000030764 - ESA service becomes unlicensed after upgrading to RSA Security Analytics 10.5

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 3Show Document
  • View in full screen mode

Article Content

Article Number000030764
Applies ToRSA Product Set: Security Analytics
RSA Product/Service Type: Event Stream Analysis (ESA), Security Analytics UI
RSA Version/Condition:
Platform: CentOS
O/S Version: EL6
IssueAfter upgrading to Security Analytics 10.5, the ESA service appears to no longer be licensed.
Any attempt to reclaim the license or entitle the service fail.
When navigating to the ESA configuration pages or the Alerts Summary page in the Security Analytics UI, the message below is displayed, although the rsa-esa service is running.
The service is either offline or not reachable

Performing a Test Connection on the ESA service via the Security Analytics UI will fail.
Rebooting the appliance and restarting the rsa-esa service does not resolve the issue.
No errors appear in the /var/log/messages or /opt/rsa/esa/logs/esa.log files relating to the ESA service.
CauseThis issue can occur if there is no iptables rule to allow ESA traffic over port 50030.
ResolutionTo resolve the issue, follow the troubleshooting steps in the article entitled ESA displays the error "iptables....ACCEPT returned 1 instead of one of [0]" when running puppet agent -t at RSA Security Analytics