Malware Analysis Appliance (MAA) shows inaccessible VM in red health state
Article ID: 168982
Updated On:
Products
Malware Analysis Software - MA
Issue/Introduction
Resolution
1. Login to the MAA CLI using SSH or local console using the g2 user
Get the vmp_id of the profile by checking via the API:
Login to the MAA ui. Then go to https://<maaip>/rapi/system/vm/profiles
Look for the right vm_profiles_short_name in the output.
In the above example that would be “win7-sp1"
4. Rebuild the IntelliVM Profile
$ sudo su - mag2
$ vboxmanage list vms
You will see a list with all clones where each line should look like the below example but one or more are flagged as <inaccessible>:
"win7-sp1-clone-01" {8f222258-8fbe-4d2f-a130-85537e6537e7}
2. Unregister inaccessible clones$ vboxmanage list vms
You will see a list with all clones where each line should look like the below example but one or more are flagged as <inaccessible>:
"win7-sp1-clone-01" {8f222258-8fbe-4d2f-a130-85537e6537e7}
Unregister each of those inaccessible vms like this:
$ vboxmanage unregistervm <uuid>
The uuid is the complete curly bracket, so unregistering the above example would be:
$ vboxmanage unregistervm {8f222258-8fbe-4d2f-a130-85537e6537e7}
3. Identify the profile
$ vboxmanage unregistervm <uuid>
The uuid is the complete curly bracket, so unregistering the above example would be:
$ vboxmanage unregistervm {8f222258-8fbe-4d2f-a130-85537e6537e7}
Get the vmp_id of the profile by checking via the API:
Login to the MAA ui. Then go to https://<maaip>/rapi/system/vm/profiles
Look for the right vm_profiles_short_name in the output.
In the above example that would be “win7-sp1"
Now look for the vmp_id in the JSON output, NOT the vmb_id. It is possible that they may be the same value. When you go to Analysis settings / Intellivm Profiles. you can now identify the profile by it’s ID and click “customize”.
On the next screen click “build profile”. This procedure will take 15 minutes or more.
Feedback
Yes
No
Powered by
