Skip to content
  • There are no suggestions because the search field is empty.

ResolvError during upgrade from RSA NetWitness Logs & Network 11.1.0 to 11.3.0

Issue

When upgrade netwitness from 11.x to 11.3, failed with following errors.

On /var/log/netwitness/orchestration-server/orchestration-server.log


    ================================================================================
    Error executing action `run` on resource 'ruby_block[resolve ips]'
    ================================================================================
    
    Resolv::ResolvError
    -------------------
    no address for
    
    Cookbook Trace:
    ---------------
    /var/lib/netwitness/config-management/cache/cookbooks/nw-dns-client/recipes/config.rb:78:in `block (2 levels) in from_file'

On /var/log/netwitness/config-management/chef-solo.log

[2019-04-23T03:55:26+00:00] ERROR: Running exception handlers
[2019-04-23T03:55:26+00:00] ERROR: Exception handlers complete
[2019-04-23T03:55:26+00:00] FATAL: Stacktrace dumped to /var/lib/netwitness/config-management/cache/chef-stacktrace.out
[2019-04-23T03:55:26+00:00] FATAL: Please provide the contents of the stacktrace.out file if you file a bug report
[2019-04-23T03:55:26+00:00] ERROR: ruby_block[resolve ips] (nw-dns-client::config line 69) had an error: Resolv::ResolvError: no address for
[2019-04-23T03:55:26+00:00] FATAL: Chef::Exceptions::ChildConvergeError: Chef run process exited unsuccessfully (exit code 1)

Cause

Netwitness 11.3 look up DNS by UUID instead of hostname, but for some reason DNS couldn't resolve UUID of admin server


Workaround

Attach the uuid of admin server on the /etc/hosts of other NW hosts.

For example, attach the uuid of admin server(32c5b77d-309d-45ea-9134-9cd5c04791d8) to the /etc/hosts on ESA
----before attach the uuid of admin server----
127.0.0.1   ESA localhost localhost.localdomain localhost4 localhost4.localdomain4 621ee484-eaed-4f70-a965-6994ae43a727
::1         ESA localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.2.101    nw-node-zero

----after attach the uuid of admin server----
127.0.0.1   ESA localhost localhost.localdomain localhost4 localhost4.localdomain4 621ee484-eaed-4f70-a965-6994ae43a727
::1         ESA localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.2.101    nw-node-zero  32c5b77d-309d-45ea-9134-9cd5c04791d8

Resolution

Check all hosts can communicate with NW server over udp/tcp 53 port(DNS)
Also need to check dnsmasq, uuid of admin server is on /etc/netwitness/platform/hosts.dnsmasq

Product Details

RSA Product Set: NetWitness Logs & Network
RSA Product/Service Type: Core Appliance
RSA Version/Condition: 11.1.0.0

Approval Reviewer Queue

RSA NetWitness Suite Approval Queue