VA Setup in GCP

gaurav_jain · December 19, 2023, 2:51pm

Hi,

We are trying to setup new VAs in GCP. After setting up the VM, we tried to create a new VA in IDN. But when we perform Test Connection, we are seeing Authentication related error in logs.

{"@timestamp":"2023-12-14T19:47:32.569","level":"ERROR","type":"api","message":"api.post: RestClient::Unauthorized: 401 Unauthorized: [\"/usr/local/bundle/gems/rest-client-2.1.0/lib/restclient/abstract_response.rb:249:in `exception_with_response'\", \"/usr/local/bundle/gems/rest-client-2.1.0/lib/restclient/abstract_response.rb:129:in `return!'\", \"/usr/local/bundle/gems/rest-client-2.1.0/lib/restclient/request.rb:836:in `process_result'\", \"/usr/local/bundle/gems/rest-client-2.1.0/lib/restclient/request.rb:743:in `block in transmit'\", \"/usr/local/lib/ruby/3.2.0/net/http.rb:1238:in `start'\", \"/usr/local/bundle/gems/rest-client-2.1.0/lib/restclient/request.rb:727:in `transmit'\", \"/usr/local/bundle/gems/rest-client-2.1.0/lib/restclient/request.rb:163:in `execute'\", \"/usr/local/bundle/gems/rest-client-2.1.0/lib/restclient/request.rb:63:in `execute'\", \"/usr/local/bundle/gems/rest-client-2.1.0/lib/restclient/resource.rb:69:in `post'\", \"/opt/sailpoint/lib/api.rb:78:in `block in post'\", \"/usr/local/lib/ruby/3.2.0/timeout.rb:189:in `block in timeout'\", \"/usr/local/lib/ruby/3.2.0/timeout.rb:36:in `block in catch'\", \"/usr/local/lib/ruby/3.2.0/timeout.rb:36:in `catch'\", \"/usr/local/lib/ruby/3.2.0/timeout.rb:36:in `catch'\", \"/usr/local/lib/ruby/3.2.0/timeout.rb:198:in `timeout'\", \"/opt/sailpoint/lib/api.rb:77:in `post'\", \"/opt/sailpoint/lib/api.rb:177:in `poll'\", \"/opt/sailpoint/va_agent.rb:130:in `poll_server'\", \"/opt/sailpoint/va_agent.rb:260:in `are_credentials_valid?'\", \"/opt/sailpoint/va_agent.rb:310:in `wait_for_valid_credentials'\", \"/opt/sailpoint/va_agent.rb:590:in `block in <main>'\", \"/opt/sailpoint/va_agent.rb:585:in `loop'\", \"/opt/sailpoint/va_agent.rb:585:in `<main>'\"]"}
{"@timestamp":"2023-12-14T19:47:32.569","level":"ERROR","type":"agent","message":"Poll error: client info response NIL"}
{"@timestamp":"2023-12-14T19:47:32.569","level":"ERROR","type":"agent","message":"Unable to authenticate with SailPoint."}

edmarks · December 19, 2023, 4:08pm

First thought is Firewall Blocking, but just a guess. You could verify by running some of the basic VA diagnostic tests to confirm ping works for external IP addresses as well as other port tests (i.e. 443)

gaurav_jain · February 9, 2024, 12:11pm

After working with SailPoint ES, it was found that the problem was related to copy/paste. We are not supposed to copy/paste the content in va-config-<va_id>.yaml file.

edmarks · February 22, 2024, 4:53pm

Copy/Paste without any changes will definitely cause problems considering it will give you multiple VA’s with the SAME EXACT config.yaml file.

Copy/Paste from the configuration screen in IDN along with copy/paste of the keyPassphrase is definitely possible though.

system · April 22, 2024, 4:53pm

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
VA installation ISC Discussion and Questions identity-security-cloud	3	74	September 16, 2024
IDN va not able to go through test connection ISC Discussion and Questions identity-security-cloud , virtual-appliance	4	210	May 28, 2024
Getting mixed results on Azure AD connector ISC Discussion and Questions	4	3157	July 19, 2023
Issue with VA Image - Unable to proceed with VA Update after connecting ISC Discussion and Questions identity-security-cloud , virtual-appliance	3	1288	December 24, 2023
Not able to connect to a VA ISC Discussion and Questions identity-security-cloud , virtual-appliance	15	1621	May 14, 2024

VA Setup in GCP

Related topics