Malware Analysis Appliance (MAA) shows inaccessible VM in red health state

book

Article ID: 168982

calendar_today

Updated On:

Products

Malware Analysis Software - MA

Issue/Introduction

Resolution

1. Login to the MAA CLI using SSH or local console using the g2 user
 
$ sudo su - mag2
$ vboxmanage list vms

You will see a list with all clones where each line should look like the below example but one or more are flagged as <inaccessible>:
 "win7-sp1-clone-01" {8f222258-8fbe-4d2f-a130-85537e6537e7}
 
2. Unregister inaccessible clones
 
Unregister each of those inaccessible vms like this:
$ vboxmanage unregistervm <uuid> 
 The uuid is the complete curly bracket, so unregistering the above example would be:
 $ vboxmanage unregistervm {8f222258-8fbe-4d2f-a130-85537e6537e7}
 
3. Identify the profile

Get the vmp_id of the profile by checking via the API:
Login to the MAA ui. Then go to https://<maaip>/rapi/system/vm/profiles
Look for the right vm_profiles_short_name in the output.
In the above example that would be “win7-sp1"
 
4. Rebuild the IntelliVM Profile
Now look for the vmp_id in the JSON output, NOT the vmb_id.  It is possible that they may be the same value.
When you go to Analysis settings / Intellivm Profiles. you can now identify the profile by it’s ID and click “customize”.
On the next screen click “build profile”. This procedure will take 15 minutes or more.