Cortex XSOAR: Hosts cannot form the HA group

Cortex XSOAR: Hosts cannot form the HA group

3405
Created On 10/13/23 09:21 AM - Last Modified 09/17/24 03:10 AM


Symptom


  • Host is not showing up in the host group inside the host settings in the UI
  • The following messages are seen in the /var/log/demisto/server.log of the failing host:
Request failed in 1 out of 5 [error 'Failed to get license from main, got response status code 401
....
Failed getting license from main account [error 'Failed to get license from main, got response status code 401
.....
Failed to register host in main [error 'Failed to register host, got response status code 401 with error json: Unmarshal(non-pointer services.ErrorServices) (8924)']
.....
Host registration request failed, got response status code 401

Environment


  • Cortex XSOAR
  • Supported XSOAR Versions
  • High Availability(HA) deployments

Cause


  • Newly built host have wrong or missing values of the API keys
  • Obtain the API Keys from the main account and add them to one of the hosts in the otc.conf.json file

Resolution


  1. Go to  Settings >About >Troubleshooting >Server Configuration on one of the hosts.
  2. Set “Host.HAGroups.GroupMasterAPIKeyOverrideEnabled” to true.
Note: If the User interface is not accessible, the modify the value under "/etc/demisto.conf ".
  1. Stop demisto service for each host on that host group systemctl stop demisto.
  2. Obtain the host group ID.
    1. Open up the developer's tool for the browser. 
    2. Jump to the host group page and check the contents of the ha-groups response for the correct host group ID.
  3. Download the config using URL https://<Master-URL>/host/config/Host-Group-ID 
  4. From the downloaded file, take the masterAPIKey, etAPIKey and master values.
  5. Then prepare and validate the JSON file as below. 
    {"masterAPIKey":"REPLACE_HERE_DATA_FROM_HOST_CONFIG_FILE","host":{"etAPIKey":"REPLACE_HERE_DATA_HOST_CONFIG_FILE","master":"REPLACE_HERE_DATA_HOST_CONFIG_FILE"}}
  6. Save the JSON  as otc.conf.json in /var/lib/demisto on the host where the host configuration was altered.
  7. Give ownership of the file to the demisto user chown demisto:demisto otc.conf.json
  8. Start the host with the OTC file and modified config.
    1. Check if the host will show up in the HA group in the UI.
    2. Check if the log mentions the removal of the OTC file.
    3. Check if license errors are missing.
  9. Set “Host.HAGroups.GroupMasterAPIKeyOverrideEnabled” to false
  10. Start other hosts located in the HA group and validate if they show up in the UI

Additional Information


High Availability Overview
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000g2OwCAI&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language