Steps for troubleshooting Unified Management connectivity or authentication issues.

• App Control Server: All Supported Versions

1. Verify the Central Server and Client Server are configured with accounts as outlined in Configuring Unified Management.
   • All Servers will need a User Account with the Role, Administrator (Unified Management) for initial setup.
     • The default Console Admin account has this Role enabled.
   • Each User of the Unified Management features will need an Authentication Account for each Client Server 
     • This account does not need Administrator (Unified Management) permissions.
     • This account will need the Role, User (Unified Management).
     • This account will need permissions to the desired local features (ex: File Catalog, Custom Rules, etc)
     • It is recommended that each User of the Central User have their own Authentication Account on each Client Server.
2. From the Client Server, verify API Access is Enabled
   1. Log in as a Console Admin
   2. Navigate to Settings > System Configuration > Advanced Options
   3. In the API section be sure API Access Enabled is checked and the box is green.
      • If this is not enabled, click Edit and enable it.
      • If this is not green for some reason, it could indicate some network issues.
3. From the Central Server, review any existing & unrelated Client Servers showing errors and re-attempt to add the new Client Server
   • If the Client Server is no longer needed, remove the Client Server.
   • If the Client Server is not authenticated, Authenticate with the Client Server.
   • Otherwise, use the option to Temporarily Disconnect the Client Server.
4. Review any errors returned when attempting to add the Client Server to the Central Server, examples
   • Server not Reachable Verify the URL entered for the Client Server.
   • Incompatible Security Protocols Verify the Cipher Suites and Protocols configured for each application server.
   • Existing Account without UM Permissions Account exists on the Client Server but does not have proper permissions.

If issues persist...open a case with Support and provide the following

• Steps to recreate the issue and screenshot of any/all error(s)
• Start a Wireshark Capture on each application server
• Start High Debug Logging for API Errors on each Console
• Start a HAR capture and attempt to recreate the issue.
• Capture logs and zip accordingly, example
  • CentralLogs.zip should contain the HAR, Wireshark and High Debug logs from the Central Server
  • ClientLogs.zip should contain the Wireshark and High Debug logs from Client Server

• When authenticating Unified Management, the management server is making an API call over port 443 using the specified credentials to get an authentication token from the client server.
• The management server only uses the credentials to retrieve an authentication token and does not store the password.
• After the connection to the client server is authenticated, the management server remains authenticated unless the server URL is changed.
• A user accessing a client server from the management server has the permissions of the account that is used to authenticate the connection, not their own permissions.
• When a user accesses a client server from the management server, actions the user takes appear in events as having been performed by the authentication account, not the logged-in user.