000037015 - How to reset deploy_admin password for mongo DB in RSA NetWitness 11.x

Document created by RSA Customer Support Employee on Dec 17, 2018
Version 1Show Document
  • Comment0
  • View in full screen mode

Article Content

Article Number000037015
Applies ToRSA Product Set: NetWitness Logs & Network
RSA Product/Service Type: Security Analytics Server
RSA Version/Condition: 11.x
Platform: CentOS
O/S Version: 7
 
IssueWhen the password for 'deploy_admin' account is out of sync with the current 'deploy_admin' password(likely due to user errors while running nwsetup-tui), upgrading NetWitness ESA 11.x fails with the following error in ESA's /var/log/messages.

Nov 26 00:24:49 RSA-ESA salt-minion: ================================================================================
Nov 26 00:24:49 RSA-ESA salt-minion: Error executing action `run` on resource 'execute[Creating MongoDB user CN=rsa-nw-admin-server]'
Nov 26 00:24:49 RSA-ESA salt-minion: ================================================================================
Nov 26 00:24:49 RSA-ESA salt-minion: Mixlib::ShellOut::ShellCommandFailed
Nov 26 00:24:49 RSA-ESA salt-minion: ------------------------------------
Nov 26 00:24:49 RSA-ESA salt-minion: Command execution failed. STDOUT/STDERR suppressed for sensitive resource
Nov 26 00:24:49 RSA-ESA salt-minion: Resource Declaration:


Login attempt to admin DB returns the following error.

mongo admin -u deploy_admin -p <Password for deploy_admin> --authenticationDatabase admin
MongoDB shell version v3.6.4
connecting to: mongodb://127.0.0.1:27017/admin
MongoDB server version: 3.6.4
2018-11-26T01:33:47.176+0000 E QUERY [thread1] Error: Authentication failed. :
DB.prototype._authOrThrow@src/mongo/shell/db.js:1608:20
@(auth):6:1
@(auth):1:2
exception: login failed

set-deploy-admin-password can be run successfully but the login to admin DB continues to fail with the same error.
 
ResolutionPlease follow the steps below in order to reset the password for deploy_admin for Mongo DB.
  1. SSH into the ESA host.
  2. Modify /etc/mongod.conf to change 'authorization'
    from
    security:
    authorization: enabled
    to
    security:
    authorization: disabled
  3. Restart mongod service.
    systemctl restart mongod.service
  4. Reset the password.
    mongo admin
    db.changeUserPassword('deploy_admin','<Password for deploy_admin>')
    exit
  5. Revert the changes to /etc/mongod.conf
    from
    security:
    authorization: disabled
    to
    security:
    authorization: enabled
  6. Restart mongod service.
    systemctl restart mongod.service
  7. Test connection with the current password.
    mongo admin -u deploy_admin -p <Password for deploy_admin> --authenticationDatabase admin

Attachments

    Outcomes