3. Troubleshooting#

3.1. I cannot connect to my Virtual Machine via RDP.#

  1. In the Azure portal, enter Virtual Machines in the search box. Select Virtual Machines.

  2. Click inoQulate-admin-VM.

  3. Click Connect.

  4. In the Connect page, make sure that all three checks have passed. If the port pre-requisite is not met, configure inbound security rules as below.

3.1.1. Configure Inbound security rules#

  1. Enter Network Security Groups in the search box and select Network Security Groups.

  2. Select inoQulate-admin-VM-nsg.

  3. Click the Inbound Security Rule that lists Port as 3389 (typically named RDP).

  4. Click Source and select My IP address.

  5. Click Save.

3.2. I am installing the solution for the first time, but I can’t access the EJBCA or Signserver Admin page.#

  1. In the Azure portal, enter Kubernetes Services in the search box. Select Kubernetes Services.

  2. Click inoQulate.

  3. Click Connect.

  4. Follow the instructions in the Set cluster context section under the Cloud shell tab.

  5. In the Cloud shell, enter the command kubectl logs deployment/db to investigate if the db deployment has any issues.

  6. Similarly, you may investigate the ejbca and signserver deployments with kubectl logs deployment/ejbca and kubectl logs deployment/signserver.

3.2.1. The db logs repeatedly show FATAL: no pg_hba.conf entry for host "10.xx.xx.xx", user "xx", database "xx", no encryption.#

This is known intermittent issue with the installation. The following steps will reinstalling the relevant components. This also means that your File Share will be deleted and a new one will be deployed.

  1. If you have already connected the Azure File Share to your VM, disconnect the network drive from your VM.

    1. Connect into your VM through RDP.

    2. In File Explorer, right-click the network drive and click Disconnect.

    3. Restart the VM from its Start Menu. You will be disconnected from the RDP session.

  2. In the Cloud shell, enter the command helm list. Note the name, which looks like inoqulate-#####.

  3. Run the following commands, replacing the <name> placeholder with the name you noted.

    helm get values <name> --all -o yaml > values.yaml
    helm uninstall <name>
    helm install --generate-name oci://pqceepub.azurecr.io/helm/inoqulate --version 1.1.0 --values values.yaml
    rm values.yaml
  4. The solution will take about 15 minutes to be installed and ready for further setup.

  5. As a new Azure File Share network drive was deployed, continue your installation from Connect the network drive and create directories.

3.3. My Firefox browser won’t recognise my SuperAdmin certificate.#

The Firefox browser, and other browsers of the same derivative, use a certificate store different from the Windows Operating System’s store. You need to install your .p12 certificate or the ManagementCA.crt certificate in Firefox’s certificate store instead.