000030608 - RSA Security Analytics UI login screen won't load via HTTPS after upgrading to 10.5 with the error "Failed to add endpoint Malware - Malware Analysis for monitoring"

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support on Jan 29, 2018
Version 3Show Document
  • View in full screen mode

Article Content

Article Number000030608
Applies ToRSA Product Set: Security Analytics
RSA Product/Service Type: Security Analytics UI, Security Analytics Server, Malware Analysis
RSA Version/Condition: 10.5.0.0
Platform: CentOS
O/S Version: EL6
IssueAfter upgrading to Security Analytics 10.5, the Security Analytics UI login screen won't load via HTTPS.  Under certain circumstances, it is also noticed that a tab labeled View Error and View Documentation is seen.   If you select View Error, the following error is displayed:

015-06-19 12:45:51,813 [System Monitoring Service ApplianceConfig 128777325] ERROR com.rsa.smc.sa.admin.service.DefaultSystemMonitoringService - Failed to add endpoint Malware - Malware Analysis for monitoring
com.rsa.smc.sa.admin.exception.SmsException: Failed to add malwareanalysis service of Malware appliance to SMS
at com.rsa.smc.sa.admin.service.DefaultSmsStatsService.addService(DefaultSmsStatsService.java:216)
at com.rsa.smc.sa.admin.service.DefaultSystemMonitoringService.addMonitoringEndpoint(DefaultSystemMonitoringService.java:281)
at com.rsa.smc.sa.admin.service.DefaultSystemMonitoringService$2.run(DefaultSystemMonitoringService.java:181)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
at java.util.concurrent.FutureTask.run(FutureTask.java:262)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:745)
2015-06-19 12:46:07,877 [pool-5-thread-1] ERROR com.rsa.smc.sa.admin.util.monitoring.MessageBusReader - Failed to connect to message broker
2015-06-19 12:46:36,773 [Puppet Service Daemon 1859446785] ERROR com.rsa.smc.sa.admin.service.DefaultPuppetService - Failed to discover new appliances
com.rsa.smc.sa.admin.exception.PuppetException: Failed to discover new appliances
at com.rsa.smc.sa.admin.service.DefaultPuppetService.refreshCertificateList(DefaultPuppetService.java:141)
at com.rsa.smc.sa.admin.service.DefaultPuppetService$2.run(DefaultPuppetService.java:205)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
at java.util.concurrent.FutureTask.run(FutureTask.java:262)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:745)
Caused by: com.rsa.smc.sa.admin.exception.MCOAgentException:
The [1mrpc[0m application failed to run, use -v for full error backtrace details: [31mCould not connect to RabbitMQ Server: SIGTERM[0m
at com.rsa.smc.sa.admin.management.mcollective.AbstractMCOAgent.execute(AbstractMCOAgent.java:57)
at com.rsa.smc.sa.admin.management.mcollective.AbstractMCOAgent.executeAndReturnSingle(AbstractMCOAgent.java:67)
at com.rsa.smc.sa.admin.service.DefaultPuppetService.refreshCertificateList(DefaultPuppetService.java:125)
... 6 more
Caused by: org.apache.commons.exec.ExecuteException: Process exited with an error: 1 (Exit value: 1)
at org.apache.commons.exec.DefaultExecutor.executeInternal(DefaultExecutor.java:377)

CauseThis issue occurs because the pre-upgrade scripts (preUpgrade.py and preRebootCheck.py) were not executed prior to upgrading.  These scripts ensure that the right SA public key for yum is installed, and that the proper services are stopped/started.  This is documented on Page 7 of the RSA Security Analytics 10.5 Upgrade Checklist.
WorkaroundRunning the missed scripts after the upgrade will not rectify the problem.  This issue occurs when the rsa-sa-gpg-pubkeys package has not been updated.

Perform the steps below to work around the problem:
  1. Connect to the Security Analytics server via SSH as the root user.
  2. Start the services below manually.

    service rabbitmq-server start
    service mcollective  start
    service tokumx start
    service rsa-sms start

  3. Install the rsa-sa-gpg-pubkeys package manually.

    yum install rsa-sa-gpg-pubkeys

  4. Start the Jetty service to initialize the Security Analytics UI.

    start jettysrv

After the jettysrv service has been started and is fully initialized (which may take up to five minutes), the Security Analytics UI will once again be accessible.

If you are unsure of any of the steps above or experience any issues, contact RSA Support and quote this article number for further assistance.
Notes

 

Attachments

    Outcomes