Issue | When the SQL server is physically separate from the Netwitness Endpoint server, permissions become more complicated. It is recommended that the QueuedData folder be placed on the SQL server in this situation, but this not always feasible. If the QueuedData directory is on the Netwitness Endpoint server it must be shared and you must specify the path to QueuedData in UNC form in the ConsoleServer.exe.config file.
<add key="QueuedDataPath" value="\\NWEServer\QueuedData"/>
The process to update the kernel data is:
- ConsoleServer service downloads the new KernelData.csv file from liveecat.rsa.com
- KernelData.csv is written to the QueuedData directory
- ConsoleServer connects to the SQL server and calls a stored procedure
- Within the stored procedure is code to bulk insert KernelData.csv into the database
- Because the KernelData.csv file is on a non-local share, this becomes a Kerberos double-hop authentication issue.
When the SQL Server service attempts to bulk insert the KernelData.csv file it fails with the following error:
12/20/2016 7:11:49 AM [9] System.ComponentModel.WarningException: LIVE Kernel Download failed.
Inner-Exception:
[9] System.ComponentModel.WarningException: Cannot bulk load because the file "\\ECATServer\QueuedData\KernelData.csv" could not be opened. Operating system error code 5(Access is denied.). SQL Error Code: 80131904 SQL Error 4861 in (2): Cannot bulk load because the file "\\ECATServer\QueuedData\KernelData.csv" could not be opened. Operating system error code 5(Access is denied.). at System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection, Action`1 wrapCloseInAction) at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj, Boolean callerHasConnectionLock, Boolean asyncClose)
|