000034902 - SSH on the Virtual Log Collector becomes inaccessible during upgrade for RSA NetWitness

Document created by RSA Customer Support Employee on Mar 15, 2017Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000034902
Applies ToRSA Product Set: Security Analytics
RSA Product/Service Type: SA Security Analytics Server
RSA Version/Condition:
Platform: CentOS
O/S Version: 6
IssueWhile the Virtual Log Collector service is upgrading to, the "Update failed" status shows in GUI->Administration->Hosts page. By clicking "Update failed" button, pops-up below error.
User-added image
The appliance has also becomes inaccessible via SSH. However, the functionality of virtual log collector service continues to work normally.
CauseThis issue is due to iptables not being configured correctly by puppet during the upgrade.
ResolutionPlease follow below steps to get SSH access back again.
1. Launch Console using one of the below options.
A. In case of Physical appliance, Connect the physical appliance to monitor using VGA adapter or iDRAC.
B. In case of Virtual appliance, Connect to VMware Vcenter.
2. Login as root and run below commands in sequence.
i. Stop Iptables serice using service iptables stop command.

ii. Check the puppet service status using service puppet status command.
iii. If puppet service stopped, Start the service using service puppet start command.
iv. Run puppet agent -t command. If the /var/lib/puppet/state/agent_catalog_run.lock exists, remove the file using below commands.
cd /var/lib/puppet/state/
rm agent_catalog_run.lock

v. Try accessing the appliance via SSH and start iptables using  service iptables start command.
vi. Go to GUI->Administration->Hosts page to resume upgrade to the appliance again.