Troubleshooting
Problem
The setup script /opt/qradar/bin/setup_qradar_host.py mh_setup interactive -p fails at deploying changes.
Symptom
The setup script reports the following error
2020-11-13 15:11:45 (UTC) [INFO] Deployment has failed:
Initiating Deployment: []
Deployment in Progress: []
Deploy Timed Out: [<DG IP>]
Succeeded: [<Console IP>,<DG IP> ]
Failed due to Error: []
2020-11-13 15:11:45 (UTC) [INFO] Removing alias console-xxxxx.qradar.ibmcloud.com
for <DG IP> in /etc/hosts
2020-11-13 15:11:45 (UTC) [INFO] Failed to run command 'mh_setup': Failed to perform
incremental deploy on deployment 'console-xxxxx.qradar.ibmcloud.com': Not all hosts have
completed the deployment successfully
Cause
As the last stage of adding a Data Gateway (DG) to a QRadar® on Cloud (QRoC) Console, the setup script deploys the changes. When a managed host (including the Console) reports a timeout or error, the setup script reports the failure that the "Deployment has failed".
Despite the error message, If the Data Gateway was successfully added to the Console then it is displayed in the list of Data Gateways.
Despite the error message, If the Data Gateway was successfully added to the Console then it is displayed in the list of Data Gateways.
To confirm the Data Gateway has been added:
- Click on the Cloud icon.
- Expand the list.
- Verify that the Data Gateway has been added.
Environment
QRadar® on Cloud Data Gateways
Diagnosing The Problem
The administrators must identify in the error message, the managed host that failed to deploy (time out or error).
Initiating Deployment: []
Deployment in Progress: []
Deploy Timed Out: [<Existing DG IP>]
Succeeded: [<QRoC Console IP>,<DG being added IP>]
Failed due to Error: []
In the previous error message, the Console and the DG being added succeeded, but another DG did not (time out).
Resolving The Problem
To resolve this problem, the administrators have different actions depending on the following scenarios.
Data Gateway or Managed Host being added failed
- Confirm the listed gateways are up and listening to the Console.
Note: Contact the Data Gateway administrator or MSSP to confirm connectivity.Deploy Timed Out: [<Existing DG IP>]
The following commands can be used for testing the connectivity on the faulty DG. If any of these tests fail, the administrator must engage the proper network team and grant the connectivity. See: Prerequisites for data gateways.- Tcptraceroute:
tcptraceroute console-xxxxxx.qradar.ibmcloud.com 443 - Telnet:
telnet console-xxxxxx.qradar.ibmcloud.com 443 - Openssl:
openssl s_client -connect console-xxxxxx.qradar.ibmcloud.com:443 -showcerts - Nslookup:
nslookup console-xxxxxx.qradar.ibm.cloud.com
- Tcptraceroute:
- Confirm the listed gateways have enough bandwidth. See QRadar: Deploy Changes times out on managed hosts due to low bandwidth link.
- From the admin tab of the QRadar® UI Deploy the changes.
Console failed.
- Administrators are advised to raise a support case with IBM® QRadar® Support to resolve the issue.
Related Information
Document Location
Worldwide
[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSKMKU","label":"IBM QRadar on Cloud"},"ARM Category":[{"code":"a8m0z000000cwtNAAQ","label":"Deployment"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]
Was this topic helpful?
Document Information
Modified date:
18 August 2021
UID
ibm16476350