SDC is Unreachable
An SDC is in the state "Unreachable" if it has failed to respond to two heartbeat requests from CDO in a row. If your SDC is unreachable, your tenant will not be able to communicate with any of the devices you have onboarded.
CDO indicates that an SDC is unreachable in these ways:
- You see the message, “Some Secure Device Connectors (SDC) are unreachable. You will not be able to communicate with devices associated with these SDCs.” on the CDO home page.
- The SDC's status in the Secure Connectors page is "Unreachable."
First, attempt to reconnect the SDC to your tenant to resolve this issue:
- Check that the SDC is running and can reach a CDO IP address in your region. See Connect Cisco Defense Orchestrator to the Secure Device Connector
- Attempt to reconnect CDO and the SDC by requesting a heartbeat manually. If the SDC responds to a heartbeat request it will return to "Active" status. To request a heartbeat manually:
- From the user menu, select Secure Connectors.
- Click the SDC that is unreachable.
- In the Actions pane, click Request heartbeat.
- Click Reconnect.
If the SDC after attempting to manually reconnect it to your tenant, follow the instructions in "SDC status does not become active on CDO after deployment".
SDC status does not become active on CDO after deployment
If CDO does not indicate that your SDC is active in about 10 minutes after deployment, connect to the SDC VM using SSH. Use the cdo user and password you created when you deployed the SDC.
- Review the /opt/cdo/configure.log log. It shows you the configuration settings you entered for the SDC and if they were applied successfully. If there were any failures in the setup process or if the values weren't entered correctly, run the sdc-onboard setup again:
- At the [cdo@localhost cdo]$ prompt enter sudo sdc-onboard setup
- Enter the password for the cdo user.
- Follow the prompts. The setup script guides you through all the configuration steps you took in the setup wizard and gives you an opportunity to make changes to the values you entered.
- If after reviewing the log and running sudo sdc-onboard setup,CDO still does not indicate that the SDC is Active contact CDO support.
Changed IP address of the SDC is not reflected in CDO
If you changed the IP address of the SDC, it will not be reflected in CDO until after 3:00 AM GMT.