All Apps and Add-ons

Splunk Add-on for Box: Why am I receiving "Failed to Grant access" error when trying to set up the add-on in our production environment?

mlevsh
Builder

Hi,

We've installed Splunk Add-on for Box on intermediate forwarder and we are trying to configure it by going to manage apps -> Splunk Add-on for Box -> Setup. Setup requires to enter Box Oauth2 client id and client secret, which we did. After that we select other settings (proxy,etc) and click on "Save and Authenticate". Setup goes to Box login screen. After successfully entering credential, it goes to "Grant Access " screen. Clicking on "Grant Access" brings us back to Splunk Add-on for Box setup screen but with an error message "Failed to grant access" error. We performed the same setup on our Splunk dev instance (the same one server for forwarder, indexer, search head). It doesn't work in our Prod environment.

The following search index=_internal sourcetype=box:addon:setup:log has this kind of error:

<font size="2">*12-07-2016 14:53:03.706 -0500 ERROR AdminManagerExternal - Failed to do authentication, reason=Traceback (most recent call last):\n File "/export/opt/splunk/etc/apps/Splunk_TA_box/bin/box_setup.py", line 152, in _handleAuthentication\n args["auth_code"][0])\n File "/export/opt/splunk/etc/apps/Splunk_TA_box/bin/boxsdk/auth/oauth2.py", line 150, in authenticate\n return self.send_token_request(data, access_token=None)\n File "/export/opt/splunk/etc/apps/Splunk_TA_box/bin/boxsdk/auth/oauth2.py", line 286, in send_token_request\n access_token=access_token,\n File "/export/opt/splunk/etc/apps/Splunk_TA_box/bin/box_client.py", line 60, in request\n **kwargs)\n File "/export/opt/splunk/etc/apps/Splunk_TA_box/bin/boxsdk/network/default_network.py", line 23, in request\n return DefaultNetworkResponse(self._session.request(method, url, **kwargs), access_token)\n File "/export/opt/splunk/etc/apps/Splunk_TA_box/bin/requests/sessions.py", line 475, in request\n resp = self.send(prep, **send_kwargs)\n File "/export/opt/splunk/etc/apps/Splunk_TA_box/bin/requests/sessions.py", line 585, in send\n r = adapter.send(request, **kwargs)\n File "/export/opt/splunk/etc/apps/Splunk_TA_box/bin/requests/adapters.py", line 477, in send\n raise SSLError(e, request=request)\nSSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:595)\n*</font>

Thank you in advance for any advice to get through this issue

0 Karma
1 Solution

mlevsh
Builder

In our case, adding our 'production' Splunk server to "bypass" policy on proxy - solved the issue
and we were able to "successfully grant access" from Box to Splunk add-on

View solution in original post

0 Karma

mlevsh
Builder

In our case, adding our 'production' Splunk server to "bypass" policy on proxy - solved the issue
and we were able to "successfully grant access" from Box to Splunk add-on

0 Karma

mlevsh
Builder

@adamsaul just wanted to write an update. while 'dev' and 'production' servers were using the same proxy, which is, I was told, with no SSL interception - 'dev' server was on "bypass" policy on that proxy apparently. Firmware version of proxy is not compatible for us. So adding 'production' server to the same "bypass" policy on a proxy helped.

0 Karma

mlevsh
Builder

@adamsaul
No, no SSL interception

0 Karma

adamsaul
Communicator

mlevsh,

By chance, does the 'dev' or the 'production' server have a proxy in-line? If so, are you doing SSL interception?

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...