Troubleshooting
Problem
When testing the configuration of the App Host installed applications QRadar Enhanced Data Migration and QRadar SIEM Functions for SOAR the test fails and an HTTP 401 is returned.
Symptom
HTTP 401 errors are returned by QRadar SIEM.
------------------------
Running selftest for: 'fn-qradar-enhanced-data'
------------------------
fn-qradar-enhanced-data:
Verifying app.config values for <QRADAR IP ADDRESS> config section
Verifying QRadar connection...
401 Client Error: 401 for url: https://<QRADAR IP ADDRESS>/api/help/versions
Could not connect to QRadar.
error: '401 Client Error: 401 for url: https://<QRADAR IP ADDRESS>/api/help/versions'
---------
Current Configs in app.config file::
---------
host: <QRADAR IP ADDRESS>
verify_cert: false
username: admin
selftest: failure
selftest output:
{'state': 'failure', 'reason': "Could not connect to QRadar.\n error: '401 Client Error: 401 for url: https://<QRADAR IP ADDRESS>/api/help/versions'\n ---------\n Current Configs in app.config file::\n ---------\n host: <QRADAR IP ADDRESS>\n verify_cert: false\n username: admin\n"}
Elapsed time: 0.428000 seconds
ERROR: running selftest for App.
Error Code: 1
------------------------
Running selftest for: 'fn-qradar-integration'
------------------------
fn-qradar-integration:
Verifying app.config values for fn_qradar_integration
401 Client Error: 401 for url: https://<QRADAR IP ADDRESS>/api/help/versions
Could not connect to QRadar.
error: 'Retry limit exceeded'
---------
Current Configs in app.config file::
---------
host: <QRADAR IP ADDRESS>
credentials: admin
selftest: failure
selftest output:
{'state': 'failure', 'reason': "Could not connect to QRadar.\n error: 'Retry limit exceeded'\n ---------\n Current Configs in app.config file::\n ---------\n host: <QRADAR IP ADDRESS>\n credentials: admin\n"}
Elapsed time: 0.027000 seconds
ERROR: running selftest for App.
Error Code: 1
Cause
A misconfiguration of the app.config is the cause of the problem.
Environment
IBM QRadar SOAR App Host (Edge Gateway).
Diagnosing The Problem
Reviewing the app.config showed that although the qradartoken parameter was populated with a QRadar SIEM token, the username and qradarpassword parameters had not been commented out. The applications were using the default values of "admin" and "changeme" to authenticate with QRadar SIEM which did not work and QRadar SIEM returned the HTTP 401.
[fn_qradar_integration:<PLUG-IN QRADAR DESTINATION NAME>]
host = <QRADAR IP ADDRESS>
username = admin
qradarpassword = changeme
#Note, if both qradarpassword and qradartoken are given, password will be used
qradartoken = <QRADAR AUTHORIZED SERVICE TOKEN>
verify_cert = false
Resolving The Problem
Comment out the username and qradarpassword parameters.
[{"Type":"MASTER","Line of Business":{"code":"LOB77","label":"Automation Platform"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSA230","label":"IBM Security QRadar SOAR"},"ARM Category":[{"code":"a8m0z000000cwqTAAQ","label":"Integrations-\u003EQRadar function"}],"ARM Case Number":"TS019853568","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"44.0.0;51.0.0"},{"Type":"MASTER","Line of Business":{"code":"LOB77","label":"Automation Platform"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSTDPP","label":"IBM Cloud Pak for Security"},"ARM Category":[{"code":"a8m0z0000001h8pAAA","label":"Support-\u003ECases"}],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"1.10.0;1.11.0"},{"Type":"MASTER","Line of Business":{"code":"LOB77","label":"Automation Platform"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSL2BV","label":"IBM Security QRadar Suite - SOAR"},"ARM Category":[{"code":"a8m0z000000cwqTAAQ","label":"Integrations-\u003EQRadar function"}],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":""}]
Was this topic helpful?
Document Information
Modified date:
21 July 2025
UID
ibm17240137