SailPoint VA Privileged Cluster – VA Stuck in Draft State After Re-Pairing

krunal_sshah · July 17, 2025, 12:41pm

Hello everyone,

We’re encountering an issue while deploying a SailPoint VA (Virtual Appliance) in a privileged cluster setup and are seeking advice or suggestions from anyone who has faced a similar situation.

Background:

We created a privileged cluster and downloaded the VA image from the UI.
The VA was deployed using this image, and everything initially worked fine — the cluster was live and healthy.
However, after about 24 hours, we lost connectivity with the VA.
There were no helpful details in the logs, and the VA appeared unresponsive.

Recovery Steps Taken:

We decided to reset and re-pair the VA by performing the following steps in order:

va-bootstrap reset
Deleted the old VA from the UI and created a new one
va-bootstrap set-passphrase
va-bootstrap pair

We received a “successful pairing” message in the UI, which instructed us to wait up to 30 minutes for provisioning.

Current Issue:

It’s now been over 4 hours, but the VA is still stuck in the “Draft” state.

There’s no progress or clear errors, and we’re not sure what the next steps should be.

Has anyone experienced something similar with:

VA stuck in Draft state after re-pairing?
Unexpected loss of connectivity after initial successful deployment?

Any insights, troubleshooting tips, or guidance on what might be going wrong (or how to proceed) would be highly appreciated.

Thanks in advance!

HussainshaSyed001 · July 17, 2025, 1:13pm

I suggest please start building from scratch. If your using any cloud delete existing bucket and re import va image in a newly created bucket and start build image as per sailpoint documentaion. Then it will work

vishal_kejriwal1 · July 17, 2025, 1:19pm

I had a very similar type of problem , I can’t keep on creating new VA evertime , raised the ticket with sailpoint and they fixed it from backend.

krunal_sshah · July 17, 2025, 1:24pm

Thanks @HussainshaSyed001 : We will keep it as a last option.

krunal_sshah · July 17, 2025, 1:25pm

Thank you @vishal_kejriwal1 , did they explain what was the reason it did not pair.?

vishal_kejriwal1 · July 17, 2025, 7:18pm

most of the times i see we have not to much exposer to what is going behind the scene unlike iiq.

krunal_sshah · August 12, 2025, 7:39am

We had a support case for this issues. We could get our network team and sailpoint support in joint troubleshooting session.

The reason we found for VAs being corrupted is after VA is installed, it tries to upgrade to latest image. Due to Firewall issues it could not connect to aws to fetch latest image. Even though we had all fireall openings performed as per Sailpoint documentation, the support team informed us that for some customers wildcard firewall settings does not work. Our firewall setup appeared to be one of those.

After we received specific URLs and firewalls opened for them we could get VA upgraded and connected.

Topic		Replies	Views
VA is already paired message while setting up VA ISC Discussion and Questions identity-security-cloud	5	465	December 6, 2024
VA not able to connect ISC Discussion and Questions identity-security-cloud , virtual-appliance	6	160	July 29, 2025
Enhancement: Improved VA Setup Process! Product News identity-security-cloud , connectors , virtual-appliance , new-enhancement	19	1339	March 19, 2025
I have installed VA in the Azure environment, but when I try to create source I cant see my cluster ISC Discussion and Questions identity-security-cloud , virtual-appliance , virtual-appliance-cluster	13	478	June 17, 2024
Not able to connect to a VA ISC Discussion and Questions identity-security-cloud , virtual-appliance	15	2171	May 14, 2024

SailPoint VA Privileged Cluster – VA Stuck in Draft State After Re-Pairing

Background:

Recovery Steps Taken:

Current Issue:

Has anyone experienced something similar with:

Related topics