About cookies on this site Our websites require some cookies to function properly (required). In addition, other cookies may be used with your consent to analyze site usage, improve the user experience and for advertising. For more information, please review your options. By visiting our website, you agree to our processing of information as described in IBM’sprivacy statement. To provide a smooth navigation, your cookie preferences will be shared across the IBM web domains listed here.
Troubleshooting
Problem
The setup script /opt/qradar/bin/setup_qradar_host.py mh_setup interactive -p fails at retrieving the VPN client package. This error is typically a network issue either related to the configuration of /etc/hosts or a DNS resolution issue. The administrator can use this technical note to review the IP address and confirm their settings to successfully add the Data Gateway when "Failed to call VPN client API on host" errors occur.
Symptom
The setup script displays the following error:
When you select Yes, you are returned to the command-prompt. The error message is displayed, Failed to call VPN client API on host <QRadar Cloud Console> to retrieve client package. For example,
Cause
QRadar® on Cloud (QRoC) security layer sometimes provides a different resolvable IP causing the setup to connect to the wrong IP address.
Environment
QRadar® on Cloud Data Gateways
Resolving The Problem
- The administrator must ensure that the Data Gateway connection meets the network and firewall requirements. See Prerequisites for data gateways.
- Find the public IP address for your QRadar on Cloud Console:
- Method #1 - Look at the QRoC's Welcome email.
- Method #2 - Use the QRoC Self-Serve application in the user interface.
- Log in to the QRadar Console as an administrator.
- Click the Admin tab.
- In the left pane, select Apps.
- Click QRoC Self-Serve.
- Click Deployment.
- Add the QRoC's Console HTTPS IP into the /etc/hosts file of the Data Gateway.
- Create a backup directory.
mkdir -p /store/IBM_Support/ - Back up the current /etc/hosts file.
cp -pfv /etc/hosts /store/IBM_Support/ - Add an entry with the HTTPS_IP and Console's number obtained in Step 2.
echo "<Console's HTTPS_IP> console-<Console Number>.qradar.ibmcloud.com" >> /etc/hostsExample:echo "10.11.12.254 console-99999.qradar.ibmcloud.com" >> /etc/hosts - Verify the entry is added to /etc/hosts and displays the correct IP address.
grep -i console /etc/hosts - Verify the Console name resolves in DNS. This check must complete successfully and can be used to verify connection to the QRadar on Cloud Console.
nc -zv console-<Console Number>.qradar.ibmcloud.com 443 - Add the Data Gateway to the QRoC deployment by using the mh_setup command.
/opt/qradar/bin/setup_qradar_host.py mh_setup interactive -p
Result
The Data Gateway can request the VPN files from the Console's IP and continues until the appliance is successfully added to the deployment. If you continue to experience issues, administrators can confirm an allowlist is added for their Data Gateway to the QRadar on Cloud Console. QRadar on Cloud requires a transparent proxy or inline proxy that does not challenge for authentication on outbound connections.
- Create a backup directory.
Related Information
Document Location
Worldwide
[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSKMKU","label":"IBM QRadar on Cloud"},"ARM Category":[{"code":"a8m0z000000cwtNAAQ","label":"Deployment"}],"ARM Case Number":"TS006941206","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]
Was this topic helpful?
Document Information
More support for:
IBM QRadar on Cloud
Component:
Deployment
Software version:
All Versions
Document number:
6493259
Modified date:
31 March 2023
UID
ibm16493259
Manage My Notification Subscriptions
