Skip navigation

Log in to create and rate content, and to follow, bookmark, and share content with other members.

000037048 - After upgrading to RSA NetWitness Logs & Network 10.6.6.0, Active Directory authentication no longer works

Document created by RSA Customer Support

on Dec 25, 2018

Version 1Show Document

Like • Show 0 Likes0
Comment • 0
View in full screen mode

Article Content

Article Number	000037048
Applies To	RSA Product Set: NetWitness Logs & Network RSA Product/Service Type: SA Server RSA Version/Condition: 10.6.6.0 and above Platform: CentOS 6
Issue	After upgrading to 10.6.6.0, users that authenticate using Active Directory are unable to login anymore.
Cause	One reason for this circumstance is if your Active Directory server is not configured to use TLS 1.2. For instance, Windows Server 2008 R2 may not have TLS 1.2 enabled right out of the box.
Resolution	You have two solutions: Enable TLS 1.2 on the Windows Domain Controller. You may have to talk to your Active Directory administrators on how to best achieve this. Disable the TLS 1.0 and 1.1 restriction in the puppet recipes. The rest of this KB article will show you how to accomplish the workaround. NOTE: RSA recommends that you re-enable TLS 1.2 on the SA Server at your earliest convenience. This workaround is only meant to enable your Analysts to work while the change is being made on the Windows side. By making this change, you are making your system less secure.
Workaround	SSH to the SA Server. We will modify a puppet recipe and let the change propagate throughout the system. vi /etc/puppet/modules/rsa-java/files/java.security.java8 You will see a line like the following towards the end of the file: jdk.tls.disabledAlgorithms=SSLv3,DES,DESede, TLSv1, TLSv1.1, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_256_GCM_SHA384 Note that TLSv1 and TLSv1.1 are in this list. We will be removing these values from this comma-separated list. We will then be left with the following: jdk.tls.disabledAlgorithms=SSLv3,DES,DESede, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_256_GCM_SHA384 Save this file. Then, we will propagate the changes using puppet with an agent run. puppet agent -t This will cause the jetty/UI service to restart. If it does not restart itself during the run, then you'll need to do it manually. stop jettysrv start jettysrv Then, attempt to login to the UI using your Active Directory login credentials and see if this resolved your issue.
Notes	If you are still having an issue, please submit a case to RSA Technical Support and quote this KB article for further assistance.

Attachments

Outcomes

0 Comments

Recommended Content