VA Setup in GCP

gaurav_jain · December 19, 2023, 2:51pm

Hi,

We are trying to setup new VAs in GCP. After setting up the VM, we tried to create a new VA in IDN. But when we perform Test Connection, we are seeing Authentication related error in logs.

{"@timestamp":"2023-12-14T19:47:32.569","level":"ERROR","type":"api","message":"api.post: RestClient::Unauthorized: 401 Unauthorized: [\"/usr/local/bundle/gems/rest-client-2.1.0/lib/restclient/abstract_response.rb:249:in `exception_with_response'\", \"/usr/local/bundle/gems/rest-client-2.1.0/lib/restclient/abstract_response.rb:129:in `return!'\", \"/usr/local/bundle/gems/rest-client-2.1.0/lib/restclient/request.rb:836:in `process_result'\", \"/usr/local/bundle/gems/rest-client-2.1.0/lib/restclient/request.rb:743:in `block in transmit'\", \"/usr/local/lib/ruby/3.2.0/net/http.rb:1238:in `start'\", \"/usr/local/bundle/gems/rest-client-2.1.0/lib/restclient/request.rb:727:in `transmit'\", \"/usr/local/bundle/gems/rest-client-2.1.0/lib/restclient/request.rb:163:in `execute'\", \"/usr/local/bundle/gems/rest-client-2.1.0/lib/restclient/request.rb:63:in `execute'\", \"/usr/local/bundle/gems/rest-client-2.1.0/lib/restclient/resource.rb:69:in `post'\", \"/opt/sailpoint/lib/api.rb:78:in `block in post'\", \"/usr/local/lib/ruby/3.2.0/timeout.rb:189:in `block in timeout'\", \"/usr/local/lib/ruby/3.2.0/timeout.rb:36:in `block in catch'\", \"/usr/local/lib/ruby/3.2.0/timeout.rb:36:in `catch'\", \"/usr/local/lib/ruby/3.2.0/timeout.rb:36:in `catch'\", \"/usr/local/lib/ruby/3.2.0/timeout.rb:198:in `timeout'\", \"/opt/sailpoint/lib/api.rb:77:in `post'\", \"/opt/sailpoint/lib/api.rb:177:in `poll'\", \"/opt/sailpoint/va_agent.rb:130:in `poll_server'\", \"/opt/sailpoint/va_agent.rb:260:in `are_credentials_valid?'\", \"/opt/sailpoint/va_agent.rb:310:in `wait_for_valid_credentials'\", \"/opt/sailpoint/va_agent.rb:590:in `block in <main>'\", \"/opt/sailpoint/va_agent.rb:585:in `loop'\", \"/opt/sailpoint/va_agent.rb:585:in `<main>'\"]"}
{"@timestamp":"2023-12-14T19:47:32.569","level":"ERROR","type":"agent","message":"Poll error: client info response NIL"}
{"@timestamp":"2023-12-14T19:47:32.569","level":"ERROR","type":"agent","message":"Unable to authenticate with SailPoint."}

edmarks · December 19, 2023, 4:08pm

First thought is Firewall Blocking, but just a guess. You could verify by running some of the basic VA diagnostic tests to confirm ping works for external IP addresses as well as other port tests (i.e. 443)

gaurav_jain · February 9, 2024, 12:11pm

After working with SailPoint ES, it was found that the problem was related to copy/paste. We are not supposed to copy/paste the content in va-config-<va_id>.yaml file.

edmarks · February 22, 2024, 4:53pm

Copy/Paste without any changes will definitely cause problems considering it will give you multiple VA’s with the SAME EXACT config.yaml file.

Copy/Paste from the configuration screen in IDN along with copy/paste of the keyPassphrase is definitely possible though.

system · April 22, 2024, 4:53pm

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
IDN va not able to go through test connection ISC Discussion and Questions identity-security-cloud , virtual-appliance	3	77	March 29, 2024
Getting mixed results on Azure AD connector ISC Discussion and Questions	4	2877	July 19, 2023
Issue with VA Image - Unable to proceed with VA Update after connecting ISC Discussion and Questions identity-security-cloud , virtual-appliance	3	798	December 24, 2023
Not able to connect to a VA ISC Discussion and Questions identity-security-cloud , virtual-appliance	14	836	March 15, 2024
Test Connection is failing when uploading config.yaml file in VA ISC Discussion and Questions identity-security-cloud , virtual-appliance	7	686	November 30, 2023

VA Setup in GCP

Related Topics