|Applies To||RSA Product Set: Security Analytics|
RSA Product/Service Type: Decoder, Concentrator, Security Analytics UI
RSA Version/Condition: 10.4.0.0, 10.4.0.1, 10.4.0.2
O/S Version: CentOS 6
|Issue||When selecting a decoder or concentrator on the Administration -> Services page in the Security Analytics UI and clicking on View -> Config or any other option, the device becomes unresponsive and the requested screen does not load.|
In other instances, the requested page loads but the contents are missing or blank.
The /var/log/messages file displays errors similar to be example below, indicating that the puppet agent received an exception while generating the SSL key.
Line 558642: Oct 7 21:46:51 hostname puppet-agent: Caching certificate for ca
The /var/lib/netwitness/uax/logs/sa.log file displays errors similar to the following:
2014-10-03 20:05:00,937 [taskScheduler-6] WARN com.rsa.netwitness.carlos.clients.nextgen.nw.NwClientPipeBase - firstname.lastname@example.org:56004 timed out in receive(), closed: false, connection: true, queue: 0
|Cause||This issue, referred to as the TCP issue, occurs because Security Analytics does not have keepAlive or idle ping settings implemented for TCP connections to the device on the 5600x port.|
|Resolution||A permanent fix for this issue will be included in Security Analytics version 10.4.1.|
A hotfix is also available for versions 10.4.0.1 and 10.4.0.2 to resolve the issue.
If you wish to obtain the hotfix, contact RSA Support and quote this article number for assistance.
|Workaround||A workaround to resolve this issue is to disable the TCP timeout functionality on the firewall, which will allow the appliances to continue to communicate as expected.|