Troubleshooting Tools

DNS errors (OGG-10400 Host not found)

Cause: Receiver Server not resolving the FQDN

Fix:

- Confirm private zone/record exists and is Active

- Ensure DNS View is associated to the Receiver VCN

- Ensure subnet uses VCN resolver; renew DHCP/reboot

- Validate with dig/getent on the host

Temporary test only: add /etc/hosts entry mapping <FQDN> to the Private Endpoint IP; remove after DNS is fixed per security policy

Connection timeouts (OGG-10388 / OGG-30497)

Cause: TCP 443 blocked, target listener down, or LB path not reachable

Fix:

- Open egress/ingress on Security Lists/NSGs for TCP 443

- Verify listener on the Private Endpoint/LB is active; backends healthy

- Run nc -vz and packet capture (tcpdump) to confirm SYN/SYN-ACK and TLS

WebSocket upgrade fails with redirect (OGG-10400 “Moved Temporarily”)

Cause: Reverse proxy or LB returning 302 on base URL

Fix:

- Disable reverse proxy in Receiver Server (preferred), or

- Target the service path directly: /services/v2/sources (or /services/recvsrvr)

- Ensure LB forwards WebSocket Upgrade and does not redirect /services/*

TLS trust/name mismatch

Cause: Using IP or mismatched hostname

Fix:

- Always use the deployment FQDN that matches the wildcard cert

- Ensure client truststore includes the issuing CA if needed

- Validate with openssl s_client

Still Stuck?

Collect from both ends:

- Receiver/Distribution/Admin logs around the failure time

- Outputs of: dig, getent, nc, curl -I, openssl s_client

- Packet capture during connect attempt: tcpdump -nn host <PE IP> and port 443

- LB/WAF logs and policies (redirects, WebSocket support)