Article Content
Article Number | 000028094 |
Applies To | RSA Security Analytics RSA Security Analytics 10.3 RSA NetWitness Informer RSA NetWitness Informer 2.0.5.6 |
Issue | Cannot use Security Analytics 10.3 services with NetWitness Informer 2.0.5.6. After upgrading to Security Analytics 10.3.x, Informer is no longer able to use the concentrator or broker as a Data Source. InformerService.log contains the following Exceptions in GetSessionDBRange & RunAlert: 2014-01-14 00:34:16.9740 (InformerUtils) Exception in GetSessionDBRange - SDK indicated an error occurred calling NwSession 2014-01-14 00:34:17.0208 (AlertWorker) Exception in RunAlert - Server must be busy as Informer has received a session ID range of [1,0]. Alerts cannot be run at this time. 2014-01-14 00:35:42.4271 (HandleWatcher) Connection check failed because connect failed with error "a connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond" ... the engine will try to reconnect until a valid connection to a NetWitness data source is made. 2014-01-14 00:35:45.9896 (AgentJob) NetWitness Informer Engine has lost its connection. The service will attempt to reconnect until a valid connection can be made. |
Resolution | The cause is due to a change in the Authentication method. Download cnwsdk.dll from here: a63918_cnwsdk.zip |
Legacy Article ID | a63918 |