Troubleshooting

This section provides information about possible issues when using the RSA NetWitness Endpoint.

Packager Issue

Issue

Failed to generate the agent installers.

Explanation

Some encryption software may create additional files that fails to generate the agent installers.

Resolution

Copy the packager to a machine that does not have antivirus or encryption software and then generate the agent installers.

Issue

Failed to generate agent installers for MAC.

Explanation Agent packager AgentPackager.exe fails to generate MAC agent installer (nwe-agent.pkg) with the error message “Failed to generate table of content for package” or “Failed to create config file C:\AgentPackager (4)\agents\mac\Plugins\NWEInstallerPlugin.bundle\Contents\Resources\config.cfg”.
Resolution Run the AgentPackager.exe as administrator by right-clicking the file and selecting Run as Administrator.

Issue

Agent packager generates temporary agent installers for MAC.

Explanation Agent packager AgentPackager.exe generates MAC agent installer as nwe-agent_tmp.pkg instead of nwe-agent.pkg.
Resolution

Run the AgentPackager.exe as administrator by right-clicking the file and selecting Run as Administrator. The MAC agent package nwe-agent.pkg will be generated as expected

Agent Upgrade via UI Issues

Issue Agent upgrade not available.
Explanation

1. The agent version might not be supported for upgrade from UI. Agent version has to be 11.5.1 or later for upgrade via UI.

2. Logged in user may not have appropriate permission for upgrade from UI.

3. Agent version is up-to date.

Resolution

1. Use the manual upgrade method for upgrading the version.

2. Use admin user which have following permissions, endpoint-server.agentupdate.manage and endpoint-server.ca.manage.

3. No upgrade required. Agent version is already up-to date and no further upgrade is available.

Issue Agent upgrade is in Pending state.
Explanation The hosts for which the command is shown in pending could be in offline or inactive state.
Resolution Ensure Hosts/agents are communicating with Endpoint server directly or via Relay server for it to receive the upgrade command from server. Verify "Agent Last seen" time in Host listing page.

Issue Agent upgrade failed.
Explanation

1. Agent upgrade fail with any of the following reasons:

  • Service Name or Driver name mismatch
  • Checksum mismatch
  • Installer size mismatch

2. Agent installer could not be created.

Resolution

1. Retry upgrading the agent. If it continues to fail, use the manual upgrade method.

2. Check the permissions for the user initiated the upgrade command. User can be viewed in Host > Agent History page. User should have following permissions, endpoint-server.agentupdate.manage and endpoint-server.ca.manage.

Issue Linux agent upgrade fails with an error, sudo not found.
Resolution Make sure that the sudo package is installed on the agent machine.

Agent Uninstall via UI Issues

Issue Agent uninstalled failed.
Explanation Agent uninstall fails due to several unknown reasons.
Resolution

1. Retry uninstalling the agent.

2. Use the manual uninstall method. For more information, see Uninstalling Agent Manually.