000037390 - How to change the deployment (deploy_admin) password in the RSA NetWitness Platform 11.x

Document created by RSA Customer Support Employee on Jun 11, 2019Last modified by RSA Customer Support Employee on Jul 13, 2019
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000037390
Applies ToRSA Product Set: NetWitness Logs & Network, NetWitness Endpoint
RSA Product/Service Type: Admin Server/Component Host
RSA Version/Condition: 11.1, 11.2, 11.3
Platform: CentOS 7
TasksThis document will discuss the best practices to consider when changing the deployment password. The deployment password, or the deploy_admin Web User password, is used in many different parts of the product to perform operations. These include, but are not limited to:
  • Install
  • Upgrade
  • Mongo Database Access
  • RabbitMQ
ResolutionStep 1: Changing the password in the UI:
Please note that you will only have to do this if you are on a version prior to 11.3. If you are on version 11.3 or greater, you can skip this step and go to the next.

  1. Login to the Web User Interface with an Administrative account.
  2. Navigate to the Admin page and select the Security Tab.
  3. Select the checkbox next to the deploy_admin user.
  4. Click the Reset Password button.User-added image
  5. Type in your new password while conforming to your organization's password requirements. Special Note: If your organization has set high complexity for passwords, please note that the next step requires you pick a password that can only allow the use of these special characters with the normal set of alpha-numeric characters.  !@#%^,+
  6. When your password has been entered, uncheck the "Force password change on next login" option and click save.
  7. Test your password change by logging out of the UI and back in again.

    Step 2: Synchronizing your password across the rest of your host:
    A script will need to be run on each host to propagate the changed password forward, starting with the NetWitness Admin Server. It can be run like the following.

    [root@nwadmin1 ~]# /opt/rsa/saTools/bin/set-deploy-admin-password
    Please enter the old deploy_admin account password:
    Please enter the new deploy_admin account password:
    Please confirm the new deploy_admin account password:
    [2019-04-22T21:19:08+00:00] <24028> (INFO) Updating deploy_admin password in mongo
    [2019-04-22T21:19:08+00:00] <24028> (INFO) Updating deploy_admin password in rabbitmq
    [2019-04-22T21:19:10+00:00] <24028> (INFO) Updating deploy_admin password in config-server
    [2019-04-22T21:19:18+00:00] <24028> (INFO) Updating deploy_admin password in security-server
    [2019-04-22T21:19:24+00:00] <24028> (INFO) Password synchronization completed successfully.

    Please note that the above will look different depending on which kind of host you run the script on. For example, a standalone Log Decoder, looks like the following:

    [root@ldec1 ~]# /opt/rsa/saTools/bin/set-deploy-admin-password
    Please enter the new deploy_admin account password:
    Please confirm the new deploy_admin account password:
    [2019-04-22T21:37:52+00:00] <3310> (INFO) Updating deploy_admin password in rabbitmq
    [2019-04-22T21:37:55+00:00] <3310> (INFO) Password synchronization completed successfully.

    This step is absolutely necessary for the following kinds of host:

    • Admin Server
    • Endpoint Hybrid
    • ESA Primary
    • ESA Secondary
    • UEBA
    Failure to run this script on at least these types of hosts in your environment can result in your next upgrade attempt failing due to the password mismatch.
NotesIf the set-deploy-admin-password script fails on updating the mongo password because the old password may be different than what you may expect, please review How to reset the deployment (deploy_admin) password for MongoDB in the RSA NetWitness Platform 11.x