IBM Support

QRadar: DNS Analyzer installation fails with the error: Health check could not reach app

Troubleshooting


Problem

Administrators who attempt to install the latest version of DNS Analyzer on QRadar 7.3.2 or later might experience an issue where the app fails to install after several minutes. The Extension Management interface displays the DNS Analyzer application with a status of 'Install Failed' and repeated attempts to install the app continue to fail.

Symptom

After several minutes of waiting for the app to install, the following error is displayed in the user interface:
DNS Analyzer
The logs for the QRadar Console or App Host appliance might also provide an error message indicating the number of connection attempts made by the framework to contact the application. For example, administrators can review /var/log/qradar.log for the following error message:
Health check could not reach app 2268 after 20 attempts over 300 seconds.

Diagnosing The Problem

  1. Use SSH to log in to the QRadar Console as the root user.
  2. Type the command:
    grep -i HealthCheck /var/log/qradar.error | less
  3. Review the logs for error messages that might indicate a health check failed for the application installation task:

    Oct 25 13:54:00 ::ffff:xx.xxx.xx.x [tomcat.tomcat] [pool-1-thread-1] com.q1labs.uiframeworks.application.api.service.builders. shared.AsyncBuildStageTask: [ERROR] [NOT:0000003000][xx.xxx.xx.x/- -] [-/- -]An exception occurred while building app asynchronously. Triggering rollback.
    Oct 25 13:54:00 ::ffff:xx.xxx.xx.x [tomcat.tomcat] [pool-1-thread-1] com.q1labs.uiframeworks.application.api. exception.AppHealthCheckException: Health check could not reach app 2403 after 20 attempts over 300 seconds
    Oct 25 13:54:00 ::ffff:xx.xxx.xx.x [tomcat.tomcat] [pool-1-thread-1] at com.q1labs.uiframeworks.application.api. service.builders.shared.InstallHealthCheck.performHealthCheck (InstallHealthCheck.java:274)

Resolving The Problem

To help get around these timeouts, we can increase the timeout and retry thresholds in the nva.conf file.
  1. Use SSH to log in to QRadar as the root user.
    IMPORTANT: Administrators must backup your existing nva.conf before attempting to make any changes
  2. Make a directory to backup nva.conf
  3. Backup your nva.conf file by using the command:
    cp -p /opt/qradar/conf/nva.conf /store/IBM_Support/nva.conf
  4. Navigate to /store/configservices/staging/globalconfig/ by using the command:
    cd /store/configservices/staging/globalconfig/
  5. Use an editor to open and change the following parameters in  /store/configservices/staging/globalconfig/nva.conf:
    APPFW_HEALTH_CHECK_RETRY_LIMIT=20
    to
    APPFW_HEALTH_CHECK_RETRY_LIMIT=40
    APPS_HEALTH_DEFAULT_FAILURE_THRESHOLD=10
    to
    APPS_HEALTH_DEFAULT_FAILURE_THRESHOLD=20
    DOCKER_UTILS_TASK_TIMEOUT_SECONDS=300
    to
    DOCKER_UTILS_TASK_TIMEOUT_SECONDS=600
    Note: Do not extend these values beyond two times the original value.
  6. Save the changes to nva.conf.
  7. Log in to the QRadar Console user interface as an administrator and try to install the app again
  8. Click the Admin tab.
    Important: Deploy Full Configuration results in services being restarted on all appliances. The service restart does not interrupt event collection on appliances, but the data cannot be processed by the event pipeline until all services are running. Searches, vulnerability assessment scan imports, or scheduled reports that are in-progress might need to be manually restarted by users. Administrators with strict outage policies are advised to complete the next step during a scheduled maintenance window for their organization.
  9. Click Advanced > Deploy Full Configuration.
  10. After the Deploy Full Configuration completes, reinstall the DNS Analyzer app.

Document Location

Worldwide

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"Component":"","Platform":[{"code":"PF016","label":"Linux"}],"Version":"All Versions","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Document Information

Modified date:
05 November 2020

UID

ibm10872588