The purpose of this article is to provide initial troubleshooting steps when a health check is failing. The data collected below should help identify the root cause of the issue.

In order to troubleshoot a failing health check, we should be able to force a health check manually while capturing traffic in a packet capture so that we can see what happened during the connection attempt. This can be done as follows:

• Go to Administration > Service Information > Packet Captures
• Apply packet capture filter depending on the health check that has issues. Some examples:

For an Authentication realm health check: "port 53 or port 88 or port 389"

For an ICAP or Forwarding host health check: "host x.x.x.x" (x.x.x.x being the ICAP or Forwarding Server's IP)

For DRTR health checks: "host webpulse.es.bluecoat.com"

For DNS Server health check: 'port 53' (by default it tries to resolve IP address for www.bluecoat.com but this can be changed in health check configuration)

• Start the capture
• Go to Administration > Health Checks & Monitoring > Health Checks > On the failing health check, click on "Perform Health Check" (Perform Health Check icon is under the rightmost Action column).
• Stop the capture
• Send the In order to send information to Symantec Technical Support:

-Go to Administration > Service Information > Send Information > Send Service Information tab
-Enter the case number
-Check the checkboxes for Packet Capture, Sysinfo and Event Log and click on Send.