on Jun 30, 2016Article Content
| Article Number | 000032851 |
| Applies To | RSA Product Set: Security Analytics RSA Product/Service Type: Windows Legacy Collector RSA Version/Condition: 10.6.0.0 Platform: Windows O/S Version: Windows 2008 R2 SP1 64-Bit |
| Issue | After successfully updating 10.5.x Windows Legacy Collector to 10.6, it stopped collecting events. %systemDrive%\Program Files\NwLogCollector\installlog.txt shows the install was complete. However, the following errors are seen in %systemDrive%\Netwitness\ng\logcollector\MessageBroker.log. C:\Program Files\erl5.10.4\erts-5.10.4\bin\erlsrv: The service RabbitMQ is not an erlsrv controlled service. The RabbitMQ service is missing from Services (services.msc). |
| Cause | The issue can occur when the RabbitMQ service is removed from Services during the upgrade process. |
| Resolution | Please follow the steps below to resolve the issue. 1. Create the RabbitMQ service manually. sc create RabbitMQ binpath= "\"C:\Program Files\erl5.10.4\erts-5.10.4\bin\erlsrv.exe\"" 2. Reinstall the legacy collector by running SALegacyWindowsCollector-10.6.<minor_version>.exe. Select the Repair option when prompted. 3. (optional) Reboot the Windows system as recommended although the collector may work without a reboot. |