.png?width=180&height=32&name=NW%20Logo%20(2).png){kind=small}
NetWitness CMS Live Account test connection failing in UI
Issue
- CMS test connection failing when entering Live account into NetWitness UI
- An nslookup from the Security Analytics server is successful, as shown in the example below.
#nslookup cms.netwitness.com
Output:
Server: <cust_dns_server>
Address: <cust_dns_server>#53
Non-authoritative answer:
Name: cms.netwitness.com
Address: 216.200.20.140
Address: <cust_dns_server>#53
Non-authoritative answer:
Name: cms.netwitness.com
Address: 216.200.20.140
- The output of the curl command shows successful connection (HTTP 200) through the Web Proxy, as shown in the example below:
#curl -v --proxy <proxy_ip>:<proxy_port> https://cms.netwitness.com/
Output:
* About to connect() to proxy <proxy_ip> port <proxy_port> (#0)
* Trying <proxy_ip>... connected
* Connected to <proxy_ip> (<proxy_ip>) port <proxy_port> (#0)
* Establish HTTP proxy tunnel to cms.netwitness.com:443
> CONNECT cms.netwitness.com:443 HTTP/1.1
> Host: cms.netwitness.com:443
> User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.13.1.0 zlib/1.2.3 libidn/1.18 libssh2/1.2.2
> Proxy-Connection: Keep-Alive
>
< HTTP/1.0 200 Connection established
<
* Proxy replied OK to CONNECT request
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* SSL connection using TLS_DHE_RSA_WITH_AES_256_CBC_SHA
* Server certificate:
* subject: CN=cms.netwitness.com,OU=Domain Control Validated
* start date: Apr 09 21:46:24 2014 GMT
* expire date: Apr 06 19:37:23 2015 GMT
* common name: cms.netwitness.com
* issuer: CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs.godaddy.com/repository/,O="GoDaddy.com, Inc.",L=Scottsdale,ST=Arizona,C=US
> GET / HTTP/1.1
> User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.13.1.0 zlib/1.2.3 libidn/1.18 libssh2/1.2.2
> Host: cms.netwitness.com
> Accept: */*
>
< HTTP/1.1 302 Found
< Server: nginx/1.0.15
< Date: Tue, 01 Jul 2014 00:13:03 GMT
< Transfer-Encoding: chunked
< Connection: keep-alive
< X-Frame-Options: SAMEORIGIN
< Set-Cookie: JSESSIONID=1jxffrpsvot0awv9cj7aqndfq;Path=/;HttpOnly
< Expires: Thu, 01-Jan-1970 00:00:00 GMT
< Location: http://cms.netwitness.com/live/login;jsessionid=1jxffrpsvot0awv9cj7aqndfq
<
* Connection #0 to host <proxy_ip> left intact
* Closing connection #0
* Trying <proxy_ip>... connected
* Connected to <proxy_ip> (<proxy_ip>) port <proxy_port> (#0)
* Establish HTTP proxy tunnel to cms.netwitness.com:443
> CONNECT cms.netwitness.com:443 HTTP/1.1
> Host: cms.netwitness.com:443
> User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.13.1.0 zlib/1.2.3 libidn/1.18 libssh2/1.2.2
> Proxy-Connection: Keep-Alive
>
< HTTP/1.0 200 Connection established
<
* Proxy replied OK to CONNECT request
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* SSL connection using TLS_DHE_RSA_WITH_AES_256_CBC_SHA
* Server certificate:
* subject: CN=cms.netwitness.com,OU=Domain Control Validated
* start date: Apr 09 21:46:24 2014 GMT
* expire date: Apr 06 19:37:23 2015 GMT
* common name: cms.netwitness.com
* issuer: CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs.godaddy.com/repository/,O="GoDaddy.com, Inc.",L=Scottsdale,ST=Arizona,C=US
> GET / HTTP/1.1
> User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.13.1.0 zlib/1.2.3 libidn/1.18 libssh2/1.2.2
> Host: cms.netwitness.com
> Accept: */*
>
< HTTP/1.1 302 Found
< Server: nginx/1.0.15
< Date: Tue, 01 Jul 2014 00:13:03 GMT
< Transfer-Encoding: chunked
< Connection: keep-alive
< X-Frame-Options: SAMEORIGIN
< Set-Cookie: JSESSIONID=1jxffrpsvot0awv9cj7aqndfq;Path=/;HttpOnly
< Expires: Thu, 01-Jan-1970 00:00:00 GMT
< Location: http://cms.netwitness.com/live/login;jsessionid=1jxffrpsvot0awv9cj7aqndfq
<
* Connection #0 to host <proxy_ip> left intact
* Closing connection #0
- Confirmed the Live account credentials are valid by using a web browser to log into https://cms.netwitness.com using these credentials.
- When using the 'Test Connection' button in (Admin > System > Live Services > Live Account) receiving the 'Test connection failed'
- The /var/lib/netwitness/uax/logs/sa.log file displays errors similar to the following:
[qtp1762404986-497] INFO com.rsa.netwitness.cms.impl.CmsClientImpl - CMS authentication failure for <customers_live_Account> : org.apache.http.HttpException: CMS Server indicated an error. Please check the application log for the more information.
[qtp1762404986-416] INFO com.rsa.netwitness.cms.impl.CmsClientImpl - Unable to parse error from: <html><head><title>Apache Tomcat/6.0.29 - Error report</title><style><!--H1 {>[qtp1762404986-416] INFO com.rsa.netwitness.cms.impl.CmsClientImpl - CMS Server HTTP exception: Unable to parse error from remote CMS server
[qtp1762404986-416] ERROR com.rsa.netwitness.cms.impl.CmsClientImpl - CMS Server indicated an error. Please check the application log for the more information.
at com.rsa.netwitness.cms.impl.CmsClientImpl.handleHttpResponse(CmsClientImpl.java:301)
at
com.rsa.netwitness.cms.impl.CmsClientImpl.doHttpGet(CmsClientImpl.java:1456)
at com.rsa.netwitness.cms.impl.CmsClientImpl.authenticateCMSUser(CmsClientImpl.java:331)
at com.rsa.netwitness.cms.impl.CmsClientImpl.authenticateCMSUser(CmsClientImpl.java:314)
[qtp1762404986-416] INFO com.rsa.netwitness.cms.impl.CmsClientImpl - Unable to parse error from: <html><head><title>Apache Tomcat/6.0.29 - Error report</title><style><!--H1 {>[qtp1762404986-416] INFO com.rsa.netwitness.cms.impl.CmsClientImpl - CMS Server HTTP exception: Unable to parse error from remote CMS server
[qtp1762404986-416] ERROR com.rsa.netwitness.cms.impl.CmsClientImpl - CMS Server indicated an error. Please check the application log for the more information.
at com.rsa.netwitness.cms.impl.CmsClientImpl.handleHttpResponse(CmsClientImpl.java:301)
at
com.rsa.netwitness.cms.impl.CmsClientImpl.doHttpGet(CmsClientImpl.java:1456)
at com.rsa.netwitness.cms.impl.CmsClientImpl.authenticateCMSUser(CmsClientImpl.java:331)
at com.rsa.netwitness.cms.impl.CmsClientImpl.authenticateCMSUser(CmsClientImpl.java:314)
Cause
Some symbols in the NetWitness Live account password may not be passed to cms.netwitness.com successfully. e.g. the symbols: & /Resolution
To resolve the issue, the customer will need to contact Customer Support and request to have their Live account password reset and then to change it to include only letters and numbers.OR
Customer can Reset the password from: https://live.netwitness.com/registration/index.html#/
Notes
If there is a proxy between Security Analytics and the Internet, it may need to be configured in NetWitness UI under Administration -> System -> NTP SettingsInstructions for configuring HTTP Proxy can be found in the https://community.netwitness.com/t5/netwitness-platform-online/ntp-settings-panel/ta-p/669750
Internal Comments
Please delete this article
CMS now accepts symbols
Product Details
NetWItness Product Set: Security Analytics, NetWitnessNetWItness Product/Service Type: Live
NetWItness Version/Condition: 11.x, 12.x
Platform: CentOS 7 / Alma
Approval Reviewer Queue
Technical approval queue