Host GS: Troubleshooting 10.6 Pre-Update and Update Warnings, Conflicts, and Errors

Document created by RSA Information Design and Development on Jun 22, 2017Last modified by RSA Information Design and Development on Jul 27, 2017
Version 2Show Document
  • View in full screen mode
  

This section contains the 10.6.0 Hosts View pre-update check and update error messages with a description of each message and instructions on how to respond to these messages. 

Pre-Update Warnings

Pre-Update warnings are anomalies or potential issues in your current configuration that do not prevent you from updating to the new version. If Security Analytics encounters a potential issue, it displays Update warning. View details in the Status column of the Hosts view. Click on View details to display the full message. 

               
Warning
Message

Pre-Update Warning
Please review the following prior to updating.

  1. Kernel version on the host is older than the version 2.6.32-504.1.3 supported by Security Analytics. If you click Begin Update kernel version 2.6.32-504.1.3 will be installed on the host.
  2. After updating to 10.6.0.0, correlation rules written in deprecated syntax may cause Concentrator to start in a failed state. Rules that match the strict formatting do not cause this issue.
    For more information, see the Security Analytics 10.6 online help topic "Rule and Query Guidelines"
Cause
  1. The CentOS kernel on the host is older than the kernel supported by the update version you chose.
  2. If this host is a Concentrator and it starts in a failed state, you may have correlation rules written using deprecated syntax. 

Note: Current Status displays the current Security Analytics/Operating System version of the host before updating to 10.6.  

Recommended
Action
  1. Click Begin Update in the warning dialog to install the supported kernel.
  2. Make sure that your correlated rules conform to strict formatting as described in the Rule and Query Guidelines topic in the Archiver Configuration Guide.

Pre-Update Conflicts

Pre-Update conflicts are issues in your current configuration or your Local Update Repository that prevent you from updating to the new version. If Security Analytics encounters:

  • Incompatible configuration settings, it displays Update conflict. View details in the Status column. 
  • Problems downloading the version update files, it displays  Download error. View Details in the Status column.

For additional information on Local Update Repository, see the Populate Local Update Repository topic in the System Maintenance guide.

               
Conflict
Message

Downloading Error
Failed to download because of the following errors.

Error setting up repositories: Cannot retrieve repository metadata (repomd.xml) for repository: SA. Please verify its path and try again.

Cause Security Analytics cannot connect to the Live Update Repository from which RSA distributes version updates from the RSA Live Update Repository through your Live connection.
Recommended
Action

Make sure that you:

  1. Set up Live Services. For more information, see the Set Up Live Services on Security Analytics topic in the Live Services Management guide.
  2. Selected the Connect to Live Update Repository checkbox in the Administration > System > Updates tab.

 

               
Download
Error
Message

Downloading Error
Failed to download because of the following errors.

Local Update Repository does not have valid updates.  See Populate Local Update Repository for instructions on how to get valid updates.

Cause Security Analytics did not find the version update that you selected in your Local Update Repository.
Recommended
Action
Review the instructions on how to Populate Local Update Repository and try to populate your Local Repository with the desired update version. See the Populate Local Update Repository topic in the System Maintenance guide. If you cannot remediate this conflict after reviewing these instructions, contact Customer Care.

 

               
Conflict
Message

Pre-Update Check Error
Cannot start the Update.
Resolve the following errors and try again.

File system check failed
Insufficient space in /var/lib/rabbitmq partition.
Used space for this partition should be less than 80%.
Current Status: percentage-used%

Cause Messages are accumulating in the/var/lib/rabbitmq partition.
Recommended
Action

Investigate why the messages are accumulating in the partition and resolve this issue. If you cannot resolve this issue, contact Customer Care.

 

               
Conflict
Message

Pre-Update Check Error
Cannot start the Update.
Resolve the following errors and try again.

Kernel version on the host is newer than the version 2.6.32-504.1.3 supported by Security Analytics. Contact Customer Care

Cause You cannot update to the version you chose because the kernel version on the host is newer than version 2.6.32-504.1.3 supported by Security Analytics for that version.
Recommended
Action

 Contact Customer Care to resolve the issue. 

 

               
Conflict
Message

Update Path Not Supported
The update path to selected-update-version is:

  • version-range
  • version-range
  •            .
  •            .
  •            .             

Caution:

  1. If you are running version 9.8, please contact Customer Care for update instructions.
  2. If you are running 10.3.x, you must update to 10.4.1 before you can update to 10.6.x.x.  See the RSA Security Analytics 10.4.1 Upgrade Guide on SCOL (https://knowledge.rsasecurity.com/) for detailed instructions on updating from 10.3.x to 10.4.1 (If you use Event Stream Analysis in 10.3.x, you must migrate your rules to 10.4.1). You cannot access the 10.4.1 update RPMs from the Live Update Repository. This means that you must download the 10.4.1 update RPMs from SCOL.
Cause

The version on the host is not supported as an update path for the update version you chose.  

Recommended
Action
Update the host to a supported path.

Update Errors

Update errors are errors that stop the update process. If Security Analytics encounters an update error, it displays Update error. View details in the Status column of the Hosts view. Click on View details to display one of the following update error dialogs:

               
Error Message

System did not receive expected response

Cause

Security Analytics cannot identify the Host status because a 
/var/lib/puppet/state/agent_catalog_run.lock file exists on the Host.

When the Puppet agent is running, it creates a lock file called 
agent_catalog_run.lock. Occasionally, this lock file is present on the Host, even though the Puppet agent is not running.

Recommended
Action

Try one of the following actions to resolve the error:

  • Remove the /var/lib/puppet/state/agent_catalog_run.lock from the Host.
  • Check the time on the non-Security-Analytics-Server hosts and the Security Analytics Server Host and make sure that they are in sync.
  • Try the update again at another time. If it fails, contact Customer Care to resolve the issue.
You are here
Table of Contents > Troubleshoot Host Updates > Troubleshooting 10.6 Pre-Update and Update Warnings, Conflicts, and Errors

Attachments

    Outcomes