Skip to content
  • There are no suggestions because the search field is empty.

RSA NetWitness GUI Not Accessible after adding a secondary ESA as primary by mistake

Issue

After adding a second ESA (as primary by mistake) to our environment, the GUI is no longer accessible for the NetWitness Server/node-0.


Cause

If the secondary ESA server is added as primary, the NetWitness GUI will not come up because the ngnix will have two proxy for primary ESA configured.


Workaround

To modify the security server configuration, first check which IP it is pointing to by running the following command using root account on the node-0/Netwitness head:
security-cli-client --get-config-prop --prop-hierarchy nw --prop-name rsa.data.application.servers[0]

If the IP is the new ESA added as primary by mistake correct that by running:
security-cli-client --set-config-prop --prop-hierarchy nw --prop-name rsa.data.application.servers[0] --prop-value IP_address_of_the_old_ESA

You also need to modify the ngnix configuration file /etc/nginx/conf.d/nginx.conf
  • Look for word "proxy" this will be around line 119 (it can be a bit different on your config file) and you see there will be two IP addresses, the new ESA and the old ESA IP. Delete the new ESA IP, this can appear in one or more places on that file so do a search for the new ESA IP address and remove that line.
  • Restart the appliance

Resolution

To modify the security server configuration, first check which IP it is pointing to by running the following command using root account on the node-0/Netwitness head:
security-cli-client --get-config-prop --prop-hierarchy nw --prop-name rsa.data.application.servers[0]

If the IP is the new ESA added as primary by mistake, correct that by running the following command and then restart the appliance:
security-cli-client --set-config-prop --prop-hierarchy nw --prop-name rsa.data.application.servers[0] --prop-value IP_address_of_the_old_ESA

When it comes back online, you need to modify the ngnix configuration file /etc/nginx/conf.d/nginx.conf
  • Look for word "proxy"; this will be around line 119 (it can be a bit different on your config file) and you see there will be two IP addresses, the new ESA and the old ESA IP. Delete the new ESA IP, this can appear in one or more places on that file, so do a search for the new ESA IP address and remove that line.
  • Restart the appliance.

Product Details

RSA Product Set: NetWitness Logs & Network
RSA Product/Service Type: Netwitness UI Server
RSA Version/Condition: 11.2.0.0
Platform: CentOS
O/S Version: 7

Summary

If customer added the secondary ESA on the GUI as a primary.


Approval Reviewer Queue

RSA NetWitness Suite Approval Queue