Troubleshooting Version Installations and Updates

Reset your deploy_admin password password.

1. On the NW Server host only, run the following command.
   nw-manage --update-deploy-admin-pw
   Please enter the new deploy_admin account password:
   Please confirm the new deploy_admin account password:
2. Review the output of the nw-manage --update-deploy-admin-pw command to verify the deploy_admin password was successfully updated on all hosts. If an NW host is down or fails for any reason as displayed by the output of the nw-manage --update-deploy-admin-pw command, run nw-manage --sync-deploy-admin-pw --host-key to synchronize the password between the NW Server and the host that failed once the communication failure is resolved.
3. On the host that failed installation or orchestration, run the nwsetup-tui command and use the new deploy_admin password in response to the Deployment Password prompt.

1. Try to update again.

2. If it fails again with the same error, try to update using the offline methods as described in "Offline Method from Hosts View" or "Offline Method Using Command Line Interface" in the Upgrade Guide for NetWitness Platform 11.6. Go to the NetWitness All Versions Documents page and find NetWitness Platform guides to troubleshoot issues.

3. If you are still not able to update, contact Customer Support.

Error deploying version is displayed in the Initialize Update Package for RSA NetWitness Platform dialog after you click on Initialize Update if the update package is corrupted.

1. Click Close to close the dialog.

2. Remove the version folder from staging folder.

3. Make sure that the salt-master service is running.

4. Recopy the update package zip file to the staging folder.

5. In the Hosts view toolbar, select Check for Updates again.
   
   

6. Click Initialize Update.
7. Click Update > Update Hosts from the toolbar.
8. Click Begin Update from the Update Available dialog.
   After the host is updated, it prompts you to reboot the host.
9. Click Reboot from the toolbar.
   

While updating/installing a device to version 11.2 or above, the following error can occur and be found in /var/log/netwitness/config-management/chef-solo.log:

The reason can be because the target host is unable to communicate to the Admin Server on port 53 as it is attempting to use the dnsmasq service on the Admin Server to resolve, in this case, 889e5752-6ae3-4286-a944-c182 33f4ccbc. This is the salt minion id of the admin server. You can see this by running "cat /etc/salt/minion" on the Admin Server to compare. Example output:

Received an error in the error log similar to the following when trying to update to version 11.6 :

To resolve the issue, follow the below steps.

1. SSH to Admin Server.
2. Locate the component descriptor file by running the following command.
   cd /etc/netwitness/component-descriptor/
3. Open the component descriptor file by running the following command.
   vi nw-component-descriptor. json
4. Search for “packages” section for the component you have custom build/rpm. For example, below shown is the package details for “concentrator” host that has custom build/rpm.
   “concentrator”: {
   “cookbook_name”: “rsa-concentrator”,
   “service_names”: [“rsa-nw-concentrator”],
   “family”: “launch”,
   “default_port”: xxxx, “description”: “Concentrator”,
   “packages”:[{ “name”: “rsa-nw-concentrator”,
   “version” : “11.6.0.0-2003001075220.5.cecf24b.e.17.centos”
   },
5. Delete the complete version details including (,) character in the packages section. For example, it should look like as shown below after you delete the version details.
   “packages”: [{
   “name”: “rsa-nw-concentrator”
   },

Note: You must delete the version details for all the host that has custom builds/rpms in the component descriptor of the admin server.

1. Run the upgrade process again.
   

Received an error similar to the following error when trying to update to a new version from the :
.Repository 'nw-rsa-base': Error parsing config: Error parsing "baseurl = 'https://nw-node-zero/nwrpmrepo / /RSA'": URL must be http, ftp, file or https not ""

Make sure that:

• the URL does exist on the NW Server host.
• you used the correct path and remove any spaces from it.
  

1. Try to install the service again.
   Often this is all you need to do.
2. If you still cannot install the service:
   1. Monitor the following logs on NW Server as it progresses (for example, submit the tail -f command string from the command line'):
      /var/netwitness/uax/logs/sa.log
      /var/log/netwitness/orchestration-server/orchestration-server.log
      /var/log/netwitness/deployment-upgrade/chef-solo.log
      /var/log/netwitness/config-management/chef-solo.log
      /var/lib/netwitness/config-management/cache/chef-stacktrace.out
      The error appears in one or more of these logs.
   2. Try to resolve the issue and reinstall the service.
      • Cause 1 - Entered the wrong deploy_admin password in the nwsetup-tui.
        Solution - Reset your deploy_admin password password.
        
        1. On the NW Server host and all other hosts on 11.x, run the following command.
           /opt/rsa/saTools/bin/set-deploy-admin-password

        2. On the host that failed installation or orchestration, run the nwsetup-tui command and use the new deploy_admin password in response to the Deployment Password prompt.

      • Cause 2 -The deploy_admin password has expired.
        Solution - Reset your deploy_admin password password.
        1. On the NW Server host and all other hosts on 11.x, run the following command.
           /opt/rsa/saTools/bin/set-deploy-admin-password

        2. On the host that failed installation or orchestration, run the nwsetup-tui command and use the new deploy_admin password in response to the Deployment Password prompt.

1. If you still cannot apply the update, gather the logs from step 2 and contact Customer Support.

1. Try to apply the version update to the host again.
   Often this is all you need to do.
2. If you still cannot apply the new version update:
   1. Monitor the following logs on NW Server as it progresses (for example, run the tail -f command from the command line):
      /var/netwitness/uax/logs/sa.log
      /var/log/netwitness/orchestration-server/orchestration-server.log
      /var/log/netwitness/deployment-upgrade/chef-solo.log
      /var/log/netwitness/config-management/chef-solo.log
      /var/lib/netwitness/config-management/cache/chef-stacktrace.out
      The error appears in one or more of these logs.
   2. Try to resolve the issue and reapply the version update.
      • Cause 1 - deploy_admin password has expired.
        Solution - Reset your deploy_admin password .
        Complete the following steps to resolve Cause 1.
        1. In the NetWitness Suite menu, select (Admin) > Security > Users tab.
        2. Select the deploy_admin and click Reset Password.
        3. (Conitional) If NetWitness Suite does not allow you to expired deploy_admin password in the Reset Password dialog, complete the following steps.
           1. Reset deploy_admin to use a new password.
           2. On all non-NW Server hosts on 11.x , run the following command using the matching deploy_admin password from NW Server host.
              /opt/rsa/saTools/bin/set-deploy-admin-password
        • Cause 2 -The deploy_admin password was changed on NW Server host but not changed on non-NW Server hosts.
          Complete the following step to resolve Cause 2.
          • On all non-NW Server hosts on 11.x , run the following command using the matching deploy_admin password from NW Server host.
            /opt/rsa/saTools/bin/set-deploy-admin-password

1. If you still cannot apply the update, gather the logs from step 2 and contact Customer Support.

Initialize Update for Version xx.x.x.x
Missing the following update package(s)

Download Packages from RSA Link

1. Click Download Packages from RSA Link in the Initialize Update Package for RSA NetWitness Platform dialog.
   The NetWitness Community page that contains the update files for the selected version is displayed.
   

2. Select the missing packages from the staging folder.
   The Initialize Update Package for RSA NetWitness Platform dialog is displayed telling you that it is ready to initialize the update packages.
   

The following example illustrates an ssh error that can occur when the ssh client is run from a host with OpenSSL 1.1.x installed:
$ ssh root@10.1.2.3
ssh_dispatch_run_fatal: Connection to 10.1.2.3 port 22: message authentication code incorrect

Advanced users who want to ssh to a NetWitness Platform host from a client that is using OpenSSL 1.1.x encounter this error because of incompatibility between CENTOS 7.x and OpenSSL 1.1.x. For example:

$ rpm -q openssl
openssl-1.1.1-8.el8.x86_64

Specify the compatible cipher list on the command line. For example:

$ ssh -oCiphers=aes128-ctr,aes192-ctr,aes256-ctr root@10.1.2.3

I've read & consent to terms in IS user agreement.

root@10.1.2.3's password:

Last login: Mon Oct 21 19:03:23 2019