Cloud VA Deployment with AWS

Hi Everyone, we’re in the process of configuring an additional VA. Initially, after pairing, the UI displays “VA CCG Version Unavailable,” even though the status shows as connected. However, after a day, the same message persists, and we’re unable to use this new VA in a target source.

image1885×414 92.7 KB

We attempted to call the new VA to a source and tried testing the connection, but an error indicated a connection timeout.

Next action, we attempted a va-bootstrap reset and tried to pair again through the UI. Unfortunately, after this, we can’t add the new VA because it indicates that “VA is already paired.” Now, we’re unable to add the new VA in the UI, and the previous configuration for it has disappeared from the interface.

image1805×269 46.8 KB

Has anyone else encountered this issue? I’d really appreciate any help or advice.

Thanks

I was able to add new VA in the UI. However I was back to my first problem which is the “VA CCG Version Unavailable”

image1908×532 38.2 KB

Hi @Rpalos ,

You can also try restart ccg service on VAs and wait to see if the ccg Version gets updated on IDN.

If that doesnt help, you can once try with rebooting the VA using command sudo reboot or restart the VA directly from UI.

Also, You can try GET /beta/managed-clusters API from postman to see if ccgVersion is included in the response ( get-managed-cluster | SailPoint Developer Community)

Thanks,
Shailee

Hi @shaileeM,

Thanks for the reply

Unfortunately, we’ve already attempted the following steps, but the issue persists

1. Restarted the CCG service
2. Rebooted the VA from the backend
3. Restarted the VA Cluster via the UI

The CCG version is also included in the API response.

@Rpalos please try to connect one source and see if the ccg version comes up if not then you can check with sailpoint support and get an updated version of ccg image and try again

Hi @Rpalos ,

Also, you can check /home/sailpoint/log/charon.log & /home/sailpoint/log/ccg.log logs on VA and CCG service.

This Virtual Appliance Troubleshooting Guide - Compass (sailpoint.com) will be helpful for deep dive debugging.

Thanks,
Shailee

Hi @schattopadhy,

Thanks for the reply

I also tried using the new VA with a target source, but it returned a “connection timeout” error. Then, I checked the VA CCG version, and it is still unavailable.

Hi @shaileeM

Sure thing! I’ve looked into this as well.

Thanks

Also, one thing I observed, the ccg service keep on dropping. Every time I restarted, the status is ACTIVE. but in a few minutes, it change to “ACTIVATING”

Hi @Rpalos ,

I believe the ccg service is still in progress for an update/upgrade. You might have to wait a while and check tomorrow if it has stabilized.

Alternately, you can open a support case to check with support engineers about ccg service health.

Hope this helps.

Thanks,
Shailee

Hello,

I faced this kind of an issue but not the exact scenario. In the production tenant, the VA Cluster was in Inactive state and both VAs were paired but in Unhealthy State. We raised the SailPoint Ticket and eventually, the issue was not resolved but at least the connections were working with downstream and upstream sources.

After couple of months, the entire VA Cluster was automatically emptied and both VAs were deleted from CLUSTER, though that VA CLUSTER was used by nearly 80 sources. Note that our VAs were hosted over on-premise servers and then, because of this issue, we migrated to AWS.

Its very strange that you are facing this issue on AWS because the VA images that SailPoint shares are fairly stable.

I would recommend you to connect with SailPoint Support and do the following.

1. Provide them the entire data generated post execution of stunt.sh script on VAs.
2. Meanwhile, Ask SailPoint to push the latest VA Image on your AWS Account Number for respective organization
3. Re-Create the VAs using new image shared by them.

I think there is high possibility that VA image that you were using could have an issue or it was corrupted.

Thank You,

Regards,
Rohit.