Troubleshooting
Keep in mind…¶
This is a rough list of common scenarios we hear users encounter during install. This list is not all encompassing or complete. Please visit the Discord
Docker Compose Up Errors¶
- WARNING: The requested image's platform (linux/amd64) does not match the detected host platform (linux/arm64/v8)
This is caused by attempting to run VECTR on an ARM platform such as M½ Macs, Rasberry Pi or AWS A1 instances. VECTR containers are exclusively built for x64 and must be run on Intel/AMD. - No space left on device
The host machine has run out of disk space, or is partitioned in a way that it cannot download additional images. If running other workloads on this host you should assess total needs of all applications. We recommend 50GB for VECTR alone. - Unable to find image 'securityriskadvisors/vectr_tomcat:8.7.0' locally docker: Error response from daemon: Get "https://registry-1.docker.io/v2/":
This or similar errors suggest your host cannot connect to Docker Hub to download the image. Or in some enterprise environments the default repository has been changed. You will need outbound access to Docker Hub to download container images. If you are required to use your own internal repository contact your infrastructure team to request they load the required containers. You can find some additional documentation here.
- The "fIT" varible is not set. Defaulting to a blank string.
Most likely docker can't parse the .env file due to $ or other characters. First docker compose down to reset the deployment, then try using only alphanumeric characters.
Also, possible docker can't read the .env file due to file permission issues.
Exit Codes¶
This list is not exhaustive and many codes can have multiple root causes. This is simply a few potential solutions.
- Exit Code 1
This means the application, and it's main process has failed. Usually occurs on the VECTR_Tomcat container. Recommend checking disk space on host and logs for containers using docker logs.
- Exit Code 132
This has been observed on RHEL/CentOS systems see here. This is a RHEL platform issue and is not resolvable. Recommendation is to use Fedora/Debian based distros.
DNS_PROBE_FINISHED_NXDOMAIN / This site can’t be reached / ERR_NAME_NOT_RESOLVED¶
This means you do not have DNS configured. After running docker compose up you will need to ensure the hostname set in the .env file is resolvable by the browser you are trying to use. For a primer on DNS read here.
File format invalid or not supported¶
- Unable to upload ATT&CK Navigator files
This is intended. ATT&CK navigator layers don't contain enough procedure-level information to accurately emulate threat actor profiles. They're just a visual tool and VECTR doesn't currently support additional visual layers on its heatmap.
- Unable to import Atomic Red YAML
Most likely some form of DLP or network firewall has interfered with the upload. This is very common if uploading to a VECTR deployment with an invalid SSL Certificate. Check your browser for errors in the development console and network tab.
Occasionally Atomic Red Team will update their yaml in a way in which we do not expect, since they have no versioned releases it's not usually communicated. If you don't have any errors in browser open an issue on GitHub or ask us on Discord.
Auth Error Codes¶
VECTR will display an error code in certain situations that can be useful for debugging issues. Error codes are categorized into the following ranges:
1xx - Network, war deployment, or general configuration issues
2xx - SSO related issues
3xx - General auth related issues
4xx - Security, including encryption/decryption, related issues
Common error codes and recommendations are as follows.
Error Code | Description | Notes |
---|---|---|
102
|
The docker host time was not in-sync with the client (browser) time. | There is a +/- 20 second allowable skew between the host and client time. Anything greater than this will throw the error page. On the error page, the “timestamp” displays the time on the host. You can use this to check how far off the times are between host and client. |
301
|
When the time allotted to complete the MFA code challenge expires. | When you land on the form to enter the MFA code, that page is only valid for 10 minutes. So if a user with MFA enabled logged in and walked away before entering the code, then they come back after more than 10 minutes, the form won’t work anymore. The fix is usually just logging back in. |