Articles in this section

General Connector Troubleshooting

Overview

This article provides comprehensive troubleshooting guidance for JetPatch connector deployment issues. 

It covers common error messages, their causes, and step-by-step solutions for both Linux and Windows environments.

Initial Verification Steps

First, verify the Connector Protocols, Permissions, and Users.

If there is still an issue, then please verify which error message you are seeing when deploying the connector:

  1. Go to platform configuration
  2. Navigate to the servers tab
  3. Search for the endpoint with issues and click on it 
  4. Navigate to the logs tab and see details. 

Common Error Messages and Solutions

Error message When the issue appears Solution
N/A Status stays as pending for a very long-time (no error message generated)  If Linux, verify the account is able to run passwordless sudo commands
Invalid credentials    Check this article Invalid Credentials Errors
No IP Found Windows endpoints behind a NAT  Verify the WSUS endpoint configuration is pointing to the private IP of the WSUS server
Insufficient permissions (!requiretty) when trying to deploy the connector on your Linux endpoints  See this article.
 Intigua currently disconnected Deploying the connector

Verify that port 443 is open from endpoint to JetPatch server 

Check worker.log via manager logs 

Check connector log of endpoint connected on machine itself If this is a new deployment and your forgot to set a static IP address, then likely the IP address of the endpoint is using the old IP (see instructions to help modify to hostname)
SMB Operation Failed  Deploying the connector on windows

Check SMB2/445 Connection Check if the account has read/write/execute permissions on Windows/Temp or configure it to a different folder 

Check worker.log via manager logs and look for access denied ADMIN$. See this article for a fix.
Intigua deployment failed, ip: Deploying the connector

Likely /usr/share/intigua/certs permission issue. 

You can verify by looking at worker.log via manager logs
Task progress could not be tracked On a connector restart Increase throttling CPU & Memory values

JetProxy Limitations

Note: You cannot deploy connectors behind JetProxy, because JetProxy is a web proxy (thus, cannot use SSH or SMB). Thus, deploy the connector from the endpoint itself

Alternative Deployment Methods

If you are unable to deploy the connector by itself:

  • Compare traceroute output from the machine experiencing issues and another machine from the same VLAN/network.

Connectivity Testing

Linux Connectivity Tests

On Linux, use

traceroute
nc
nmap
Method Command Description
TCP Traceroute (Port 22) traceroute -T -p 22 <Endpoint_IP> Traces the path using TCP SYN packets on port 22.
TCP Traceroute (Port 443) traceroute -T -p 443 <JetPatch_IP> Traces the path to the Manager/Repo on HTTPS port.
Alternative Traceroute tcptraceroute <JetPatch_IP> 443 A specialized tool for bypassing firewalls that block ICMP.
Netcat (Simple Scan) nc -zv <JetPatch_IP> 443 Quickly checks if port 443 is listening (zero-I/O, verbose).
Netcat (Source Port) nc -zv -p 1234 <JetPatch_IP> 443 Checks connectivity while specifying a local source port (1234).
Nmap Scan nmap -p 443 <JetPatch_IP> Checks the status of port 443 and identifies the service.

Windows Connectivity Tests

Windows uses

tracert
  • Use this to identify where a packet is being dropped in the network hops.

Standard Path Trace:

tracert <JetPatch_IP>
  • (Note: Requires specific environment tools or PowerShell equivalents.)

TCP Specific Trace:

traceroute -T -p 445 <Endpoint_IP>
  • Verifies if the local machine is currently using or listening on port 443.

Check Local Listening Ports:

netstat -ano | findstr :443
  • Also, look at curl:
curl -v -L 192.168.1.1
  • Check the SSL handshake from the client
openssl s_client -connect 192.168.1.1:443

(Windows app, usually built-in in Linux)

Linux-Specific Troubleshooting

  • Check the post_install_log file in /tmp
  •  Verify the account has appropriate permissions (likely to be an issue if the activity is not timing out after a few minutes)
  •  Check SELinux configuration (it may limit the connection). More information can be found here.
  • Deploy the connector from the endpoint itself
  • If the connector is failing to deploy from Windows itself, look at
tcping -t <Core-Server-IP/Name> 443
  • Look at the manager logs, specifically the worker.log file in the logs folder

Windows-Specific Troubleshooting: Connector Fails to Start After Installation

If the connector shows "Connected" briefly in the JetPatch UI after installation but then fails, or the connector service does not start, follow these steps.

Step 1 — Check connector logs

Navigate to the connector log directory and review the most recent log:

 
Windows: C:\Program Files\Intigua\vAgentManager\PackageManager\log\
Look for ERROR entries, particularly:
"Failed to create process" with "error: 2" — a required binary is missing (see Step 2)
"Cannot load program" or "Symbol resolution failed" — shared library issue (see Step 5)

Example error:

ERROR|GENERAL: Exception occurred: intigua::IntiguaException
Failed to create process: "C:\Program Files\Intigua\vAgentManager\PackageManager\vlink\vlink_4.2.8.213\bin\vlinkprocess64.exe" error: 2
Error code 2 = "The system cannot find the file specified."

Step 2 — Verify connector binaries exist

Windows:

powershell
# Check if key binaries exist
Test-Path "C:\Program Files\Intigua\vAgentManager\PackageManager\vlink\vlink\bin\connector64.exe"
Test-Path "C:\Program Files\Intigua\vAgentManager\PackageManager\vlink\vlink\bin\vlinkprocess64.exe"

# List all vlink version directories
Get-ChildItem "C:\Program Files\Intigua\vAgentManager\PackageManager\vlink\" -Directory

# Check specific version directory
Get-ChildItem "C:\Program Files\Intigua\vAgentManager\PackageManager\vlink\vlink_*\bin\" | Select-Object Name, Length

If binaries are missing, proceed to Step 3 (Antivirus). If they exist but the service still fails, proceed to Step 4 (Dependencies) and Step 5 (ProcMon).

Step 3 — Check Antivirus / EDR quarantine (most common cause on Windows)

Antivirus products (Microsoft Defender, TrendMicro, CrowdStrike, Carbon Black, SentinelOne) frequently quarantine or block JetPatch connector binaries immediately after installation. The connector may appear "Connected" briefly before the binary is removed.

Check Microsoft Defender:

powershell
# Check recent threat detections
Get-MpThreatDetection | Where-Object { $_.Resources -match "intigua|vlink" } |
    Select-Object DetectionTime, Resources, ActionSuccess

# Check active threats
Get-MpThreat | Where-Object { $_.Resources -match "intigua|vlink" } |
    Select-Object ThreatName, Resources, IsActive

# Check quarantine
Get-MpThreatDetection | Select-Object -First 10 DetectionTime, ThreatName, Resources

Check TrendMicro: Review TrendMicro logs at the default log location or the TrendMicro console for any blocked/quarantined files matching vlinkprocess64.exe, connector64.exe, or files under C:\Program Files\Intigua\.

Resolution — Add exclusions BEFORE reinstalling:

Microsoft Defender exclusions:

powershell
# Add folder exclusion
Add-MpPreference -ExclusionPath "C:\Program Files\Intigua"

# Add process exclusions
Add-MpPreference -ExclusionProcess "connector64.exe"
Add-MpPreference -ExclusionProcess "vlinkprocess64.exe"
Add-MpPreference -ExclusionProcess "vlink64.exe"

# Verify exclusions
Get-MpPreference | Select-Object -ExpandProperty ExclusionPath
Get-MpPreference | Select-Object -ExpandProperty ExclusionProcess

TrendMicro exclusions: Add the following to the TrendMicro exclusion list via the console:

  • Folder: C:\Program Files\Intigua\
  • Processes: connector64.exe, vlinkprocess64.exe, vlink64.exe

Important: Exclusions must be configured BEFORE reinstalling the connector. If the binary was already quarantined, adding exclusions after the fact will not restore the file — a reinstall is required.

After adding exclusions, reinstall the connector and verify the binaries persist:

powershell
# Wait 30 seconds after install, then verify
Start-Sleep 30
Test-Path "C:\Program Files\Intigua\vAgentManager\PackageManager\vlink\vlink\bin\vlinkprocess64.exe"
Get-Service *intigua* | Format-Table Name, Status

Step 4 — Check VC++ Redistributable dependency

If the binaries exist but the connector still fails with error 2, a required DLL may be missing. The connector needs Microsoft Visual C++ 2015-2022 Redistributable (x64) (version 14.30+).

powershell
# Check installed VC++ versions
Get-ItemProperty "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\*",
                 "HKLM:\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\*" |
    Where-Object { $_.DisplayName -match "Visual C\+\+" } |
    Select-Object DisplayName, DisplayVersion | Sort-Object DisplayName

If missing or outdated (only 2015-2019 / version below 14.30):

powershell
# Download and install latest VC++ 2015-2022 x64
Invoke-WebRequest -Uri "https://aka.ms/vs/17/release/vc_redist.x64.exe" -OutFile "$env:TEMP\vc_redist.x64.exe"
Start-Process "$env:TEMP\vc_redist.x64.exe" -ArgumentList "/install /quiet /norestart" -Wait

# Restart connector service
net stop vAgentManager
net start vAgentManager

Step 5 — Advanced: Use Process Monitor (ProcMon) to trace the failure

If the issue persists after Steps 2–4, use Sysinternals Process Monitor to capture exactly what's failing during connector startup.

Setup:

  1. Download ProcMon from https://learn.microsoft.com/en-us/sysinternals/downloads/procmon
  2. Run Procmon.exe as Administrator
  3. Set filters (Ctrl+L) to reduce noise:
Column Relation Value Action
Process Name contains intigua Include
Process Name contains connector Include
Process Name contains vlink Include
Result is not SUCCESS Include
  1. Click OK to apply filters, then start capture (Ctrl+E)
  2. Start the connector service:
 
   net start vAgentManager
  1. Wait for the service to fail, then stop capture (Ctrl+E)

What to look for:

Result Meaning Likely Cause
NAME NOT FOUND File or registry key doesn't exist Binary removed by AV, or missing DLL
PATH NOT FOUND Directory doesn't exist Incomplete installation
ACCESS DENIED Permission blocked AV real-time protection blocking, or NTFS permissions
FILE LOCKED File in use by another process AV scanning lock, or stale process

Typical ProcMon findings:

  • CreateFile on vlinkprocess64.exe returning NAME NOT FOUND → binary was quarantined (Step 3)
  • CreateFile on vcruntime140.dll returning NAME NOT FOUND → missing VC++ runtime (Step 4)
  • CreateFile on any Intigua binary returning ACCESS DENIED → AV real-time protection blocking execution even without quarantine

Save and share: File → Save (PML format) for support review, or File → Save as CSV for quick analysis.

Step 6 — Check Windows Event Log and service status

 
powershell
# Service details
Get-Service vAgentManager | Format-List Name, Status, StartType
sc query vAgentManager

# Try starting manually and capture error
net start vAgentManager 2>&1

# Application event log
Get-WinEvent -LogName Application -MaxEvents 20 |
    Where-Object { $_.Message -match "intigua|connector|vlink" } |
    Format-List TimeCreated, Id, Message

# System event log
Get-WinEvent -LogName System -MaxEvents 20 |
    Where-Object { $_.Message -match "intigua|connector|vlink" } |
    Format-List TimeCreated, Id, Message

Additional Support

For any other issue, please contact the JetPatch support team with the logs attached.

 

Related articles

Comments

0 comments

Please sign in to leave a comment.