000036246 - Secondary RSA NetWitness Endpoint servers flipping online/offline in UI (flapping)

Document created by RSA Customer Support Employee on Apr 19, 2018
Version 1Show Document
  • View in full screen mode

Article Content

Article Number000036246
Applies ToRSA Product Set: NetWitness Endpoint
RSA Product/Service Type: NetWitness Endpoint
RSA Version/Condition:
Platform: Windows
The secondary RSA NetWitness Endpoint servers show offline even though the services are running, ping seems to be working between servers, and ports are open.


Sample offline servers
CauseThe primary cause for this issue can be attributed to dropped packets and other network disruption within the environment. Possible issues that can cause permanent loss of connectivity include mismatched ciphers/protocols between primary and secondary servers.

For up/down issues, (flapping connectivity) this is typically due to hardware/software issues at the switch level, where communication stops being consistent and the UI/database on the primary cannot determine if the machine is online anymore. Once it is offline, the status of the machines associated with the offline secondary become set to offline in the UI, causing confusion on whether so many machines are offline when in fact, they are still available and connecting normally.
ResolutionThis must be resolved either at the hardware level by replacing the failing switch/router if connectivity is flapping(inconsistently down/up) or if offline fully, is reason likely a cipher/protocol mismatch and the Schannel settings should be adjusted for complete communication.