000039411 - RSA NetWitness nw-recovery-tool script fails to export mongodb

Document created by RSA Customer Support Employee on Oct 28, 2020
Version 1Show Document
  • View in full screen mode

Article Content

Article Number000039411
Applies ToRSA Product Set: RSA NetWitness Platform
RSA Product/Service Type: NetWitness Recovery Tool (NRT)
RSA Version/Condition: 11.3.x, 11.4.x, 11.5.x
O/S Version: CentOS 7
IssueWhen running the NetWitness Recovery Tool (NRT) nw-recovery-tool script it fails during mongodb export with the error,

:
[2020-10-19T17:11:40+00:00] <25616> (INFO) dnsmasq: [ok]
[2020-10-19T17:11:40+00:00] <25616> (INFO) Processing component: mongo...
[2020-10-19T17:11:40+00:00] <25616> (INFO) Executing: before-export [1/2]...
[2020-10-19T17:11:40+00:00] <25616> (INFO) Executing: before-export [2/2]...
2020-10-19T17:11:40.454+0000 Failed: error connecting to db server: server returned error on SASL authentication step: Authentication failed.
[2020-10-19T17:11:40+00:00] <25616> (INFO) mongo: [failed]
[2020-10-19T17:11:40+00:00] <25616> (ERROR) Failed to execute before-export step [2/2]!


In the nw-recovery-tool script log file /var/log/netwitness/recovery-tool/recovery.log, it shows.

:
[2020-10-19T17:11:40+00:00] <25616> (INFO) dnsmasq: [ok]
[2020-10-19T17:11:40+00:00] <25616> (INFO) Processing component: mongo...
[2020-10-19T17:11:40+00:00] <25616> (INFO) Executing: before-export [1/2]...
[2020-10-19T17:11:40+00:00] <25616> (INFO) Executing: before-export [2/2]...
[2020-10-19T17:11:40+00:00] <25616> (INFO) mongo: [failed]
[2020-10-19T17:11:40+00:00] <25616> (ERROR) Failed to execute before-export step [2/2]!
CauseThe nw-recovery-tool script asks for the deploy_admin password, which is used to login to the mongodb.

If the entered deploy_admin is wrong, the mongodump login will fail to authenticate and fail to export the mongodb data.
 

mongodump -u "deploy_admin" -p "wrong_password" --out=./mongo --gzip
2020-10-20T02:43:14.074+0000    Failed: error connecting to db server: server returned error on SASL authentication step: Authentication failed.


 
ResolutionTest if the "known" deploy_admin password can access the mongodb with a command like,

echo "show dbs" |mongo -u deploy_admin -p netwitness

Where netwitness is the default password, substitute this with your deploy_admin password.

If the returned output is "Error: Authentication failed" then the login has failed.

echo "show dbs" |mongo -u deploy_admin -p wrong_password
MongoDB shell version v4.0.19
connecting to: mongodb://127.0.0.1:27017/?gssapiServiceName=mongodb
2020-10-22T04:10:36.287+0000 E QUERY    [js] Error: Authentication failed. :
connect@src/mongo/shell/mongo.js:344:17
@(connect):2:6
exception: connect failed


If the login failed try using netwitness and see if the default password works.

If the mongodb password is still unknown refer to the following RSA Knowledgebase article, How to reset deploy_admin password for mongo DB in RSA NetWitness Platform 11.x

Re-run the nw-recovery-tool script and enter the correct deploy_admin password once it is known.

Attachments

    Outcomes