|Applies To||RSA Product Set: Security Analytics, NetWitness Logs & Network|
RSA Product/Service Type: Reporting Engine, Concentrator, Broker
RSA Version/Condition: 10.x, 11.x
O/S Version: EL6, EL7
|Issue||After changing the admin password on any Security Analytics or NetWitness service used as a data source for the Reporting Engine (broker or concentrator), reports fail to complete and instead throw an error similar to the example below in /var/netwitness/re-server/rsa/soc/reporting-engine/logs/reporting-engine.log (NetWitness 11.x) or /home/rsasoc/rsa/soc/reporting-engine/logs/reporting-engine.log (SA 10.x).|
/var/log/messages on the source service show an error like below.
|Cause||The Reporting Engine validates the reporting source by requiring a username and password. This is by design and for security purposes.|
This username/password combination is referenced every time a report is run against a specific reporting source. If the password for the device has changed, the reporting source must be removed and re-added, as there is no way to edit the reporting device source after it has been added.
|Resolution||To remove and re-add the data sources in the Reporting Engine, follow the steps below.|