.png?width=180&height=32&name=NW%20Logo%20(2).png){kind=small}
RSA NetWitness nw-recovery-tool script fails to export mongodb
Issue
When running the NetWitness Recovery Tool (NRT) nw-recovery-tool script it fails during mongodb export with the error,:
[2020-10-19T17:11:40+00:00] <25616> (INFO) dnsmasq: [ok]
[2020-10-19T17:11:40+00:00] <25616> (INFO) Processing component: mongo...
[2020-10-19T17:11:40+00:00] <25616> (INFO) Executing: before-export [1/2]...
[2020-10-19T17:11:40+00:00] <25616> (INFO) Executing: before-export [2/2]...
2020-10-19T17:11:40.454+0000 Failed: error connecting to db server: server returned error on SASL authentication step: Authentication failed.
[2020-10-19T17:11:40+00:00] <25616> (INFO) mongo: [failed]
[2020-10-19T17:11:40+00:00] <25616> (ERROR) Failed to execute before-export step [2/2]!
In the nw-recovery-tool script log file /var/log/netwitness/recovery-tool/recovery.log, it shows.
:
[2020-10-19T17:11:40+00:00] <25616> (INFO) dnsmasq: [ok]
[2020-10-19T17:11:40+00:00] <25616> (INFO) Processing component: mongo...
[2020-10-19T17:11:40+00:00] <25616> (INFO) Executing: before-export [1/2]...
[2020-10-19T17:11:40+00:00] <25616> (INFO) Executing: before-export [2/2]...
[2020-10-19T17:11:40+00:00] <25616> (INFO) mongo: [failed]
[2020-10-19T17:11:40+00:00] <25616> (ERROR) Failed to execute before-export step [2/2]!
Cause
The nw-recovery-tool script asks for the deploy_admin password, which is used to login to the mongodb.If the entered deploy_admin is wrong, the mongodump login will fail to authenticate and fail to export the mongodb data.
mongodump -u "deploy_admin" -p "wrong_password" --out=./mongo --gzip
2020-10-20T02:43:14.074+0000 Failed: error connecting to db server: server returned error on SASL authentication step: Authentication failed.
2020-10-20T02:43:14.074+0000 Failed: error connecting to db server: server returned error on SASL authentication step: Authentication failed.
Resolution
Test if the "known" deploy_admin password can access the mongodb with a command like,echo "show dbs" |mongo -u deploy_admin -p netwitness
Where netwitness is the default password, substitute this with your deploy_admin password.
If the returned output is "Error: Authentication failed" then the login has failed.
echo "show dbs" |mongo -u deploy_admin -p wrong_password
MongoDB shell version v4.0.19
connecting to: mongodb://127.0.0.1:27017/?gssapiServiceName=mongodb
2020-10-22T04:10:36.287+0000 E QUERY [js] Error: Authentication failed. :
connect@src/mongo/shell/mongo.js:344:17
@(connect):2:6
exception: connect failed
MongoDB shell version v4.0.19
connecting to: mongodb://127.0.0.1:27017/?gssapiServiceName=mongodb
2020-10-22T04:10:36.287+0000 E QUERY [js] Error: Authentication failed. :
connect@src/mongo/shell/mongo.js:344:17
@(connect):2:6
exception: connect failed
If the login failed try using netwitness and see if the default password works.
If the mongodb password is still unknown refer to the following RSA Knowledgebase article, How to reset deploy_admin password for mongo DB in RSA NetWitness Platform 11.x
Re-run the nw-recovery-tool script and enter the correct deploy_admin password once it is known.
Product Details
RSA Product Set: RSA NetWitness PlatformRSA Product/Service Type: NetWitness Recovery Tool (NRT)
RSA Version/Condition: 11.3.x, 11.4.x, 11.5.x
O/S Version: CentOS 7
Summary
RSA NetWitness nw-recovery-tool script fails during mongodb export.
Approval Reviewer Queue
RSA NetWitness Suite Approval Queue