000030799 - An Exception System Error is displayed when clicking on sessions in the RSA Security Analytics UI

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 3Show Document
  • View in full screen mode

Article Content

Article Number000030799
Applies ToRSA Product Set: Security Analytics
RSA Product/Service Type: Security Analytics Server, Security Analytics UI
RSA Version/Condition: 10.4.x,,
Platform: CentOS
O/S Version: EL6
IssueWhen clicking on sessions for a meta value in Security Analytics investigations, an Exception System Error is displayed with a message similar to the example below.
2015-07-01 12:15:57,224 [qtp819238905-108200] ERROR org.atmosphere.handler.ReflectorServletProcessor - onRequest()
org.springframework.web.util.NestedServletException: Request processing failed; nested exception is com.netwitness.platform.server.common.carlos.NextGenCarlosException: Failure checking device availability : user1@xxx.xxx.xxx.xxx:56005 received error: Invalid handle (2358729) specified.; nested exception is com.rsa.netwitness.carlos.clients.nextgen.NextGenException: user1@xxx.xxx.xxx.xxx:56005 received error: Invalid handle (2358729) specified.


User-added image

While the issue is occurring, the service on which investigations are being performed (or its underlying service from which it is aggregating) displays no users or roles on its View -> Security page, as shown below.
User-added image
CauseThis issue occurs because of a known issue with the underlying connection between the Security Analytics server and the affected service.
ResolutionThis issue has been permanently resolved in Security Analytics
WorkaroundRestarting the jettysrv service on the Security Analytics server with the commands below will resolve the occurrence and allow investigations to be performed again.
[root@SA-Server ~]# stop jettysrv
jettysrv stop/waiting
[root@SA-Server ~]# start jettysrv
jettysrv start/running, process 4126

Stopping this service will cause the Security Analytics UI to be inaccessible for up to 5 minutes while the web server re-initializes, and will log out any users currently using the platform.