Help Center← Back to Dashboard
Getting Started
What is Aithroyz?Quickstart: First EnvironmentCloud CredentialsPlans & Approvals
Environments
OverviewLifecycle PhasesTTL Auto-DestroyExtending TTLDestroying an Environment
Tools Reference
OverviewElastic Stack (SIEM)Wazuh (XDR)MITRE CalderaTheHive & DFIR-IRISVelociraptorOpenCTIGrafana + PrometheusShuffle SOARn8nUptime KumaLLM GatewayOpen WebUIFlowiseOpenClawOllamaQdrantLangfusePortainerGiteaSonarQubeCode ServerMattermostMinIOMetabaseHashiCorp VaultKeycloak SSONetBoxLocalStack
Access & Security
Google SSOTenant IsolationPasskeys & MFATeam Members
API & Integrations
API KeysMCP Tools (Clevername)Terraform ExportWebhooks & Callbacks
Stack Presets
SOC PlatformIR / DFIR LabThreat HuntingQuick Sandbox
Settings
Cloud KeysAPI KeysBillingAudit Log
Troubleshooting
Common IssuesDeployment FailuresDNS & ConnectivityTool Health Checks
Aithroyz Help
Help CenterTroubleshooting

Common Issues

Solutions for the most frequently encountered problems with Aithroyz deployments, tools, and access.

If your issue isn't listed here, ask Sentinel — the support bot in the bottom right. It has access to all Aithroyz help documentation and can troubleshoot step by step.
⚠GCP quota exceeded
The provisioner checks available CPU and static IP quotas before deploying. Go to GCP Console → IAM & Admin → Quotas, filter for "CPUs" and "In-use IP addresses" in your target region, and request an increase. Typical requirements: 4–8 vCPUs and 1–2 static IPs per environment.
⚠Deployment stuck at 'deploying'
Open the request detail page and check the live job log. Common causes: missing cloud credentials (check Setup), VPC already exists in the region (destroy it first in GCP Console), or Cloud Run provisioner timed out. Use the Retry button to re-attempt from where it left off.
Read full article →
⚠DNS propagation delay — tools unreachable
Subdomain DNS records (e.g. elastic.acme.ops.aithroyz.com) are created by the foundation module. DNS can take 1–5 minutes to propagate globally. The health check polls for up to 15 minutes. If it times out, verify the Cloud DNS zone has the records in GCP Console.
Read full article →
⚠Tool health check keeps failing
Some tools take 10+ minutes to initialize on first boot (Caldera, OpenCTI). If the health badge shows amber for more than 15 minutes, check the Docker container logs via Portainer. The most common cause is insufficient RAM — Caldera and OpenCTI each need at least 4 GB.
Read full article →
⚠Google SSO login loop
The OAuth callback is registered for auth.ops.aithroyz.com. Clearing browser cookies for *.ops.aithroyz.com usually resolves loop issues. If you're getting 'redirect_uri_mismatch', the Google OAuth client may need the callback URI added.
Read full article →
⚠Cloud credentials validation failing
Ensure the service account has the required IAM roles: Compute Admin, DNS Administrator, Storage Admin, Cloud Run Admin. The 'Editor' built-in role covers all of these. Check that billing is enabled on the GCP project.
Read full article →
⚠Passkey login not working
Passkeys are device-bound. If you switched devices or browsers, you'll need to register a new passkey or fall back to email+password. Go to Settings → Passkeys to manage your registered authenticators.
Read full article →
⚠Terraform export zip is empty
The export is generated from the live OpenTofu state. If the environment has not fully deployed (status is not 'live'), the state may be incomplete. Wait for the deployment to finish or retry if it failed.
Read full article →
Related Articles
Deployment FailuresRead article →DNS & ConnectivityRead article →Tool Health ChecksRead article →