.png?width=180&height=32&name=NW%20Logo%20(2).png){kind=small}
Error occurs while trying to restore a backup file that came from a physical appliance to a virtual machine for NetWitness
Issue
Sometimes a customer who has a physical environment may want to restore a backup into their virtual environment before performing an upgrade.The customer used the NRT to backup their server before upgrading. They then attempt to restore this backup onto a virtual test environment using NRT backup file for testing purposes before upgrading but are unable to install the service after restoring.
You may see an error similar to the one below. This example was taken from a Packet Decoder during service installation.
/var/log/netwitness/config-management/chef-solo.log:
[2022-12-23T06:05:27+00:00] INFO: ruby_block[resolve ips] called
[2022-12-23T06:05:27+00:00] INFO: Processing replace_or_add[Append /etc/sysconfig/network-scripts/ifcfg-lo] action edit (nw-dns-client::migrate line 14)
[2022-12-23T06:05:27+00:00] INFO: Processing file[/etc/sysconfig/network-scripts/ifcfg-lo] action create (/var/lib/netwitness/config-management/cache/cookbooks/line/resources/replace_or_add.rb line 40)
[2022-12-23T06:05:27+00:00] INFO: Processing replace_or_add[Append /etc/sysconfig/network-scripts/ifcfg-eth0] action edit (nw-dns-client::migrate line 14)
[2022-12-23T06:05:27+00:00] INFO: Processing file[/etc/sysconfig/network-scripts/ifcfg-eth0] action create (/var/lib/netwitness/config-management/cache/cookbooks/line/resources/replace_or_add.rb line 40)
[2022-12-23T06:05:27+00:00] INFO: Processing template[/etc/sysctl.d/100-nw-dns-client.conf] action create (nw-dns-client::kparam line 10)
[2022-12-23T06:05:27+00:00] INFO: Processing group[nwpki] action create (nw-pki::groups line 9)
[2022-12-23T06:05:27+00:00] INFO: Running queued delayed notifications before re-raising exception
[2022-12-23T06:05:27+00:00] ERROR: Running exception handlers
[2022-12-23T06:05:27+00:00] ERROR: Exception handlers complete
[2022-12-23T06:05:27+00:00] FATAL: Stacktrace dumped to /var/lib/netwitness/config-management/cache/chef-stacktrace.out
[2022-12-23T06:05:27+00:00] FATAL: Please provide the contents of the stacktrace.out file if you file a bug report
[2022-12-23T06:05:27+00:00] FATAL: Mixlib::ShellOut::ShellCommandFailed: group[nwpki] (nw-pki::groups line 9) had an error: Mixlib::ShellOut::ShellCommandFailed: Expected process to exit with [0], but received '3'
---- Begin output of ["gpasswd", "-a", "netwitness", "nwpki"] ----
STDOUT:
STDERR: gpasswd: user 'netwitness' does not exist
---- End output of ["gpasswd", "-a", "netwitness", "nwpki"] ----
Ran ["gpasswd", "-a", "netwitness", "nwpki"] returned 3
[2022-12-23T06:05:27+00:00] INFO: Processing replace_or_add[Append /etc/sysconfig/network-scripts/ifcfg-lo] action edit (nw-dns-client::migrate line 14)
[2022-12-23T06:05:27+00:00] INFO: Processing file[/etc/sysconfig/network-scripts/ifcfg-lo] action create (/var/lib/netwitness/config-management/cache/cookbooks/line/resources/replace_or_add.rb line 40)
[2022-12-23T06:05:27+00:00] INFO: Processing replace_or_add[Append /etc/sysconfig/network-scripts/ifcfg-eth0] action edit (nw-dns-client::migrate line 14)
[2022-12-23T06:05:27+00:00] INFO: Processing file[/etc/sysconfig/network-scripts/ifcfg-eth0] action create (/var/lib/netwitness/config-management/cache/cookbooks/line/resources/replace_or_add.rb line 40)
[2022-12-23T06:05:27+00:00] INFO: Processing template[/etc/sysctl.d/100-nw-dns-client.conf] action create (nw-dns-client::kparam line 10)
[2022-12-23T06:05:27+00:00] INFO: Processing group[nwpki] action create (nw-pki::groups line 9)
[2022-12-23T06:05:27+00:00] INFO: Running queued delayed notifications before re-raising exception
[2022-12-23T06:05:27+00:00] ERROR: Running exception handlers
[2022-12-23T06:05:27+00:00] ERROR: Exception handlers complete
[2022-12-23T06:05:27+00:00] FATAL: Stacktrace dumped to /var/lib/netwitness/config-management/cache/chef-stacktrace.out
[2022-12-23T06:05:27+00:00] FATAL: Please provide the contents of the stacktrace.out file if you file a bug report
[2022-12-23T06:05:27+00:00] FATAL: Mixlib::ShellOut::ShellCommandFailed: group[nwpki] (nw-pki::groups line 9) had an error: Mixlib::ShellOut::ShellCommandFailed: Expected process to exit with [0], but received '3'
---- Begin output of ["gpasswd", "-a", "netwitness", "nwpki"] ----
STDOUT:
STDERR: gpasswd: user 'netwitness' does not exist
---- End output of ["gpasswd", "-a", "netwitness", "nwpki"] ----
Ran ["gpasswd", "-a", "netwitness", "nwpki"] returned 3
Resolution
NetWitness does not currently support restoring the NRT backups taken from physical environment to virtual environment.The Engineering Team has discussed internally this issue and have concluded that the NRT backups taken from physical environment cannot be restored on a virtual environment. This scenario has not been tested and is not supported because of various dependencies which change between the two environments. Hence, it is advised to restore the NRT backups on the same type of environment as where it is taken from whether physical or virtual.
Product Details
RSA Product Set: NetWitness Log and NetworkRSA Product/Service Type: Platform
RSA Version/Condition:11.x , 12.x
Approval Reviewer Queue
Technical approval queue