AnsweredAssumed Answered

Appliance enable failed

Question asked by RSA Admin Employee on Aug 12, 2015
Latest reply on Aug 18, 2015 by RSA Link Team (Inactive)

I am facing an issue. I upgraded my SA with 10.5 version. But after upgrade, broker is showing message "enable failed, please retry"


I followed this process to resolve this:


In order to resolve the issue, the puppet certificates will need to be reissued on the remote appliance by following the steps below. 

  1. 1. Remove the failing appliance from the Security Analytics UI by clicking the Minus ( - ) button and selecting the Remove and Repurpose Appliance option.
  2. 2. Connect to both the failed appliance and the Security Analytics server via SSH.
  3. 3. On the appliance that is being added, issue the following command, then take note of the Node ID:   cat /var/lib/puppet/node_id
  4. 4. On the Security Analytics server, issue the puppet cert list --all command to list all of the certificates known by puppet.
  5. 5. Using the Node ID from Step 3, issue the command puppet cert clean <node_id> to remove the certificate from the SA server.  Perform this step regardless of whether the Node ID is listed from step 3.
  6. 6. Issue the command vi /var/lib/puppet/ssl/ca/inventory.txt and remove the Node ID from Step 3 if it is listed.
  7. 7. On the appliance to be added, issue the following command to remove any previously issued certificates:  rm -rf /var/lib/puppet/ssl
  8. 8. Remove the service-specific certificates depending on what services are running on the appliance by issuing the commands below:
    NOTE: Replace <service> below with the service name, i.e. appliance, broker, concentrator, etc.
    • rm -f /etc/netwitness/ng/<service>/storedproc/*
    • rm -f /etc/netwitness/ng/<service>/trustpeers/*
    • rm -f /etc/netwitness/ng/<service>/truststore/*
  9. 9. On the same appliance, regenerate the certificates by issuing the following command:  puppet agent -t --waitforcert 30

After performing the steps above, move to the Security Analytics UI and click on the Discover button on the Administration -> Appliances screen.
At this point, the UI should be able to recognize the new appliance as expected.


I was able to discover my appliance but again same problem is coming.: enable failed, please retry"

Any Solution?



Thanks and Regards,

Priya Malik