000032272 - ESA service keeps crashing with error "Error initializing the license manager: Failed file read" in RSA Security Analytics 10.3

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 3Show Document
  • View in full screen mode

Article Content

Article Number000032272
Applies ToRSA Product Set: Security Analytics
RSA Product/Service Type: Event Stream Analysis (ESA)
RSA Version/Condition: 10.3.x
Platform: CentOS
O/S Version: EL6
IssueThe ESA service keeps crashing.  To verify the cause, SSH to the ESA server first and verify by executing the following:
  1. From the command prompt verify the current state of the ESA service.
    service rsa-esa status

  2. If the command shows the service is not running, start the service.
    service rsa-esa start

  3. When rsa-esa has been started, it is observed that the service still fails to run, as shown below.
    User-added image
  4. A visual check of the service restart attempt in /opt/rsa/esa/logs/esa.log reveals an error similar to the example below.
    Caused by: com.rsa.netwitness.carlos.licensing.LicenseException: Error initializing the license manager: Failed file read. 
    at com.rsa.netwitness.carlos.licensing.fne.AbstractLicenseManager.initialize(AbstractLicenseManager.java:155)
    at com.rsa.netwitness.carlos.licensing.FlxManager.<init>(FlxManager.java:45)
    at com.rsa.netwitness.carlos.licensing.FlxManager.getInstance(FlxManager.java:33)

CauseThe ESA service will fail to start if the license trusted storage files become corrupt.
ResolutionThis has been determined to be a stability issue by RSA engineering.
While it has only been observed on 10.3.x, this may occur on later releases up to version 10.5 where the licencing model has been reworked to prevent trust store issues from affecting service status.
Should this issue be seen, recreate the trusted storage on the ESA server as listed in the workaround section of this article.
WorkaroundSSH to the ESA server, and run the commands below to recreate the trust storage.
  1. Navigate to the appropriate directory.
    cd /opt/rsa/esa

  2. Rename the trustedStorage file.
    mv trustedStorage /tmp/trustedStorage.old<todays_date>

  3. Start the rsa-esa service.
    service rsa-esa start

  4. Confirm that the service has started.
    service rsa-esa status

Upon a successful restart of the service, the trust storage files is recreated as /opt/rsa/esa/trustedStorage.
Note that since the trustedStorage file contains bits that include actual licensing information, the service will no longer be licensed in the Security Analytics UI.
Re-license the ESA server on the SA server by navigating in the Security Analytics UI to the Administration -> Devices page.