000035657 - Active Directory users cannot log in after upgrading to RSA NetWitness Logs & Packets 11.0

Document created by RSA Customer Support Employee on Oct 23, 2017
Version 1Show Document
  • View in full screen mode

Article Content

Article Number000035657
Applies ToRSA Product Set: NetWitness Logs & Packets, Security Analytics
RSA Product/Service Type: Administration Server, UI
RSA Version: 11.0
IssueAfter upgrading to RSA NetWitness Logs & Packets 11.0 (10.6.4.0, 10.6.4.1, 10.6.4.2 à 11.0.0.0) the Active Directory users are no longer able to log in.
CauseThe issue occurs if 11.0.0.0 customers have migrated authentication providers and users by clicking on the Migrate button within the UI (AdminàSecurityàSettings) after upgrade from 10.6.4.0 to 10.6.4.1 and then from 10.6.4.2 to 11.0.0.0 and before applying the 11.0.0.1 patch.
ResolutionThis issue has been fixed in version 10.6.4.3 and later.
Workaround
  1. Connect to the Administration Server via SSH.
  2. Run the command below at the command line. The prompt for a password will be for the deploy_admin user password. This password was specified during the bootstrap process of the Administration Server.

mongo -u deploy_admin -p --authenticationDatabase admin --eval 'db.getSiblingDB("security-server").user.updateMany({ type: "Pam" }, { $set: { type: "Unknown", accountProviderId: null } })'

Example Output from the Command:
User-added image

Attachments

    Outcomes