000036414 - How to resolve the deployment if the deploy_admin password was changed during the upgrade to RSA NetWitness 11.x

Document created by RSA Customer Support Employee on Jul 31, 2018Last modified by RSA Customer Support Employee on Mar 26, 2019
Version 3Show Document
  • View in full screen mode

Article Content

Article Number000036414
Applies ToRSA Product Set: NetWitness Logs & Network
RSA Product/Service Type: Core Appliance
RSA Version/Condition: 11.x
IssueThe deploy_admin password changed and now the deployment of core devices are not functioning.

The chef-stacktrace.out file reports the following:

security-cli-client --sign-cert --in-file /etc/pki/nw/rabbitmq/rabbitmq-server-key.csr --out-file /etc/pki/nw/rabbitmq/rabbitmq-server-cert.pem --chain-file /etc/pki/nw/rabbitmq/rabbitmq-server-cert.chain -u java.lang.IllegalStateException: Service not available!
at com.rsa.netwitness.infrastructure.security.client.SecurityApplication.checkServerReady(SecurityApplication.java:286)

CauseThe update uses the deploy_admin password to sign certificates used by rabbitmq. If the deploy_admin password is modified before fully completing the upgrade the configuration file will still have the previously configured deploy_admin password.
ResolutionTo resolve the issue, connect to the core device that you are trying to install via SSH and then edit the security-client-amqp.yml file.

vi /etc/netwitness/security-client/security-client-amqp.yml

Modify the rabbit-pw to the changed deploy_admin password and then re-run the install for the core service.
NotesPlease check the password policy: Admin > Security > Settings tab. 

If the password security has increased after setting the deploy_admin password, the password may not comply with the updated password policy and either the password policy or password may need to be updated.

Also, check to make sure the deploy_admin password has not been locked out or expired.