Partner VA issue again

Identity Security Cloud (ISC) ISC Discussion and Questions
,
1

This is me again with the same issue again,or simmilar to ( CCG in new VA not present - #19 by JackSparrow ).

I’m trying to set up my partner VA and it connect to ISC and just sits there.

when pairing I get

7:56PM ERR certs/2024/internal: Certificate expired 2026-01-04 16:26:04 +0000 UTC
7:56PM ERR certs/2024/prod: Certificate expired 2026-01-04 16:26:26 +0000 UTC
7:56PM ERR certs/2024/dev: Certificate expired 2026-01-03 21:52:12 +0000 UTC

That could be an issue.

I downloaded the VA from the page where you create ne one in the tenant.

Looks like all the dockers on my VA shutdown but it’s not restarting:

sailpoint@localhost ~/log $ sudo docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
sailpoint@localhost ~/log $

and in tenant

image
image2047×292 30.4 KB

Anyone having same issue recently?

2

try running this script on the va box to see if it can connect to the outside world to the specific required destinations.

I believe the newest VA downloads the containers after the pairing. If you are missing containers or they don’t start, I have seen this because it can’t talk to the AWS ECR site(s).

#!/bin/bash

echo "Starting SailPoint VA connectivity test..."
echo "----------------------------------------------"

# Define the list of hosts to test
# NOTE: For wildcard domains, we pick a specific, known host (e.g., 'www.')
HOSTS_TO_TEST=(
    # Flatcar (updates)
    "www.flatcar-linux.org"
    
    # SailPoint (core services)
    "api.identitynow.com"
    "www.sailpoint.com"
    "va-access.infra.identitynow.com"
    # Note: If you have a specific tenant URL like 'my-tenant.identitynow.com', add it here!
    
    # LaunchDarkly (feature flags)
    "app.launchdarkly.com" 
    
    # AWS S3 (general)
    "s3.amazonaws.com"
    
    # AWS ECR (container images)
    "api.ecr.us-east-1.amazonaws.com"
    "ecr.us-east-1.amazonaws.com"
    "874540850173.dkr.ecr.us-east-1.amazonaws.com"
    "229634586956.dkr.ecr.us-gov-west-1.amazonaws.com"
)

# Loop through each host and test it
for HOST in "${HOSTS_TO_TEST[@]}"; do
    echo -n "Testing: $HOST ... "
    
    # Use curl with -v (verbose) and -I (HEAD request)
    # Redirect stderr (verbose output) and stdout (headers) to /dev/null
    # We only care about the exit code.
    if curl -v -I "https://{$HOST}" --connect-timeout 5 &> /dev/null; then
        echo "✅ SUCCESS"
    else
        echo "❌ FAILURE"
        echo "    (Tip: Run 'curl -v https://{$HOST}' for detailed error info)"
    fi
done

echo "----------------------------------------------"
echo "Test complete."```
3

Hi @aleksander_jachowicz,

the best way to debug is using the script what @ts_fpatterson has mentioned. But what i have seen is with partner tenant if you are trying to configure in your company laptop there are always restrictions when the VA will not be able to communicate to the outside world which it needs to be done for connectivity purpose. Try configuring VA from your Local Laptop and see if it is able to connect. You might need to reach out to you network team for firwall related issue