000032496 - How to reset Warehouse Connector lockbox within RSA Security Analytics 10.3.x

Document created by RSA Customer Support Employee on Jun 30, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 3Show Document
  • View in full screen mode

Article Content

Article Number000032496
Applies ToRSA Product Set: Security Analytics
RSA Product/Service Type: SA Core Appliance, Warehouse Connector
RSA Version/Condition: 10.3.X
Platform: CentOS
O/S Version: 6
IssueIn Some circumstances, it may be necessary to reset lockbox for the Warehouse Connector, An example of this would be Warehouse connector stream is would not start due to lockbox errors. 
CauseIf any changes to software or hardware of appliance, lockbox password reset requires due to system fingerprint change.

Warehouse Connector appliance shows below error in /var/log/messages:

Feb 3 08:02:05 XXXXX nw[41951]: [NwWarehouseConnector] [info] Error: Failed to open lockbox : The lockbox stable value threshold was not met because the system fingerprint has changed. To reset the system fingerprint, open the lockbox using the passphrase. Fix the problem and the source and restart the stream.
Please follow below steps to reset lockbox in Warehouse Connector.
1. Please login to putty of Warehouse connector as administrator.
2. Make directory to keep lockbox files as backup in the directory mkdir old
3. Move all the old lockbox files in /etc/netwitness/ng/lockbox into new directory using below command.
mv /etc/netwitness/ng/lockbox/* /root/old/
4. Enter new lockbox password by navigating Warehouse connector->Config->Lockbox settings page.
Note: Lockbox password should meet minimum complexity at least 1 digit,1 symbol, 1 Uppercase letter. Example: P@ssw0rd
User-added image
After entering Lockbox Password, Confirm Lockbox Password Click "Apply".
5. Verify 
/etc/netwitness/ng/lockbox/ directory in putty which will have the latest lockbox files.