Automator Not Working

If the Keeper Automator is not working (users receiving a notice to approve their device) please check the following common issues:

SSL Certificate Validity

The Automator service requires a valid SSL certificate that has been signed by a public certificate authority. Please note the following common issues:

  • If the certificate has expired, you need to renew the certificate with the certificate authority, then update the certificate in the Keeper Automator container.
  • For Azure deployments, ensure that the file share folder contains the latest .pfx file and then restart the container.
  • For Azure deployments using an App Gateway, the .pfx certificate must also be updated in the https listener for the gateway. Go to your Azure > Resource groups > App Gateway > Listeners and upload the new certificate.
  • Ensure that the subject name of the certificate matches the FQDN of the automator service.
  • Ensure that the certificate contains the intermediate and CA cert in the chain as described in the SSL certificate setup page.
  • Ensure that the Automator service is routable from the Keeper backend IPs as described on the network requirements page.

Azure Container IP Address

If you are using the Azure deployment model, it is possible that restarting the container will assign a new private IP address from the subnet. To quickly locate the new IP and update the Application Gateway backend pool with the correct IP, the below script can be run from the Azure CLI.

# change these 3 variables according to your setup





CONTAINER_IP=$(az container show --resource-group $RESOURCE_GROUP --name $CONTAINER_NAME --query 'ipAddress.ip' --output tsv)

az network application-gateway address-pool update --resource-group $RESOURCE_GROUP --gateway-name $GATEWAY_NAME --name $BACKEND_POOL_NAME --servers $CONTAINER_IP

If you have checked all of the above items and still require assistance, please open a support ticket with our Enterprise support team.


Still need help? Contact Us Contact Us