New VA setup only has charon and va_agent

kxreynolds · July 8, 2024, 5:00pm

Trying to set up new vm’s for VA’s. Only charon and va_agent are installed. VA setup results in successful connection but can’t do anything since the other conatiners are missing.

smukhija · July 8, 2024, 5:52pm

Hi Kevin,

Try to configure one connector with the VA and perform "Test Connection’, you should see ccg and other logs after that.

kxreynolds · July 8, 2024, 6:06pm

It’s not just the logs, the containers are missing. I tried connecting a source and got an error. I only have charon and agent containers on the server.

smukhija · July 8, 2024, 6:30pm

Do you see any error in charon.log?

After initial VA deploy, only VA Agent and Charon services will show running when you run sudo docker ps -a.
After uploading your config.yaml file for the first time, the VA will begin downloading updated service containers. This can take more than 5 minutes depending on network conditions. The CCG image alone can be 3GB+
To see in the logs which services have completed initial update/install, check charon.log.
- grep SUCCESS charon.log | grep SERVICE_SETUP
- Successful update/setup will look like this:
  {“@timestamp”:“2017-12-05 11:20:32 +0000”,“level”:“INFO”,“type”:“processor”,“message”:“Job SERVICE_SETUP ccg has FINISHED - result: SUCCESS”}
Even after ‘Test Appliance’ is successful, don’t reboot, as updates may still be continuing. Rebooting the VA may cause services to fail, disappearing from the services list. If this occurs, create a new VA image from the most recent image available from SailPoint.

kxreynolds · July 8, 2024, 6:55pm

Yes, several errors in charon log. The certificate error makes no sense since it’s the same as a different source that works sometimes.

:"Error checking credentials: Seahorse::Client::NetworkingError: SSL_connect returned=1 errno=0 peeraddr=[::ffff:146.112.61.106]:443 state=error: certificate verify failed (unable to get local issuer certificate):

and

get_authorization_token'\", \"/opt/sailpoint/lib/credential.rb:291:in are_credentials_valid’", "/opt/sailpoint/lib/credential.rb:332:in wait_for_valid_credentials'\", \"/opt/sailpoint/run.rb:101:in block in ‘", "/opt/sailpoint/run.rb:87:in loop'\", \"/opt/sailpoint/run.rb:87:in ’"]"}

smukhija · July 8, 2024, 7:48pm

Are you using proxy for VA connection? I would recommend to use the STUNT script to determine environmental network issues and escalate to Support if necessary.

smukhija · July 8, 2024, 9:02pm

This KB article suggests to redeploy VA if this is being configured for the first time -

kxreynolds · July 8, 2024, 9:42pm

Yes, I’ve tried new servers and clean setups about 20 times with the same result. Networking team checked multiple times and nothing being blocked. I’ve been back and forth with support for weeks and nobody can figure this out. Thanks for the input. Any ideas are very welcome

system · September 6, 2024, 9:42pm

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.