|Applies To||RSA Product Set: NetWitness Endpoint|
RSA Product/Service Type: NetWitness Endpoint
RSA Version/Condition: 4.4.x.x
|Issue||The NW Endpoint Product has been moved to another system or disaster recovery restore.|
When starting the Console Server the following exception is thrown.
|Cause||The most likely cause of this issue is that Certificates were not imported. ConsoleServer.exe.config file does not have the correct hash(thumbprint) of the NWEServer certificate (EcatServerExported if the certificate is older) or the certificates were not imported correctly.|
|Resolution||First step is to open up the Microsoft Management Console. ( See the 4.4 Install Guide under Subheading Installation -> Step 4 (Optional) Export Primary Server Certificates on page 59). |
To note: Keep this file open because we will be using this guide for additional troubleshooting.
Once the MMC Certificates is open, expend Certificates -> Personal -> Certificates panel -> double click the NweServerCertificate -> Details -> scroll down to Thumbprint section.
Open the <Drive>\Program Files\RSA\ECAT\Server\ConsoleServer.exe.config file with notepad or another text editor.
Search for string "LocalHttpsServerCertHash" compare the thumbprint with the NweServerCertificate thumbprint. they should be the same.
(The letters will be uppercase in the ConsoleServer.exe.config file)
Search again further in the file for string <serviceCertificate storeLocation, (example below:)
<userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="EConsole.Server.Rest.EcatUserNamePassValidator, ConsoleServer"/>
If the certhash is different, make a back-up copy of the ConsoleServer.exe.config file, stop the API service.
Edit the two certhash entries to match the thumbprint of the Server certificate (as displayed in the details tab)
(Use upper case letters, for the first line, do not prefix the "0x" for the first entry.)
Start the API and Console Server service.
If the ConsoleServer service should fail again;
Stop the API service
Follow the directions as stated in the 4. User Guide on pages 59 to 73 make sure you export the private key and select .pfx file format.
After certificates have been imported, start the ConsoleServer service and API service.