This section describes the error messages displayed in the Hosts view when it encounters problems updating host versions and installing services on hosts in the Hosts view. If you cannot resolve an update or installation issue using the following troubleshooting solutions, contact Customer Support (https://community.rsa.com/docs/DOC-1294).
Troubleshooting instructions for the following errors that may occur during the upgrade are described in this section.
- deploy_admin Password Expired Error
- Downloading Error
- Error Deploying Version <version-number> Missing Update Packages
- External Repo Update Error
- Host Installation Failed Error
- Host Update Failed Error
- Missing Update Packages Error
- Patch Update to Non-NW Server Error
- Reboot Host After Update from Command Line Error
- Reporting Engine Restarts After Upgrade
Troubleshooting instructions are also provided for errors for the following hosts and services that may occur during or after an upgrade.
|Cause||The deploy_admin user password has expired.|
Reset your deploy_admin password password.
|Problem||When you select an update version and click Update >Update Host, the download starts but fails to complete.|
|Cause||Version download files can be large and take a long time to download. If there are communication issues during the download it will fail.|
Error deploying version <version-number> is displayed in the Initialize Update Package for RSA NetWitness Platform dialog after you click on Initialize Update if the update package is corrupted.
|Error Message|| |
Received an error similar to the following error when trying to update to a new version from the :
|Cause||There is an error the path you specified.|
Make sure that:
|Problem||When you select a host and click Install the install service process fails.|
|Problem||When you select an update version and click Update > Update Host, the download process is successful, but the update process fails.|
|Problem||Missing the following update package(s) is displayed in the Initialize Update Package for RSA NetWitness Platform dialog when you are updating a host from the Hosts view offline and there are packages missing in the staging folder.|
|Error Message|| |
The following example illustrates an ssh error that can occur when the ssh client is run from a host with OpenSSL 1.1.x installed:
Advanced users who want to ssh to a NetWitness Platform host from a client that is using OpenSSL 1.1.x encounter this error because of incompatibility between CENTOS 7.x and OpenSSL 1.1.x. For example:
$ rpm -q openssl
Specify the compatible cipher list on the command line. For example:
$ ssh -oCiphers=aes128-ctr,aes192-ctr,aes256-ctr email@example.com
I've read & consent to terms in IS user agreement.
Last login: Mon Oct 21 19:03:23 2019
|Error Message|| |
The /var/log/netwitness/orchestration-server/orchestration-server.log has an error similar to the following error:
|Problem||After you update the NW Server host to a version, you must update all non-NW Server hosts to the same version. For example, if you update the NW Server from 18.104.22.168 to 11.4.x.x , the only update path for the non-NW Server hosts is the same version (that is, 11.4.x.x). If you try to update any non-NW Server host to a different version (for example, from 22.214.171.124 to an 11.4.0.x) you will get this error.|
You have two options:
|Cause||You cannot use CLI to reboot the host. You must use the User Interface.|
Reboot the host in the Host View in the User Interface.
In some cases, after you upgrade to 11.4 from versions of 11.x, such as 11.2 or 11.3, the Reporting Engine service attempts to restart continuously without success.
The database files for live charts, alert status, or report status may not be loaded successfully as the files may be corrupted.
To resolve the issue, do the following:
Log Collector logs are posted to /var/log/install/nwlogcollector_install.log on the host running the nwlogcollector service.
|Error Message||<timestamp>.NwLogCollector_PostInstall: Lockbox Status : Failed to open lockbox: The lockbox stable value threshold was not met because the system fingerprint has changed. To reset the system fingerprint, open the lockbox using the passphrase.|
|Cause||The Log Collector Lockbox failed to open after the update.|
|Solution||Log in to NetWitness Platform and reset the system fingerprint by resetting the stable system value password for the Lockbox as described in the "Reset the Stable System Value" topic under "Configure Lockbox Security Settings" topic in the Log Collection Configuration Guide.|
|Error Message||<timestamp> NwLogCollector_PostInstall: Lockbox Status : Not Found|
|Cause||The Log Collector Lockbox is not configured after the update.|
|Solution||If you use a Log Collector Lockbox, log in to NetWitness Platform and configure the Lockbox as described in the "Configure Lockbox Security Settings" topic in the Log Collection Configuration Guide.|
|Error Message||<timestamp>: NwLogCollector_PostInstall: Lockbox Status : Lockbox maintenance required: The lockbox stable value threshold requires resetting. To reset the system fingerprint, select Reset Stable System Value on the settings page of the Log Collector.|
|Cause||You need to reset the stable value threshold field for the Log Collector Lockbox.|
|Solution||Log in to NetWitness Platform and reset the stable system value password for the Lockbox as described in "Reset the Stable System Value" topic under "Configure Lockbox Security Settings" topic in the Log Collection Configuration Guide.|
These logs are posted to /var/netwitness/uax/logs/sa.log on the NW Server Host.
After upgrade, you notice that Audit logs are not getting forwarded to the configured Global Audit Setup;
The following message seen in the sa.log.
|Cause||NW Server Global Audit setup migration failed to migrate from 11.2.x.x or 11.3.x.x. to 126.96.36.199.|
The orchestration server logs are posted to /var/log/netwitness/orchestration-server/orchestration-server.log on the NW Server Host.
You will see the following message in the orchestration-server.log.
|Cause||Salt minion may have been upgraded and never restarted on failed non-NW Server host|
Reporting Engine Update logs are posted to to/var/log/re_install.log file on the host running the Reporting Engine service.
|Error Message||<timestamp> : Available free space in /var/netwitness/re-server/rsa/soc/reporting-engine [ ><existing-GB ] is less than the required space [ <required-GB> ]|
|Cause||Update of the Reporting Engine failed because you do not have enough disk space.|
|Solution||Free up the disk space to accommodate the required space shown in the log message. See the "Add Additional Space for Large Reports" topic in the Reporting Engine Configuration Guide for instructions on how to free up disk space.|