000037365 - RSA NetWitness Endpoint (ECAT): After a SQL statement error (update statement) all agents are removed from UI

Document created by RSA Customer Support Employee on May 28, 2019
Version 1Show Document
  • View in full screen mode

Article Content

Article Number000037365
Applies ToRSA Product Set: NetWitness Endpoint(ECAT)
RSA Product/Service Type: NetWitness Endpoint(ECAT)
RSA Version/Condition: 4.4.x
Platform: Windows
 
IssueSQL Update statement can corrupt cache in the UI  due to change in the Admin Status field for machine view.
This can be caused by changing the Admin Status field in the Machines Panel of the UI. For example, if the Admin Status is changed from one of the values in the drop-down box (as shown below). If the Empty box is checked, and status is updated, this will result in Null value in the database.

Sample of the blank field with no description entry
CauseThe cause is a faulty update statement that attempts to update a row that does not exist in the SQL database. This corrupts the cache in the UI and causes the list of machines to become zeroed out, leaving the UI showing incorrect data.

SQL timeout error

The UPDATE statement conflicted with the FOREIGN KEY constraint "Constraint_FK_AdminStatus_MachineAdminInfo". The conflict occurred in database "ECAT$PRIMARY", table "dbo.AdminStatus", column 'PK_AdminStatus'.
The statement has been terminated.
Resolution

There is no other method to resolve this issue once encountered than the one in the workaround section. Currently upgrading to 4.4.10.0 should resolve this issue from happening again, but is not confirmed yet. If the issue is seen again, a support case should be opened to resolve.

Workaround

Repairing the UI:


To repair the UI, the UI cache must be purged so the cache can be regenerated. In order to do this, follow the below steps:

  1. Open a Windows Explorer folder and in the address bar at the top type %appdata%
  2. This will open the AppData directory. Navigate up one level and then select the Local instead of Remote folder
  3. Navigate to RSA>RSA Netwitness Endpoint>4.4.0.9(or whichever version is the latest)>(name_of_sql_instance)>cache
  4. Delete all the files in the cache folder
  5. Restart the UI. At this point, all the machines should appear normal.

Prevention:



Do not change the admin status of machines to the blank entry as seen in the above screenshot in the Issue section. Doing so will cause the issue listed above. Instead, choose any option that has a name in the Description field instead of a blank. This will avoid the issue and not trigger any further issues in the UI cache.

Attachments

    Outcomes