Umbrella Diagnostic Tool: What to Provide Support When Asked

Support will often ask for the results of our diagnostic tool, especially when troubleshooting difficult issues. The steps to using the tool are straightforward, but it's very important to send the link that's generated by the tool, rather than a screenshot of the information or having the information pasted.

You can access the diagnostic tool in different ways depending on how you interact with Umbrella.

Have the Umbrella Roaming Client?

If you have the standalone Umbrella Roaming Client, a diagnostic tool is built in. To access it:

Windows:

Click the Umbrella Roaming client icon in your system tray
A status summary will appear. Click the link at the bottom that says Run Diagnostic Tool.

Mac OS X:

Click the Umbrella Roaming client icon from your Menu Bar (Mac OS X)
A status summary will appear. Click the link at the bottom that says Run Diagnostic Tool.

Have the Cisco AnyConnect Umbrella Roaming Module?

For the Cisco AnyConnect Umbrella Roaming module, you need to run two tools: The AnyConnect DART and the roaming client Umbrella Diagnostic tool.

Windows:

Run the DART as per the instructions listed here
Run the diagnostic executable located here: C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\UmbrellaDiagnostic.exe

Mac OS X:

Run the DART as per the instructions listed here
Run the diagnostic executable located here: /opt/cisco/anyconnect/bin/UmbrellaDiagnostic.app
Copy the file from "/opt/cisco/anyconnect/umbrella/data/beacon-logs/service/acumbrellacore*" to the ticket

Note: This Diagnostic Tool is not to be used for troubleshooting issues with Secure Web Gateway (SWG) Web Policies. Troubleshooting steps for SWG can be found here: Troubleshooting Umbrella Secure Web Gateway: Policy Debug and Diagnostic Tests

Don’t have the Roaming Client or AnyConnect?

Download and run the standalone diagnostic tool from the links below.

Microsoft Windows : Download here

Mac OS X : Download here

Linux: No tool, see Terminal instructions here

Now that you have found and launched your diagnostic tool, please see the next section for how to run it on your Operations System.

Microsoft Windows

When you first run the tool, you'll be asked for account information, ticket information and a domain to test with. This information is all optional, but if there is a specific domain you are having trouble accessing, please include it the Domain to test field:

Click Run tests. The tests should only take a few moments to complete and at the bottom of the diagnostic output a link becomes available. This is the link you send to Support.

In the example above, Support needs the link "http://diagnostic.opendns.com/d/5407505022713856". Please do not send this example link. Send the link that appears in your diagnostic result.

In order to protect your information and that of our other customers, diagnostic information uploaded to Umbrella is only accessible to Cisco Support employees authenticated through our systems. You won't be able to view the diagnostic results but Support is able to see them if you provide the results URL.

Only the link itself is needed, please click the link then copy and paste the URL results into your ticket. In the worst case scenario, if you can't copy and paste the link, feel free to send us a screenshot of the link.

Do not log into the link. Support uses this to log in and access results. You will not have access to this even with your Umbrella account.

If the Diagnostic does not run, provide the results of the following command prompt commands:

Apple Mac OS X

Click Run tests. The tests should only take a few moments to complete and at the bottom of the diagnostic output there will be a link displayed. This is the link you'll want to send to the Umbrella Support team.

In the example above, support needs the link "https://diagnostic.opendns.com/d/4703817580937216"

Please do not send this example link. Send the link that appears in your diagnostic result.

Do not log into the link. Support uses this to log in and access results. You will not have access to this even with your Umbrella account.

If you would like to run the test manually, please issue the following commands:

/usr/bin/dig +time=10 myip.opendns.com
/usr/sbin/traceroute -I -w 2 208.67.222.222
/usr/sbin/traceroute -I -w 2 208.67.220.220
/usr/sbin/traceroute -I -w 2 api.opendns.com
/usr/sbin/traceroute -I -w 2 bpb.opendns.com
/usr/sbin/traceroute -I -w 2 block.opendns.com
/usr/bin/dig @208.67.222.222 +time=10 debug.opendns.com txt
/usr/bin/dig @208.67.222.222 -p 5353 +time=10 debug.opendns.com txt
/usr/bin/dig +time=10 debug.opendns.com txt
/usr/bin/dig +time=10 whoami.akamai.net
/usr/bin/dig +time=10 whoami.ultradns.net
/usr/bin/dig @208.67.222.222 +time=10 myip.opendns.com
/usr/bin/dig @ns1-1.akamaitech.net +time=10 whoami.akamai.net
/usr/bin/dig @pdns1.ultradns.net +time=10 whoami.ultradns.net
/usr/bin/nslookup -timeout=10 -class=chaos -type=txt hostname.bind. 4.2.2.1
/usr/bin/nslookup -timeout=10 -class=chaos -type=txt hostname.bind. 192.33.4.12
/usr/bin/nslookup -timeout=10 -class=chaos -type=txt hostname.bind. 204.61.216.4
ping -n 5 www.opendns.com (www.opendns.com)
ping -n 5 rtr1.pao.opendns.com
ping -n 5 rtr1.sea.opendns.com
ping -n 5 rtr1.lax.opendns.com
ping -n 5 rtr1.chi.opendns.com
ping -n 5 rtr1.nyc.opendns.com
ping -n 5 rtr1.lon.opendns.com
ping -n 5 rtr1.mia.opendns.com
ping -n 5 rtr1.sin.opendns.com
ping -n 5 rtr1.fra.opendns.com
ping -n 5 rtr1.hkg.opendns.com
ping -n 5 rtr1.ams.opendns.com
ping -n 5 rtr1.ber.opendns.com
ping -n 5 rtr1.cdg.opendns.com
ping -n 5 rtr1.cph.opendns.com
ping -n 5 rtr1.dfw.opendns.com
ping -n 5 rtr1.otp.opendns.com
ping -n 5 rtr1.prg.opendns.com
ping -n 5 rtr1.ash.opendns.com
ping -n 5 rtr1.wrw.opendns.com
ping -n 5 rtr1.syd.opendns.com
ping -n 5 rtr1.jnb.opendns.com
ping -n 5 rtr1.yyz.opendns.com
ping -n 5 rtr1.yvr.opendns.com
ping -n 5 rtr1.nrt.opendns.com
/bin/ps wwaux
/sbin/ifconfig -a
/usr/sbin/scutil --dns
/usr/sbin/netstat -rn
/usr/bin/curl -Ls block.a.id.opendns.com/monitor.php
/usr/bin/curl -Ls -c /dev/null bpb.opendns.com/monitor/

Linux/Unix

To provide diagnostic information for a Linux/Unix machine, please run the following commands and provide the results in your reply to the support ticket:

nslookup -type=txt debug.opendns.com.
nslookup -type=txt debug.opendns.com. 208.67.222.222
nslookup -type=txt debug.opendns.com. 208.67.222.222 -port=443
nslookup -type=txt debug.opendns.com. 208.67.222.222 -port=5353
traceroute 208.67.222.222
traceroute api.opendns.com.
traceroute bpb.opendns.com.
ifconfig

If you are asked to test a specific domain:
nslookup domain.com
nslookup domain.com 208.67.222.222
nslookup domain.com 208.67.220.220
nslookup domain.com 4.2.2.1
traceroute domain.com

Below are two example screenshots of the results of these commands. Your results will look similar but results will be unique to your Umbrella dashboard.

Want to learn more?

Visit our tutorial video series here:

https://learn.umbrella.com/path/dns-layer-security/onboarding-course-1-getting-started-with-umbrella/261149

OpenDNSDiagnostic-1.6.2.exe
100 KB Download
OpenDNSDiagnostic-mac-1.6.4.zip
300 KB Download

Comments

2 comments

mayur.dhendwal

March 06, 2017 06:44
https://diagnostic.opendns.com/d/5353009278091264
-1

Comment actions Permalink
rotblitz

March 08, 2017 19:42
@mayur.dhendwal

Did you get any feedback yet? Do you know that you shouldn't post this link as a comment here, but that you have to raise a support ticket at https://support.umbrella.com/hc/en-us/requests/new with the link to the diagnostic results and also a detailed problem description included?
0

Comment actions Permalink

Article is closed for comments.

Articles in this section

Umbrella Diagnostic Tool: What to Provide Support When Asked

Microsoft Windows

Apple Mac OS X

Linux/Unix

Related articles