Troubleshoot common Cortex XSOAR installation issues.
The following provides guidance on avoiding or resolving common issues encountered at various installation stages Cortex XSOAR On-prem to ensure your system is ready for operation.
After the installation completes, you cannot change any field values. Any changes need to be made before installing Cortex XSOAR.
To change an installation field value after installing, you must redeploy the cluster and reinstall Cortex XSOAR. For more information, see Task 7. Install Cortex XSOAR on your VM under Cortex XSOAR installation. Contact engineering or support for assistance.
When you install or upgrade in the textual UI, after all the tasks run, a successful installation or upgrade message displays. However, the system may not yet have fully completed the installation process.
Wait until the installation process fully completes (approximately 30 minutes) and then check that you can log in to Cortex XSOAR. For more information, see Task 8. Verify you can log in to Cortex XSOAR under Cortex XSOAR installation.
When you set the SSH password after deploying your cluster, you need to save it securely. If you lose this password, you cannot recover or change it.
If you lose the SSH password, you must redeploy the cluster and reinstall Cortex XSOAR. For more information, see Cortex XSOAR installation. Contact engineering or support for assistance.
For Cortex XSOAR to successfully communicate with integrations and services and for High Availability to work, the IPs of all VMs (nodes) in a cluster, as well as the virtual IP, must be on the same subnet; they currently cannot be split across subnets.
To move the IPs in your cluster to the same subnet, you must redeploy the cluster and reinstall Cortex XSOAR. For more information, see Cortex XSOAR installation. Contact engineering or support for assistance.
Reboot, hard shutdown, or taking a snapshot in your hypervisor (which performs a hard shutdown) can cause issues in Cortex XSOAR, including:
Service failures: Core services or integrations may fail to start due to corrupted files or improper shutdown sequences.
Database errors: Incident data, playbooks, or audit logs may become inaccessible due to database corruption, causing errors when loading or querying data.
Delayed or failed login: Users may experience delays or failures when trying to log in because authentication or session services were not properly restored.
Broken playbooks and scripts: Active or scheduled playbooks and scripts may fail to execute, resulting in incomplete or disrupted workflows.
If you experience issues, download a log bundle from the textual UI menu. Contact support or engineering for assistance. Do not reboot or perform a hard shutdown of Cortex XSOAR. For more information, see Shut down Cortex XSOAR.
For a hypervisor snapshot, either perform a graceful shutdown for the VM and then take the snapshot, or instead of taking a hypervisor snapshot, use the backup and restore feature. For more information, see Backup and restore Cortex XSOAR.
The initial cluster installation fails on TASK [opp-artifacts: Wait for OPP registry to be up] with a timeout.
Verify if the HTTP PUT response hop limit is configured appropriately. This value may need to be increased from 1 to 2.