| Article Number | 000034718 |
| Applies To | RSA Product Set: Archer
RSA Product/Service Type: SecOps,RSA Unified Collector Framework Service, RSA SecOps Watchdog Service (1.3 or later)
RSA Version/Condition: 1.2.x, 1.3.x |
|
| Issue | You have discovered that there are no new alerts populate to Archer. Upon troubleshooting, you found the SecOps UCF service has stopped and not able to start("RSA Unified Collector Framework" service in services.msc). You have then examined the collector-service.yyyy-mm-dd.log in the logs folder (C:\Program Files\RSA\SA IM integration service\logs) and discovered the following error message:
[2017-01-22 23:32:09] [info] ( prunsrv.c:1127) [ 2004] Starting service...
[2017-01-22 23:32:09] [debug] ( javajni.c:208 ) [ 2004] Invalid RuntimeLib specified 'C:\Program Files\Java\jre1.8.0_51\bin\server\jvm.dll'
[2017-01-22 23:32:09] [error] ( prunsrv.c:1162) [ 2004] Failed creating java C:\Program Files\Java\jre1.8.0_51\bin\server\jvm.dll
[2017-01-22 23:32:09] [error] ( prunsrv.c:1162) [ 2004] The system cannot find the path specified.
[2017-01-22 23:32:09] [error] ( prunsrv.c:1536) [ 2004] ServiceStart returned 1
Note that the JRE version 1.8.0_51 was shown in the above example and can be different to your environment, depending on which JRE you have installed. |
| Cause | This is due to misconfiguration after Java undergo an automatic update. Once Java has performed the automatic update, the updated Java runtime files are located on the new JRE folders. But the SecOps services are still registering the old path to locate the runtime files, which had been deleted by Java during the update. This result in the failure to start the service.
|
| Resolution | You would need to perform the following 3 tasks to rectify the issue
- Re-install the JCE Policy files to the updated JRE locations
- Update the JRE locations for the SecOps UCF service in the registry
- Update the JRE locations for the SecOps watchdog service in the registry (SecOps 1.3 or later)
- Re-install the JCE Policy files to the updated JRE locations
a. Locate the appropriate unlimited JCE policy files from Oracle site. For SecOps 1.2, you will need to locate the 1.7 version, for SecOps 1.3 it will be the 1.8 version
b. Extract the downloaded zip files, and copy the local_policy.jar and US_export_policy.jar file to the appropriate JRE locations. For SecOps 1.2, you need to locate the latest JRE 1.7 installed on your system. For SecOps 1.3, you need to locate the latest JRE 1.8 installed on your system. For example
C:\Program Files\Java\jre1.8.0_121\lib\security
- Update the JRE locations for the SecOps UCF service in the registry
a. On the Windows menu, go to start -> run -> regedit.exe
b. Go to the following hive: Computer\HKEY_LOCAL_MACHINE\Software\Wow6432Node\Apache Software Foundation\Procrun 2.0\RSASAIMDC\Parameters\Java
c. Highlight the key "JVM" on the right-hand pane, then double click.
d. Locate the portion of the path where it indicates the JRE version. In the example above, it's jre1.8_0_91.
e. Change it to the latest JRE version. For SecOps 1.2, you need to locate the latest JRE 1.7 installed on your system. For SecOps 1.3, you need to locate the latest JRE 1.8 installed on your system.
f. Click "OK" to submit the change. Then close the regedit program
- Update the JRE locations for the SecOps watchdog service in the registry (SecOps 1.3 or later)
a. On the Windows menu, go to start -> run -> regedit.exe
b. Go to the following hive: Computer\HKEY_LOCAL_MACHINE\Software\Wow6432Node\Apache Software Foundation\Procrun 2.0\RSASecopsWatchdog\Parameters\Java
c. Highlight the key "JVM" on the right-hand pane, then double click.
d. Locate the portion of the path where it indicates the JRE version. In the example above, it's jre1.8_0_91.
e. Change it to the latest JRE version. For SecOps 1.3, you need to locate the latest JRE 1.8 installed on your system.
f. Click "OK" to submit the change. Then close the regedit program
After performing the above steps, you can proceed to start the UCF services
|
on Jan 24, 2017
