000035570 - Internal Server Error from RSA NetWitness Endpoint REST API service

Document created by RSA Customer Support Employee on Oct 10, 2017Last modified by RSA Customer Support Employee on Oct 30, 2019
Version 3Show Document
  • View in full screen mode

Article Content

Article Number000035570
Applies ToRSA Product Set: NetWitness Endpoint, ECAT
RSA Product/Service Type: REST API
RSA Version/Condition: 4.4, 4.3, 4.2, 4.1
IssueThe RSA NetWitness Endpoint REST API service throws an Error code 500 (Internal Server Error) message.

This error occurs when attempting to configure any of the External Components that make use of the API Service.

It also occurs during the last step of the External Components Configuration Diagnostic test.

Results of Diagnostic Test for API Server

This also applies to diagnostic tests for each of the external components as well.

The same error will be thrown when attempting to access the REST API Interface.  (https://localhost:9443/api/v2/swagger-ui)

CauseThe most likely cause of this issue is due to a misconfiguration of the API Server and the RSA NetWitness Endpoint Console Server service.

By default the RSA NetWitness Endpoint API Server (Referred to as the RSA ECAT API Server in the Windows Services) uses port 9443.
If the port is changed to another value, (in particular port 443), it will result in the error.

ResolutionTo resolve the issue, follow the instructions below.
  1. Navigate to the RSA NetWitness Endpoint Install Directory. (the default location is C:\Program Files\RSA\ECAT\Server)
  2. Make a back up copy of the ApiServer.exe.config and the ConsoleServer.exe.config files and then move them to another location on the host.
    Note: Both files are the type "Conf" or "xml" depending on how the Windows view is configured.
  3. Open the ApiServer.exe.config file, and search for line below.  (Note: The value could be different, this example below is using port 443.)

      <add key="ListeningPort" value="443"/>

  4. Change the value key from the existing value to 9443.

      <add key="ListeningPort" value="9443"/>

  5. Save the file.
  6. Open the ConsoleServer.exe.config file and search for lines below.  (If the default port is changed in the ApiServer.exe.config, the same port should be used in the ConsoleServer.exe.config file in both instances.)
    Note: The baseAddresses value will be listed twice in the ConsoleServer.exe config file.

          <!-- The value "ecat" below for baseAdderss will be replaced with "https://*:9443/ecat/" by ECAT installer-->
          <add baseAddress="https://*:443/ecat/"/>

  7. Change the baseAddresses value to https://*:9443/ecat

          <!-- The value "ext" below for baseAdderss will be replaced with "https://*:9443/ext/" by ECAT installer-->
          <add baseAddress="https://*:9443/ext/"/>

  8. Save the file.
  9. Stop the RSA ECAT API Server and the RSA ECAT Server. (Could be the RSA ECAT Console Server depending on version)
  10. Start the RSA ECAT Console Server and the RSA ECAT API Server.
    (For larger sites, allow sufficient time before running the various diagnostic tests, the ApiServer.exe and the ConsoleServer.exe will  memory footprint will be similar in the Windows task manager)

When you open the External Components Configuration panel in the UI, the various diagnostic tests should pass and the API server will show as running. (green check box in the upper right corner)
NotesThe Internal Server Error (500)  is not limited to this issue, If using different ports then the default for the Api Server, revert back to port 9443.