000036512 - Trying to install a service in a new host fails in RSA NetWitness 11.x

Document created by RSA Customer Support Employee on Jul 11, 2018
Version 1Show Document
  • View in full screen mode

Article Content

Article Number000036512
Applies ToRSA Product Set: NetWitness Logs and Packets
RSA Version/Condition: 11.x
Platform: CentOS
O/S Version: 7

 
IssueAfter discovering and enabling a new host in the UI > Hosts page, when you try to Install a service in the new host, it takes a long time to finish Installing the service (more than 10 minutes) and finally fails with the error:

    Install error. View details.

    Host installation failed.
    Error installing <service> on host X.X.X.X.



User-added image


In the host, when you tail the Chef log file, you can see the following output:

# tailf /var/log/netwitness/config-management/chef-solo.log
...
[2018-07-08T19:48:30+00:00] INFO: Processing nw_base_execute_client[get platform.deployment.password property from config server] action get_config_property (dynamically defined)
[2018-07-08T19:48:30+00:00] INFO: Processing ruby_block[get-config-property nw.security-client:platform.deployment.password] action run (/var/lib/netwitness/config-management/cache/cookbooks/nw-base/resources/execute_client.rb line 191)
...
[2018-07-08T19:58:43+00:00] INFO: Running queued delayed notifications before re-raising exception
[2018-07-08T19:58:43+00:00] INFO: Processing nw_base_execute_client[get platform.deployment.password property from config server] action get_config_property (dynamically defined)
[2018-07-08T19:58:43+00:00] INFO: Processing ruby_block[get-config-property nw.security-client:platform.deployment.password] action run (/var/lib/netwitness/config-management/cache/cookbooks/nw-base/resources/execute_client.rb line 191)
...
[2018-07-08T20:08:55+00:00] INFO: Running queued delayed notifications before re-raising exception
[2018-07-08T20:08:55+00:00] INFO: Running queued delayed notifications before re-raising exception
[2018-07-08T20:08:55+00:00] ERROR: Running exception handlers
[2018-07-08T20:08:55+00:00] ERROR: Exception handlers complete
[2018-07-08T20:08:55+00:00] FATAL: Stacktrace dumped to /var/lib/netwitness/config-management/cache/chef-stacktrace.out
[2018-07-08T20:08:55+00:00] FATAL: Please provide the contents of the stacktrace.out file if you file a bug report
[2018-07-08T20:08:55+00:00] ERROR: nw_base_execute_client[get platform.deployment.password property from config server] (dynamically defined) had an error: Mixlib::ShellOut::CommandTimeout: ruby_block[get-config-property nw.security-client:platform.deployment.password] (/var/lib/netwitness/config-management/cache/cookbooks/nw-base/resources/execute_client.rb line 191) had an error: Mixlib::ShellOut::CommandTimeout: Command timed out after 600s:
Command exceeded allowed execution time, process terminated
---- Begin output of security-cli-client --get-config-prop -q  --prop-hierarchy nw.security-client --prop-name platform.deployment.password  --broker nw-node-zero ----
STDOUT:
STDERR:
---- End output of security-cli-client --get-config-prop -q  --prop-hierarchy nw.security-client --prop-name platform.deployment.password  --broker nw-node-zero ----
Ran security-cli-client --get-config-prop -q  --prop-hierarchy nw.security-client --prop-name platform.deployment.password  --broker nw-node-zero returned
[2018-07-08T20:08:56+00:00] FATAL: Chef::Exceptions::ChildConvergeError: Chef run process exited unsuccessfully (exit code 1)

 
CauseThis normally happens when the 5671 port has not been opened between the host and the NW Server. The 5671 port must be opened in a bi-directional way between the host and the NW Server for the provisioning to be successful.

You can verify if the port is open by using the curl command from the Host command line:

    curl -v <NWServerIP>:5671

For example, the following output shows that the port is open and the connection is successful:
    
# curl -v 192.168.2.101:5671
* About to connect() to 192.168.2.101 port 5671 (#0)
*   Trying 192.168.2.101...
* Connected to 192.168.2.101 (192.168.2.101) port 5671 (#0)
> GET / HTTP/1.1
> User-Agent: curl/7.29.0
> Host: 192.168.2.101:5671
> Accept: */*
>


If the port is blocked, you will see the following output instead:

# curl -v 192.168.2.101:5671
* About to connect() to 192.168.2.101 port 5671 (#0)
*   Trying 192.168.2.101...
* Connection timed out
* Failed connect to 192.168.2.101:5671; Connection timed out
* Closing connection 0
curl: (7) Failed connect to 192.168.2.101:5671; Connection timed out

 
ResolutionPlease confirm that your firewall is not blocking the 5671 port and make sure it is open in a bidirectional way (from Host to NW Server and from NW Server to Host).
 

Attachments

    Outcomes