OPERATIONAL DEFECT DATABASE
...
...
This PowerShell script is designed to perform 5 common Tunnel Service checks within the Console server services, settings and configuration. Check 1 uses Get-Content command to check the contents of service.json of non-default values.Check 2 uses Get-Service command to check whether AirWatchTunnelService is running.Check 3 uses Get-WebFilePath command to check the IIS path of ws1-service is referenced to the correct installation directory.Check 4 uses Get-ItemProperty to retrieve WS1_API details and then use Get-ChildItem to check whether AppPool WS1_API is using "Network Service" as its identity. Check 5 uses Get-NetTCPConnection to check that port 5000 is available for localhost Results Pass – An output of pass would indicate that all checks above returned an expected result Fail – An output of pass would indicate that at least one of the above tests has failed. If a test fails, further tests will not continue as each test function is dependent on the next test. For example, a port will not be listening if the service which serves the port is not running.
Check 1 If the result return fails with the notes as "Tunnel Service is not configured using default port 5000", confirm if the port number specified is the correct one and make adjustments to the service.json file. The script will report non-default ports so this test may not necessarily be an issue unless your configuration is to use port 5000. Modify the file and restart AirWatchTunnelService. Check 2 If the result fails with the notes as "Tunnel service is not running", confirm if the service is active using the Services console on the server. Start the service and ensure it stays as running. If the service starts and then stops, please review the log file under <WS1 installation directory>/Logs/Services/ws1.tunnel.kestrel.log There could be many reasons why the service could start and stop. It is best to engage with VMware support or other known Knowledge Base articles that could be linked to a discovered error message.Check 3 If the result fails with the notes as "Incorrect mapping detected" and it references a "Website" in its Details column, confirm the physical path of the website WS1-services page to ensure it is pointed to the correct installation directory. Check 4 If the result fails with the notes as "Incorrect mapping detected" and it references an "Application Pool" in its Details column, confirm if the application Pool WS1_API is utilizing NetworkService as its identity.Navigate to IIS → Application Pools \ WS1_API → Advanced Settings \ Identity and change it to "NetworkService" Check 5 If the result fails with the notes as "Port 5000 not available locally", it means the server is unable to speak to itself locally on port 5000. Workspace ONE services will often reference each other locally and in a common Tunnel configuration, it will attempt to reach out to port 5000. If the port is not listening, it's possible that it's due to local firewall settings or the server's Antivirus blocking communications to the port. Ensure an exception is placed on the firewall and/or the Antivirus so that the server can talk to itself.These 5 checks are common root causes experienced on Tunnel issues. However, should all tests pass but issues are still experienced, please contact VMware support with any collected logs, results from EDT log files and the WS1_info.txt files.
Troubleshooting Common Errors while working with VMware TunnelEDT - EUC Diagnostic tool Main page
Click on a version to see all relevant bugs
VMware Integration
Learn more about where this data comes from
Bug Scrub Advisor
Streamline upgrades with automated vendor bug scrubs
BugZero Enterprise
Wish you caught this bug sooner? Get proactive today.
