Skip navigation

Log in to create and rate content, and to follow, bookmark, and share content with other members.

000037760 - ConsoleServer Service will not start after system has been recovered from Backup in RSA NetWitness Endpoint

Document created by RSA Customer Support

on Aug 6, 2019

Version 1Show Document

Like • Show 0 Likes0
Comment • 0
View in full screen mode

Article Content

Article Number	000037760
Applies To	RSA Product Set: NetWitness Endpoint RSA Product/Service Type: NetWitness Endpoint RSA Version/Condition: 4.4.x.x Platform: Windows
Issue	The NW Endpoint Product has been moved to another system or disaster recovery restore. When starting the Console Server the following exception is thrown. [6] System.ComponentModel.Win32Exception: Error 1312 at HttpSetServiceConfiguration at a.b.Xᝅ.ᜀ(X509Store A_0, X509Certificate A_1, IPAddress A_2, Int32 A_3, Boolean A_4) at a.b.X᝘..ctor(String A_0, String[] A_1, String A_2, String A_3, CancellationToken A_4, Int32 A_5) at a.b.Xᝄ..ctor(Boolean A_0, String[] A_1, String A_2, String A_3, CancellationToken A_4, Int32 A_5) at EConsole.Server.ServerLogic.CreateHttp(Int32 httpsPort, String serverCertSubject, String clientCertSubject) at a.b.X᝝.ᜄ() Inner-Exception: [6] System.ComponentModel.Win32Exception: A specified logon session does not exist. It may already have been terminated. (Exception from HRESULT: 0x80070520)
Cause	The most likely cause of this issue is that Certificates were not imported. ConsoleServer.exe.config file does not have the correct hash(thumbprint) of the NWEServer certificate (EcatServerExported if the certificate is older) or the certificates were not imported correctly.
Resolution	First step is to open up the Microsoft Management Console. ( See the 4.4 Install Guide under Subheading Installation -> Step 4 (Optional) Export Primary Server Certificates on page 59). To note: Keep this file open because we will be using this guide for additional troubleshooting. Once the MMC Certificates is open, expend Certificates -> Personal -> Certificates panel -> double click the NweServerCertificate -> Details -> scroll down to Thumbprint section. Open the <Drive>\Program Files\RSA\ECAT\Server\ConsoleServer.exe.config file with notepad or another text editor. Search for string "LocalHttpsServerCertHash" compare the thumbprint with the NweServerCertificate thumbprint. they should be the same. (The letters will be uppercase in the ConsoleServer.exe.config file) Search again further in the file for string <serviceCertificate storeLocation, (example below:) findValue="0xAF1EB0193A038A3E15123E8EA1E7D092ABA2D73F" storeName="My"/> <userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="EConsole.Server.Rest.EcatUserNamePassValidator, ConsoleServer"/> </serviceCredentials> If the certhash is different, make a back-up copy of the ConsoleServer.exe.config file, stop the API service. Edit the two certhash entries to match the thumbprint of the Server certificate (as displayed in the details tab) (Use upper case letters, for the first line, do not prefix the "0x" for the first entry.) Start the API and Console Server service. If the ConsoleServer service should fail again; Stop the API service Follow the directions as stated in the 4. User Guide on pages 59 to 73 make sure you export the private key and select .pfx file format. After certificates have been imported, start the ConsoleServer service and API service.

Attachments

Outcomes

0 Comments

Recommended Content