on Jan 16, 2019Article Content
| Article Number | 000037103 |
| Applies To | RSA Product Set: NetWitness Endpoint RSA Product/Service Type: NetWitness Endpoint RSA Version/Condition: 4.4.0.x |
| Issue | RSA ECAT Server Service does not start up. |
| Cause | The most common causes are license expired, password was changed for the Service Account. This article deals with disk space issues on the ECAT\Server\Files Folder. |
| Resolution | Over a period of time the \ECAT\Server\Files folder can fill up the allotted space on the Drive. This folder contains sub-folders name based on timestamp on when the module was first discovered by an agent scan. Within each sub-folder there is one or more copies of the module inside the subfolder. More details about modules is in the User Guide (sub heading “Manage Modules”) If the drive gets full, you can resolve the issue by the following methods:
|
| Workaround | You can conserve disk space by limiting the downloaded module size. The steps are as follows; UI -> Global Parameters -> Automatically Download New Modules. You have the option to disable this feature, or change the File Size Limit from 10 MB, to 1 MB. As last resort you can delete files out of the \ECAT\Server\Files folder. Below is suggested method for finding the largest modules. (below is example, change drive to where the \Server\Files on your system). GetChildItem -path e:\ECAT\Server\Files -recurse | sort length -desc | Select-Object -first 20 | Out-File largeModules.txt |