Skip to content
  • There are no suggestions because the search field is empty.

How to reset deploy_admin password for mongo DB in RSA NetWitness Platform 11.x

Issue

When the password for 'deploy_admin' account is out of sync with the current 'deploy_admin' password(likely due to user errors while running nwsetup-tui), upgrading NetWitness ESA 11.x fails with the following error in ESA's /var/log/messages.
Nov 26 00:24:49 RSA-ESA salt-minion: ================================================================================
Nov 26 00:24:49 RSA-ESA salt-minion: Error executing action `run` on resource 'execute[Creating MongoDB user CN=rsa-nw-admin-server]'
Nov 26 00:24:49 RSA-ESA salt-minion: ================================================================================
Nov 26 00:24:49 RSA-ESA salt-minion: Mixlib::ShellOut::ShellCommandFailed
Nov 26 00:24:49 RSA-ESA salt-minion: ------------------------------------
Nov 26 00:24:49 RSA-ESA salt-minion: Command execution failed. STDOUT/STDERR suppressed for sensitive resource
Nov 26 00:24:49 RSA-ESA salt-minion: Resource Declaration:
chef-solo.log
---- Begin output of mongo --quiet --host '127.0.0.1' --port '27017' --ssl --sslAllowInvalidHostnames --sslCAFile '/et
c/pki/nw/trust/truststore.pem' --eval 'db.getSiblingDB("admin").auth("deploy_admin", "netwitness")
db = db.getSiblingDB("$external")
db.createUser({"user":"CN=rsa-nw-endpoint-server","roles":[{"role":"readWriteAnyDatabase","db":"admin"}]})' ----
STDOUT: W NETWORK [thread1] The server certificate does not match the host name. Hostname: 127.0.0.1 does not match CN: mongod
Error: Authentication failed.
chef-stacktrace.out
E QUERY [thread1] Error: couldn't add user: not authorized on $external to execute com
mand { createUser: "CN=rsa-nw-endpoint-server", roles: [ { role: "readWriteAnyDatabase", db: "admin" } ], writeConcern
: { w: "majority", wtimeout: 600000.0 }, $db: "$external" } :
_getErrorWithCode@src/mongo/shell/utils.js:25:13
DB.prototype.createUser@src/mongo/shell/db.js:1437:15
@(shell eval):3:1
Login attempt to admin DB returns the following error.
mongo admin -u deploy_admin -p <Password for deploy_admin> --authenticationDatabase admin
MongoDB shell version v3.6.4
connecting to: mongodb://127.0.0.1:27017/admin
MongoDB server version: 3.6.4
2018-11-26T01:33:47.176+0000 E QUERY [thread1] Error: Authentication failed. :
DB.prototype._authOrThrow@src/mongo/shell/db.js:1608:20
@(auth):6:1
@(auth):1:2
exception: login failed
set-deploy-admin-password can be run successfully but the login to admin DB continues to fail with the same error.


Resolution

Please follow the steps below in order to reset the password for deploy_admin for Mongo DB.
  1. SSH into the ESA host.
  2. Modify /etc/mongod.conf to change 'authorization'
    from
    security:
    authorization: enabled
    to
    security:
    authorization: disabled
  3. Restart mongod service.
    systemctl restart mongod.service
  4. Reset the password.
    mongo admin
    db.changeUserPassword('deploy_admin',' ')
    exit
  5. Revert the changes to /etc/mongod.conf
    from
    security:
    authorization: disabled
    to
    security:
    authorization: enabled
  6. Restart mongod service.
    systemctl restart mongod.service
  7. Test connection with the current password.
    mongo admin -u deploy_admin -p --authenticationDatabase admin

Product Details

RSA Product Set: NetWitness Platform
RSA Product/Service Type: Security Analytics Server
RSA Version/Condition: 11.x
Platform: CentOS
O/S Version: 7

Approval Reviewer Queue

RSA NetWitness Suite Approval Queue