Harvesting Failure Messages

The harvester could not contact the account being requested for harvesting.

Troubleshooting Recommendations:

Wait several minutes and verify the account is still available. If necessary, try to manually enqueue the harvester and confirm that the attempt either succeeds or fails.

The harvester attempted to use an API and received an error (for example: deserialization issues).

Troubleshooting Recommendations:

Try to manually enqueue the harvester and confirm that the attempt either succeeds or fails. If it fails again, contact support.

An issue with assuming the role. For AWS, this message could apply to instance assume role or STS assume role.

Troubleshooting Recommendations:

AWS: Confirm that the role you are assuming has an assume role/STS policy attached. Confirm that your ARN is correct. Confirm that your external ID, if you have one, is correct.

The harvester failed to connect to the cloud service provider's API (for example: gateway timeouts, service unavailable).

i would say is when a harvester fails to connect to the cloud service provider's api's then include the for examples

Troubleshooting Recommendations:

Try to manually enqueue the harvester and confirm that the attempt either succeeds or fails. If it fails again, contact support.

The harvester timed out when attempting to use an API or got no response.

Troubleshooting Recommendations:

Try to manually enqueue the harvester and confirm that the attempt either succeeds or fails. If it fails again, contact support.

The credentials used to add the cloud account are no longer valid.

Troubleshooting Recommendations:

AWS: It is possible that the external ID used in your trust relationship has been changed. It is also possible that long-term API credentials, which are deprecated, have been deactivated or are expired.

The harvester failure is due to invalid permissions related to that API call.

Troubleshooting Recommendations:

• AWS: Make sure that the role you are using to harvest resources has the necessary permissions. The easiest way to confirm appropriate permissions are in place is check the Visibility status on the Cloud Listing page.
• You may need to rescan to validate current permissions. If the status is green, then please contact support as a required permission may be missing from our documentation. If status is yellow, then it should specify the missing permissions.

The harvester API call has been declined by the provider because the customer has reached the limit of API calls the provider will accept from the customer during that window of time.

Troubleshooting Recommendations:

• Rate limits are customer-based, not product-based, so the issue may be due to API calls made outside of InsightCloudSec.
• To reduce the number of API calls InsightCloudSec makes, consider enabling Event-Driven Harvesting, which makes resource-specific calls based upon specific events, or updating your Harvesting Strategy to reduce the frequency of API calls.
• Read more about Event-Driven Harvesting on the Harvesting Overview page.

The harvester attempted to run on a disabled region.

Troubleshooting Recommendations:

• AWS: New AWS regions (for example, Bahrain) are not turned on by default and only accept session token version 2. This error can occur if version 1 session tokens are used to make a request to service endpoints in an AWS region that is not turned on by default. Update your session token to use the new version. Visit the AWS documentation for details: [https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html#sts-regions-manage-tokens]
• Other clouds: update the region for the account, try to manually enqueue the harvester, and confirm that the attempt either succeeds or fails. If it fails again, contact support.

The harvester was not able to contact the appropriate service or collect a given resource type (for example: the cloud service API is not turned on for the account or the resource type isn't registered for the account).

Troubleshooting Recommendations:

Verify the correct API and types are configured properly. Try to manually enqueue the harvester and confirm that the attempt either succeeds or fails. If it fails again, contact support.

The harvester failure is due to an issue at the remote end of the API call.

Troubleshooting Recommendations:

Either let the next scheduled harvest run or try to manually enqueue the harvester and confirm that the attempt either succeeds or fails. If it fails again, then the provider may be experiencing longer-term technical issues.

The harvester failure is due to a Service Control Policy that is explicitly denying permission for the API call.

Troubleshooting Recommendations:

Review any Service Control Policies that are in effect for the impacted account to look for policies that may be denying access and update them as desired to add access.

Errors are classified by the most common failure cases. This error did not fit into a category and will be logged and reported to support.

Troubleshooting Recommendations:

Try to manually enqueue the harvester and confirm that the attempt either succeeds or fails. If it fails again, contact support.

The harvester could not connect to the database.

Troubleshooting Recommendations:

Try to manually enqueue the harvester and confirm that the attempt either succeeds or fails. If it fails again, contact support.

The harvester received a data error from the database (for example: integrity issues, stale data, invalid request).

Troubleshooting Recommendations:

Try to manually enqueue the harvester and confirm that the attempt either succeeds or fails. If it fails again, contact support.

The harvester received an unknown database error.

Troubleshooting Recommendations:

Try to manually enqueue the harvester and confirm that the attempt either succeeds or fails. If it fails again, contact support.

The resource has been disabled locally and will no longer attempt to harvest.

Troubleshooting Recommendations:

If you wish to resume harvesting the resource, change its setting on the Cloud Listing page under Disabled Resources.

The harvester failure is likely due to an operational or code issue.

Troubleshooting Recommendations:

Try to manually enqueue the harvester and confirm that the attempt either succeeds or fails. If it fails again, contact support.

The relevant InsightCloudSec organization has been deleted, malformed, or is in an invalid status.

Troubleshooting Recommendations:

Try to manually enqueue the harvester and confirm that the attempt either succeeds or fails. If it fails again, contact support.

The harvester job failed to get a lock from the database for any reason other than parallel execution (PARALLEL_EXECUTION_ERROR).

Troubleshooting Recommendations:

Try to manually enqueue the harvester and confirm that the attempt either succeeds or fails. If it fails again, contact support.

The harvester attempted to run in parallel with an existing instance of itself.

Troubleshooting Recommendations:

Wait several minutes and determine if another run is necessary. If necessary, try to manually enqueue the harvester and confirm that the attempt either succeeds or fails.

The harvester received a scheduled event error (for example: event was missing from the database or the event was not in an active state).

Troubleshooting Recommendations:

Try to manually enqueue the harvester and confirm that the attempt either succeeds or fails. If it fails again, contact support.

The harvester encountered a known error with InsightCloudSec processes (for example: ran out of memory).

Troubleshooting Recommendations:

Try to manually enqueue the harvester and confirm that the attempt either succeeds or fails. If it fails again, contact support.

The harvester API call did not complete in time.

Troubleshooting Recommendations:

Either let the next scheduled harvest run or try to manually enqueue the harvester and confirm that the attempt either succeeds or fails. If it fails again, then the provider may be experiencing technical issues similar to PROVIDER_ERROR.

The harvester encountered an unknown error or an error that could not be handled appropriately.

Troubleshooting Recommendations:

Try to manually enqueue the harvester and confirm that the attempt either succeeds or fails. If it fails again, contact support.