Ambassador Tenant VA's

kyle1 · July 17, 2024, 1:54pm

Hi Experts!

Losing my mind a bit - Seen a few other posts of people struggling to setup the Ambassador tenant VA’s. Sadly I have not been successful trying their solutions.

What I have tried & some pointers:

The orignal VA Image & the Ambassador VA image
Created a new VA Clusters & VA VM’s (multiple times).
KeyPassphrase has no speical characters at all.
VA is able to communicate with the internet without any issue.
Setup a new VA on our partner tenant, and got it working within 20 minutes.

Here are the errors in the logs:

charon.log:

{"@timestamp":"2024-07-17 13:57:15 +0000","level":"ERROR","type":"credential","message":"Service config file not in place."}

va_agent.log:

{"@timestamp":"2024-07-17 13:58:13 +0000","level":"ERROR","type":"api","message":"api.post: SocketError: Failed to open TCP connection to devrel01-useast1.accessiq.sailpoint.com:443 (getaddrinfo: Name or service not known): [\"/usr/local/lib/ruby/2.3.0/net/http.rb:882:in `rescue in block in connect'\", \"/usr/local/lib/ruby/2.3.0/net/http.rb:879:in `block in connect'\", \"/usr/local/lib/ruby/2.3.0/timeout.rb:91:in `block in timeout'\", \"/usr/local/lib/ruby/2.3.0/timeout.rb:101:in `timeout'\", \"/usr/local/lib/ruby/2.3.0/net/http.rb:878:in `connect'\", \"/usr/local/lib/ruby/2.3.0/net/http.rb:863:in `do_start'\", \"/usr/local/lib/ruby/2.3.0/net/http.rb:852:in `start'\", \"/usr/local/bundle/gems/rest-client-2.0.1/lib/restclient/request.rb:715:in `transmit'\", \"/usr/local/bundle/gems/rest-client-2.0.1/lib/restclient/request.rb:145:in `execute'\", \"/usr/local/bundle/gems/rest-client-2.0.1/lib/restclient/request.rb:52:in `execute'\", \"/usr/local/bundle/gems/rest-client-2.0.1/lib/restclient/resource.rb:67:in `post'\", \"/opt/sailpoint/lib/api.rb:77:in `block in post'\", \"/usr/local/lib/ruby/2.3.0/timeout.rb:91:in `block in timeout'\", \"/usr/local/lib/ruby/2.3.0/timeout.rb:33:in `block in catch'\", \"/usr/local/lib/ruby/2.3.0/timeout.rb:33:in `catch'\", \"/usr/local/lib/ruby/2.3.0/timeout.rb:33:in `catch'\", \"/usr/local/lib/ruby/2.3.0/timeout.rb:106:in `timeout'\", \"/opt/sailpoint/lib/api.rb:76:in `post'\", \"/opt/sailpoint/lib/api.rb:125:in `poll'\", \"/opt/sailpoint/va_agent.rb:151:in `poll_server'\", \"/opt/sailpoint/va_agent.rb:280:in `are_credentials_valid?'\", \"/opt/sailpoint/va_agent.rb:330:in `wait_for_valid_credentials'\", \"/opt/sailpoint/va_agent.rb:606:in `block in <main>'\", \"/opt/sailpoint/va_agent.rb:601:in `loop'\", \"/opt/sailpoint/va_agent.rb:601:in `<main>'\"]"}

Appreciate any help or guidance!

mpotti · July 17, 2024, 2:05pm

Can you send screen prints on your configs for your tenant? With sensitive information redacted of course.

kyle1 · July 17, 2024, 2:36pm

Hi @mpotti,

Which configurations you would like to see? It is pretty much a new tenant.

mpotti · July 17, 2024, 2:40pm

I am wondering about the cluster health and successfully joining the VA to the clusters. And if the VA’s updated properly.

jsosa · July 17, 2024, 2:42pm

Hi Kyle, just to test, can you try with

nc -zv -w5 devrel01-useast1.accessiq.sailpoint.com 443

have you tried upgrading VA?

kyle1 · July 17, 2024, 2:57pm

It’s the first VA Cluster and VA in the tenant.

kyle1 · July 17, 2024, 3:04pm

Hi @jsosa,

nc -zv -w5 devrel01-useast1.accessiq.sailpoint.com 443

have you tried upgrading VA?
Sorry, have not tried this. I have always believed SailPoint upgrades the VA. i.e. It makes continous outbound calls to receieve updates.

mpotti · July 17, 2024, 4:05pm

Here is the link to working with VA issues:

https://community.sailpoint.com/t5/IdentityNow-Connectors/Virtual-Appliance-Troubleshooting-Guide/ta-p/78735

jsosa · July 19, 2024, 1:49pm

I am not sure if this applies to Demo Tenants. Some days ago I downlaoded a Demo Tenant and did not work, to be honest I do not remember exact error that appeared on ccg.log. But after searching a while, I found that throwing some update command automagically made VA work.

I review my linux commands history, this is the command I used:

sudo update_engine_client -check_for_update

then a sudo reboot

bcariaga · July 26, 2024, 6:15pm

Hello @kyle1,

I am facing this with a new demo tenant as well. Did you ever make any headway on this? This seems to be a DNS issue - I am not able to locate that domain on any DNS Server.

patrickboston · July 28, 2024, 1:31am

I just had an issue with my second devrel tenant that I didn’t remember having when I set up my first one. It had to do with the pod name in the VA config yaml file being incorrect. Check this post out: https://developer.sailpoint.com/discuss/t/ambassadors-va-configuration-not-working/68070/27?u=patrickboston

You can check what pod your tenant is in with this endpoint: get-tenant | SailPoint Developer Community

Once I corrected the pod name it connected immediately.

mehuljogi · July 28, 2024, 5:54am

Yes, I was also facing the similar issue. So I tried changing the pod name from pod: devrel01-useast1 to pod: se01-useast1 in va-config-****.yaml and then using scp copied it to va(/home/sailpoint/config.yaml) and it worked.

kyle1 · July 28, 2024, 10:29am

Hi @bcariaga,

As Mehul suggested in this post and another -
I got it to work by changing the POD - It is a bug.

Let me know if that also works for you.

christina_gagnon · August 1, 2024, 12:43am

I have been following this VA deployment issue for Ambassador tenants and talking to the demo tenant engineering team. Thank you to @mehuljogi for sharing the workaround.

Tenants created after 4/9/2024 are in the devrel01-useast1 pod, and you should not have to change the pod name to se01-useast1 in the va-config-****.yaml file. But as many of you have seen, doing this is resolving the issue.

@bcariaga did changing the pod name resolve the issue for you as well?

mehuljogi · August 1, 2024, 7:42am

Hi @christina_gagnon ,

I’ve already reported this issue to @colin_mckibben and @derek_putnam

phil_awlings · August 2, 2024, 2:50pm

I am failing to connect too.
I had a POC tenant that was deleted 2 weeks ago and I am trying to connect back to the existing POC VAs using my new DEV tenant.
I’m getting this message irrespective of what I put at the POD:
pod: devrel01-useast1
or,
pod: se01-useast1

Nothing has changed apart from the Sailpoint tenant.
Any suggestions gratefully received.
Thanks

Phil

EDIT: I didn’t realise that I need to change the VA image on my pre-existing machine:
Identity Security Cloud Development Tenants - Ambassadors / Ambassador General Discussions - SailPoint Developer Community
So, whoops on me, and something to look at when I get back from AL.

Karthikeyan_U · August 7, 2024, 7:57am

Hi @phil_awlings ,

I had the similar issues few weeks back, finally i got worked by following the below steps

Deleted existing VM
Downloaded latest VM(Ambassador vm from the community link) and configured
Configured VA from SailPoint tenant without changing anything on the config.yaml file
Ran the following commands to update the docker images from the VA

sudo docker ps -a
sudo update_engine_client -check_for_update
sudo reboot

Hope this helps.

Thanks,
Karthi

system · October 6, 2024, 7:58am

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Test Connection is failing when uploading config.yaml file in VA ISC Discussion and Questions identity-security-cloud , virtual-appliance	7	1028	November 30, 2023
Issue with VA Image - Unable to proceed with VA Update after connecting ISC Discussion and Questions identity-security-cloud , virtual-appliance	3	1235	December 24, 2023
VA installation ISC Discussion and Questions identity-security-cloud	3	60	September 16, 2024
VA Connectivity - ---------- Daemon Stopped Normally ---------- ISC Discussion and Questions identity-security-cloud , virtual-appliance	2	436	January 14, 2024
Deploying VA to dev tenant -- dhcp bump service missing - ccg.log is missing ISC Discussion and Questions identity-security-cloud	7	71	October 8, 2024

Ambassador Tenant VA's

Here is the link to working with VA issues:

Related Topics