App does not work after its rules start

The workflow, function, or other customization is not working, but the App container is deployed and the app is running.

Start by testing the app configuration from the SOAR Platform. Some configuration issues can be discovered by using the app's built-in test feature.
  1. Select the app then click the Configuration tab.
  2. Select the app.config file from App Settings.
  3. Scroll to the end and choose Test Configuration.

    The self-test is individualized for each app.

If you did not find the problem, review the app logs as described in Checking the logs.

You can look up the <app deployment> deployment name with the following command.
sudo kubectl get pods -A -l apps.isc.ibm.com/app-type=app -L app.kubernetes.io/instance
If you see the following error, the cert.cer configuration file needs to be the complete certificate chain. When you install an app, the system tries to generate the full chain and upload it. If the cert.cer was modified, restart the app. You can also try setting cafile=false in app.config just as a point of debugging. Modifying app.config and saving it automatically restarts the pod.
Unable to lock /opt/app-root/src/.resilient/resilient_circuits_lockfile: HTTPSConnectionPool(host='chva0100.geico.net', port=443): Max retries exceeded with url: /rest/session (Caused by SSLError(SSLError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:897)'),))
For local or test systems, you might see the following error.
HTTPSConnectionPool(host='192.168.1.50', port=443): Max retries exceeded with url: /rest/session (Caused by SSLError(CertificateError("hostname '192.168.1.50' doesn't match 'resilient.localdomain'",),))

It happens when the hostname (listed in app.config) does not match the subject name of the certificate. By default, SOAR has a certificate with the subject name of "resilient.localdomain".

To resolve the problem, either fix the name mismatch, or change the cafile value to "false" in the app.config configuration file.

Other connection errors can also exist if proxies are needed. Not all apps support proxy settings. Refer to the app documentation. Contact the app developer group if you have a question on whether the proxy is supported for the app.

Check for errors in the App Manager log. The AppManager is on the SOAR platform. The resilient-app-manager.log can be found in /var/log/resilient-app-manager.
com.ibm.security.apps.manager.client.ManagerClientException: javax.ws.rs.ForbiddenException: HTTP 403 Forbidden
  • Check that the App Host and SOAR clocks are not skewed.
  • Check whether the pairing key was regenerated on the SOAR platform.

The problem can be corrected by re-pairing the App Host and SOAR by using the new pairing information when you click Regenerate. You need to re-create the instance as described in Create App Hosts.