Skip navigation

Log in to create and rate content, and to follow, bookmark, and share content with other members.

000030713 - 'Entitle Service' fails with "<service_name> has already been licensed" although the service appears to be unlicensed in RSA Security Analytics 10.3.x and 10.4.x.

Document created by RSA Customer Support

on Jun 14, 2016•Last modified by RSA Customer Support

on Apr 21, 2017

Version 3Show Document

Like • Show 0 Likes0
Comment • 0
View in full screen mode

Article Content

Article Number	000030713
Applies To	RSA Product Set: Security Analytics RSA Product/Service Type: Log Decoder, Packet Decoder, Concentrator, Broker, Archiver, Security Analytics UI RSA Version/Condition: 10.3.x, 10.4.x Platform: CentOS O/S Version: EL5, EL6
Issue	A service appears as unlicensed in RSA Security Analytics 10.3.x or 10.4.x UI as shown in the screenshot below. Entitle Service attempt fails with <service_name> has already been licensed as shown below. Upload Trial fails with Applying trial license failed as shown below. It is noticed that opening the System, Stats, Config, Explore, Logs or Security page for the affected services return Service <ip_address> host <service_name> is unreachable as show in the below example. The /var/log/messages of the Security Analytics server reports the following error when the above error messages are displayed. Jul 6 23:58:50 decoder nw[1753]: [Login] [audit] Failed login attempt for nonexistent user 'xxx' from [::ffff:<sa_server_ip_address>]:43676 This issue is seen on Security Analytics 10.3.x core services that are managed by 10.3.x or 10.4.x Security Analytics server.
Cause	The issue occurs when a user logs on to Security Analytics UI with a system user account (e.g. a custom administrator account such as saadmin) that does not exist under the affected 10.3.x services. As described in RSA Security Analytics 10.3 User Guide, all other users (other than the default admin account) of Security Analytics must have a system user account and a device user account. If a non-admin user needs to access a particular device through Security Analytics, the credentials used to authenticate with Security Analytics (for both external and local users) must match the credentials used to authenticate against the device. Without creating the corresponding device user account first, the logged on user cannot log in to the service and encounter the mentioned errors.
Resolution	The issue can be resolved by following one of the two options below. Add a new device user with the username that matches to the system user account to all of the affected services. Refer to RSA Security Analytics 10.3 User Guide for the detailed instructions. Log in to Security Analytics UI using the default admin account to entitle the services. If a custom administrator account will be used to manage the Security Analytics environment, it is strongly recommended to apply the first option.

Attachments

Outcomes

0 Comments

Recommended Content

Incoming Links

000030810 - RSA Security Analytics 10.4.1.2 Known Issues Master List