Harvesting Failure Messages

The Harvest Info page (Cloud > Cloud Accounts > Cloud Account Name > Harvest Info) provides descriptions of common failure messages associated with harvesting in the Failure Context field. These messages point to different reasons behind harvester failures, which normally have different solutions to achieve a successful harvest. Sometimes the same message can have a different meaning depending on the cloud type.

Failure Context Details

CLOUD_ACCOUNT_NOT_FOUND

The harvester could not contact the account being requested for harvesting.

This error may pause harvesting

If the harvester received this error, harvesting may be paused for the relevant account until you resume harvesting.

Troubleshooting Recommendations:

Wait several minutes and verify the account is still available. If necessary, try to manually enqueue the harvester and confirm that the attempt either succeeds or fails.

CLOUD_API_ERROR

The harvester attempted to use an API and received an error (for example: deserialization issues).

Troubleshooting Recommendations:

Try to manually enqueue the harvester and confirm that the attempt either succeeds or fails. If it fails again, contact support.

CLOUD_ASSUMED_ROLE_ERROR (AWS only)

An issue with assuming the role. For AWS, this message could apply to instance assume role or STS assume role.

Troubleshooting Recommendations:

AWS: Confirm that the role you are assuming has an assume role/STS policy attached. Confirm that your ARN is correct. Confirm that your external ID, if you have one, is correct.

CLOUD_CONNECTION_FAILURE

The harvester failed to connect to the cloud service provider's API (for example: gateway timeouts, service unavailable).

i would say is when a harvester fails to connect to the cloud service provider's api's then include the for examples

Troubleshooting Recommendations:

Try to manually enqueue the harvester and confirm that the attempt either succeeds or fails. If it fails again, contact support.

CLOUD_CONNECTION_TIMEOUT

The harvester timed out when attempting to use an API or got no response.

Troubleshooting Recommendations:

Try to manually enqueue the harvester and confirm that the attempt either succeeds or fails. If it fails again, contact support.

CLOUD_INVALID_CREDS

The credentials used to add the cloud account are no longer valid.

Troubleshooting Recommendations:

AWS: It is possible that the external ID used in your trust relationship has been changed. It is also possible that long-term API credentials, which are deprecated, have been deactivated or are expired.

CLOUD_PERMISSION_ERROR

The harvester failure is due to invalid permissions related to that API call.

Troubleshooting Recommendations:

  • AWS: Make sure that the role you are using to harvest resources has the necessary permissions. The easiest way to confirm appropriate permissions are in place is check the Visibility status on the Cloud Listing page.
  • You may need to rescan to validate current permissions. If the status is green, then please contact support as a required permission may be missing from our documentation. If status is yellow, then it should specify the missing permissions.
CLOUD_RATE_LIMITED

The harvester API call has been declined by the provider because the customer has reached the limit of API calls the provider will accept from the customer during that window of time.

Troubleshooting Recommendations:

  • Rate limits are customer-based, not product-based, so the issue may be due to API calls made outside of InsightCloudSec.
  • To reduce the number of API calls InsightCloudSec makes, consider enabling Event-Driven Harvesting, which makes resource-specific calls based upon specific events, or updating your Harvesting Strategy to reduce the frequency of API calls.
  • Read more about Event-Driven Harvesting on the Harvesting Overview page.
CLOUD_REGION_DISABLED

The harvester attempted to run on a disabled region.

Troubleshooting Recommendations:

  • AWS: New AWS regions (for example, Bahrain) are not turned on by default and only accept session token version 2. This error can occur if version 1 session tokens are used to make a request to service endpoints in an AWS region that is not turned on by default. Update your session token to use the new version. Visit the AWS documentation for details: [https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_enable-regions.html#sts-regions-manage-tokens]
  • Other clouds: update the region for the account, try to manually enqueue the harvester, and confirm that the attempt either succeeds or fails. If it fails again, contact support.
CLOUD_SERVICE_ENABLEMENT_ERROR

The harvester was not able to contact the appropriate service or collect a given resource type (for example: the cloud service API is not turned on for the account or the resource type isn't registered for the account).

Troubleshooting Recommendations:

Verify the correct API and types are configured properly. Try to manually enqueue the harvester and confirm that the attempt either succeeds or fails. If it fails again, contact support.

CLOUD_TOKEN_ERROR

The harvester failure is due to an issue at the remote end of the API call.

Troubleshooting Recommendations:

Either let the next scheduled harvest run or try to manually enqueue the harvester and confirm that the attempt either succeeds or fails. If it fails again, then the provider may be experiencing longer-term technical issues.

CLOUD_UNAUTHORIZED_SCP (AWS only)

The harvester failure is due to a Service Control Policy that is explicitly denying permission for the API call.

Troubleshooting Recommendations:

Review any Service Control Policies that are in effect for the impacted account to look for policies that may be denying access and update them as desired to add access.

CLOUD_UNKNOWN_PROVIDER_ERROR

Errors are classified by the most common failure cases. This error did not fit into a category and will be logged and reported to support.

Troubleshooting Recommendations:

Try to manually enqueue the harvester and confirm that the attempt either succeeds or fails. If it fails again, contact support.

DATABASE_CONNECTION_FAILURE

The harvester could not connect to the database.

Troubleshooting Recommendations:

Try to manually enqueue the harvester and confirm that the attempt either succeeds or fails. If it fails again, contact support.

DATABASE_DATA_ERROR

The harvester received a data error from the database (for example: integrity issues, stale data, invalid request).

Troubleshooting Recommendations:

Try to manually enqueue the harvester and confirm that the attempt either succeeds or fails. If it fails again, contact support.

DATABASE_UNKNOWN_ERROR

The harvester received an unknown database error.

Troubleshooting Recommendations:

Try to manually enqueue the harvester and confirm that the attempt either succeeds or fails. If it fails again, contact support.

DISABLED

The resource has been disabled locally and will no longer attempt to harvest.

Troubleshooting Recommendations:

If you wish to resume harvesting the resource, change its setting on the Cloud Listing page under Disabled Resources.

ERROR

The harvester failure is likely due to an operational or code issue.

Troubleshooting Recommendations:

Try to manually enqueue the harvester and confirm that the attempt either succeeds or fails. If it fails again, contact support.

INVALID_ORG_SERVICE

The relevant InsightCloudSec organization has been deleted, malformed, or is in an invalid status.

Troubleshooting Recommendations:

Try to manually enqueue the harvester and confirm that the attempt either succeeds or fails. If it fails again, contact support.

JOB_LOCK_ERROR

The harvester job failed to get a lock from the database for any reason other than parallel execution (PARALLEL_EXECUTION_ERROR).

Troubleshooting Recommendations:

Try to manually enqueue the harvester and confirm that the attempt either succeeds or fails. If it fails again, contact support.

PARALLEL_EXECUTION_ERROR

The harvester attempted to run in parallel with an existing instance of itself.

Troubleshooting Recommendations:

Wait several minutes and determine if another run is necessary. If necessary, try to manually enqueue the harvester and confirm that the attempt either succeeds or fails.

SCHEDULED_EVENT_ERROR

The harvester received a scheduled event error (for example: event was missing from the database or the event was not in an active state).

Troubleshooting Recommendations:

Try to manually enqueue the harvester and confirm that the attempt either succeeds or fails. If it fails again, contact support.

SYSTEM_ERROR

The harvester encountered a known error with InsightCloudSec processes (for example: ran out of memory).

Troubleshooting Recommendations:

Try to manually enqueue the harvester and confirm that the attempt either succeeds or fails. If it fails again, contact support.

TIMEOUT

The harvester API call did not complete in time.

Troubleshooting Recommendations:

Either let the next scheduled harvest run or try to manually enqueue the harvester and confirm that the attempt either succeeds or fails. If it fails again, then the provider may be experiencing technical issues similar to PROVIDER_ERROR.

UNKNOWN_ERROR

The harvester encountered an unknown error or an error that could not be handled appropriately.

Troubleshooting Recommendations:

Try to manually enqueue the harvester and confirm that the attempt either succeeds or fails. If it fails again, contact support.