The purpose of this article is to provide initial troubleshooting steps when a health check is failing.

The first thing we want to do when we have a failing health check is try to force a health check manually while capturing traffic in a packet capture so that we can see what happened during the connection attempt. This can be done as follows:

• Go to Maintenance > Service Information > Packet Captures
• Apply packet capture filter depending on the health check that has issues. Some examples:

For an Authentication realm health check: "port 53 or port 88 or port 389"
For an ICAP or Forwarding host health check: "host 1.2.3.4" (1.2.3.4 being the ICAP or forwarding server's IP)
For DRTR health checks: "host webpulse.es.bluecoat.com"

• Start the capture
• Go to Configuration > Health Checks > Select the failing health check and click on "Perform Health Check" once (letting it finish).
• Stop the capture
• Send the In order to send information to Symantec Technical Support:

-Go to Maintenance > Service Information > Send Information > Send Service Information tab
-Enter the case number
-Check the Packet Capture, Sysinfo and Event Log before clicking Send.