000029149 - RSA Security Analytics 10.4 UI sporadically becomes unresponsive

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000029149
Applies ToRSA Product Set: Security Analytics
RSA Product/Service Type: Security Analytics Server (jettysrv)
RSA Version/Condition: 10.4.0.0, 10.4.0.1, 10.4.0.2
Platform: CentOS 6
IssueIn situations where the Security Analytics UI must traverse a firewall, or when AD external authentication is in use for UI login, the SA UI appears to becomes unresponsive, and only restarting the jetty webserver alleviates the issue.  The issue is most frequently noticed when performing system intensive administration functions, such as pushing rules across devices when using external authentication (AD accounts).
CauseIn certain instances, particularly when the SA server is traversing a firewall to reach another component appliance, the SA server will not attempt to reestablish a connection when the connection has been temporarily lost or has reached an idle timeout value (such as those set by a firewall). This has been determined as a product deficiency, and subsequently binary relief has been issued by RSA to mitigate the problem.
Resolution

This issue only occurs in Security Analytics versions 10.4.0.0, 10.4.0.1 and 10.0.4.2.  Hotfixes are available for versions 10.0.4.1 and 10.0.4.2.
Future releases of RSA Security Analytics 10.4 will also include this fix.
Patch 3 for SA 10.4.0, which includes the fix, will be available for download from the RSA Download Central portal when it releases in Q4 '14.
To request a hotfix for versions 10.4.0.1 or 10.4.0.2, contact RSA Support at 1-800-995-5095 and refer to this article number.

WorkaroundIf you are unable to patch Jetty, stopping and starting the jettysrv service on the SA server will resolve the issue until binary relief can be applied.

Attachments

    Outcomes