ACC Admin Workspace - Diagnostic TestsThe Agent Client Collector (ACC) agent includes a self-test or diagnostic framework that validates configuration and permissions. Errors indicate the agent cannot proceed with data collection due to configuration issues, missing permissions, or environmental problems. As part of the June 2026 store app release of ACC Admin Workspace (bundled with the ITOM Infra Services Workspace store app), diagnostics may be triggered and viewed from within the agent record of the workspace. What are diagnostic tests? The ACC agent includes a self-test framework that validates configuration, permissions, and dependencies required for data collection. These tests catch data collection failures and can catch problems early — before they surface as silent data gaps. When do the tests run? Diagnostic tests run on demand — either when you trigger a diagnostic check from the ACC Admin Workspace, or when running manual diagnostic commands against the agent. They do not run automatically during startup or normal operation. What do the results mean? If all tests pass, the agent's configuration and environment are healthy for data collection. If any test fails, the agent logs a specific error code (ACC-42XX) so you can identify exactly which check failed and what needs attention. Diagnostic test error summary Error CodeTest NameWhat It ChecksWhat to Look AtACC-4201Allowlist ValidationWhether check-allow-list.json is valid JSON with correct syntaxJSON syntax errors, file permissions, unescaped backslashes (especially on Windows)ACC-4202Cache Directory CreationWhether the agent can create its cache subdirectories for plugins, assets, and checksDisk space, directory ownership, SELinux/AppArmor policiesACC-4203MID Server AuthenticationWhether a valid API key is configured in acc.ymlMissing or empty api-key field, missing agent-key-id after first startupACC-4204MID Server Connection ConfigWhether backend-url in acc.yml contains properly formatted WebSocket URLsURL format (must use wss:// or ws:// with /ws/events path), YAML syntaxACC-4205MID Server ConnectivityWhether the agent can actually reach the MID ServerMID Server status, firewall rules, DNS resolution, TLS certificatesACC-4206OSQuery AvailabilityWhether the osqueryi binary is present and executablePlugin cache contents, file permissions, architecture mismatchACC-4207PAC FileWhether the configured proxy auto-config file is reachable and validPAC URL accessibility, JavaScript syntax in the PAC fileACC-4208PowerShell Version (Windows)Whether PowerShell 5.1+ is installedPowerShell version; upgrade via Windows Management Framework 5.1 if neededACC-4209Ruby Script ExecutionWhether the bundled Ruby interpreter is present and functionalBundled Ruby binary existence and permissions; reinstall agent if missingACC-4210Sudo SS Access (Linux)Whether the service account can run ss with sudo for network data collectionsudoers configuration for the servicenow user, !requiretty settingACC-4211WMI Permissions (Windows)Whether the service account has WMI query accessMembership in "Performance Monitor Users" and "Distributed COM Users" groups, WMI namespace security Next steps when a self-test fails 1. Check the agent log for the specific ACC-42XX error code.2. Review the "What to Look At" column above for that code.3. Fix the underlying issue and restart the agent.4. Re-run the diagnostic check to confirm the test passes.