000038678 - Host synchronization failed error while synchronizing the certs for RSA NetWitness host component in version 11.x

Document created by RSA Customer Support Employee on Apr 16, 2020
Version 1Show Document
  • View in full screen mode

Article Content

Article Number000038678
Applies ToRSA Product Set: RSA NetWitness Logs & Network
RSA Product/Service Type: Security Analytics Server
RSA Version/Condition: 11.X 
Platform: CentOS
O/S Version: 7
IssueWhen reissuing the certs using Reissue root CA security certificates on RSA NetWitness Platform 11.x, synchronizing the certificates to components fails as below.

#nw-root-ca-update --synch-host --host-all

[2020-04-03T10:21:11+00:00] <30723> (INFO) Restarting service: collectd
[2020-04-03T10:21:11+00:00] <30723> (INFO) Request completed successfully
[2020-04-03T05:15:37+00:00] <15492> (ERROR) One or more hosts failed:
[2020-04-03T05:15:37+00:00] <15492> (ERROR) -- 133696a5-0c15-43bc-a2c9-63c0ec61a667
[2020-04-03T05:15:37+00:00] <15492> (ERROR) -- ee6fc92c-47f0-4369-8e0e-e63b8f758631
[2020-04-03T05:15:37+00:00] <15492> (ERROR) Host synchronization failed

Trying individual host synchronization also fails as below.
[root@headsiemsa01 ~]# nw-root-ca-update --synch-host --host-id  ee6fc92c-47f0-4369-8e0e-e63b8f758631

[2020-04-03T05:28:37+00:00] <29838> (INFO) Updating node: ee6fc92c-47f0-4369-8e0e-e63b8f758631
    /bin/sh: /var/netwitness/download/root-ca-update/nw-root-ca-update: No such file or directory
ERROR: Minions returned with non-zero exit code
[2020-04-03T05:28:39+00:00] <29838> (ERROR) One or more hosts failed:
[2020-04-03T05:28:39+00:00] <29838> (ERROR) -- ee6fc92c-47f0-4369-8e0e-e63b8f758631
[2020-04-03T05:28:39+00:00] <29838> (ERROR) Host synchronization failed
CauseWhen the customer renewed the certificates for mixed-mode set up (10.6 and 11.X), the 10.6.X appliances have to be updated to 11.X to renew the certs. This issue occurs when certificates being synchronized for 10.6 appliances that are updated to 11.X.
ResolutionPlease follow below instructions to synchronize the certificates to all problematic hosts.
  1. Login to putty of Node-0 (NwServer) and run below commands in sequence.
    #nw-root-ca-update --post-install
    #nw-root-ca-update --synch-host --host-all

    post successful synchronization output will be as below.

    [2020-04-03T06:34:15+00:00] <3816> (INFO) All hosts updated successfully
    [2020-04-03T06:34:15+00:00] <3816> (INFO) Request completed successfully

  2. Login to GUI->ADMIN->Hosts page to verify the green status for all problematic hosts.