|Applies To||RSA Product Set: NetWitness Endpoint|
RSA Product/Service Type: NetWitness Endpoint
RSA Version/Condition: 18.104.22.168
The secondary RSA NetWitness Endpoint servers show offline even though the services are running, ping seems to be working between servers, and ports are open.
|Cause||The primary cause for this issue can be attributed to dropped packets and other network disruption within the environment. Possible issues that can cause permanent loss of connectivity include mismatched ciphers/protocols between primary and secondary servers.|
For up/down issues, (flapping connectivity) this is typically due to hardware/software issues at the switch level, where communication stops being consistent and the UI/database on the primary cannot determine if the machine is online anymore. Once it is offline, the status of the machines associated with the offline secondary become set to offline in the UI, causing confusion on whether so many machines are offline when in fact, they are still available and connecting normally.
|Resolution||This must be resolved either at the hardware level by replacing the failing switch/router if connectivity is flapping(inconsistently down/up) or if offline fully, is reason likely a cipher/protocol mismatch and the Schannel settings should be adjusted for complete communication.|