License Activation Fails
Check:- The license key was copied without extra spaces.
- The host has outbound access to the activation service for online activation.
- The host identifier matches the offline activation file.
- The activation limit has not been reached.
- The system clock is accurate.
Target Is Rejected by License
This means the target is outside the active license scope or the target limit has been reached. Check the license screen for:- Allowed domains, wildcard domains, IP addresses, or CIDR ranges.
- Target usage and remaining target capacity.
- Expiration date.
- Feature availability.
*.acme.com, confirm whether the root domain acme.com is also included or must be licensed separately.
Discovery Finds Too Few Hosts
Check:- DNS resolution from the VulnScan host.
- Whether the domain uses split-horizon DNS.
- Whether staging or internal hosts are blocked from the scanner’s network.
- Whether the root domain has a very large subdomain footprint and needs a longer discovery window.
- Whether firewalls block probing from the VulnScan host.
Scan Is Slow
Common causes:- Very large target scope.
- Slow or rate-limited target applications.
- Many closed or filtered ports.
- Deep authenticated applications.
- Large known-CVE enrichment workload.
- PDF report generation after a large scan.
- Split the target into smaller assets.
- Scan critical subdomains first.
- Schedule scans outside peak target traffic windows.
- Use CSV/JSON export for automation.
- Let PDF reports complete as background jobs.
Findings Look Missing
Check:- The scan used the correct hostname, not only an IP address behind virtual hosting.
- Authentication context was supplied if the feature is behind login.
- The application was reachable from the VulnScan host during the scan.
- The scan completed successfully.
- The finding is not filtered by severity, status, asset, or date range.
- Vulnerability intelligence data is current.
Suspected False Positive
Review:- Evidence and affected location.
- Confidence level.
- Product and version evidence.
- CVE/CWE mapping.
- Whether the finding came from active verification or passive fingerprinting.
- Whether a duplicate finding has stronger evidence.
PDF Export Stays Pending
Check:- The scan completed successfully.
- The PDF job is still running for a large scan.
- The data directory has enough disk space.
- Mail is configured if the user expects a report-ready email.
- Server logs for rendering or file-permission errors.
Mail Is Not Sent
Check:- Provider type: SendGrid, AWS SES, or custom SMTP.
- API token or SMTP credentials.
- Sender address verification.
- SMTP host, port, and TLS mode.
- AWS region and IAM permissions for SES.
- Outbound firewall rules from the VulnScan host.
- Spam quarantine or mail security gateway logs.
CLI Results Do Not Appear in the Web UI
Standard CLI scans appear in the Web UI when they write to the same workspace configuration and data directory. Check:- The CLI uses the same configuration file as the Web UI.
- The CLI runs on the same instance or points to the same workspace data.
- The scan command completed successfully.
- The scan source filter in the Web UI includes CLI scans.
Collect Information for Support
When contacting CyStack Support, include:- VulnScan version.
- Operating system and architecture.
- Whether the issue occurred in Web UI or CLI.
- License status without exposing the full license key.
- Target type and sanitized target examples.
- Scan ID or report job ID.
- Relevant log excerpts.
- Screenshots of the error where possible.