Discovery Tool / Collector - Export to Cloud: Network troubleshooting guide

Related content

  • No related content found

Still need help?

The Atlassian Community is here for you.

Ask the community


Platform Notice: Cloud, Server, and Data Center - This article applies equally to all platforms.

Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.

*Except Fisheye and Crucible


Summary

When configuring the Discovery tool / Discovery Collector to export the Scan results into a Cloud Instance - Token validation is failing

Environment

Assets Discovery tool and Assets is running in a Jira Cloud Instance

Diagnosis

In the Discovery tool, you see an error when trying to validate the Cloud Token (Export Tab).

The log shows the following error:

23-09-2022 13:32:21 : Exceptions:
23-09-2022 13:32:21 : An error occurred while sending the request.
23-09-2022 13:32:21 : The request was aborted: Could not create SSL/TLS secure channel.
23-09-2022 13:32:22 : Failed to get GetInfo from Cloud
23-09-2022 13:32:22 : Exceptions:
23-09-2022 13:32:22 : An error occurred while sending the request.

Cause

The Discovery tool was not able to connect to api.atlassian.com and validate the token generated in an Import Configuration

Troubleshooting:

  1. The Discovery Tool should not be running behind an HTTP proxy as it wouldn't be able to use HTTP to automatically upload to Cloud. It should, however, be able to connect to the internet.
  2. You may test the Token in another machine - running outside a Corporate network - just to make sure the Token is being validated.
    1. Note that whenever you generate a new token within an import configuration, you void the previously generated token - however, this is not the same error as we discuss here
  3. API token is being sent over to https://api.atlassian.com/jsm/insight (this URL should be set in the discovery.cfg /collector.cfg file, from Discovery v.3.1.n onward).

  4. You may try to access this URL from a Browser on the same machine running Discovery - it should return a 404, with a JSON response:

    {"timestamp":"2022-09-15T17:19:10.183944Z","status":404,"error":"Not Found","message":"No message available","path":"/jsm/insight"}

    This indicates that the machine running Discovery / Collector can reach the API server.

  5. Alternatively, you may query the following, from the same machine (e.g. using cURL or Postmen) - using the exact same call made by Discovery / Collector when validating the Token:

    GET: https://api.atlassian.com/jsm/insight/v1/imports/info?client=discovery
Authorize the call using Bearer Token: <yourColudToken>

    The correct response should be 200 with two links similar to:

    { 
  "links":{ 
    "fetchCredentials":"https://api.atlassian.com/jsm/insight/workspace/fd3d17e0-7b6d-4089-af49-a2c52ea991df/v1/import/72c73c37-a4e0-4db0-b3d4-1e97ccbd6b34",  
    "executeImport":"https://api.atlassian.com/jsm/insight/workspace/fd3d17e0-7b6d-4089-af49-a2c52ea991df/v1/import/72c73c37-a4e0-4db0-b3d4-1e97ccbd6b34"      
          } 
}

  6. If you do not get a similar 404 or 200 - This may indicate that a Network Config / Firewall is blocking Discovery's attempt to validate the token, and get the required response to upload the Scan results to your Cloud instance.

  7. Please check to see if there are any Firewall rules blocking outbound traffic or inbound connections over port 443 (HTTPS). Discovery will try to reach the Atlassian API Server and establish a secured connection back in.

    1. If this is indeed the case, you may whitelist the Atlassian IP ranges in your firewall - as per our documentation. See the following request to update missing IP ranges to whitelist in our documentation: JSDCLOUD-12213

  8. Another possible cause for this blocked functionality and error is a cipher configuration during the server builds (VM).
    1. For example, if you use: https://www.nartac.com/Products/IISCrypto/ - on the ciphers page/tab, enable the items with GCM in the name. Those should be strong and they should not disabled.
    2. This should allow the Discovery tool / Collector to validate and then use the Token to export scan results into a Cloud instance.
  9. If you are getting a 400 error, It could be that the zip file is password protected, see: JSDSERVER-10949

  10. Another possible cause for a 400 exception could be due to the configuration being set up for External import rather than Discovery Import.

    1. In the ‘Create import configuration’ screen, select Discovery Import.

    2. In the Create Import configuration - Module fields screen, select the file you created in Assets Discovery.

    3. Select Save import configuration.




Last modified on Sep 5, 2024

Was this helpful?

Yes
No
Provide feedback about this article

Related content

  • No related content found
Powered by Confluence and Scroll Viewport.