000032611 - RSA Security Analytics - Unable to start Warehouse Connector Stream due to data source connectivity issues

Document created by RSA Customer Support Employee on Jul 5, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 3Show Document
  • View in full screen mode

Article Content

Article Number000032611
Applies ToRSA Product Set: Security Analytics
RSA Product/Service Type: SA Core Appliance, Warehouse Connector
RSA Version/Condition: 10.X
Platform: CentOS
O/S Version: 6
IssueIn some circumstances, Warehouse Connector Stream will be not be able to start and status shows as stopped as below:
User-added image
Starting the stream manually results to throw below error in GUI:
Failed to execute: start: Failed to process message start for /warehouseconnector/streams/Saw com.rsa.netwitness.carlos.transport.TransportException: Subscription Failed : Connection Failure Invalid username or password, Check the warehouseconnector service logs for detailed information. 
/var/log/messages indicate below error:
Error: Connection Failure Invalid username or password, Fix the problem in the source and restart the stream. 
CauseThis issue occurs due to connectivity issues with data sources post change of either lockbox password or credentials to service.
ResolutionThere are two methods of resolution available to fix this issue.
Method 1:
      1. Login to GUI as administrator.
      2. Navigate to Administrator->Services page to select Warehouse connector service->View->Config->Streams.
      3. Select Stream which has stopped and remove.
      4. Switch to Data Sources tab and re-add again.
      5. Re-add the stream again by mentioning the last session ID to start the stream from where it left. Whereas leaving the session ID blank starts the stream from current session.
User-added image
      6. Finalise the details of stream by pressing Finalise button and click on start but to begin the stream.
Method 2: This process helps to start Warehouse connector stream when GUI is not accessible or Stream is not getting removed from GUI.
      1. Login to ssh of Warehouse Connector service and type stop nwwarehouseconnector command to stop service.
      2. Create temporary directory using mkdir /root/old_warehouseconnector
      3. Move old NwWarehouseconnector.cfg configuration files into temporary director using mv /etc/netwitness/ng/NwWarehouseconnector* /root/old_warehouseconnector
      4. Type start nwwarehouseconnector to start service which creates new NwWarehouseconnector.cfg configuration file under /etc/netwitness/ng/
      5. Configure Warehouse connector service in GUI sequentially as lockbox password set, Data sources, Destinations and Streams.
Note: There is a trick to find last session id for stream. Below highlighted value is the last session id for the stream.
Please run cat /etc/netwitness/ng/NwWarehouseconnector.cfg|grep session command with old NwWarehouseconnector.cfg file.
<config getRoles="users.manage" instance="config" maxLength="255" name="session.threshold" prettyName="Session Threshold" setRoles="users.manage" value="0"/> 
<config getRoles="warehouseconnector.manage" instance="config" maxLength="255" name="lastsessionid.present" prettyName="Last SessionID present" setRoles="" value="39687210696"/>