NetWitness Community

BrianFraser · ‎2016-02-16

Have been trying to get Live working through a proxy on version 10.5.1.0.19758-5 without success.

When trying to reach cms.netwitness.com (outside the proxy the same credentials work successfully)

The Live test gives test "connection failed".

The Proxy uses AD Authentication and when testing in the GUI gives the following error.

CMS authentication failure for the account username:javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated

When running a curl test from the cli we are seeing 407 and 504 errors or nothing (suggesting the test has worked or got further than the GUI)

Any thoughts on this?

Thanks

DavidPoirier · ‎2016-02-16

Hello,

In the under the SYSTEM > http Proxy Setting, under the NTLM Authentication, this is checked? Also, make sure that you place a leading slash in front of the domain. /corp example:

Thank you

David

BrianFraser · ‎2016-02-16

Hi David,

Thanks for update

Yes we have tried every combination on the GUI

Should this apply live without service restarts?

Thanks again

Regards

Brian

DavidPoirier · ‎2016-02-16

Brian,

If we tail –f /var/lib/netwitness/uax/logs/sa.log do you see any useful information that may lead us in the correct direction?

This would be on the SA head that is running the Jettysrv

David

DavidPoirier · ‎2016-02-16

Hi Brian,

Are you currently configured to authenticate to AD now in the UI? Are we seeing any messages that look like we are not able to map to a Kerberos realm?

David

BrianFraser · ‎2016-02-16

Hi David,

Yes we are set to authenticate in AD via the UI,

I am not able to test again until tomorrow, so will have to park this for now.

But I will run the tail command as suggested.

Thanks again

regards

Brian

BrianFraser · ‎2016-02-17

Hi David,

We are seeing the following - I have anonymised a couple things

# tail -f /var/lib/netwitness/uax/logs/sa.log

2016-02-17 10:31:31,187 WARN com.rsa.smc.sa.admin.job.SMSStatusHandlerTask - Host has not received update, resetting Broker

2016-02-17 10:31:31,187 WARN com.rsa.smc.sa.admin.service.DefaultSystemMonitoringService - Unknown system monitoring component type getIPDBEndpointLabel

2016-02-17 10:36:31,187 WARN com.rsa.smc.sa.admin.job.SMSStatusHandlerTask - Host has not received update, resetting Offline Decoder

2016-02-17 10:36:31,187 WARN com.rsa.smc.sa.admin.service.DefaultSystemMonitoringService - Unknown system monitoring component type getIPDBEndpointLabel

2016-02-17 10:41:31,187 WARN com.rsa.smc.sa.admin.job.SMSStatusHandlerTask - Host has not received update, resetting Offline Decoder

2016-02-17 10:41:31,187 WARN com.rsa.smc.sa.admin.service.DefaultSystemMonitoringService - Unknown system monitoring component type getIPDBEndpointLabel

2016-02-17 10:46:31,187 WARN com.rsa.smc.sa.admin.job.SMSStatusHandlerTask - Host has not received update, resetting Offline Decoder

2016-02-17 10:46:31,187 WARN com.rsa.smc.sa.admin.service.DefaultSystemMonitoringService - Unknown system monitoring component type getIPDBEndpointLabel

2016-02-17 10:51:31,187 WARN com.rsa.smc.sa.admin.job.SMSStatusHandlerTask - Host has not received update, resetting Offline Decoder

2016-02-17 10:51:31,187 WARN com.rsa.smc.sa.admin.service.DefaultSystemMonitoringService - Unknown system monitoring component type getIPDBEndpointLabel

Live Account test

2016-02-17 10:57:08,568 INFO com.rsa.smc.sa.live.web.controller.ajax.LiveCmsServerController - update saved connection info

2016-02-17 10:57:08,572 INFO com.rsa.netwitness.carlos.config.ConfigurationMXBean - CmsConfiguration changed by my_ad_account (changed this for anonymity)

HTTP Proxy TEST

Caused by: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated

at sun.security.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:431)

at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:128)

at org.apache.http.conn.ssl.SSLSocketFactory.createLayeredSocket(SSLSocketFactory.java:628)

at org.apache.http.impl.conn.DefaultClientConnectionOperator.updateSecureConnection(DefaultClientConnectionOperator.java:232)

at org.apache.http.impl.conn.ManagedClientConnectionImpl.layerProtocol(ManagedClientConnectionImpl.java:401)

at org.apache.http.impl.client.DefaultRequestDirector.establishRoute(DefaultRequestDirector.java:837)

at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:644)

at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:479)

at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:906)

at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:805)

at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:784)

at com.rsa.netwitness.cms.impl.CmsClientImpl.doHttpGet(CmsClientImpl.java:1461)

... 138 more

As mentioned the same proxy and live credentials work in a browser to allow direct access to cme.netwitness.com from the same network

Thanks

Regards

Brian

BrianFraser · ‎2016-03-31

Update

After numerous tests with both the SA platform and proxy we came across the solution for this by total chance.
The issue wasn't with the proxy, it turned out to a config issue (NOT related to the proxy settings).

Basically a separate issue relating to the reporting engine appeared on the Health and Wellness screen, the support representative had to delete and recreate the basic DB config. Upon checking the general system health we noticed the live feeds and cms access were all working

Ravisekhar · ‎2021-11-12

Hi @BrianFraser,

I am facing the same issue here. Is it possible for you to share the process you've followed to get this issue recified?

Thanks and Regards,

Ravisekhar.

NetWitness Community

cannot connect to cms.netwitness.com through proxy