'NWEAgent /testnet' returns WinHTTP error 12175

Issue

Endpoint server cannot see all agents.
From all endpoint agents, 'NWEAgent /testnet' command returns WinHTTP error code: 12175.



WinHTTP 12175 code:
One or more errors were found in the Secure Sockets Layer (SSL) certificate sent by the server. To determine what type of error was encountered, check for a WINHTTP_CALLBACK_STATUS_SECURE_FAILURE notification in a status callback function. 

Cause

Found that /etc/nginx/conf.d/nginx.conf file was modified to UEBA configuration causing agent communication to fail with certificate mismatch issue. The issue is that the nginx.conf file gets overwritten on the orchestration run for the Endpoint appliance.
It seems that at some point user accidentally installed UEBA on the existing endpoint appliance. 

Workaround

Temporary workaround

Please replace the file /var/netwitness/config-management/cookbooks/third-party/nw-nginx/recipes/config.rb on the Endpoint Log Hybrid with config.rb file from another same version of Endpoint Log Hybrid.
Then run the below command: This is a workaround to prevent chef from reverting the Nginx configuration file to the UEBA configuration.
But this workaround will not work after the user upgrades the host to a newer version as this would override any modification done to the Chef recipes.

Resolution

Permanent solution:

The only permanent solution is to reimage the Endpoint Log Hybrid after manually taking a backup for the Endpoint component.

Product Details

NetWitness Product Set: NetWitness Platform
NetWitness Product/Service Type: NetWitness Endpoint 
NetWitness Version/Condition: 11.5
Platform: CentOS 7

Summary

Endpoint server cannot see all agents. 'NWEAgent /testnet' command returns WinHTTP error code: 12175.

Approval Reviewer Queue

Technical approval queue