000030380 - Duplicate services with a localhost address are present in RSA Security Analytics 10.4.x or above

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000030380
Applies ToRSA Product Set: Security Analytics
RSA Product/Service Type: Security Analytics UI, Security Analytics Server
RSA Version/Condition: 10.4.x, 10.5.x
Platform: CentOS
O/S Version: EL6
IssueIf devices on the Security Analytics Server (i.e. Reporting Engine, Broker, Malware Analysis CoLo, etc.) were added to the Security Analytics 10.3.x UI with a hostname or IP address rather than using localhost as the address, duplicate appliances and services will appear after upgrading to version 10.4.x or above.
WorkaroundIn order to resolve the issue, remove the Security Analytics Server appliance that use a hostname or IP address from the Administration -> Appliances page, which will also remove the respective services.
To correct any residual issues with the Reporting Engine, follow the instructions in the knowledgebase article entitled Unable to connect to the Reporting Engine after upgrading to RSA Security Analytics 10.3 SP4 or RSA Security Analytics 10.4.0.
If you are unsure of any of the steps above or experience any issues, contact RSA Support and quote this article number for further assistance.