000032851 - RSA Security Analytics Legacy Windows Collector stopped collecting events after updating it to 10.6.

Document created by RSA Customer Support Employee on Jun 30, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000032851
Applies ToRSA Product Set: Security Analytics
RSA Product/Service Type: Windows Legacy Collector
RSA Version/Condition: 10.6.0.0
Platform: Windows
O/S Version: Windows 2008 R2 SP1 64-Bit
IssueAfter successfully updating 10.5.x Windows Legacy Collector to 10.6, it stopped collecting events.
%systemDrive%\Program Files\NwLogCollector\installlog.txt shows the install was complete.
However, the following errors are seen in %systemDrive%\Netwitness\ng\logcollector\MessageBroker.log.
 
C:\Program Files\erl5.10.4\erts-5.10.4\bin\erlsrv: The service RabbitMQ is not an erlsrv controlled service.
C:\Program Files\erl5.10.4\erts-5.10.4\bin\erlsrv: Unable to remove service (not enough privileges?)
Error: The specified service has been marked for deletion.
C:\Program Files\erl5.10.4\erts-5.10.4\bin\erlsrv: Unable to register service with service manager.
Error: The specified service has been marked for deletion.
C:\Program Files\erl5.10.4\erts-5.10.4\bin\erlsrv: No service with the name RabbitMQ exists.
C:\Program Files\erl5.10.4\erts-5.10.4\bin\erlsrv: The service RabbitMQ is not an erlsrv controlled service.

The RabbitMQ service is missing from Services (services.msc).
CauseThe issue can occur when the RabbitMQ service is removed from Services during the upgrade process.
ResolutionPlease follow the steps below to resolve the issue.
1. Create the RabbitMQ service manually.
sc create RabbitMQ binpath= "\"C:\Program Files\erl5.10.4\erts-5.10.4\bin\erlsrv.exe\""

2. Reinstall the legacy collector by running SALegacyWindowsCollector-10.6.<minor_version>.exe. Select the Repair option when prompted.
3. (optional) Reboot the Windows system as recommended although the collector may work without a reboot.

Attachments

    Outcomes