Troubleshooting Guide

Common issues and solutions for Seed MCP Server users and administrators.

For Users

Problems connecting to or using Seed from your MCP client.

Connection Issues

"Cannot connect to MCP server"

Symptoms:

• Client shows connection error
• Tools/prompts not available
• Timeout errors

Solutions:

1. Verify server URL - Check with your administrator
   • Should include /mcp path (e.g., https://mcp.example.com/mcp)
   • Test in browser: https://YOUR_SERVER_URL/health
2. Check network connectivity
   • Can you reach other sites?
   • Are you on VPN if required?
   • Check firewall rules
3. Verify server is running - Contact your administrator
4. Check client configuration - Ensure JSON syntax is correct

"OAuth authentication failed"

Symptoms:

• Browser doesn't open for login
• Login page doesn't load
• "Authentication failed" error

Solutions:

1. Verify OAuth endpoints - Check authorizationUrl and tokenUrl with admin
2. Test OAuth URLs in browser - Should be accessible
3. Clear browser cookies - For the OAuth domain
4. Try incognito/private mode - Rules out browser extensions
5. Check redirect URI - Must match server configuration
6. Verify account access - Confirm with administrator you have permissions

"Token expired" or "Unauthorized"

Symptoms:

• Worked before, now getting 401 errors
• "Token expired" message

Solutions:

1. Re-authenticate - Client will prompt you to log in again (normal after extended inactivity)
2. Check session - May have been cleared on server
3. Verify account status - Confirm access wasn't revoked

"Invalid configuration" or "Invalid settings.json"

Symptoms:

• Client won't start
• Configuration error messages

Solutions:

1. Validate JSON syntax
   • Check for missing commas
   • Check for missing quotes
   • Use a JSON validator
2. Verify required fields - url, transport, authentication type
3. Check URLs - Must be valid HTTPS URLs (or HTTP for localhost)
4. Reload client - Restart after fixing configuration

Tool/Prompt Issues

"Tool not found" or "Prompt not available"

Symptoms:

• Specific tool/prompt doesn't appear
• "Tool not found" errors

Solutions:

1. Verify tool is enabled - Administrator controls available tools
2. Check authentication - Some tools require authenticated access
3. Refresh connection - Disconnect and reconnect
4. Check server version - Tool may not be available in your server version

"Tool execution failed"

Symptoms:

• Tool starts but returns an error
• Partial results

Solutions:

1. Check parameters - Ensure correct argument types and values
2. Verify permissions - You may not have access to that specific action
3. Check server logs - Ask administrator to review for errors
4. Try different tool - Isolate if it's tool-specific or general issue

Performance Issues

"Slow response times"

Symptoms:

• Tools take a long time to respond
• Timeouts

Solutions:

1. Check network - Test connection speed
2. Increase timeout - Configure longer timeout in client settings
3. Contact administrator - Server may be under high load
4. Use different tool - Some operations naturally take longer

"Frequent disconnections"

Symptoms:

• Connection drops repeatedly
• Need to re-authenticate often

Solutions:

1. Check network stability - WiFi issues, VPN drops
2. Verify firewall - May be closing idle connections
3. Contact administrator - Session timeout settings may need adjustment

Client-Specific Issues

Claude Desktop

"MCP servers not loading"

• Restart Claude Desktop completely (not just close window)
• Check configuration file location is correct
• Validate JSON in configuration file

"Settings not saving"

• Ensure you have write permissions to config directory
• Check disk space
• Try editing config file directly

Claude Code (VSCode)

"Extension not detecting MCP servers"

• Reload VSCode window: Cmd+Shift+P → "Reload Window"
• Check extension is up to date
• Verify settings.json location (user vs workspace)
• Check VSCode developer console for errors: Help → Toggle Developer Tools

"OAuth callback not working"

• Check default browser is set correctly
• Try different browser
• Verify localhost ports aren't blocked

GitHub Copilot

"MCP not available"

• Ensure VS Code 1.102+ or latest JetBrains version
• Update GitHub Copilot extension
• Check MCP support in your IDE version

Microsoft Copilot

"Cannot add MCP server"

• Verify Copilot Studio access level
• Ensure generative orchestration is enabled
• Check tenant MCP policies with administrator

For Administrators

Server setup, configuration, and operational issues.

Startup Issues

"Server won't start"

Check logs:

docker logs seed-mcp-server
# or
npm run dev  # See console output

Common causes:

1. Missing environment variables - Check required vars are set
2. Port already in use - Another process using port 3000
3. Redis connection failed - Verify Redis is running and accessible
4. Invalid OIDC configuration - Check issuer URL, JWKS URL

Solutions:

# Check if port is in use
lsof -i :3000

# Test Redis connection
redis-cli ping

# Validate environment variables
env | grep OIDC
env | grep REDIS

"JWKS discovery failed"

Symptoms:

• "Cannot fetch JWKS" errors
• "Invalid issuer" errors

Solutions:

1. Verify OIDC_ISSUER - Should be your identity provider's base URL
2. Test OpenID configuration endpoint:

   curl https://YOUR_ISSUER/.well-known/openid-configuration

3. Check JWKS URL - Should return public keys:

   curl https://YOUR_ISSUER/.well-known/jwks

4. Check firewall - Server must reach identity provider
5. Use explicit OIDC_JWKS_URL - If autodiscovery doesn't work

Authentication Issues

"All requests return 401 Unauthorized"

Check configuration:

# Verify auth is enabled (should be true for production)
echo $AUTH_REQUIRED

# Check OIDC configuration
echo $OIDC_ISSUER
echo $OIDC_AUDIENCE
echo $OIDC_JWKS_URL

Solutions:

1. Verify JWT tokens - Use jwt.io to decode and inspect
2. Check issuer claim - Must match OIDC_ISSUER
3. Check audience claim - Must match OIDC_AUDIENCE
4. Verify token signature - Check against JWKS public keys
5. Check token expiration - May be using expired tokens

"OAuth flow fails"

Check OAuth configuration:

echo $OAUTH_AUTHORIZATION_URL
echo $OAUTH_TOKEN_URL

Test OAuth endpoints:

# Should return OAuth metadata
curl https://YOUR_SERVER/oauth/token

# Should redirect to authorization page
curl -I https://YOUR_SERVER/oauth/authorize?client_id=test

Common issues:

1. Client not registered - Use dynamic client registration or pre-register
2. Redirect URI mismatch - Must exactly match registered URI
3. Invalid client_id - Check client registration
4. PKCE validation failed - Ensure code_verifier matches code_challenge

Redis Issues

"Session not found" errors

Check Redis connection:

redis-cli ping
redis-cli KEYS "seed:*"

Solutions:

1. Verify REDIS_URL - Format: redis://host:port
2. Check Redis is running - redis-cli ping should return "PONG"
3. Check network - Server can reach Redis host
4. Verify credentials - If Redis has authentication
5. Check TTL settings - Sessions may be expiring too quickly

"Redis connection refused"

Solutions:

# Check Redis is running
systemctl status redis
# or
docker ps | grep redis

# Test connection
redis-cli -h YOUR_REDIS_HOST -p YOUR_REDIS_PORT ping

# Check firewall rules
telnet YOUR_REDIS_HOST YOUR_REDIS_PORT

Performance Issues

"High memory usage"

Check:

# Check Redis memory
redis-cli INFO memory

# Check Node process memory
ps aux | grep node

Solutions:

1. Adjust Redis memory limits - Set maxmemory in redis.conf
2. Clean up old sessions - Ensure TTL is set correctly
3. Enable Redis eviction - maxmemory-policy in redis.conf
4. Scale Redis - Use Redis Cluster for large deployments

"Slow API responses"

Diagnose:

1. Check logs - Look for slow operations
2. Monitor Redis latency - redis-cli --latency
3. Check JWKS cache - Frequent JWKS fetches indicate issues
4. Network latency - Test latency to identity provider

Solutions:

1. Increase JWKS cache TTL - Reduce OIDC provider calls
2. Use Redis connection pooling - If not already enabled
3. Scale horizontally - Deploy multiple Seed instances behind load balancer
4. Optimize Redis - Use appropriate data structures, enable pipelining

Security Issues

"Suspicious authentication attempts"

Monitor logs for:

• Repeated 401 errors from same IP
• Invalid JWT tokens
• OAuth abuse attempts

Actions:

1. Enable rate limiting - Limit requests per IP
2. Review IP allowlists - Block suspicious IPs at firewall level
3. Audit user access - Review who has tokens issued
4. Rotate signing keys - At identity provider

"Token leakage suspected"

Immediate actions:

1. Revoke compromised tokens - At identity provider
2. Rotate client secrets - For affected clients
3. Review access logs - Identify unauthorized usage
4. Force re-authentication - Clear all sessions

Prevention:

1. Use short token lifetimes - 1 hour or less
2. Enable token rotation - Refresh tokens regularly
3. Implement token binding - Bind tokens to specific clients
4. Monitor unusual patterns - Geographic, temporal anomalies

Monitoring & Health Checks

Health Check Endpoint

Test server health:

curl https://YOUR_SERVER/health

Expected response:

{
  "status": "ok",
  "timestamp": "2025-01-05T12:00:00.000Z",
  "uptime": 3600.5,
  "redis": {
    "connected": true,
    "ping": "PONG"
  }
}

Monitoring Recommendations

Key metrics to track:

1. Response time - 95th percentile latency
2. Error rate - 4xx/5xx responses per minute
3. Active connections - Current MCP sessions
4. Redis memory - Usage and hit rate
5. JWT validation time - JWKS fetch latency
6. OAuth success rate - Authorization flow completions

Alerting thresholds:

• Response time > 2s (95th percentile)
• Error rate > 5%
• Redis memory > 80%
• JWKS fetch failures > 1%

Logging & Debugging

Enable Debug Logging

Production:

LOG_LEVEL=debug npm start

Development:

DEBUG=* npm run dev

Log Locations

Docker:

docker logs -f seed-mcp-server
docker logs --tail 100 seed-mcp-server

System:

journalctl -u seed-mcp-server -f
tail -f /var/log/seed/*.log

Key Log Events

Watch for:

• JWT verification failed - Authentication issues
• JWKS fetch error - Identity provider connectivity
• Redis connection error - Session store issues
• MCP session created - New client connections
• OAuth token exchange - Authorization flow steps

Getting Additional Help

For Users

• Contact your administrator - Server configuration and access issues
• Check server status - https://YOUR_SERVER/health
• Review documentation - Connection guides, Tools, Prompts, Resources

For Administrators

• Review architecture docs - Authentication Flow, OAuth Implementation, Session Management
• Check API reference - MCP Endpoints, OAuth Endpoints
• Developer guide - Installation, Configuration, Deployment
• Report issues - GitHub issues or internal support channels

Common Error Codes

Code	Meaning	Action
401	Unauthorized	Check authentication, verify token
403	Forbidden	Check permissions, verify access grants
404	Not Found	Verify URL path, check resource exists
429	Too Many Requests	Reduce request rate, wait and retry
500	Internal Server Error	Check server logs, contact administrator
502	Bad Gateway	Check upstream services (Redis, IdP)
503	Service Unavailable	Server overloaded or restarting

Quick Diagnostics Checklist

For users:

• [ ] Server URL is correct and includes /mcp path
• [ ] OAuth endpoints are accessible in browser
• [ ] Client configuration JSON is valid
• [ ] Browser can reach authentication pages
• [ ] Account has access to the server

For administrators:

• [ ] All required environment variables are set
• [ ] Redis is running and accessible
• [ ] Identity provider is reachable from server
• [ ] JWKS URL returns valid public keys
• [ ] Health endpoint returns "status": "ok"
• [ ] Logs don't show repeated errors
• [ ] Disk space is available
• [ ] Memory usage is within limits