The vast majority of scan hub installation go smoothly, but if you do encounter an error when importing the AppCheck scan hub it can be difficult to diagnose. This article lists some issues customers have experienced in the past and advice on how to solve them.
If you encounter a problem when setting up the scan hub see if the error you encounter is described below. If it is not, or if the instructions below do not help you resolve it, please contact AppCheck Technical Support.
- Error "We cannot detect an internet connection" When Beginning Setup Wizard
- Error "Sorry, this license key is not able to be registered" When Submitting License Key in Hub's Dashboard
- Registration Appeared to Work but the Services Are Not Appearing or Starting
- You Believe the Hub has Access to an Address but the Scanner can’t find Anything
- Error "Controller SATA is not supported" When Importing the OVA File
Error "We cannot detect an internet connection" When Beginning Setup Wizard
The hub sends a request to Google's DNS servers (184.108.40.206 and 220.127.116.11) on port 53 to see if it has an internet connection. This error indicates that the test request is being blocked (your firewall team should be able to see this in your firewall logs). Opening up this access should allow you to proceed.
Error "Sorry, this license key is not able to be registered" When Submitting License Key in Hub's Dashboard
If the connectivity checks pass but you get this error when entering license key, the likely cause is either a problem with the license key provided by AppCheck, or a problem with the connectivity that our checks were not able to detect.
This command, run on the scan hub’s command line will help test both possibilities:
curl https://licensing.appcheck-ng.com/license/check/[license key]/test-string
It will connect to the AppCheck's licensing server and confirm that the license key is ready to use. The response should be:
If the response is
then the connectivity seems OK, but there looks to be something wrong with the key. Contact AppCheck support who will confirm this and provide a replacement license key.
Sometimes customers have found that their outbound firewall will intercept the request and corrupt it, and you'll get an error/warning, for example complaining that the SSL certificate is invalid/self-signed. You would need to investigate this with your network team - if you have something like a firewall or proxy intercepting the outbound traffic from the hub then you should arrange for it to be bypassed.
At the same time as conducting these checks also contact AppCheck Support so they can confirm there is no problem on AppCheck's side which could produce a similar response.
Registration Appeared to Work but the Services Are Not Appearing or Starting
This is not a known issue exactly, but something that can occasionally be seen for a number of reasons. If it occurs you can help accelerate AppCheck's investigation by gather the following information ahead of raising a ticket (AppCheck Support do not have the access to your network necessary to gather this information themselves):
- Go to the "Maintenance" tab on the hub's local UI.
- Run both the options under "Connectivity", and take a screenshot of the output.
- Run the "Update this hub" maintenance script, then "Read logs of last update attempt" and take a screenshot.
Send the screenshots to AppCheck support with a description of the problem you are encountering.
You Believe the Hub Has Access to an Address but the Scanner Does Not Find It
This command, run on the scan hub’s command line will run a short nmap scan against the target IP address, from the scan hub:
docker run -it scanhub_apckinfrav2_1 nmap -Pn -T5 [target IP address]
You can use this to confirm connectivity, and that the necessary ports are open. If connectivity is not in place, or the ports are not open, your internal teams will need to resolve this. If this short scan shows hosts/ports that the AppCheck scan does not find, double check your scan settings and if they look correct then contact AppCheck Support.
Error "Controller SATA is not supported" When Importing the OVA File
The .ova file AppCheck provides contains both a disk image and a set of configuration defaults that instruct your virtual machine software how to configure the appliance. For storage control the configuration uses a SATA controller. Some older VM platforms do not support SATA controllers.
If this is the case for you the recommended course of action is to upgrade your virtual machine software.
If that is not possible, you can configure the VM with a different storage controller (eg IDE), but you will need to extract the disk image from the .ova file and configure the VM manually. This will be a non-standard deployment and AppCheck Technical Support may not be able to resolve problems you encounter, but we will try. Also bear in mind using other controllers such as IDE may result in poor performance and long running scans.
The .ova file is a tar archive, so you should be able to extract the contents just like you would a .tgz file. Once you have the disk image from the .ova contents you can set up a new VM using that image, being sure to confirm to the hardware requirements described in the internal hub setup guide.
Article is closed for comments.