Skip to content
  • There are no suggestions because the search field is empty.

CMS test connection failing when entering Live account into RSA Security Analytics UI

Issue

CMS test connection failing when entering Live account into RSA Security Analytics (SA) UI

An nslookup from the Security Analytics server is successful, as shown in the example below.

# nslookup cms.netwitness.com
Server:        
Address:        #53

Non-authoritative answer:
Name:   cms.netwitness.com
Address: 216.200.20.140


The output of the curl command shows successful connection (HTTP 200) through the Web Proxy, as shown in the example below.

# curl -v --proxy :   https://cms.netwitness.com/

Example Output:
* About to connect() to proxy port (#0)
*   Trying ... connected
* Connected to ( ) port (#0)
* Establish HTTP proxy tunnel to cms.netwitness.com:443
> CONNECT cms.netwitness.com:443 HTTP/1.1
> Host: cms.netwitness.com:443
> User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.13.1.0 zlib/1.2.3 libidn/1.18 libssh2/1.2.2
> Proxy-Connection: Keep-Alive
>
< HTTP/1.0 200 Connection established
<
* Proxy replied OK to CONNECT request
* Initializing NSS with certpath: sql:/etc/pki/nssdb
*   CAfile: /etc/pki/tls/certs/ca-bundle.crt
 CApath: none
* SSL connection using TLS_DHE_RSA_WITH_AES_256_CBC_SHA
* Server certificate:
*       subject: CN=cms.netwitness.com,OU=Domain Control Validated
*       start date: Apr 09 21:46:24 2014 GMT
*       expire date: Apr 06 19:37:23 2015 GMT
*       common name: cms.netwitness.com
*       issuer: CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs.godaddy.com/repository/,O="GoDaddy.com, Inc.",L=Scottsdale,ST=Arizona,C=US
> GET / HTTP/1.1
> User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.13.1.0 zlib/1.2.3 libidn/1.18 libssh2/1.2.2
> Host: cms.netwitness.com
> Accept: */*
>
< HTTP/1.1 302 Found
< Server: nginx/1.0.15
< Date: Tue, 01 Jul 2014 00:13:03 GMT
< Transfer-Encoding: chunked
< Connection: keep-alive
< X-Frame-Options: SAMEORIGIN
< Set-Cookie: JSESSIONID=1jxffrpsvot0awv9cj7aqndfq;Path=/;HttpOnly
< Expires: Thu, 01-Jan-1970 00:00:00 GMT
< Location: http://cms.netwitness.com/live/login;jsessionid=1jxffrpsvot0awv9cj7aqndfq
<
* Connection #0 to host left intact
* Closing connection #0


Confirmed the Live account credentials are valid by using a web browser to log into https://cms.netwitness.com using these credentials.
When using the 'Test Connection' button in Administration \ System => Live section receiving the 'Test connection failed'

The /var/lib/netwitness/uax/logs/sa.log file displays errors similar to the following:

2014-07-01 10:41:52,480 [qtp1762404986-497] INFO  com.rsa.netwitness.cms.impl.CmsClientImpl - CMS authentication failure for : org.apache.http.HttpException: CMS Server indicated an error.  Please check the application log for the more information.
2014-07-01 10:42:03,187 [qtp1762404986-416] INFO  com.rsa.netwitness.cms.impl.CmsClientImpl - Unable to parse error from: Apache Tomcat/6.0.29 - Error report