Troubleshooting VEN connections
The 3 most common communication issues are:
- Invalid SSL certificate configuration
- Incorrect URL
- Registration failures
Each of these errors are configuration issues on the VEN side and should manifest as distinct error messages in the VEN. If you have communication issues, the first thing we will ask is: what errors do you see in your VEN log? Please have this information ready before contacting support.
Troubleshooting tips for each common error are provided below.
Certificates for communicating with Canvas Cloud must come from Kyrio. A typical configuration will have the following 3 files:
- CA Bundle: List of CA certificates from Kyrio used to validate signatures of certificates from Kyrio. Every VEN will have the same CA certificates.
- Certificate chain: Certificate with the public key and root and intermediate certificates used to sign the certificate. There will typically be 3 files concatenated to create this file.
- Private key: Private key which pairs with the public key in 2. This file should be protected and not shared.
Some certificate formats will combine the certificate chain and private key, leaving two files instead of 3.
If the CA bundle isn’t correct, a common error is
SSL certificate problem: self signed certificate in certificate chain.
If the certificate chain or private key are incorrect, the SSL connection will fail with an error indicating an invalid certificate.
Another common error is
certificate expired or an error indicating a certificate valid date is in the future. This can happen if the VEN hasn’t time synced before initiating communication to the VTN.
Incorrect URL / getting a 404 error
If the certificates are configured correctly, you may see errors at the http layer if the URL is incorrect. The most common error is a
404 / not found. Please review the VEN and verify the VTN URL is correct. In particular, check that the full path the VEN is polling is correct. The path in the VTN url should match
<base_url> equals what is set in VTN Parameters. Some VENs require the full OpenADR path, so you can also try the following:
- 2.0a path:
- 2.0b path:
Once certificates and the VTN URL are configured correctly, the VEN should be able to exchange XML messages. If communication is still failing, check the oadrResponse object in the XML for a 4xx error.
Failures at this point mean the VTN is unable to match the request from the VEN to a VEN record configured in the VTN. Check that the VEN name and/or VEN ID are correct in the VEN, and make sure the VEN fingerprint is configured correctly in the VTN. See faqs for tips on how to find the fingerprint.
When using a 2.0b VEN, check the failed registrations tab: https://canvas.gridfabric.io/failed_registrations.
Here’s a sample failure on the failed registrations page, where you can click "add VEN" to add the VEN to the VTN.
Here’s a sample oadrResponse from the VTN:
<ns3:eiResponse> <ns3:responseCode>452</ns3:responseCode> <ns3:responseDescription>Fingerprint does not match</ns3:responseDescription> <ns4:requestID>D165A4B35F</ns4:requestID> </ns3:eiResponse>