"Unable to authenticate with SailPoint" error message during VA setup

Hello,

I’m trying to setup a VA. I did the following actions:

  1. Download va-latest image file.
  2. Import it into VMWare workstation
  3. Downloaded the VA config file
  4. Copied the VA config file into the VA
  5. Test connection failed

When I look into the va_agent.log I have the following stacktrace error:

{"@timestamp":"2024-04-05T09:42:30.075","level":"INFO","type":"agent","message":"checking credentials"}
{"@timestamp":"2024-04-05T09:42:30.076","level":"DEBUG","type":"agent","message":"found credentials"}
{"@timestamp":"2024-04-05T09:42:30.077","level":"INFO","type":"api","message":"Initializing connection to SailPoint API at https://stg01-useast1.accessiq.sailpoint.com/partner07"}
{"@timestamp":"2024-04-05T09:42:30.077","level":"DEBUG","type":"api","message":"Falling back to cc poll: {\"status\":\"NORMAL\",\"hostname\":\"sailpoint-va\",\"internal_ip\":\"192.168.52.130\",\"cookbook_etag\":null,\"ccg_etag\":null,\"ccg_pin\":\"NONE\",\"platform_version\":2,\"os_version\":null,\"os_type\":null,\"hypervisor\":null,\"product\":\"idn\",\"tunnel_traffic\":null,\"disk_percent_used\":{},\"disk_free_mb\":{},\"docker_versions\":{},\"stacktrace\":null}"}
{"@timestamp":"2024-04-05T09:42:30.156","level":"ERROR","type":"api","message":"api.post: RestClient::SSLCertificateNotVerified: SSL_connect returned=1 errno=0 peeraddr=54.84.232.103:443 state=error: certificate verify failed (self-signed certificate in certificate chain): [\"/usr/local/bundle/gems/rest-client-2.1.0/lib/restclient/request.rb:776:in `rescue in transmit'\", \"/usr/local/bundle/gems/rest-client-2.1.0/lib/restclient/request.rb:651:in `transmit'\", \"/usr/local/bundle/gems/rest-client-2.1.0/lib/restclient/request.rb:163:in `execute'\", \"/usr/local/bundle/gems/rest-client-2.1.0/lib/restclient/request.rb:63:in `execute'\", \"/usr/local/bundle/gems/rest-client-2.1.0/lib/restclient/resource.rb:69:in `post'\", \"/opt/sailpoint/lib/api.rb:78:in `block in post'\", \"/usr/local/lib/ruby/3.2.0/timeout.rb:189:in `block in timeout'\", \"/usr/local/lib/ruby/3.2.0/timeout.rb:36:in `block in catch'\", \"/usr/local/lib/ruby/3.2.0/timeout.rb:36:in `catch'\", \"/usr/local/lib/ruby/3.2.0/timeout.rb:36:in `catch'\", \"/usr/local/lib/ruby/3.2.0/timeout.rb:198:in `timeout'\", \"/opt/sailpoint/lib/api.rb:77:in `post'\", \"/opt/sailpoint/lib/api.rb:177:in `poll'\", \"/opt/sailpoint/va_agent.rb:130:in `poll_server'\", \"/opt/sailpoint/va_agent.rb:260:in `are_credentials_valid?'\", \"/opt/sailpoint/va_agent.rb:310:in `wait_for_valid_credentials'\", \"/opt/sailpoint/va_agent.rb:590:in `block in <main>'\", \"/opt/sailpoint/va_agent.rb:585:in `loop'\", \"/opt/sailpoint/va_agent.rb:585:in `<main>'\"]"}
{"@timestamp":"2024-04-05T09:42:30.157","level":"ERROR","type":"agent","message":"Poll error: client info response NIL"}
{"@timestamp":"2024-04-05T09:42:30.157","level":"ERROR","type":"agent","message":"Unable to authenticate with SailPoint."}

If anyone can help me find the solution, I will be very grateful.
Thank you in advance for your help.

Regards,
MathieuG

where you are trying to setup in local? please wait for around 5 to 10 min before you test connection as it downloads certain components

Yes I’m trying to setup in local. Even after 10-15 min I’m unable to connect the VA.
In the charon.log file I can find theses logs:

2024-04-05T09:35:25Z 742d8154a8ce /usr/local/bin/confd[22]: INFO Target config /opt/sailpoint/workflow/jobs/SYSTEM_EXEC out of sync
2024-04-05T09:35:25Z 742d8154a8ce /usr/local/bin/confd[22]: INFO Target config /opt/sailpoint/workflow/jobs/SYSTEM_EXEC has been updated
{"@timestamp":"2024-04-05T09:35:25.318","level":"INFO","type":"gateway","message":"Generating new CSR for OU=stg01-useast1|partner07,CN=fc7cec1c-7ff1-4749-976a-edbcc1b2e553"}
{"@timestamp":"2024-04-05T09:35:25.318","level":"DEBUG","type":"gateway","message":"Running /usr/bin/openssl req -new -out /opt/sailpoint/share/secure/va-gateway.csr -newkey rsa:2048 -nodes -sha256 -keyout /opt/sailpoint/share/secure/va-gateway.key -config /opt/sailpoint/share/secure/va-gateway.cnf"}
{"@timestamp":"2024-04-05T09:35:26.019","level":"DEBUG","type":"api","message":"POST https://partner07.api.identitynow.com/oauth/token?grant_type=client_credentials: 200"}
{"@timestamp":"2024-04-05T09:35:27.353","level":"DEBUG","type":"api","message":"POST https://partner07.api.identitynow.com/beta/managed-clients/fc7cec1c-7ff1-4749-976a-edbcc1b2e553/certificates: 200"}
{"@timestamp":"2024-04-05T09:35:27.354","level":"INFO","type":"gateway","message":"Wrote /opt/sailpoint/share/secure/va-gateway.crt, serial 307299915016225891827432658765390442440, not before 2024-04-05 08:35:26 UTC, not after 2025-04-03 09:35:26 UTC"}
{"@timestamp":"2024-04-05T09:35:27.354","level":"ERROR","type":"gateway","message":"Error refreshing va gateway certificate: NoMethodError undefined method `length' for nil:NilClass [\"/opt/sailpoint/lib/v2/gateway.rb:178:in `export_to_pkcs12'\", \"/opt/sailpoint/lib/v2/gateway.rb:37:in `refresh_certificate'\", \"/opt/sailpoint/lib/v2/s3.rb:87:in `va_cli_env'\", \"/opt/sailpoint/lib/configuration.rb:290:in `check_proxy'\", \"/opt/sailpoint/run.rb:74:in `block in <main>'\", \"/opt/sailpoint/run.rb:65:in `loop'\", \"/opt/sailpoint/run.rb:65:in `<main>'\"]"}
{"@timestamp":"2024-04-05T09:35:29.450","level":"ERROR","type":"configuration","message":"Networking check results - Could not reach app.datadoghq.com: SSL_connect returned=1 errno=0 peeraddr=3.233.150.210:443 state=error: certificate verify failed (self-signed certificate in certificate chain)\n[\"/usr/local/lib/ruby/3.2.0/net/protocol.rb:46:in `connect_nonblock'\", \"/usr/local/lib/ruby/3.2.0/net/protocol.rb:46:in `ssl_socket_connect'\", \"/usr/local/lib/ruby/3.2.0/net/http.rb:1342:in `connect'\", \"/usr/local/lib/ruby/3.2.0/net/http.rb:1248:in `do_start'\", \"/usr/local/lib/ruby/3.2.0/net/http.rb:1237:in `start'\", \"/usr/local/lib/ruby/3.2.0/net/http.rb:1817:in `request'\", \"/usr/local/lib/ruby/3.2.0/net/http.rb:1575:in `get'\", \"/opt/sailpoint/lib/configuration.rb:654:in `block in check_networking'\", \"/opt/sailpoint/lib/configuration.rb:650:in `each'\", \"/opt/sailpoint/lib/configuration.rb:650:in `check_networking'\", \"/opt/sailpoint/run.rb:75:in `block in <main>'\", \"/opt/sailpoint/run.rb:65:in `loop'\", \"/opt/sailpoint/run.rb:65:in `<main>'\"]"}
{"@timestamp":"2024-04-05T09:35:29.513","level":"ERROR","type":"configuration","message":"Networking check results - Could not reach fiji.identitynow.com: SSL_connect returned=1 errno=0 peeraddr=52.87.64.115:443 state=error: certificate verify failed (self-signed certificate in certificate chain)\n[\"/usr/local/lib/ruby/3.2.0/net/protocol.rb:46:in `connect_nonblock'\", \"/usr/local/lib/ruby/3.2.0/net/protocol.rb:46:in `ssl_socket_connect'\", \"/usr/local/lib/ruby/3.2.0/net/http.rb:1342:in `connect'\", \"/usr/local/lib/ruby/3.2.0/net/http.rb:1248:in `do_start'\", \"/usr/local/lib/ruby/3.2.0/net/http.rb:1237:in `start'\", \"/usr/local/lib/ruby/3.2.0/net/http.rb:1817:in `request'\", \"/usr/local/lib/ruby/3.2.0/net/http.rb:1575:in `get'\", \"/opt/sailpoint/lib/configuration.rb:654:in `block in check_networking'\", \"/opt/sailpoint/lib/configuration.rb:650:in `each'\", \"/opt/sailpoint/lib/configuration.rb:650:in `check_networking'\", \"/opt/sailpoint/run.rb:75:in `block in <main>'\", \"/opt/sailpoint/run.rb:65:in `loop'\", \"/opt/sailpoint/run.rb:65:in `<main>'\"]"}
{"@timestamp":"2024-04-05T09:35:30.060","level":"ERROR","type":"configuration","message":"Networking check results - Could not reach public.update.flatcar-linux.net: SSL_connect returned=1 errno=0 peeraddr=3.78.9.162:443 state=error: certificate verify failed (self-signed certificate in certificate chain)\n[\"/usr/local/lib/ruby/3.2.0/net/protocol.rb:46:in `connect_nonblock'\", \"/usr/local/lib/ruby/3.2.0/net/protocol.rb:46:in `ssl_socket_connect'\", \"/usr/local/lib/ruby/3.2.0/net/http.rb:1342:in `connect'\", \"/usr/local/lib/ruby/3.2.0/net/http.rb:1248:in `do_start'\", \"/usr/local/lib/ruby/3.2.0/net/http.rb:1237:in `start'\", \"/usr/local/lib/ruby/3.2.0/net/http.rb:1817:in `request'\", \"/usr/local/lib/ruby/3.2.0/net/http.rb:1575:in `get'\", \"/opt/sailpoint/lib/configuration.rb:654:in `block in check_networking'\", \"/opt/sailpoint/lib/configuration.rb:650:in `each'\", \"/opt/sailpoint/lib/configuration.rb:650:in `check_networking'\", \"/opt/sailpoint/run.rb:75:in `block in <main>'\", \"/opt/sailpoint/run.rb:65:in `loop'\", \"/opt/sailpoint/run.rb:65:in `<main>'\"]"}
{"@timestamp":"2024-04-05T09:35:30.116","level":"ERROR","type":"configuration","message":"Networking check results - Could not reach sqs.us-east-1.amazonaws.com: SSL_connect returned=1 errno=0 peeraddr=3.239.232.53:443 state=error: certificate verify failed (self-signed certificate in certificate chain)\n[\"/usr/local/lib/ruby/3.2.0/net/protocol.rb:46:in `connect_nonblock'\", \"/usr/local/lib/ruby/3.2.0/net/protocol.rb:46:in `ssl_socket_connect'\", \"/usr/local/lib/ruby/3.2.0/net/http.rb:1342:in `connect'\", \"/usr/local/lib/ruby/3.2.0/net/http.rb:1248:in `do_start'\", \"/usr/local/lib/ruby/3.2.0/net/http.rb:1237:in `start'\", \"/usr/local/lib/ruby/3.2.0/net/http.rb:1817:in `request'\", \"/usr/local/lib/ruby/3.2.0/net/http.rb:1575:in `get'\", \"/opt/sailpoint/lib/configuration.rb:654:in `block in check_networking'\", \"/opt/sailpoint/lib/configuration.rb:650:in `each'\", \"/opt/sailpoint/lib/configuration.rb:650:in `check_networking'\", \"/opt/sailpoint/run.rb:75:in `block in <main>'\", \"/opt/sailpoint/run.rb:65:in `loop'\", \"/opt/sailpoint/run.rb:65:in `<main>'\"]"}
{"@timestamp":"2024-04-05T09:35:30.173","level":"ERROR","type":"configuration","message":"Networking check results - Could not reach fiji.accessiq.sailpoint.com: SSL_connect returned=1 errno=0 peeraddr=52.20.115.131:443 state=error: certificate verify failed (self-signed certificate in certificate chain)\n[\"/usr/local/lib/ruby/3.2.0/net/protocol.rb:46:in `connect_nonblock'\", \"/usr/local/lib/ruby/3.2.0/net/protocol.rb:46:in `ssl_socket_connect'\", \"/usr/local/lib/ruby/3.2.0/net/http.rb:1342:in `connect'\", \"/usr/local/lib/ruby/3.2.0/net/http.rb:1248:in `do_start'\", \"/usr/local/lib/ruby/3.2.0/net/http.rb:1237:in `start'\", \"/usr/local/lib/ruby/3.2.0/net/http.rb:1817:in `request'\", \"/usr/local/lib/ruby/3.2.0/net/http.rb:1575:in `get'\", \"/opt/sailpoint/lib/configuration.rb:654:in `block in check_networking'\", \"/opt/sailpoint/lib/configuration.rb:650:in `each'\", \"/opt/sailpoint/lib/configuration.rb:650:in `check_networking'\", \"/opt/sailpoint/run.rb:75:in `block in <main>'\", \"/opt/sailpoint/run.rb:65:in `loop'\", \"/opt/sailpoint/run.rb:65:in `<main>'\"]"}
{"@timestamp":"2024-04-05T09:35:30.173","level":"INFO","type":"configuration","message":"Networking check results:\napp.datadoghq.com => ERROR\nfiji.identitynow.com => ERROR\nops-fiji.api.identitynow.com => PASS\npublic.update.flatcar-linux.net => ERROR\nsqs.us-east-1.amazonaws.com => ERROR\nfiji.accessiq.sailpoint.com => ERROR"}```

check if curl -i htttps://yourtenanturl
gives any output if yes let me know

Yes I have output :
sailpoint@sailpoint-va ~/log $ curl -i https://partner07.identitynow.com

HTTP/2 302
date: Fri, 05 Apr 2024 11:50:25 GMT
content-length: 0
location: https://partner07.identitynow.com/ui
set-cookie: AWSALB=QCZoyh78ArHTYSI4Ow3OsZX3vmltk1Wbeo5JZMc6JexYY9gdiO3/PclsSjtxWpZPhMh3t3LLsh631dU9H35gEAvN8RR3TQ1L7rdc4nToJapdOdWbWLy5ztkcHfV6; Expires=Fri, 12 Apr 2024 11:50:25 GMT; Path=/
slpt-request-id: 7e4d4e3a-8540-4883-be7d-eeeedc538d29
content-security-policy: default-src 'none'; base-uri 'self'; form-action 'none'; frame-ancestors 'none';
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
referrer-policy: no-referrer
x-frame-options: sameorigin
strict-transport-security: max-age=31536000; includeSubDomains
permissions-policy: camera=(), display-capture=(), fullscreen=(), geolocation=(), microphone=(), web-share=(),
x-robots-tag: noindex
cf-cache-status: DYNAMIC
set-cookie: AWSALBCORS=QCZoyh78ArHTYSI4Ow3OsZX3vmltk1Wbeo5JZMc6JexYY9gdiO3/PclsSjtxWpZPhMh3t3LLsh631dU9H35gEAvN8RR3TQ1L7rdc4nToJapdOdWbWLy5ztkcHfV6; Expires=Fri, 12 Apr 2024 11:50:25 GMT; Path=/; SameSite=None; Secure
set-cookie: CCSESSIONID=EE828AC832D6F7956A48006574919CCE; Path=/; Secure; HttpOnly
set-cookie: __cf_bm=LHFyHqofEtZ6FTyfEjh4utSpcYUr7kEHVdTKLf5SBeQ-1712317825-1.0.1.1-Z6f3CdPbRSmjsZI2RdJfH1V3HV6nwn9wAGbu00Da9UT4qLh.B7ckoJ6eqa2Px69.H_uCJuVciXp_Rys3YAbWUg; path=/; expires=Fri, 05-Apr-24 12:20:25 GMT; domain=.identitynow.com; HttpOnly; Secure; SameSite=None
server: cloudflare
cf-ray: 86f95204ed0311a5-MRS```

Hi everyone,
I’m still trying to find a solution for this issue.
In the charon.log file I have the following errors:

{"@timestamp":"2024-04-08 08:47:02 +0000","level":"ERROR","type":"configuration","message":"Networking check results - Could not reach app.datadoghq.com: SSL_connect returned=1 errno=0 state=error: certificate verify failed\n[\"/usr/local/lib/ruby/2.3.0/net/protocol.rb:44:in `connect_nonblock'\", \"/usr/local/lib/ruby/2.3.0/net/protocol.rb:44:in `ssl_socket_connect'\", \"/usr/local/lib/ruby/2.3.0/net/http.rb:928:in `connect'\", \"/usr/local/lib/ruby/2.3.0/net/http.rb:863:in `do_start'\", \"/usr/local/lib/ruby/2.3.0/net/http.rb:852:in `start'\", \"/usr/local/lib/ruby/2.3.0/net/http.rb:1384:in `request'\", \"/usr/local/lib/ruby/2.3.0/net/http.rb:1142:in `get'\", \"/opt/sailpoint/lib/configuration.rb:689:in `block in check_networking'\", \"/opt/sailpoint/lib/configuration.rb:685:in `each'\", \"/opt/sailpoint/lib/configuration.rb:685:in `check_networking'\", \"/opt/sailpoint/run.rb:69:in `block in <main>'\", \"/opt/sailpoint/run.rb:59:in `loop'\", \"/opt/sailpoint/run.rb:59:in `<main>'\"]"}
{"@timestamp":"2024-04-08 08:47:02 +0000","level":"ERROR","type":"configuration","message":"Networking check results - Could not reach fiji.identitynow.com: SSL_connect returned=1 errno=0 state=error: certificate verify failed\n[\"/usr/local/lib/ruby/2.3.0/net/protocol.rb:44:in `connect_nonblock'\", \"/usr/local/lib/ruby/2.3.0/net/protocol.rb:44:in `ssl_socket_connect'\", \"/usr/local/lib/ruby/2.3.0/net/http.rb:928:in `connect'\", \"/usr/local/lib/ruby/2.3.0/net/http.rb:863:in `do_start'\", \"/usr/local/lib/ruby/2.3.0/net/http.rb:852:in `start'\", \"/usr/local/lib/ruby/2.3.0/net/http.rb:1384:in `request'\", \"/usr/local/lib/ruby/2.3.0/net/http.rb:1142:in `get'\", \"/opt/sailpoint/lib/configuration.rb:689:in `block in check_networking'\", \"/opt/sailpoint/lib/configuration.rb:685:in `each'\", \"/opt/sailpoint/lib/configuration.rb:685:in `check_networking'\", \"/opt/sailpoint/run.rb:69:in `block in <main>'\", \"/opt/sailpoint/run.rb:59:in `loop'\", \"/opt/sailpoint/run.rb:59:in `<main>'\"]"}
{"@timestamp":"2024-04-08 08:47:04 +0000","level":"ERROR","type":"configuration","message":"Networking check results - Could not reach public.update.flatcar-linux.net: SSL_connect returned=1 errno=0 state=error: certificate verify failed\n[\"/usr/local/lib/ruby/2.3.0/net/protocol.rb:44:in `connect_nonblock'\", \"/usr/local/lib/ruby/2.3.0/net/protocol.rb:44:in `ssl_socket_connect'\", \"/usr/local/lib/ruby/2.3.0/net/http.rb:928:in `connect'\", \"/usr/local/lib/ruby/2.3.0/net/http.rb:863:in `do_start'\", \"/usr/local/lib/ruby/2.3.0/net/http.rb:852:in `start'\", \"/usr/local/lib/ruby/2.3.0/net/http.rb:1384:in `request'\", \"/usr/local/lib/ruby/2.3.0/net/http.rb:1142:in `get'\", \"/opt/sailpoint/lib/configuration.rb:689:in `block in check_networking'\", \"/opt/sailpoint/lib/configuration.rb:685:in `each'\", \"/opt/sailpoint/lib/configuration.rb:685:in `check_networking'\", \"/opt/sailpoint/run.rb:69:in `block in <main>'\", \"/opt/sailpoint/run.rb:59:in `loop'\", \"/opt/sailpoint/run.rb:59:in `<main>'\"]"}
{"@timestamp":"2024-04-08 08:47:04 +0000","level":"ERROR","type":"configuration","message":"Networking check results - Could not reach sqs.us-east-1.amazonaws.com: SSL_connect returned=1 errno=0 state=error: certificate verify failed\n[\"/usr/local/lib/ruby/2.3.0/net/protocol.rb:44:in `connect_nonblock'\", \"/usr/local/lib/ruby/2.3.0/net/protocol.rb:44:in `ssl_socket_connect'\", \"/usr/local/lib/ruby/2.3.0/net/http.rb:928:in `connect'\", \"/usr/local/lib/ruby/2.3.0/net/http.rb:863:in `do_start'\", \"/usr/local/lib/ruby/2.3.0/net/http.rb:852:in `start'\", \"/usr/local/lib/ruby/2.3.0/net/http.rb:1384:in `request'\", \"/usr/local/lib/ruby/2.3.0/net/http.rb:1142:in `get'\", \"/opt/sailpoint/lib/configuration.rb:689:in `block in check_networking'\", \"/opt/sailpoint/lib/configuration.rb:685:in `each'\", \"/opt/sailpoint/lib/configuration.rb:685:in `check_networking'\", \"/opt/sailpoint/run.rb:69:in `block in <main>'\", \"/opt/sailpoint/run.rb:59:in `loop'\", \"/opt/sailpoint/run.rb:59:in `<main>'\"]"}
{"@timestamp":"2024-04-08 08:47:04 +0000","level":"ERROR","type":"configuration","message":"Networking check results - Could not reach fiji.accessiq.sailpoint.com: SSL_connect returned=1 errno=0 state=error: certificate verify failed\n[\"/usr/local/lib/ruby/2.3.0/net/protocol.rb:44:in `connect_nonblock'\", \"/usr/local/lib/ruby/2.3.0/net/protocol.rb:44:in `ssl_socket_connect'\", \"/usr/local/lib/ruby/2.3.0/net/http.rb:928:in `connect'\", \"/usr/local/lib/ruby/2.3.0/net/http.rb:863:in `do_start'\", \"/usr/local/lib/ruby/2.3.0/net/http.rb:852:in `start'\", \"/usr/local/lib/ruby/2.3.0/net/http.rb:1384:in `request'\", \"/usr/local/lib/ruby/2.3.0/net/http.rb:1142:in `get'\", \"/opt/sailpoint/lib/configuration.rb:689:in `block in check_networking'\", \"/opt/sailpoint/lib/configuration.rb:685:in `each'\", \"/opt/sailpoint/lib/configuration.rb:685:in `check_networking'\", \"/opt/sailpoint/run.rb:69:in `block in <main>'\", \"/opt/sailpoint/run.rb:59:in `loop'\", \"/opt/sailpoint/run.rb:59:in `<main>'\"]"}

The problem appears to be caused by an SSL certificate issue:

Any help would be really appreciated.

Thank you in advance.
Mathieu G

1reboot the server
2-Delete the cluster
3 Create a new cluster
4- transfer the config and try again

Also if you have azure setup you can try there

What do you mean by reboot the server? Reboot the VA?
I already tried and unfortunately it didn’t solve the problem. I will try it at home with my personal computer and my local network and I will let you know.
Regards,
MathieuG

Have you had the chance to retry the VA deployment and have you followed this detailed documentation of Virtual-Appliance-Troubleshooting-Guide?

Hello everyone,

I did a test on my personal laptop and everything works fine. The problem is with my company’s laptop. I’m working with them to fix it.

Thank you for your help,
Regards,
MathieuG

1 Like

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.