Troubleshooting Debug Logs

The following section contains possible issues you may find in the Tenable for Fudo Debugging Log Report log files and how to resolve them.

Server did not respond to request

If the Fudo server did not respond to a request, this is usually an issue of network connectivity or SSL. Verify the given host and port are accessible from the scanner. If the Fudo PAM server is using an SSL certificate not signed by a known CA, add the appropriate CA certificate to the scanner. Or, disable SSL verification.

Incorrect API username or password

The error “Failed to authenticate to Fudo API” may appear in the debug logs, and additionally the following HTTP response may be recorded in the logs:

This is caused by an incorrect API username or API password.

No accounts found

When listing accounts, Fudo returns an empty list of accounts, and an "unable to obtain a credential ID" error appears in the debug logs. The following HTTP response may also be present:

The API user must be added to the safe containing the desired account. Confirm by logging into the portal with the chosen API user. This user must have access to accounts.

Accounts found, but not a matching one

If the error "unable to obtain a credential ID" appears, but the HTTP response did not contain an empty list of items, the problem is most likely that the given username/ID/address does not match accounts that the user has access to. Check the values of account name/address/ID and Use Target Address.

Object is not accessible

This HTTP response may appear in the debug logs, resulting in an error:

This is usually because the API user does not have appropriate permissions. In the safe, go to the users tab, select the checkbox next to the API user, and click the manage options button. This user needs the reveal password box checked.

Checkout error

Trying to check out a secret that is already checked out. Assign the account a session duration and retry.

Secret used by different user

This can be resolved with the "force" option.