SEA Agent installation issues via App Manager

SEA Agent installation failures via the App Manager may occur when the management VLAN does not have internet access, which prevents necessary communication with Cisco cloud endpoints. This commonly results in devices being down or unmanageable within the Cisco IoT Operations Dashboard.

Symptoms of management VLAN connectivity issues

The following symptoms may indicate management VLAN internet access problems:

• The device cannot be onboarded via App Manager.
• Log messages or error output indicate:
  • App Manager: Failed to initiate SEA Agent installation -- no network connectivity.
  • IDA status: Disconnected or Unable to reach cloud endpoints for registration.
• SEA Agent installation via App Manager does not progress and the device remains offline in the dashboard.
• The device is not visible in the management dashboard even after reboot or power cycle.

Root causes of management VLAN installation failures

Common reasons for these symptoms include:

• Management VLAN lacks direct internet connectivity required for App Manager initial deployment.
• Network access lists (ACLs), firewall rules, or proxies are blocking outbound connections to internet endpoints required by Cisco cloud services.
• Default gateway or routing on the device or VLAN is misconfigured, preventing outbound traffic.
• DNS issues preventing domain name resolution to Cisco endpoints.

Fix management VLAN internet access for App Manager Installation

Purpose

Ensure that the management VLAN has the necessary configuration to enable internet access required for initial SEA Agent installation via App Manager.

Context

Without successful internet access from the management VLAN, the device will be unable to complete the SEA Agent installation or registration through App Manager. The following steps help you identify and resolve management VLAN internet connectivity issues for successful agent deployment.

Follow these steps to test and restore management VLAN connectivity:

1. Verify internet access from the management VLAN:
   • From the device, test basic connectivity:

     ping 8.8.8.8
     ping tools.cisco.com
     

   • Use traceroute to detect where connectivity fails:

     traceroute tools.cisco.com
     

2. Confirm successful DNS resolution and outbound HTTP/HTTPS access:
   • From the device, test DNS name lookup:

     nslookup tools.cisco.com
     nslookup us.ciscoiot.com
     

   • Check access to cloud endpoints:

     curl -v https://tools.cisco.com
     curl -v https://us.ciscoiot.com/
     

3. If these tests fail, investigate and correct the following:
   • Ensure firewall or ACLs do not block outbound traffic from the management VLAN.
   • Check device default gateway settings:

     show running-config | include ip default-gateway
     show ip route
     

   • Validate DNS settings and update /etc/resolv.conf or equivalent if necessary.

Result

When the management VLAN has internet access, the device can successfully complete SEA Agent installation via the App Manager.