Not able to setup new VA in developer tenant

Hi All,

Need you help with setting up the new VA in Developer tenant. I tried this 1 year back, but when i tried the same step now it not working for me.

• What have you tried?
  Note: For VA image, I have downloaded the special image and also the VA image in admin doc, not from the UI.

https://developer.sailpoint.com/discuss/t/va-for-dev-tenant-does-not-connect-to-any-local-resource/98268/5
https://developer.sailpoint.com/discuss/t/new-va-not-installing-in-devrel-tenant/91793/21

• What errors did you face (share screenshots)?
  No error; able to see the VA is connected. But the CCG version, or CCG, is not downloading even after 2-4 hrs.

Hello,

Kindly check whether respective Sailpoint specific endpoints are reachable from your VA

Not sure about that. Can I know what endpoints I need to test? Also note that below are the things I have checked.

• I have used VMWare to import the VA.
• I have used the Bridged>>Replicate settings for Network.
• After import, I have set the static ip address and reboot the VA
• Next I have to go to the ISC UI and create a new cluster >> Add new VA
• Then I generated the pair code using va-bootstrap set-passphrase -t demo and applied the pair code; it got success.
• Waited for 1 hour to get the CCG file, but it did not get started or downloaded even after 4 hours.

What am I missing here? I have tried with the special image from the ambassador page, the VA image in the admin doc, and the VA image in the UI when adding the new VA.

Hello,

Based on what you’ve described, the CCG not downloading is almost always a connectivity issue between the VA and SailPoint’s cloud endpoints. Here are the key endpoints your VA needs outbound access to on port 443:

• ccg.identitynow.com
• .identitynow.com
• .api.identitynow.com
• dt.sailpoint.com
• pkg.sailpoint.com (for CCG binary downloads)

I followed the below steps to resolve the CCG-related issue:

1. Performed a VA reset using va-bootstrap reset.
2. Removed the old VA from the tenant and reconfigured it with the new tenant, which successfully resolved the issue.

Tried getting the below error.

Hey @jeyan I have tried this several times before but no luck.

When I try sudo docker images, below is the result: no CCG after 2 hours.

image747×330 2.9 KB

Hi @Santhakumar

I have setup VA for my ISC developer tenant. It worked fine. If you are using VMWare then it should work fine. As I have integrated multiple VA’s that are deployed in my VMWare/VirtualBox with SailPoint ISC Developer tenant.

Please let me know if you need any help. Happy to connect and fix the issue.

Hey @msingh900. Can I know which VA image you have downloaded?

I have downloaded the image from the SailPoint ISC portal when you try to create a cluster and add a VA inside it.

I have tried that VA image but no luck. No ccg file downloaded or not found.

Is your VA not showing as connected in the ISC portal ?

@Santhakumar Which ccg file you are looking for ?

It says “connected.” But when I try to create a webservice source with VA, the test connection shows Timeout.

image1457×433 15.9 KB

Able to reach the URL from VA itself.

You need to increase the timeout. As I can see when you are pinging the host, it takes some amount of time.

Try doing test connection multiple times even if the first test connection fails.

Also, You mentioned that you are using WebService. Can you please share the Test Connection HTTP Operation details.

Note: I have used OAuth 2.0 as the authentication type.

image1270×630 17.4 KB

image1258×448 12.1 KB

Increased the timeout to 200 and tried the test connection 6 times.

Have you tried the same test connection config in postman? Is that working over there in postman.