000034718 - Error in RSA Archer trying to start SecOps UCF service: The system cannot find the path specified

Document created by RSA Customer Support Employee on Jan 24, 2017Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000034718
Applies To
RSA Product Set: Archer
   RSA Product/Service Type: SecOps,RSA Unified Collector Framework Service, RSA SecOps Watchdog Service (1.3 or later)
   RSA Version/Condition: 1.2.x, 1.3.x
Issue
You have discovered that there are no new alerts populate to Archer. Upon troubleshooting, you found the SecOps UCF service has stopped and not able to start("RSA Unified Collector Framework" service in services.msc). You have then examined the collector-service.yyyy-mm-dd.log in the logs folder (C:\Program Files\RSA\SA IM integration service\logs) and discovered the following error message

[2017-01-22 23:32:09] [info]  ( prunsrv.c:1127) [ 2004] Starting service...
[2017-01-22 23:32:09] [debug] ( javajni.c:208 ) [ 2004] Invalid RuntimeLib specified 'C:\Program Files\Java\jre1.8.0_51\bin\server\jvm.dll'
[2017-01-22 23:32:09] [error] ( prunsrv.c:1162) [ 2004] Failed creating java C:\Program Files\Java\jre1.8.0_51\bin\server\jvm.dll
[2017-01-22 23:32:09] [error] ( prunsrv.c:1162) [ 2004] The system cannot find the path specified.
[2017-01-22 23:32:09] [error] ( prunsrv.c:1536) [ 2004] ServiceStart returned 1


Note that the JRE version 1.8.0_51 was shown in the above example and can be different to your environment, depending on which JRE you have installed.
CauseThis is due to misconfiguration after Java undergo automatic update. Once Java have performed automatic update, the updated java runtime files are located on the new JRE folders. But the SecOps services are still registering the old path to locate the runtime files, which had been deleted by Java during the update. This result in the failure to start the service.
 
ResolutionYou would need to perform the following 3 tasks to rectify the issue
1. Re install the JCE Policy files to the updated JRE locations
2. Update the JRE locations for the SecOps UCF service in the registry
3. Update the JRE locations for the SecOps watchdog service in the registry (SecOps 1.3 or later)
1. Re install the JCE Policy files to the updated JRE locations
a. Locate the appropriate unlimited JCE policy files from Oracle site. For SecOps 1.2, you will need to locate the 1.7 version, for SecOps 1.3 it will be the 1.8 version 
b. Extract the downloaded zip files, and copy the local_policy.jar and US_export_policy.jar file to the appropriate JRE locations. For SecOps 1.2, you need to locate the latest JRE 1.7 installed on your system. For SecOps 1.3, you need to locate the latest JRE 1.8 installed on your system. For example
C:\Program Files\Java\jre1.8.0_121\lib\security
2. Update the JRE locations for the SecOps UCF service in the registry
a. On the Windows menu, go to start -> run -> regedit.exe
b. Go to the following hive: Computer\HKEY_LOCAL_MACHINE\Software\Wow6432Node\Apache Software Foundation\Procrun 2.0\RSASAIMDC\Parameters\Java
User-added image
c. Highlight the key "JVM" on the right hand pane, then double click.
d. Locate the portion of the path where it indicate the JRE version. In the example above, it's jre1.8_0_91.
e. Change it to the latest JRE version. For SecOps 1.2, you need to locate the latest JRE 1.7 installed on your system. For SecOps 1.3, you need to locate the latest JRE 1.8 installed on your system.
f. Click "OK" to submit the change. Then close the regedit program

3. Update the JRE locations for the SecOps watchdog service in the registry (SecOps 1.3 or later)
a. On the Windows menu, go to start -> run -> regedit.exe
b. Go to the following hive: Computer\HKEY_LOCAL_MACHINE\Software\Wow6432Node\Apache Software Foundation\Procrun 2.0\RSASecopsWatchdog\Parameters\Java
User-added image
c. Highlight the key "JVM" on the right hand pane, then double click.
d. Locate the portion of the path where it indicate the JRE version. In the example above, it's jre1.8_0_91.
e. Change it to the latest JRE version. For SecOps 1.3, you need to locate the latest JRE 1.8 installed on your system.
f. Click "OK" to submit the change. Then close the regedit program
After performing above steps, you can proceed to start the UCF services
 

Attachments

    Outcomes