|Applies To||RSA Security Analytics|
RSA Security Analytics 10.3
RSA NetWitness Informer
RSA NetWitness Informer 126.96.36.199
|Issue||Cannot use Security Analytics 10.3 services with NetWitness Informer 188.8.131.52.|
After upgrading to Security Analytics 10.3.x, Informer is no longer able to use the concentrator or broker as a Data Source.
InformerService.log contains the following Exceptions in GetSessionDBRange & RunAlert:
2014-01-14 00:34:16.9740 (InformerUtils) Exception in GetSessionDBRange - SDK indicated an error occurred calling NwSession
2014-01-14 00:34:17.0208 (AlertWorker) Exception in RunAlert - Server must be busy as Informer has received a session ID range of [1,0]. Alerts cannot be run at this time.
2014-01-14 00:35:42.4271 (HandleWatcher) Connection check failed because connect failed with error "a connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond" ... the engine will try to reconnect until a valid connection to a NetWitness data source is made.
2014-01-14 00:35:45.9896 (AgentJob) NetWitness Informer Engine has lost its connection. The service will attempt to reconnect until a valid connection can be made.
The cause is due to a change in the Authentication method.
Download cnwsdk.dll from here: a63918_cnwsdk.zip
|Legacy Article ID||a63918|