.png?width=180&height=32&name=NW%20Logo%20(2).png){kind=small}
Host synchronization failed error while reissuing the certs for RSA NetWitness host component in version 11.x
Issue
Below error comes up while running below command for reissuing the certs for NetWitness host components.
#nw-root-ca-update --synch-host --host-id <UUID of the host you are trying to renew the cert for>
[0m[2019-12-17T15:31:21+00:00] <12449> (ERROR) Failed to run configuration management
ERROR: Minions returned with non-zero exit code
[2019-12-17T15:31:21+00:00] <550> (ERROR) One or more hosts failed:
[2019-12-17T15:31:21+00:00] <550> (ERROR) -- 0f562436-82ba-41ce-afde-c8f11761f195
[2019-12-17T15:31:21+00:00] <550> (ERROR) Host synchronization failed
[0m[2019-12-17T15:31:21+00:00] <12449> (ERROR) Failed to run configuration management
ERROR: Minions returned with non-zero exit code
[2019-12-17T15:31:21+00:00] <550> (ERROR) One or more hosts failed:
[2019-12-17T15:31:21+00:00] <550> (ERROR) -- 0f562436-82ba-41ce-afde-c8f11761f195
[2019-12-17T15:31:21+00:00] <550> (ERROR) Host synchronization failed
How to find UUID:- Run the below command on the host
#cat /etc/salt/minion
Cause
This happens when UUID is different for the host on both Orchestration-server (Admin-server) and on a minion (Hosts).
Resolution
To identify if UUID is different for that host.
- SSH to NetWitness host component and run below command:-
#cat /etc/salt/minion
Capture the UUID.
- SSH to Admin-server
#mongo admin -u deploy_admin -p <deploy_admin password>
>use orchestration-server
>show collections
>db.host.find()
Identify the IP of the host, and compare the UUID with the UUID captured in step 1.
If the UUID of the host identified to be different on both admin-server and host then please follow below step:-
- Edit the below file on the host.
#vi /etc/salt/minion
Replace the UUID with the one found in Step 2 for the problematic host.
- Rerun the chef using the below command on the host.
#chef-solo --no-color --logfile "/var/log/netwitness/config-management/chef-solo.log" --format doc --config /var/lib/netwitness/config-management/client.rb --json-attributes /etc/netwitness/config-management/node.json
- SSH to admin-server and run the below command to reissue the cert for a problematic host again.
#nw-root-ca-update --synch-host --host-id <UUID of the host you are trying to renew the cert for>
You should see it successfully completed and services will come online now.
Notes
Article followed for reissuing the certs is https://community.rsa.com/docs/DOC-107280
Jira for reference - https://bedfordjira.na.rsa.net/browse/SACE-12765
Product Details
RSA Product Set: RSA NetWitness Platform
RSA Product/Service Type: NetWitness Hosts
RSA Version/Condition: 11.x
Platform: CentOS
O/S Version: 7
Approval Reviewer Queue
RSA NetWitness Suite Approval Queue