl> + <Esc>*) to open the search. 2. Type in “Services” and run the **Services** window. 3. Locate the service **WebClient**. 4. Double click **WebClient** to open its properties. 5. In the **Startup type** combo box select **Automatic**. 6. If the service is not running yet, click **Start** button. 7. Click **OK**. 8. Close Services window. ![Screenshot of Windows Server WebDAV settings showing how to enable WebClient and WebDAV features through Server Manager. The WebClient service is set to Automatic startup type. This configuration allows Windows to connect to WebDAV servers for file sharing and management.](https://www.agilicus.com/www/f0caf4e6-image.png "Enable WebClient/WebDav on Windows Server 67") ### Enabling Portable Device Enumerator Service On some machines, you also have to enable the **Portable Device Enumerator Service** to **Automatic** Startup Type, when you want to use Microsoft Access or Microsoft Excel data files from the Document Storage. [ ](https://www.agilicus.com/faq/enable-webclient-webdav-on-windows-server/) [ a #### How can I see who has an excel or word file locked? ](#) Category: [Resource - Shares](https://www.agilicus.com/anyx-guide/agilicus-anyx-frequently-asked-questions/?include_category=resource-shares) I am seeing file is locked for editing by another user. How can I see who has this file locked? Microsoft Office (Word, Excel etc) create lock files with a ~ in the name (e.g. ~Workbook.xlsx). This will be owned by the user who has locked the file. If you have file-level permissions enabled, this will be the person. In your explorer, right click on the column bar and add a column ‘Owner’. This will now show you who has the file locked. [ ](https://www.agilicus.com/faq/how-can-i-see-who-has-an-excel-or-word-file-locked/) [ a #### How do I allow users to request for access to a share? ](#) Category: [Resource - Shares](https://www.agilicus.com/anyx-guide/agilicus-anyx-frequently-asked-questions/?include_category=resource-shares) Admin can enable user requests in the admin portal. This eases the process of giving or denying access of a user, but a user will see all the available resources From the admin portal, Organisation > Overview (check the Disable User Requests checkbox) All admin will receive notifications upon a resource request from users You may refer[ here](https://www.agilicus.com/anyx-guide/application-request-access/) for more information on permissions [ ](https://www.agilicus.com/faq/how-do-i-allow-users-to-request-for-access-to-a-share/) [ a #### I see ‘List Error’ accessing a share ](#) Category: [Resource - Shares](https://www.agilicus.com/anyx-guide/agilicus-anyx-frequently-asked-questions/?include_category=resource-shares) If you see a List error and the folder exists, often that means that the account the Agilicus Connector runs on cannot see the folder being shared. This may mean that the connector needs to run as a different account, or you need to follow the above steps for Sharing network mapped drives. See [Shares](https://www.agilicus.com/anyx-guide/product-guide-shares/#windows-share-permissions) for more information. [ ](https://www.agilicus.com/faq/i-see-list-error-accessing-a-share/) [ a #### Is my data stored with Agilicus? ](#) Category: [Resource - Shares](https://www.agilicus.com/anyx-guide/agilicus-anyx-frequently-asked-questions/?include_category=resource-shares) No, we do not store anything from your share. All data always lives on your file server. You have the sole data at rest on your system, and, data in motion is encrypted end to end. [ ](https://www.agilicus.com/faq/is-my-data-stored-with-agilicus/) [ a #### My share gives ‘List Error’ ](#) Category: [Resource - Shares](https://www.agilicus.com/anyx-guide/agilicus-anyx-frequently-asked-questions/?include_category=resource-shares) You may see a ‘List Error’ in your share. This can mean a few things, the next step to diagnose it to look at your connector logs (see [Windows](https://www.agilicus.com/faq/retrieve-connector-logs-on-windows/), [Linux](https://www.agilicus.com/faq/retrieve-connector-logs-on-linux/)). You should also look at your connector overview in https://admin.\_\_MYDOMAIN\_\_/ under resources/connectors/overview. Different reasons: - The connector may be missing OS-level permission to read the underlying files - The share directory may be missing. - You may have fine-grained permissions enabled and the user does not have permission (e.g. is not on your domain, or, NTFS permissions restrict). [ ](https://www.agilicus.com/faq/my-share-gives-list-error/) [ a #### Profile Says ‘List Error’ on Share ](#) Category: [Resource - Shares](https://www.agilicus.com/anyx-guide/agilicus-anyx-frequently-asked-questions/?include_category=resource-shares) ![Agilicus Profile 'List Error on Share' Troubleshooting: User profile in Agilicus Access Management displaying a 'List Error' when attempting to share resources. Check user permissions, group memberships, and resource configurations to resolve the sharing issue. For detailed steps, refer to the Agilicus FAQ.](https://www.agilicus.com/www/7033d8d2-image.png "Profile Says 'List Error' on Share 68") An end user might see a ‘List Error’ on a share in Profile. This usually implies that the associated connector cannot read the underlying directly. In turn, this normally is a permissions problem. A common cause is a Windows system where the connector runs as LocalSystem, and, the LocalSystem account does not have permission to the shared file (or it in turn is another inbound Share). To make a network drive mount available to the LocalSystem account on Windows, you need to modify the share permissions on the network folder to explicitly grant the “LocalSystem” group full control access, allowing the system account to access the mounted drive. Steps: 1. **Access the Shared Folder Properties:** - Navigate to the shared folder on the network drive using File Explorer. - Right-click on the folder and select “Properties”. 2. **Open Sharing Tab:** - In the Properties window, go to the “Sharing” tab. 3. **Manage Permissions:** - Click “Advanced Sharing”. - Click “Permissions”. 4. **Add LocalSystem Group:** - Click “Add”. - In the “Enter the object names to select” field, type “LocalSystem” and click “Check Names” to verify. - Click “OK”. 5. **Grant Full Control:** - Select the “LocalSystem” group from the list. - Under “Allow” column, check the box next to “Full Control”. Important Considerations: - **Security Implications:**Granting full control to the LocalSystem account can be a security concern, so only do this if absolutely necessary and ensure the network share is properly secured otherwise. - **Alternative Methods:**Depending on your specific situation, you might be able to achieve the desired access by using a different system account with appropriate permissions instead of directly using “LocalSystem.” [ ](https://www.agilicus.com/faq/profile-says-list-error-on-share/) [ a #### Sharing network mapped drives ](#) Category: [Resource - Shares](https://www.agilicus.com/anyx-guide/agilicus-anyx-frequently-asked-questions/?include_category=resource-shares) When creating a new Agilicus share the Agilicus connector cannot see network mapped drives because it runs as the local system user, and not a logged in user. This means that it cannot see shares which are only typically mapped for logged in users. When this happens, if you browse to the share in profile, you will get a ‘list directory error’ as the connector cannot see the directory. In order to correct this, create a link to the network drive on a local drive eg mklink /D C:\\myLink \\\\127.0.0.1\\c$. Then use the link as the path for the Agilicus share, in the example C:\\myLink. You may also need to change the user which the connector runs as is in order to access the drive. [ ](https://www.agilicus.com/faq/sharing-network-mapped-drives/) [ a #### We can’t verify this file popup or Hyperlinks don’t work on my share ](#) Category: [Resource - Shares](https://www.agilicus.com/anyx-guide/agilicus-anyx-frequently-asked-questions/?include_category=resource-shares) Generally, the agent will automatically add a share to the trusted sites list in order to enable windows features to work with shared drives. Logging in and out will fix this problem. If you have configured a group policy that defines the Site to Zone Assignment List, than you will need to add the share to that list. In order to do this, find the group policy configuring the setting, and add file://(your share domain)@ssl, and set the value to 1. You can find this by opening profile, and clicking manual mount. You will see the URL for the share on top. Doing this will prevent windows from treating the share as an unknown external resource. [ ](https://www.agilicus.com/faq/we-cant-verify-this-file-popup-or-hyperlinks-dont-work-on-my-share/) ### Resource - Web Applications [ a #### Application hosted on subpath of domain ](#) Category: [Resource - Web Applications](https://www.agilicus.com/anyx-guide/agilicus-anyx-frequently-asked-questions/?include_category=resource-web-applications) If you have an application hosted on a Subfolder/path in your Web Server You may have an application hosted under a subfolder/path on your web server, possibly because it is better than having another server for it. For example: localhost:port/subpath, localhost:port/support etc. To enable the subpath hosting for your application, 1\. Go to Resources > Applications > Define and select the application from the drop down at the top of the page 2\. Then in Security (tab) > Firewall Rules > HTTP Rules, change the / entry under path to your custom subpath (For example, /subpath) 3\. Under Proxy (tab) > HTTP Rewrites, inside the Common Path Prefix field, enter your custom subpath again (For example, /subpath) [ ](https://www.agilicus.com/faq/application-hosted-on-subpath-of-domain/) [ a #### Diagnosing Web Applications with HAR file ](#) Categories: [General Diagnostics](https://www.agilicus.com/anyx-guide/agilicus-anyx-frequently-asked-questions/?include_category=general-diagnostics) [Resource - Web Applications](https://www.agilicus.com/anyx-guide/agilicus-anyx-frequently-asked-questions/?include_category=resource-web-applications) In some circumstances it is more efficient to diagnose a web application issue by generating a HAR file and sharing with Agilicus Support. ### Google Chrome (And Derived Browsers Like Microsoft Edge) In Google Chrome (and other Chrome-derived browsers such as Microsoft Edge), you can enter the developer mode (ctrl-shift-I or F12), and then select the ‘Export HAR (sanitized)…)’ button. 1. Open a new incognito window. 2. Click the more actions menu (…) to the right of the toolbar and select **More tools – Developer Tools** (or press F12 or CTRL-SHIFT-I) 3. Select the **Network** tab. 4. Ensure that Google Chrome is recording. A red button indicates that a recording is already in progress. Otherwise, click **Record network log**. 5. Select **Preserve Log**. 6. Clear any existing logs by clicking **Clear network log** (![troubleshooting with har chrome 04](https://help.okta.com/oag/en-us/content/resources/images/access-gateway/troubleshooting-with-har-chrome-04.png "Diagnosing Web Applications with HAR file 69")). 7. Go to the page where the issue occurred and reproduce the issue. 8. Click **Export HAR** (the down arrow icon) to export the file as HAR. 9. Save the HAR file. ![HAR file analysis for web application diagnostics. This image visually represents the structure of a HAR file, which is used for debugging web performance issues. Learn how to use HAR files to diagnose and troubleshoot your web applications effectively. More information available at Agilicus.](https://www.agilicus.com/www/43d4badd-image-1024x399.png "Diagnosing Web Applications with HAR file 70") ### Firefox - To open the developer console in Firefox, click on the Firefox Menu in the upper-right-hand corner of the browser and select More Tools > Browser Console. You can also use Option + ⌘ + E (on macOS) or Shift + CTRL + C (on Windows/Linux). - Refresh the page. - Go to the **Network tab** and, click the settings icon (upper right side of the panel), choose **Save All As Har**. ![HAR file analysis: Diagnose web application performance issues with HTTP Archive (HAR) files. Learn to record, analyze, and troubleshoot web application behavior using HAR files for faster, more efficient debugging.](https://www.agilicus.com/www/7f242f84-image-1024x640.png "Diagnosing Web Applications with HAR file 71") ### Apple Safari Ensure the ”Show Develop menu” in the menu bar is checked under Safari > Settings > Advanced tab. - Visit the web page from where you want to export the traffic. - Click **Develop** on the *Menubar*, then select **Show Web Inspector**. Refresh the page. - Go to the **Network tab** and click **Export** on the upper right side of the pane. ![HAR file analysis in browser developer tools showing waterfall chart of network requests for diagnosing web application performance issues. Learn how to use HAR files for web application troubleshooting.](https://www.agilicus.com/www/aaae3717-image-1024x640.png "Diagnosing Web Applications with HAR file 72") [ ](https://www.agilicus.com/faq/diagnosing-web-applications-with-har-file/) [ a #### How do I change the network address/port of a web application backend? ](#) Category: [Resource - Web Applications](https://www.agilicus.com/anyx-guide/agilicus-anyx-frequently-asked-questions/?include_category=resource-web-applications) Web Applications use network resources. You can change where the network resource is accessed (either the connector it is bound to, or the hostname/IP/port that it is internally known as) by navigating to Networks/Overview. The specific resource(s) will be named similarly to the web application, with -local-service appended. [![Agilicus diagram illustrating how to change the network address and port of a web application backend. The diagram shows the user accessing the web application through a web browser, with the application server on port 443, network load balancer on port 80, and web application backend on port 3000.](https://www.agilicus.com/www/5969232b-image-1024x465.png "How do I change the network address/port of a web application backend? 73")](https://www.agilicus.com/www/5969232b-image.png) [ ](https://www.agilicus.com/faq/how-do-i-change-the-network-address-port-of-a-web-application-backend/) [ a #### I accidentally setup an application as HTTPS, but its HTTP ](#) Categories: [Resource - Networks](https://www.agilicus.com/anyx-guide/agilicus-anyx-frequently-asked-questions/?include_category=resource-networks) [Resource - Web Applications](https://www.agilicus.com/anyx-guide/agilicus-anyx-frequently-asked-questions/?include_category=resource-web-applications) Navigate to Resources/networks. There you will find the ‘network’ (the upstream connection to your application). Expand the details, from here you can change the TLS settings. You might see these symptoms, a message: “Bad Request. Your browser sent a request that this server could not understand. Reason: You’re speaking plain HTTP to an SSL-enabled server port. Instead use the HTTPS scheme to access this URI.” [ ](https://www.agilicus.com/faq/i-accidentally-setup-an-application-as-https-but-its-http/) [ a #### SolarWinds missing info in alerts panel ](#) Category: [Resource - Web Applications](https://www.agilicus.com/anyx-guide/agilicus-anyx-frequently-asked-questions/?include_category=resource-web-applications) When using SolarWinds web application through Agilicus AnyX you may find there is information missing in the output screen. By default, SolarWindows uses a JavaScript file with the IP address embedded in it. You can enable ‘text/javascript’ “rewrite”Rewrite Media Types” in the Agilicus admin interface to resolve this issue. Navigate to Resources/Applications/Overview. Select your web application. Click on the ‘proxy’ tab, from here select ‘Rewrite Media Types’, add ‘text/javascript’ as below. Now do a hard reload of your browser on your SolarWinds URL, and it should properly populate. ![279cb763 image](https://www.agilicus.com/www/279cb763-image-1024x653.png "SolarWinds missing info in alerts panel 74") [ ](https://www.agilicus.com/faq/solarwinds-missing-info-in-alerts-panel/) [ a #### Unregistered redirect\_uri ](#) Category: [Resource - Web Applications](https://www.agilicus.com/anyx-guide/agilicus-anyx-frequently-asked-questions/?include_category=resource-web-applications) If you are using a custom authentication client id in your web application, or your web application participates in the sign in, you may find you see a message “Message: Unregistered redirect\_uri”. You may find that either: a) you have selected “my application participates in authentication” and you did not mean this b) your application does participate, but, you have not added the proper redirect\_uri to Resources/Applications/Authentication Clients in admin. [ ](https://www.agilicus.com/faq/unregistered-redirect_uri/) [ a #### Wireshark Packet Capture For Diagnostics \[Windows\] ](#) Categories: [Connector Diagnostics](https://www.agilicus.com/anyx-guide/agilicus-anyx-frequently-asked-questions/?include_category=connector-diagnostics) [Resource - Web Applications](https://www.agilicus.com/anyx-guide/agilicus-anyx-frequently-asked-questions/?include_category=resource-web-applications) In some cases, Agilicus Support might be more effectively able to assist you with a packet capture from the machine running your connector. To do this, we can use Wireshark as below. ### Install Wireshark Open a browser to . Select ‘Download’. ![Wireshark packet capture on Windows: This screenshot shows the Wireshark interface displaying captured network packets. Use Wireshark for network diagnostics on Windows. Learn how to capture and analyze network traffic with Wireshark.](https://www.agilicus.com/www/00759ec5-image-1024x680.png "Wireshark Packet Capture For Diagnostics [Windows] 75") ![Wireshark Packet Capture in Windows: Diagnose network issues with Wireshark. The screenshot shows the Wireshark interface on Windows, highlighting packet details and filtering options for effective network analysis and troubleshooting. Learn how to use Wireshark for packet capture and analysis on Windows.](https://www.agilicus.com/www/3a2cacd5-image-1024x742.png "Wireshark Packet Capture For Diagnostics [Windows] 76") ![Wireshark packet capture configuration on Windows for network diagnostics. The screenshot shows the Wireshark interface with the capture options menu open, highlighting the selection of the correct network interface and enabling promiscuous mode for comprehensive packet analysis. This setup is essential for troubleshooting network issues and analyzing traffic in detail.](https://www.agilicus.com/www/7ad67511-image.png "Wireshark Packet Capture For Diagnostics [Windows] 77") ![Wireshark Packet Capture on Windows: A step-by-step guide to using Wireshark for network diagnostics on Windows, including selecting the right interface, applying capture filters, and analyzing captured packets to troubleshoot network issues. The screenshot shows the Wireshark interface selection screen, highlighting available network adapters.](https://www.agilicus.com/www/7e574480-image.png "Wireshark Packet Capture For Diagnostics [Windows] 78") ![Wireshark Packet Capture Configuration on Windows: The Wireshark interface is displayed, showing the capture options window. Several network interfaces are listed, and the user has selected the appropriate interface for capturing network traffic. This setup is crucial for diagnosing network issues and analyzing packet data using Wireshark on a Windows system. Learn how to configure Wireshark for effective packet capture on Windows at Agilicus.com.](https://www.agilicus.com/www/fac741ef-image.png "Wireshark Packet Capture For Diagnostics [Windows] 79") ![Wireshark Packet Capture Configuration on Windows: This screenshot guides users on how to set up Wireshark for network diagnostics on Windows, highlighting the interface selection and capture filter settings to effectively analyze network traffic.](https://www.agilicus.com/www/7e209a7a-image.png "Wireshark Packet Capture For Diagnostics [Windows] 80") ![Wireshark Packet Capture Configuration on Windows: A step-by-step guide showing the Wireshark interface with capture filters and settings highlighted for effective network diagnostics. Optimize your network troubleshooting with Wireshark on Windows.](https://www.agilicus.com/www/8f7c540e-image.png "Wireshark Packet Capture For Diagnostics [Windows] 81") ![Wireshark Packet Capture in Windows: Troubleshooting network issues with Wireshark by capturing and analyzing network packets on a Windows machine. Learn how to diagnose and resolve network problems effectively using Wireshark's packet analysis capabilities. The image shows the Wireshark interface on a Windows PC.](https://www.agilicus.com/www/17877f55-image.png "Wireshark Packet Capture For Diagnostics [Windows] 82") ![Wireshark Packet Capture Configuration on Windows: Shows the Wireshark interface with the capture filter set to 'host x.x.x.x' to capture network traffic for diagnostics, focusing on filtering by IP address for efficient troubleshooting.](https://www.agilicus.com/www/64ab64bc-image.png "Wireshark Packet Capture For Diagnostics [Windows] 83") ![Wireshark Packet Capture on Windows: Troubleshooting network issues using Wireshark. The image shows the Wireshark interface with captured packets, highlighting packet details, source/destination IPs, and protocol information. Useful for diagnosing network connectivity and performance problems on Windows systems.](https://www.agilicus.com/www/632180fa-image.png "Wireshark Packet Capture For Diagnostics [Windows] 84") ![Wireshark Packet Capture on Windows: Troubleshooting network issues with Wireshark. Learn how to capture and analyze network packets on Windows for effective diagnostics. This screenshot shows the Wireshark interface with captured packet data, including source and destination IP addresses, protocols, and packet details. Ideal for network administrators and IT professionals seeking to diagnose network performance problems.](https://www.agilicus.com/www/d44a85b5-image.png "Wireshark Packet Capture For Diagnostics [Windows] 85") ![Wireshark packet capture setup on Windows: Shows the Wireshark interface with filters applied, displaying captured network traffic for diagnostic analysis. Focus on capturing specific packets for troubleshooting network issues on Windows systems using Wireshark.](https://www.agilicus.com/www/91bd42f8-image.png "Wireshark Packet Capture For Diagnostics [Windows] 86") ### Open Wireshark, Start Capture ![Wireshark Packet Capture Configuration on Windows: Display filter configuration showing how to filter for specific IP addresses and ports for network diagnostics and troubleshooting with Wireshark. This includes configurations for filtering ICMP, TCP, and UDP traffic to capture specific network packets.](https://www.agilicus.com/www/4f1ed4c3-image.png "Wireshark Packet Capture For Diagnostics [Windows] 87") Double-click the primary/default network connection. ![Wireshark Packet Capture for Diagnostics on Windows: Analyzing network traffic in Wireshark to diagnose network issues. The screenshot shows the Wireshark interface with captured packets, providing a detailed view of network communication for troubleshooting.](https://www.agilicus.com/www/b34b7472-image-1024x545.png "Wireshark Packet Capture For Diagnostics [Windows] 88") Now, reproduce the problem, usually a few times. For example, if you have a NVR which is not working, attempt to use it from the Agilicus profile interface. Now, stop the capture: ![Wireshark packet capture on Windows showing captured network traffic for diagnostics and troubleshooting. The Wireshark interface displays packet details, protocols, source and destination IPs, and other network communication data. Used for analyzing network issues with Agilicus.](https://www.agilicus.com/www/ecd05774-image-1024x700.png "Wireshark Packet Capture For Diagnostics [Windows] 89") ![Wireshark Packet Capture on Windows: Diagnosing Network Issues - A screenshot showing the Wireshark interface with captured network packets, used for analyzing and troubleshooting network communication problems in Windows environments. Learn how to use Wireshark for effective network diagnostics.](https://www.agilicus.com/www/089d8762-image-1024x677.png "Wireshark Packet Capture For Diagnostics [Windows] 90") ![Wireshark Packet Capture on Windows: Diagnosing Network Issues with Wireshark - A step-by-step guide to capturing and analyzing network traffic on Windows using Wireshark for effective network diagnostics. Learn how to use Wireshark filters and analyze packet data.](https://www.agilicus.com/www/05122eca-image.png "Wireshark Packet Capture For Diagnostics [Windows] 91") ### Send the Capture to Agilicus Depending on how long you have captured, this file can be large. Contact Agilicus via the ‘Chat’ interface in the web interface if you need a location to put the file. Please describe what you were doing, what you observed, what was incorrect, and information about the network. [ ](https://www.agilicus.com/faq/wireshark-packet-capture-for-diagnostics-windows/) ### Resources [ a #### How Do I Change The Icon In Profile For A Resource? ](#) Category: [Resources](https://www.agilicus.com/anyx-guide/agilicus-anyx-frequently-asked-questions/?include_category=resources) You can set the icon profile show for any resource type: - ssh - desktop - web application - launcher Navigate to Resources/Overview, select the icon for the given resource and upload a PNG or JPG or SVG file that is square in aspect ratio (e.g. 256×256, 64×64, etc). You can then test the icon by navigating to profile and refreshing. ![Agilicus Profile Icon Customization: A step-by-step guide on changing the resource icon within your Agilicus profile. The screenshot illustrates the profile edit screen where you can select a new icon from the available options, enhancing resource identification and personalization.](https://www.agilicus.com/www/5e5b3e98-image-1024x818.png "How Do I Change The Icon In Profile For A Resource? 92") [ ](https://www.agilicus.com/faq/how-do-i-change-the-icon-in-profile-for-a-resource/) [ a #### I can’t access my resource, what should I do? ](#) Category: [Resources](https://www.agilicus.com/anyx-guide/agilicus-anyx-frequently-asked-questions/?include_category=resources) The most common reason that accessing a resource stops working is if the connector providing it goes down, or if the connector loses access to the underlying resources. You can check to see if the connector is up on the connector overview page on the portal. If the connector is up, ensure it has access to the service. [ ](https://www.agilicus.com/faq/i-cant-access-my-resource-what-should-i-do/) [ a #### Resource isn’t showing on profile ](#) Category: [Resources](https://www.agilicus.com/anyx-guide/agilicus-anyx-frequently-asked-questions/?include_category=resources) The most common reason for a resource to not show up on the Profile or the user’s desktop start menu is that the user doesn’t have access to it. Even administrators need permission in order to access them! You can check what resources a user has access to by entering a user’s email in the User Audit page on the admin portal (https://admin.\_\_MYDOMAIN\_\_), it’s found under Access->Audits. [ ](https://www.agilicus.com/faq/resource-isnt-showing-on-profile/) ### Starlink [ a #### Are you affiliated with SpaceX / Starlink? ](#) Category: [Starlink](https://www.agilicus.com/anyx-guide/agilicus-anyx-frequently-asked-questions/?include_category=starlink) No, we are not in anyway affiliated with SpaceX / Starlink. [ ](https://www.agilicus.com/faq/are-you-affiliated-with-spacex-starlink/) [ a #### Can I run the connector on a Mac? ](#) Category: [Starlink](https://www.agilicus.com/anyx-guide/agilicus-anyx-frequently-asked-questions/?include_category=starlink) No, Apple does not provide a server platform since the XServe. The connector is supported on Linux, Windows, various embedded platfor[ms like Synology, pfSense, Mikrotik, etc. To run the connector on an Apple Mac, you may use the Docker instructions (see ](https://docs.docker.com/desktop/install/mac-install/)Install Docker Desktop on Mac). If you are an enthusiast, consider running the connector under Docker on your Mac. [ ](https://www.agilicus.com/faq/can-i-run-the-connector-on-a-mac/) [ a #### Can you run security cameras off of Starlink? ](#) Category: [Starlink](https://www.agilicus.com/anyx-guide/agilicus-anyx-frequently-asked-questions/?include_category=starlink) Yes, via Agilicus AnyX, we can help you with the carrier NAT (CGNAT) issue you might be hitting to access your security camera. See “[Seamless Inbound Remote Access via Starlin](/topics/remote-access-over-starlink/)k”, “[Starlink Port Forwarding](/white-papers/starlink-port-forwarding/)“ See [Will this work with my security camera?](/faq/will-this-work-with-my-security-camera/) and “[Network Video Recorder Setup](/starlink-resources/nvr-setup/)” and “[Synology Surveillance Station](https://www.agilicus.com/starlink-resources/synology-surveillance-station/)“ See also “[3-Steps to Enable Inbound Remote Access: Starlink Remote Cameras](/case-studies/starlink-remote-cameras-enable-inbound-remote-access/)“ [ ](https://www.agilicus.com/faq/can-you-run-security-cameras-off-of-starlink/) [ a #### Do I need to install any Hardware? ](#) Category: [Starlink](https://www.agilicus.com/anyx-guide/agilicus-anyx-frequently-asked-questions/?include_category=starlink) No. The Agilicus AnyX is a SaaS solution, cloud based. In order to work with your Starlink network, you will install a small piece of software on a single device you already own. [ ](https://www.agilicus.com/faq/do-i-need-to-install-any-hardware/) [ a #### Do I need to install any Software? ](#) Category: [Starlink](https://www.agilicus.com/anyx-guide/agilicus-anyx-frequently-asked-questions/?include_category=starlink) The Agilicus AnyX platform is almost entirely cloud SaaS. In order to work with your Starlink network, you will be installing the Agilicus [Connector](https://www.agilicus.com/anyx-guide/agilicus-connector/) on a device you already have. This software will facilitate the incoming network traffic. [ ](https://www.agilicus.com/faq/do-i-need-to-install-any-software/) [ a #### Does the end-user profile and launcher support MacOS? ](#) Category: [Starlink](https://www.agilicus.com/anyx-guide/agilicus-anyx-frequently-asked-questions/?include_category=starlink) Yes, the end user can use the web-based profile as well as the desktop based launcher. The desktop-based launcher requires OSX 11 (last supported version by Apple) or later. [ ](https://www.agilicus.com/faq/does-the-end-user-profile-and-launcher-support-macos/) [ a #### How can this work? I thought Starlink used CGNAT with no public IP? ](#) Category: [Starlink](https://www.agilicus.com/anyx-guide/agilicus-anyx-frequently-asked-questions/?include_category=starlink) You can see an animated diagram on the Agilicus Connector [page](https://www.agilicus.com/anyx-guide/agilicus-connector/). But in general, this works the same way e.g. a Google Nest thermostat works. Something inside your home network makes a persistent outbound connection to our cloud. When you are away, you will connect to our cloud, it will confirm your identity, and bridge you across these two outbound connections. [ ](https://www.agilicus.com/faq/how-can-this-work-i-thought-starlink-used-cgnat-with-no-public-ip/) [ a #### How is this secure? ](#) Category: [Starlink](https://www.agilicus.com/anyx-guide/agilicus-anyx-frequently-asked-questions/?include_category=starlink) Agilicus AnyX is an implementation of [Zero Trust](https://csrc.nist.gov/pubs/sp/800/207/final), a security best practice. You will use single-sign-on authentication via your Google or Microsoft account (there are no passwords). You can optionally enable multi-factor authentication. All traffic is encrypted with TLS 1.3 HTTPS. You can configure firewall rules in this system for e.g. geo-ip based access, as well as other more complex rules. You will have a full audit trail of who used what when. [ ](https://www.agilicus.com/faq/how-is-this-secure/) [ a #### How much will this cost for just me and one other user? ](#) Category: [Starlink](https://www.agilicus.com/anyx-guide/agilicus-anyx-frequently-asked-questions/?include_category=starlink) You can see the pricing [here](https://www.agilicus.com/pricing/). If you have only 2 users there will be no ongoing cost. [ ](https://www.agilicus.com/faq/how-much-will-this-cost-for-just-me-and-one-other-user/) [ a #### I’m not sure, can we discuss? ](#) Category: [Starlink](https://www.agilicus.com/anyx-guide/agilicus-anyx-frequently-asked-questions/?include_category=starlink) Certainly! Please either open the chat icon in the lower-left, fill in the [form](/contact-us/), or email us (info @ agilicus.com) and our team would be happy to discuss further with you. [ ](https://www.agilicus.com/faq/im-not-sure-can-we-discuss/) [ a #### Is this a good product for a consumer environment? ](#) Category: [Starlink](https://www.agilicus.com/anyx-guide/agilicus-anyx-frequently-asked-questions/?include_category=starlink) Agilicus AnyX is an industrial, business product. The large set of features may make it too complex for a consumer environment. [ ](https://www.agilicus.com/faq/is-this-a-good-product-for-a-consumer-environment/) [ a #### Is this a good solution for me? ](#) Category: [Starlink](https://www.agilicus.com/anyx-guide/agilicus-anyx-frequently-asked-questions/?include_category=starlink) Agilicus AnyX is an excellent solution for web applications, for SSH (e.g. command line access), for a Share (e.g. file access), and for remote desktop (Microsoft Remote Desktop, VNC). If you have complex networking needs that require layer-3 routing this is probably not the right solution for you. [ ](https://www.agilicus.com/faq/is-this-a-good-solution-for-me/) [ a #### What type of device can I install the Agilicus Connector on? ](#) Category: [Starlink](https://www.agilicus.com/anyx-guide/agilicus-anyx-frequently-asked-questions/?include_category=starlink) The Agilicus Connector supports many device types. Windows, Linux, OpenWRT, Synology. You can see more information on the product guide [page](https://www.agilicus.com/anyx-guide/agilicus-connector/). In general, the machine will need about 100MB of storage, 20MB of ram to operate. It is very unlikely the Agilicus Connector will install on your camera. [ ](https://www.agilicus.com/faq/what-type-of-device-can-i-install-the-agilicus-connector-on/) [ a #### Will this work with RTSP? Or only HTTP? ](#) Category: [Starlink](https://www.agilicus.com/anyx-guide/agilicus-anyx-frequently-asked-questions/?include_category=starlink) We do not recommend using the RTSP feature of your camera with Agilicus AnyX. Instead we recommend using the HTTP interface. [ ](https://www.agilicus.com/faq/will-this-work-with-rtsp-or-only-http/) [ a #### Will this work with my security camera? ](#) Category: [Starlink](https://www.agilicus.com/anyx-guide/agilicus-anyx-frequently-asked-questions/?include_category=starlink) Many security cameras have a web interface. If you have a URL you can use from your browser at home, then you can use it while away with Agilicus AnyX. In most cases, if you have an [NVR](https://www.agilicus.com/starlink-resources/nvr-setup/), this will work. If your camera supports ONVIF, we have specific support for some NVR with that. Many people use [Synology](https://www.agilicus.com/starlink-resources/synology-surveillance-station/) Surveillance Station or [Shinobi](https://www.agilicus.com/starlink-resources/shinobi/) NVR with Agilicus AnyX. Sample setups for generic ONVIF cameras are [here](https://www.agilicus.com/starlink-resources/camera-setup-panoraxy-bf-bk04/). A sample setup for an older Hikvision is [here](https://www.agilicus.com/anyx-guide/hikvision-ds-2cd3132-i/). [ ](https://www.agilicus.com/faq/will-this-work-with-my-security-camera/)