000037390 - How to change the deployment (deploy_admin) password in the RSA NetWitness Platform 11.x

Document created by RSA Customer Support Employee on Jun 11, 2019Last modified by RSA Customer Support Employee on Oct 22, 2020
Version 3Show Document
  • View in full screen mode

Article Content

Article Number000037390
Applies ToRSA Product Set: NetWitness Platform, NetWitness Endpoint
RSA Product/Service Type: Admin Server/Component Host
RSA Version/Condition: 11.1, 11.2, 11.3, 11.4
Platform: CentOS 7
TasksThis document will discuss the best practices to consider when changing the deployment password. The deployment password, or the deploy_admin Web User password, is used in many different parts of the product to perform operations. These include, but are not limited to:
  • Install
  • Upgrade
  • Mongo Database Access
  • RabbitMQ
ResolutionStep 1: Changing the password in the UI:
Please note that you will only have to do this if you are on a version prior to 11.3. If you are on version 11.3 or greater, you can skip this step and go to the next.

  1. Login to the Web User Interface with an Administrative account.
  2. Go to the Admin page and select the Security Tab.
  3. Select the checkbox next to the deploy_admin user.
  4. Click the Reset Password button.User-added image
  5. Type in your new password while conforming to your organization's password requirements. Special Note: If your organization has set high complexity for passwords, please note that the next step requires you pick a password that can only allow the use of these special characters with the normal set of alpha-numeric characters.  !@#%^,+
  6. When your password has been entered, clear the "Force password change on next login" option and click save.
  7. Test your password change by logging out of the UI and back in again.


    Step 2: Synchronizing your password across the rest of your host:
    A script will need to be run on each host to propagate the changed password forward, starting with the NetWitness Admin Server. It can be run like the following.

    [root@nwadmin1 ~]# /opt/rsa/saTools/bin/set-deploy-admin-password
    Please enter the old deploy_admin account password:
    Please enter the new deploy_admin account password:
    Please confirm the new deploy_admin account password:
    [2019-04-22T21:19:08+00:00] <24028> (INFO) Updating deploy_admin password in mongo
    [2019-04-22T21:19:08+00:00] <24028> (INFO) Updating deploy_admin password in rabbitmq
    [2019-04-22T21:19:10+00:00] <24028> (INFO) Updating deploy_admin password in config-server
    [2019-04-22T21:19:18+00:00] <24028> (INFO) Updating deploy_admin password in security-server
    [2019-04-22T21:19:24+00:00] <24028> (INFO) Password synchronization completed successfully.

    If you are on RSA NetWitness 11.4 or later, use the following to sync your password across the rest of your hosts:


    [root@nwadmin1 ~]#nw-manage --update-deploy-admin-pw
    Please enter the new deploy_admin account password:
    Please confirm the new deploy_admin account password:
    INFO 46575 --- [           main] c.r.n.i.o.client.LaunchHelper            : Task [update deploy admin password on all hosts] running (polling 599 more times)...
    INFO 46575 --- [           main] c.r.n.i.o.client.LaunchHelper            : Task [update deploy admin password on all hosts] running (polling 598 more times)...
    INFO 46575 --- [           main] c.r.n.i.o.client.LaunchHelper            : Task [update deploy admin password on all hosts] running (polling 597 more times)...
    INFO 46575 --- [           main] c.r.n.i.o.client.LaunchHelper            : Task [update deploy admin password on all hosts] running (polling 596 more times)...
    INFO 46575 --- [           main] c.r.n.i.o.client.LaunchHelper            : Task [update deploy admin password on all hosts] running (polling 595 more times)...
    INFO 46575 --- [           main] c.r.n.i.o.client.LaunchHelper            : Task [update deploy admin password on all hosts] waiting for triggers to be completed (polling 594 more times)...
    INFO 46575 --- [           main] c.r.n.i.o.client.LaunchHelper            : Task [update deploy admin password on all hosts] waiting for triggers to be completed (polling 593 more times)...
    INFO 46575 --- [           main] c.r.n.i.o.client.LaunchHelper            : Task [update deploy admin password on all hosts] waiting for triggers to be completed (polling 592 more times)...
    INFO 46575 --- [           main] c.r.n.i.o.client.LaunchHelper            : Task [update deploy admin password on all hosts] waiting for triggers to be completed (polling 591 more times)...
    INFO 46575 --- [           main] c.r.n.i.o.client.LaunchHelper            : Task [update deploy admin password on all hosts] waiting for triggers to be completed (polling 590 more times)...
    INFO 46575 --- [           main] c.r.n.i.o.client.LaunchHelper            : Task [update deploy admin password on all hosts] waiting for triggers to be completed (polling 589 more times)...
    INFO 46575 --- [           main] c.r.n.i.o.client.LaunchHelper            : Task [update deploy admin password on all hosts] waiting for triggers to be completed (polling 588 more times)...
    INFO 46575 --- [           main] c.r.n.i.o.client.LaunchHelper            : Task [update deploy admin password on all hosts] waiting for triggers to be completed (polling 587 more times)...
    INFO 46575 --- [           main] c.r.n.i.o.client.LaunchHelper            : Task update deploy admin password on all hosts completed
    INFO 46575 --- [           main] c.r.n.i.o.client.OrchestrationClient     : update deploy admin password status:
    +---------+---------------------+---------+------------------------------------+
    |         | Host                | Status  | Message                            |
    +---------+---------------------+---------+------------------------------------+
    | c867ead5| 10.xx.xx.xx         | Success | Password Update Succeeded          |
    | 4748c55f| 127.0.0.1           | Success | Password Update Succeeded          |
    | 3a94aa11| 10.xx.xx.xx         | Success | Password Update Succeeded          |
    | 4c23ba06| 10.xx.xx.xx         | Success | Password Update Succeeded          |
    | 6c559227| 10.xx.xx.xx         | Success | Password Update Succeeded          |
    | 8ec46482| 10.xx.xx.xx         | Success | Password Update Succeeded          |
    | 857e0870| 10.xx.xx.xx         | Success | Password Update Succeeded          |
    +---------+---------------------+---------+------------------------------------+

    INFO 46575 --- [           main] c.r.n.i.o.c.OrchestrationApplication     : Tasks completed successfully...
    INFO 46575 --- [           main] c.r.n.i.o.c.OrchestrationApplication     : Request completed successfully.
    (INFO) Update Deploy Admin Password completed successfully.

    Please note that the above will look different depending on which kind of host you run the script on. For example, a stand-alone Log Decoder, looks like the following:


    [root@ldec1 ~]# /opt/rsa/saTools/bin/set-deploy-admin-password
    Please enter the new deploy_admin account password:
    Please confirm the new deploy_admin account password:
    [2019-04-22T21:37:52+00:00] <3310> (INFO) Updating deploy_admin password in rabbitmq
    [2019-04-22T21:37:55+00:00] <3310> (INFO) Password synchronization completed successfully.

    This step is absolutely necessary for the following kinds of host:

    • Admin Server
    • Endpoint Hybrid
    • ESA Primary
    • ESA Secondary
    • UEBA
    Failure to run this script on at least these types of hosts in your environment can result in your next upgrade attempt failing due to the password mismatch.
     
NotesIf the set-deploy-admin-password script fails on updating the mongo password because the old password may be different than what you may expect, please review, How to reset the deployment (deploy_admin) password for MongoDB in the RSA NetWitness Platform 11.x

Attachments

    Outcomes