Skip to content
  • There are no suggestions because the search field is empty.

nw-manage --update-deploy-admin-pw command returns Failed status

Issue

When you run "nw-manage --update-deploy-admin-pw" command, you may get "Failed" status as shown below.
User-added

Cause

Generally, this issue happens when the certificate is missing from "/etc/pki/nw/peer/sa-server" or the certificate is broken.
You may see the following error in chef-solo.log of the admin server.
"Mixlib::ShellOut::ShellCommandFailed: nw_pki_openssl_hashed_cert[nw-appliance /etc/netwitness/ng/appliance/trustpeers -> ["sa-server"]] (nw-appliance::trusts line 19) had an error: Mixlib::ShellOut::ShellCommandFailed: execute[launch-peer-cert:sa-server] (/var/lib/netwitness/config-management/cache/cookbooks/nw-pki/resources/openssl_hashed_cert.rb line 66) had an error: Mixlib::ShellOut::ShellCommandFailed: Command execution failed. STDOUT/STDERR suppressed for sensitive resource"

Workaround

If the steps in Resolution do not work, you can try the following steps as well.
  1. vi /etc/netwitness/security-client/security-client-amqp.yml (If the deploy_admin password is netwitness, then update "netwitness" as password in security-client-amqp.yml)
    rsa:
     security:
     server:
     rabbit-admin: deploy_admin
     rabbit-pw: "netwitness"
     pki:
     verify-certificates: false
  2. service rsa-nw-config-server restart
  3. service rsa-nw-admin-server restart
  4. service rsa-nw-security-server restart
  5. service rsa-nw-orchestration-server restart
  6. Run "nw-manage --refresh-host --host-key "
After then, you may observe that issue is resolved this time.

Resolution

Note) Before the steps below, make sure that your "deploy_admin" account is unlocked.
If your "deploy_admin" account is locked, unlock it first based on the article below.(Article 000039627)
https://community.rsa.com/t5/rsa-netwitness-platform/how-to-unlock-deploy-admin-password-in-netwitness-platform/ta-p/598092

If the certificate is missing from "/etc/pki/nw/peer/sa-server", then run the below commands to get the certificate and update the permissions:
# security-cli-client --get-certificates-for-service --service sa-server --output-dir /etc/pki/nw/peer/sa-server -u deploy_admin -k <deploy_admin_password> -b <Admin server IP>
# chown netwitness:nwpki /etc/pki/nw/peer/sa-server/*.pem

Once all the above operations are performed, then try to run "nw-manage --update-deploy-admin-pw".

If you are unsure of any of the steps above or experience any issues, contact RSA Support and quote this article number for further assistance.

Product Details

RSA Product Set: RSA NetWitness Platform
RSA Product/Service Type: Core Appliance
RSA Version/Condition: 11.5.x

Summary

This article explains on how to fix the issue when nw-manage --update-deploy-admin-pw command returns Failed status.


Approval Reviewer Queue

RSA NetWitness Suite Approval Queue