000036644 - DAC configuration issue with "NwArrayConfig Failed! No available DAC drives found" error on an RSA NetWitness appliance

Document created by RSA Customer Support Employee on Aug 29, 2018Last modified by RSA Customer Support Employee on Sep 3, 2018
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000036644
Applies ToRSA Product Set: NetWitness Logs & Network, Security Analytics
RSA Product/Service Type: Direct Attached Capacity (DAC), Decoder, Log Decoder, Concentrator, Archiver
RSA Version/Condition: 10.4.x, 10.5.x, 10.6.x, 11.0.x
IssueWhen you try to configure a DAC with NwArrayConfig.py script after re-imaging an appliance, you rarely encounter the following issue.

# ./NwArrayConfig.py
Failed!: No available DAC drives found. Verify the DAC configuration before trying again.

Running NwArrayConfig.py with options either returns the same error or others such as the examples below.

# ./NwArrayConfig.py --service hybrid
Usage: NwArrayConfig.py [options]
NwArrayConfig.py: error: option --service: invalid choice: 'hybrid' (choose from 'decoder', 'logdecoder', 'concentrator', 'archiver')

need to be available. For decoder
available. When specifying the service to modify the appropriate volume groups
No available devices were found or the improper number of devices were
# ./NwArrayConfig.py --andservicedecoderlogdecoder that would be one for the meta
database and one for the packet database volumesandforconcentrator it will be
one for the index and one for the meta database volumes.
Usage: NwArrayConfig.py [options]

CauseThese issues can occur when the existing DAC configuration is not fully cleared.
ResolutionIn this case, you need to manually clear your DAC configuration with following procedures. (reset or reinitialize DAC)
  • Make sure that the decoder and concentrator is pointing to the mount paths via (decoder or concentrator) -> config -> explore -> database -> config. you would see them in the keys listed there (meta.dir, session.dir).  The paths are separated by a semicolon and include the file size of the partition.

For example:

session.dir = /var/netwitness/concentrator/sessiondb=972.32GB;/var/netwitness/concentrator/sessiondb0/sessiondb==707.88GB
meta.dir = /var/netwitness/concentrator/metadb=9.38TB;/var/netwitness/concentrator/metadb0/metadb==6.22TB

  • Ensure there are no mount paths to the above in /etc/fstab:

For example:

/dev/concentrator0/sessiondb /var/netwitness/concentrator/sesiondb0 xfs noatime,nosuid 1 2
/dev/concentrator0/metadb /var/netwitness/concentrator/metadb0 xfs noatime,nosuid 1 2
/dev/decoder0/packetdb /var/netwitness/decoder/packetdb0 xfs noatime,nosuid 1 2

  • Stop the Decoder and Concentrator services

# stop nwdecoder; stop nwappliance
# stop nwconcentrator; stop nwappliance

  • Ensure paths are not mounted.

# umount /var/netwitness/concentrator/sessiondb0
# umount /var/netwitness/concentrator/metadb0
# umount /var/netwitness/decoder/packetdb0

  • Remove the directories

# rm -rf /var/netwitness/concentrator/sessiondb0
# rm -rf /var/netwitness/concentrator/metadb0
# rm -rf /var/netwitness/decoder/packetdb0

  • Remove the logical volumes (lvm)

# lvremove /dev/concentrator0/sessiondb
# lvremove /dev/concentrator0/metadb
# lvremove /dev/decoder0/packetdb

  • Remove the volume group (lvm)

# vgremove concentrator0
# vgremove decoder0

  • Remove the physical volumes attached to lvm

# pvremove /dev/sdg
# pvremove /dev/sdf

  • Delete logical device(virtual drive) all on adapter 1

# /opt/MegaRAID/MegaCli/MegaCli64 -CfgLdDel -LALL –a1

After these steps and checking the SAS cabling, also make sure that you can see physical drive status is “U” by nwraidutil.pl output.  You will then be able to configure the DAC with the normal process.