Skip navigation

Log in to create and rate content, and to follow, bookmark, and share content with other members.

000028094 - Cannot use Security Analytics 10.3 services with NetWitness Informer 2.0.5.6

Document created by RSA Customer Support

on Jun 14, 2016•Last modified by RSA Customer Support

on Apr 21, 2017

Version 2Show Document

Like • Show 0 Likes0
Comment • 0
View in full screen mode

Article Content

Article Number	000028094
Applies To	RSA Security Analytics RSA Security Analytics 10.3 RSA NetWitness Informer RSA NetWitness Informer 2.0.5.6
Issue	Cannot use Security Analytics 10.3 services with NetWitness Informer 2.0.5.6. After upgrading to Security Analytics 10.3.x, Informer is no longer able to use the concentrator or broker as a Data Source. InformerService.log contains the following Exceptions in GetSessionDBRange & RunAlert: 2014-01-14 00:34:16.9740 (InformerUtils) Exception in GetSessionDBRange - SDK indicated an error occurred calling NwSession 2014-01-14 00:34:17.0208 (AlertWorker) Exception in RunAlert - Server must be busy as Informer has received a session ID range of [1,0]. Alerts cannot be run at this time. 2014-01-14 00:35:42.4271 (HandleWatcher) Connection check failed because connect failed with error "a connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond" ... the engine will try to reconnect until a valid connection to a NetWitness data source is made. 2014-01-14 00:35:45.9896 (AgentJob) NetWitness Informer Engine has lost its connection. The service will attempt to reconnect until a valid connection can be made.
Resolution	The cause is due to a change in the Authentication method. The workaround is to replace cnwsdk.dll with NetWitness 9.8.5.15 C SDK file (x32 DLL) or later. Attached is DLL from 9.8.5.17 SDK. 1) Download a63918_cnwsdk.zip from this KB article and copy to the filesystem somewhere on the Informer Appliance. Extract a63918_cnwsdk.dll from the zip file and rename file to cnwsdk.dll 2) Stop the NetWitness Informer Service 3) Navigate to the Informer Service directory which is located here C:\Program Files\NetWitness\NetWitness Informer Service 4) Make a backup copy of the current file called cnwsdk.dll 5) Overwrite the cnwsdk.dll with the file downloaded in Step 1 6) Start the Informer service Download cnwsdk.dll from here: a63918_cnwsdk.zip
Legacy Article ID	a63918

Attachments

Outcomes

0 Comments

Recommended Content