Skip to content
  • There are no suggestions because the search field is empty.

NetWitness nwbroker.service is unable to start in NetWitness Platform

Issue

NwBroker service was failing to start as shown below in NW    

Cause

For some reason, the pem certificate file for the sa-server service id was broken or missing in /etc/pki/nw/peer/sa-server.
In this case, nwbroker service is unable to start.

Resolution

You need to re-generate the pem file for the sa-server service id in this case.

Please follow the steps below.
  1. Get ssl certificate information and save it to file('root.out')
     
  2. Edit it using vi, then extract content and save it as a b311eddf-8142-46bd-b801-9b80afda3dfe.pem file.
    Note: certificate is the copy of the section:

    -----BEGIN CERTIFICATE-----
    to
    -----END CERTIFICATE-----

  3. Locate pem file into /etc/pki/nw/peer/sa-server/ and link it same as before.
     
    Once completed, you are able to start nwbroker.service without any issue.

Product Details

NetWitness Product Set: NetWitness Platform
NetWitness Product/Service Type: Concentrator
NetWitness Version/Condition: 11.x /12.X
Platform: CentOS 7 / Alma

Summary

NwBroker service was failing to start due to broken or missing pem certificate file.


Approval Reviewer Queue

Technical approval queue