IBM Support

QRadar SOAR: AppHost Integrations Install Successfully, however all Workflows and Actions are Pending and Fail to Complete

Troubleshooting


Problem

QRadar SOAR App Host installs successfully and integrations deploy, however all functions and workflows fail to complete successfully.

Symptom

Errors from the logs in the container, show a problem with authenticating using the server's API Key:
get_client api_key_secret=opts["api_key_secret"]) File "/opt/app-root/lib/python3.6/site-packages/resilient/co3base.py", line 162, in set_api_key BasicHTTPException.raise_if_error(response) File "/opt/app-root/lib/python3.6/site-packages/resilient/co3base.py", line 62, in raise_if_error raise BasicHTTPException(response) resilient.co3base.BasicHTTPException: Unauthorized: /etc/rescircuits/app.config: OK

Cause

Customer previously imported a backup from their old server and the SOAR base url was incorrect.

Environment

QRadar SOAR AppHost

Diagnosing The Problem

Check that the pairing key contains the same url for the SOAR server:
as the host line in the app.config and that the url can resolve correctly in DNS.
The following errors display when downloading logs from the Apphost
INFO [app] Configuration file: /etc/rescircuits/app.config 
INFO [app] Resilient server: servername.com
INFO [app] Resilient user: None

....
do_initialization self.action_component = Actions(self.opts) File "/opt/app-root/lib/python3.6/site-packages/resilient_circuits/actions_component.py", line 262, in __init__ super(Actions, self).__init__(opts) File "/opt/app-root/lib/python3.6/site-packages/resilient_circuits/actions_component.py", line 88, in __init__ self._get_fields() File "/opt/app-root/lib/python3.6/site-packages/resilient_circuits/actions_component.py", line 140, in _get_fields client = self.rest_client() File "/opt/app-root/lib/python3.6/site-packages/resilient_circuits/actions_component.py", line 163, in rest_client return get_resilient_client(self.opts) File "/opt/app-root/lib/python3.6/site-packages/resilient_circuits/rest_helper.py", line 40, in get_resilient_client resilient_client = resilient.get_client(opts) File "/opt/app-root/lib/python3.6/site-packages/resilient/co3.py", line 163, in get_client api_key_secret=opts["api_key_secret"]) File "/opt/app-root/lib/python3.6/site-packages/resilient/co3base.py", line 162, in set_api_key BasicHTTPException.raise_if_error(response) File "/opt/app-root/lib/python3.6/site-packages/resilient/co3base.py", line 62, in raise_if_error raise BasicHTTPException(response) resilient.co3base.BasicHTTPException: Unauthorized:

Resolving The Problem

Update the URL to match between: the App.config, the pairing key and server certificate to ensure that authentication can function properly.

Document Location

Worldwide

[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSA230","label":"IBM Security QRadar SOAR"},"ARM Category":[{"code":"a8m0z0000001jTpAAI","label":"Integrations-\u003EAppHost"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]

Document Information

Modified date:
28 June 2024

UID

ibm16323747

Page Feedback