Ambassador VA Tenant - Direct Connection Source Failure

Hello Everyone ,

For Ambassadors tenant provided I am unable to make any test connection for direct connection sources . Facing timeout issues . I used special VA image and changed pod to se01 as per this discussions .

Any leads ?

This doesn’t really tell us much to be able to help you unfortunately.

Is your VA showing up as online and connected?

Was your ambassador tenant a barebones one or pre-configured?

What source are you trying to connect to?

You can check the network connectivity by using the toolbox:

tb start
tb session
nc -zv -w 5 <IP/Hostname> <Port>

This should show if your VA has access to your target system.

If you can connect to your target system, you can also try increasing the timeout from the source through VSCode or PostMan.

Hey Adam ,

Thank you for your reply.
Yes , the VA is in connected status . (This happened only after changing pod in config.yaml).
The tenant is a barebones tenant .
I tried to connect to a webservice and AD , both returned the same error .
(The above source are working fine when tested with other tenants)

Additional Checks:
Increased healthchecktimeout
CCG service is active
logs are not generating while testing connection
No active jobs
All services are up and running ,
Port number test is succeeded.

One unusual activity noticed is that VA cluster shows VA update is in progress
image
while the VA in the cluster is in connected state:

Thank you.

Hi @agutschow ,

Port test is done . Port test is succeeded .
But the source connection is failing.

Thank you .

1 Like

@sidharth_tarlapally

Are you still getting the Timeout waiting for message 1 error?

If so, check your ccg.log to see if there might be an error with your keystore like:

@agutschow

I am still facing the timeout issue .
I cannot see the mentioned error in the ccg log .
Anyways , I have deployed a new cluster and new VA, I can see VA connected properly and cluster status is fine as well .
The following is the error log in ccg.

{
  "stack": "ccg",
  "pod": "se01-useast1",
  "connector-logging": "150",
  "clusterId": "4b11584a2b6d43409b49400d4635c3d7",
  "buildNumber": "937",
  "apiUsername": "b0966a8d-d809-4daf-9a1b-40f46a3569f6",
  "orgType": "",
  "file": "ResponseProcessCookies.java",
  "encryption": "1266",
  "connector-bundle-identityiq": "206",
  "line_number": 130,
  "@version": 1,
  "cloud-modules-api": "1477",
  "logger_name": "org.apache.http.client.protocol.ResponseProcessCookies",
  "mantis-client": "1266",
  "class": "org.apache.http.client.protocol.ResponseProcessCookies",
  "atlas-api": "1823",
  "va-gateway-client": "46",
  "tracing": "1391",
  "clientId": "b0966a8d-d809-4daf-9a1b-40f46a3569f6",
  "source_host": "cdae0c4cb9b2",
  "method": "processCookies",
  "org": "devrel-ga-12120",
  "level": "WARN",
  "IdentityIQ": "8.3p4 Build 1527a593753-20230805-223436",
  "message": "Invalid cookie header: \"Set-Cookie: AWSALBTGCORS=mzzfEdMyL2v1iU\/Cc32yE0mCanneHn1Nma9p6KSvx3EjKz4J0vI\/QqoUaoSCQ4n+2PoN8+AbR9JalIoI+SpfgCEJUz0xJOJk0kWpzkVdWGfY1j64U+vcsW\/uTpWO00uCEeiEwiTDPgOIjcdhTgP8e947ryZJC2d51JJzK27FatSn; Expires=Wed, 25 Sep 2024 07:01:51 GMT; Path=\/; SameSite=None; Secure\". Invalid 'expires' attribute: Wed, 25 Sep 2024 07:01:51 GMT",
  "pipeline": "1266",
  "@timestamp": "2024-09-18T07:01:51.425Z",
  "thread_name": "Thread-2",
  "atlas-util": "1823",
  "metrics": "1266",
  "region": "us-east-1",
  "queue": "devrel01-useast1-devrel-ga-12120-cluster-4b11584a2b6d",
  "SCIM Common": "8.0 Build 00b1f252d1b-20200225-190809"
}

Thank you

What connector are you using?

I see in your original post you stated you were using web services and AD.

To eliminate the possibility of the VA being the issue, have you tried using the SaaS-based web services connector?

I am using AD and Web services

I’m seeking to establish test instances for generic connectors within the development tenant to facilitate a more comprehensive understanding of application onboarding. While web services can be temporarily disregarded, I anticipate the necessity of utilizing VAs for non-SaaS connectors

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.