000032181 - Unable to discover a host in RSA Security Analytics

Document created by RSA Customer Support Employee on Mar 15, 2017Last modified by RSA Customer Support Employee on Apr 22, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000032181
Applies ToRSA Product Set: Security Analytics
RSA Product/Service Type: Security Analytics UI, Security Analytics Server
RSA Version/Condition: 10.4.x ,10.5.x, 10.6.x
Platform: CentOS
O/S Version: EL6
 
IssueWhen trying to discover an appliance it gives  "Discovery Process has been completed" although there is a CSR in the puppet master requests directory.
The error message below is reported in the /var/lib/netwitness/uax/logs/sa.log file:
 


2015-12-13 13:39:32,519 [qtp684874119-3129] ERROR com.rsa.smc.sa.admin.management.provision.DefaultApplianceProvision
- Duplicate CSR new [d8b2183b-b893-4d24-b253-4a34f912d256 HOSTNAME IP], existing
[ca04ecc2-10ce-4e61-824c-e67ce5cef1e4 HOSTNAME IP]
2015-12-13 13:42:36,860 [taskScheduler-1] ERROR com.rsa.smc.sa.admin.management.provision.DefaultApplianceProvision
- Duplicate CSR new [d8b2183b-b893-4d24-b253-4a34f912d256 HOSTNAME IP], existing
[ca04ecc2-10ce-4e61-824c-e67ce5cef1e4 HOSTNAME IP]

 
CauseThis happens due to a previous yaml file being still there in puppet master which is linked to the same IP but to another UUID.
ResolutionTo fix this issue, follow the steps below.
  1. SSH to the SA server as root user.
  2. Change directory to /var/lib/puppet/yaml/facts/.
  3. Remove the yaml file of the previous UUID Linked to the IP, which in this example is:  ca04ecc2-10ce-4e61-824c-e67ce5cef1e4
  4. Remove yaml file in /var/lib/puppet/yaml/node/ directory for same UUID.
  5. Remove pem file in /var/lib/puppet/ssl/ca/signed/ directory for same UUID.
  6. Navigate to GUI->Administration->Hosts page to click discovery. Now pop-up comes to enable new appliance.
  7. If "Enable" error comes, Re-provision from the beginning.

Attachments

    Outcomes