ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Malware Analysis Appliance (MAA) shows inaccessible VM in red health state

book

Article ID: 168982

calendar_today

Updated On:

Products

Malware Analysis Software - MA

Issue/Introduction

Resolution

1. Login to the MAA CLI using SSH or local console using the g2 user
 
$ sudo su - mag2
$ vboxmanage list vms
You will see a list with all clones where each line should look like the below example but one or more are flagged as <inaccessible>:
 "win7-sp1-clone-01" {8f222258-8fbe-4d2f-a130-85537e6537e7}
 
2. Unregister inaccessible clones
 
Unregister each of those inaccessible vms like this:
$ vboxmanage unregistervm <uuid> 
 The uuid is the complete curly bracket, so unregistering the above example would be:
 $ vboxmanage unregistervm {8f222258-8fbe-4d2f-a130-85537e6537e7}
 
3. Identify the profile

Get the vmp_id of the profile by checking via the API:
Login to the MAA ui. Then go to https://<maaip>/rapi/system/vm/profiles
Look for the right vm_profiles_short_name in the output.
In the above example that would be “win7-sp1"
 
4. Rebuild the IntelliVM Profile 
Now look for the vmp_id in the JSON output, NOT the vmb_id.  It is possible that they may be the same value.
When you go to Analysis settings / Intellivm Profiles. you can now identify the profile by it’s ID and click “customize”.
On the next screen click “build profile”. This procedure will take 15 minutes or more.

 

Powered by Wolken Software