|Resolution||In order to resolve the issue, the puppet certificates will need to be reissued on the remote appliance by following the steps below. |
After performing the steps above, move to the Security Analytics UI and click on the Discover button on the Administration -> Appliances screen.
- Remove the failing appliance from the Security Analytics UI by clicking the Minus ( - ) button and selecting the Remove and Repurpose Appliance option.
- Connect to both the failed appliance and the Security Analytics server via SSH.
- On the appliance that is being added, issue the following command, then take note of the Node ID: cat /var/lib/puppet/node_id
- On the Security Analytics server, issue the puppet cert list --all command to list all of the certificates known by puppet.
- Using the Node ID from Step 3, issue the command puppet cert clean <node_id> to remove the certificate from the SA server. Perform this step regardless of whether the Node ID is listed from step 3.
- Issue the command vi /var/lib/puppet/ssl/ca/inventory.txt and remove the Node ID from Step 3 if it is listed.
- On the appliance to be added, issue the following command to remove any previously issued certificates: rm -rf /var/lib/puppet/ssl
- Remove the service-specific certificates depending on what services are running on the appliance by issuing the commands below:
NOTE: Replace <service> below with the service name, i.e. appliance, broker, concentrator, etc.
- rm -f /etc/netwitness/ng/<service>/storedproc/*
- rm -f /etc/netwitness/ng/<service>/trustpeers/*
- rm -f /etc/netwitness/ng/<service>/truststore/*
- On the same appliance, regenerate the certificates by issuing the following command: puppet agent -t --waitforcert 30
At this point, the UI should be able to recognize the new appliance as expected.
If you are unsure of any of the steps above or experience any issues, contact RSA Support and quote this article number for further assistance.