This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Discussions

Integrating workgroup windows machines located in the DMZ to RSA SA (10.6.4.1)

Go to solution
VishamRawat
Beginner
Beginner

‎2018-07-25 08:55 AM

We're trying to integrate windows servers located in the DMZ, and not part of the domain (belong to workgroup) to RSA SA.

 

 

On the windows machine, we've run the script using local admin account credentials (account was created specifically for RSA SA collection purposes).


On SA, we're adding the windows servers using Basic Authentication.

However, on testing connectivity, we're receiving a 'Error! 401 Unauthorized. Possible causes: invalid credentials.' On checking the status of Basic Authentication on the windows machine, it is currently set to false (hasn't been enabled).

 

The question is - do we have to enable Basic Authentication on the windows servers as well? If yes, can this be done without enabling the IIS role? Since the windows servers are on the DMZ, enabling IIS is problematic.

 

Also, what ports are needed to be opened to enable this integration?

Port 5985 - is it bi-directional between SA and the windows server?

Do we need to open port 80 for basic authentication between SA and windows server?

How can we leverage basic authentication over SSL?

0 Likes
1 ACCEPTED SOLUTION

Accepted Solutions

Go to solution
VishamRawat
Beginner
Beginner

‎2018-07-31 07:49 AM

Hi Sravan,

 

Thanks for the response. Yes, I've added the local account to the Event Log Readers group.

Actually, the issue has now been resolved.

 

In case anybody's curious, the Basic Authentication (selected for the Workgroup Windows Category defined on RSA SA) must be turned on the windows machine, for WinRM services.

 

My confusion was assuming Basic Authentication as an exclusive feature of the IIS server role - available only if the IIS role were installed; not true.

It is a feature of WinRM that must be enabled, which essentially also means that port 80 needn't be opened between the two machines (at least I didn't open it specifically).

The authentication occurs over port 5985 (bi-directional) only.

View solution in original post

2 REPLIES 2

Go to solution
SravanKoneti1
Beginner
Beginner

‎2018-07-31 05:24 AM

Hi Vish,

 

Have you added the local account to local event log readers group?

 

Try document:https://community.rsa.com/docs/DOC-43306 

0 Likes

Go to solution
VishamRawat
Beginner
Beginner

‎2018-07-31 07:49 AM

Hi Sravan,

 

Thanks for the response. Yes, I've added the local account to the Event Log Readers group.

Actually, the issue has now been resolved.

 

In case anybody's curious, the Basic Authentication (selected for the Workgroup Windows Category defined on RSA SA) must be turned on the windows machine, for WinRM services.

 

My confusion was assuming Basic Authentication as an exclusive feature of the IIS server role - available only if the IIS role were installed; not true.

It is a feature of WinRM that must be enabled, which essentially also means that port 80 needn't be opened between the two machines (at least I didn't open it specifically).

The authentication occurs over port 5985 (bi-directional) only.

© 2022 RSA Security LLC or its affiliates. All rights reserved.