.png?width=180&height=32&name=NW%20Logo%20(2).png){kind=small}
RSA NetWitness NwHost is not getting enabled in ADMIN->Hosts page
Issue
When NetWitness NwHost provisioning, it is not getting enabled in ADMIN->Hosts page.On NwHost, /var/log/messages errors will be as below.
Apr 22 06:32:39 ESASrv salt-minion: The master public key can be found at:
Apr 22 06:32:39 ESASrv salt-minion: /etc/salt/pki/minion/minion_master.pub
Apr 22 06:32:39 ESASrv salt-minion: [ERROR ] Error while bringing up minion for multi-master. Is master at 10.12.14.11 responding?
Apr 22 06:32:49 ESASrv salt-minion: [ERROR ] The master key has changed, the salt master could have been subverted, verify salt master's public key
Apr 22 06:32:49 ESASrv salt-minion: [CRITICAL] The Salt Master server's public key did not authenticate!
Apr 22 06:32:49 ESASrv salt-minion: The master may need to be updated if it is a version of Salt lower than 2017.7.4, or
Apr 22 06:32:49 ESASrv salt-minion: If you are confident that you are connecting to a valid Salt Master, then remove the master public key and restart the Salt Minion.
Apr 22 06:32:49 ESASrv python[15819]: OWB:ERROR:BSAFELIB:func(133):reason(109):b_rsa.c:273
Apr 22 06:32:49 ESASrv salt-minion: [ERROR ] The master failed to decrypt the random minion token
Apr 22 06:32:39 ESASrv salt-minion: /etc/salt/pki/minion/minion_master.pub
Apr 22 06:32:39 ESASrv salt-minion: [ERROR ] Error while bringing up minion for multi-master. Is master at 10.12.14.11 responding?
Apr 22 06:32:49 ESASrv salt-minion: [ERROR ] The master key has changed, the salt master could have been subverted, verify salt master's public key
Apr 22 06:32:49 ESASrv salt-minion: [CRITICAL] The Salt Master server's public key did not authenticate!
Apr 22 06:32:49 ESASrv salt-minion: The master may need to be updated if it is a version of Salt lower than 2017.7.4, or
Apr 22 06:32:49 ESASrv salt-minion: If you are confident that you are connecting to a valid Salt Master, then remove the master public key and restart the Salt Minion.
Apr 22 06:32:49 ESASrv python[15819]: OWB:ERROR:BSAFELIB:func(133):reason(109):b_rsa.c:273
Apr 22 06:32:49 ESASrv salt-minion: [ERROR ] The master failed to decrypt the random minion token
Cause
This error was indicating that Nwhost was reporting to different Node-zero earlier and it is expecting the public key to be regenerated from current NwServer(Node-zero).
Resolution
Please follow the below steps to provision the appliance successfully.- Login to NwHost putty and edit /etc/hosts to add Node-zero UUID.
Note: Please use cat /etc/salt/minion in NwServer(Node-Zero) to get UUID of Node-Zero.
- Move the current minion_master.pub file to a different directory using the below command.
mv /etc/salt/pki/minion/minion_master.pub /root
- Restart salt-minion service using the below command.
systemctl restart salt-minion.service
- Run nwsetup-tui to complete provision.
- Enable the appliance in UI->ADMIN->Hosts page.
Product Details
RSA Product Set: RSA NetWitness Logs & NetworkRSA Product/Service Type: Event Stream Analysis, Core Service
RSA Version/Condition: 11.X
Platform: CentOS
O/S Version: 7
Summary
This document outlines the procedure to add new NwHost in ADMIN->Hosts page.
Approval Reviewer Queue
RSA NetWitness Suite Approval Queue