The issue is present if the currently loaded kernel is lower than the latest kernel installed.
There are multiple reasons why this issue may occur after a RSA NetWitness/Security Analytics software update. These include:
The default kernel value didn't update in /boot/grub/grub.conf when new kernel installed;
Missing symbolic link (symlink) from /boot/grub/grub.conf to /etc/grub.conf;
Incomplete kernel RPM installation.
In order to resolve the issue, a small tool called 'grubby-wrapper' has been written to make changes to grub.conf in the most automated manner possible. This tool can find the most recent kernel available on your system (when invoked with -d) and update grub.conf automatically so that it will be started on the next system boot.
The -i option is suggested if you are uncertain about making this change; this causes the tool to run interactively. In interactive mode, grubby-wrapper will collect all necessary information as usual, then pause just before making any changes and provide you the opportunity to exit the tool early.
To use this tool, first download the attached archive from this article. It is then necessary to transfer it to the target appliance with the scp or sftp protocol, or your preferred FTP client.
Unpack the containing archive (grubby-wrapper-22.214.171.124.tar.gz) with this command, executed from the directory where you stored it:
tar -zxvf grubby-wrapper-126.96.36.199.tar.gz
Invoke the script with this command, followed by at least one parameter.
The script must either receive -d to operate in default mode or else -k [kernel version]. If it does not receive any parameters or if it receives incorrect parameters, it will refer you to inline help (-h). So, for example, either:
...or else -k followed by the desired kernel version:
Do not invoke the script with both -d and -k flags, or undesired results may occur.
Other options are available for advanced users. Consult the inline help. Again, this is accessible by invoking grubby-wrapper with -h:
Once the changes have been made, a reboot will be required. Please consult the final output from grubby-wrapper for details.
If you are unsure of any of the steps above or experience any issues, contact RSA Support and quote this article number for further assistance.
Warning: Although grubby-wrapper performs exhaustive sanity checks to ensure that all candidate kernel images must exist and be valid; must have accompanying, valid initramfs filesystem images; must be installed via RPM; must match integrity checksums stored in the RPM database; and other considerations, it is still theoretically possible to render your system at least temporarily un-bootable. The tool will encourage you to review the resulting grub.conf visually before rebooting your system. This is strongly encouraged.
If you find that you cannot boot the resulting kernel entry after running grubby-wrapper, you should still be able to boot the previous version. By default, this backup boot entry may have the name of Boot.
It is possible to modify /boot/grub/grub.conf by hand. However, this increases the risk of modifications that may render the appliance un-bootable.