If you’ve noticed your agent has stopped reporting to New Relic or has never reported in, and you’ve taken a look at the agent logs and found a message similar to…
ERROR: Unable to connect to the New Relic service at collector.newrelic.com:443 : System.Net.WebException: Unable to connect to the remote server ---> System.Net.Sockets.SocketException: No connection could be made because the target machine actively refused it
ERROR: Unable to connect to the New Relic service at collector.newrelic.com:443 : System.Net.WebException: Unable to connect to the remote server ---> System.Net.Sockets.SocketException: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond
…then you’re likely running into a network connectivity issue, which could be related to your server’s (or user’s) firewall settings.
If the issue just started you may want to check our New Relic status page to make sure there’s not an ongoing incident.
Then the first thing to check is that the required IP ranges and ports are open, and those can be found here:
It’s worth noting that, depending on how your firewall is set up, the actual user identity your process runs as may need to be unblocked from those IPs and ports. For example, if your app runs in an IIS application pool, the user under which that app pool runs (
ApplicationPoolIdentity by default) must be able to reach the specified IPs, as the agent resides within that process and has the same permissions.
One way to test whether your app can reach New Relic servers is to log in to Windows as your app’s user and run this command in Powershell:
A response of
mongrel ==> up indicates a successful connection.
As an admin, try using the runas command in Windows to “impersonate” another user.
If your company uses a proxy for outgoing connections, that proxy will also need the above mentioned IPs and ports open, and an additional setting must be added to your
newrelic.config so the agent knows to communicate via that proxy.
Required attributes for a proxy:
<proxy host="hostname" port="PROXY_PORT"
uriPath="path/to/something.aspx" domain="mydomain.com" user="PROXY_USERNAME" password="PROXY_PASSWORD"/>
You can test this with Powershell as well:
Invoke-WebRequest -Proxy http://__proxy_host:__proxy_port__ https://collector.newrelic.com/status/mongrel
If, however, you’re seeing error messages like the following…
The request was aborted: Could not create SSL/TLS secure channel.
The underlying connection was closed: An unexpected error occurred on a send. ---> System.IO.IOException: Received an unexpected EOF or 0 bytes from the transport stream.
The underlying connection was closed: An unexpected error occurred on a receive. ---> System.ComponentModel.Win32Exception: The client and server cannot communicate, because they do not possess a common algorithm.
…then you’re running into issues with TLS settings and will need to make the changes outlined here:
Next Steps in Troubleshooting
I hope this helps, and if you are still running into trouble, feel free to reply here or create a ticket; however, aside from some basic troubleshooting as described above, New Relic support may not be able to delve too much into network troubleshooting as many networking related issues are environment issues rather than agent or New Relic server issues, and tend to veer outside the scope of support.