Skip to content

Troubleshooting — Google Cloud

If the appliance is deployed but isn't behaving as expected, work through the issues below. If it boots but never connects — or the tunnel drops right after it establishes — the cause is usually firewall L7/TLS inspection or NAC, not this platform: see Connectivity Troubleshooting.

I can't find srt-rta-images in the source project picker

The image project is outside your GCP organization. In the Boot disk dialog, click Custom images, then open the source project dropdown. At the top of the dropdown, change the organization filter from your org name to "No organization" or "All", then search for srt-rta-images.

I can't find the image — has access been granted?

Verify with your engagement lead that IAM access has been granted to the exact Google identity you're using (user account, group, or service account). Access is granted per-image; if the image name has changed, request a fresh grant for the new image name.

The instance started but I have no console / display

The display device was not enabled at create time. You cannot add it to a running instance — delete the VM and recreate it with Enable display device checked (Console) or --enable-display-device (CLI).

Error: The resource ... was not found for the image

Verify that the image name is exactly as provided by your engagement lead and that IAM access has been granted to the Google identity you are authenticated as (gcloud auth list). The --image-project flag must be srt-rta-images verbatim.

I get a policy constraint or trusted image error (POLICY_VIOLATED)

Your organization has a constraints/compute.trustedImageProjects policy that restricts which external projects you can use images from. Ask your GCP administrator to add projects/srt-rta-images to the policy allowlist:

gcloud resource-manager org-policies allow \
  constraints/compute.trustedImageProjects \
  projects/srt-rta-images \
  --organization=YOUR_ORG_ID
Instance is running but SSH times out

Confirm the instance's VPC subnet has outbound internet access (Cloud NAT or equivalent) and that there is no firewall rule blocking SSH from your source network. Also confirm you are connecting to the internal IP from inside the VPC — the instance has no external IP by design.

No output from get-serial-port-output

Serial port output logging must be enabled. Add --metadata=serial-port-enable=TRUE to the create command, or enable it after the fact:

gcloud compute instances add-metadata rta-instance \
  --project=YOUR_PROJECT_ID \
  --zone=ZONE \
  --metadata=serial-port-enable=TRUE