This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Discussions

Is the ESA WhoIs Service down?

david_waugh
Beginner
Beginner

‎2018-08-28 04:50 PM

I'm trying a direct connection to the ESA Who Is service and getting Service Unavailable today.

Has this failed and why hasnt it been picked up by RSA?

 

The ESA is slow at processing sessions as a result.

 

$ /usr/bin/curl -sk -H "Content-Type: application/json" -H "x-auth-token: eyJpc3MiOiJMSVZFX0FVVEhFTlRJQ0FUSU9OIiwic3ViIjoiV0hPSVMiLCJhdWQiOnsiTGl2ZS1Vc2VybmFtZSI6ImJhbmtvZmVuZ2xhbmRsaXZlQGJhbmtvZmVuZ2xhbmQuY28udWsifSwiZXhwIjoxNTM1NDkxODkyMTcyLCJhbGciOiJIbWFjU0hBMjU2In0=.mrvRvmYquDuKZzIo4vKMY1knKrLYVJ0vIEvKqSEGRWs=" "https://cms.netwitness.com/whois/query/google.com" -vvv
* STATE: INIT => CONNECT handle 0x800485e0; line 1404 (connection #-5000)
* Added connection 0. The cache now contains 1 members
* STATE: CONNECT => WAITRESOLVE handle 0x800485e0; line 1440 (connection #0)
* Trying 52.224.176.196...
* TCP_NODELAY set
* STATE: WAITRESOLVE => WAITCONNECT handle 0x800485e0; line 1521 (connection #0)
* Connected to cms.netwitness.com (52.224.176.196) port 443 (#0)
* STATE: WAITCONNECT => SENDPROTOCONNECT handle 0x800485e0; line 1573 (connection #0)
* Marked for [keep alive]: HTTP default
* ALPN, offering h2
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* ignoring certificate verify locations due to disabled peer verification
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* STATE: SENDPROTOCONNECT => PROTOCONNECT handle 0x800485e0; line 1587 (connection #0)
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN, server accepted to use h2
* Server certificate:
* subject: OU=Domain Control Validated; CN=cms.netwitness.com
* start date: Mar 16 20:26:00 2018 GMT
* expire date: Mar 16 20:26:00 2019 GMT
* issuer: C=US; ST=Arizona; L=Scottsdale; O=GoDaddy.com, Inc.; OU=http://certs.godaddy.com/repository/; CN=Go Daddy Secure Certificate Authority - G2
* SSL certificate verify result: self signed certificate in certificate chain (19), continuing anyway.
* STATE: PROTOCONNECT => DO handle 0x800485e0; line 1608 (connection #0)
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x800485e0)
> GET /whois/query/google.com HTTP/2
> Host: cms.netwitness.com
> User-Agent: curl/7.56.1
> Accept: */*
> Content-Type: application/json
> x-auth-token: eyJpc3MiOiJMSVZFX0FVVEhFTlRJQ0FUSU9OIiwic3ViIjoiV0hPSVMiLCJhdWQiOnsiTGl2ZS1Vc2VybmFtZSI6ImJhbmtvZmVuZ2xhbmRsaXZlQGJhbmtvZmVuZ2xhbmQuY28udWsifSwiZXhwIjoxNTM1NDkxODkyMTcyLCJhbGciOiJIbWFjU0hBMjU2In0=.mrvRvmYquDuKZzIo4vKMY1knKrLYVJ0vIEvKqSEGRWs=
>
* STATE: DO => DO_DONE handle 0x800485e0; line 1670 (connection #0)
* multi changed, check CONNECT_PEND queue!
* STATE: DO_DONE => WAITPERFORM handle 0x800485e0; line 1795 (connection #0)
* STATE: WAITPERFORM => PERFORM handle 0x800485e0; line 1811 (connection #0)
* Connection state changed (MAX_CONCURRENT_STREAMS == 200)!
* multi changed, check CONNECT_PEND queue!
* HTTP/2 found, allow multiplexing
< HTTP/2 500
< content-type: text/html
< date: Tue, 28 Aug 2018 20:45:03 GMT
< content-length: 511
<
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html;charset=utf-8">
<title>Service Unavailable</title>
<style type="text/css">
body, p, h1 {
font-family: Verdana, Arial, Helvetica, sans-serif;
}
h2 {
font-family: Arial, Helvetica, sans-serif;
color: #b10b29;
}
</style>
</head>
<body>
<h2>Service Unavailable</h2>
<p>The service is temporarily unavailable. Please try again later.</p>
</body>
</html>
* nread <= 0, server closed connection, bailing
* STATE: PERFORM => DONE handle 0x800485e0; line 1980 (connection #0)
* multi_done
* Connection #0 to host cms.netwitness.com left intact

0 Likes
1 REPLY 1

david_waugh
Beginner
Beginner

‎2018-08-29 05:50 AM

Looks like it is back up, although it seems slow and the performance is intermittent.

 

Do we know what happened?

0 Likes
© 2022 RSA Security LLC or its affiliates. All rights reserved.