This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Discussions

SALegacyWindowsCollector-10.3

Go to solution
RSAAdmin
Beginner
Beginner

‎2014-01-07 07:26 AM

Hi,

I'm getting crazy trying to put this Legacy Windows Collector in place with SA 10.3.1....

 

Installation doc only refers to software installation on the 2008 Server, and complex user permissions for non admin-user but nothing regarding the connexion between the SALWindowsCollector and Windows Servers (it's supposed to work like it was working with enVision, but is-it Agentless mode or Windows Legacy mode using WinRM)

Configuration doc is partly avalable on the sadocs.emc.com

and even with this docs I can't make it works.

 

I'll open a case on the RSA support but in my mind this is not a bug, but some informations missing in docs : looking deeply in the logs, I discovered rabbitMQ need SSL certificates between SALogCollector and SALegacyWindowsCollector. This certificate subjet was covered previously in the enVision documents for Windows Eventing Collector Service.

 

Can you please confirm I'm on the goood way ?

 

Sebastien

0 Likes
1 ACCEPTED SOLUTION

Accepted Solutions

Go to solution
RSAAdmin
Beginner
Beginner

‎2014-01-09 05:18 AM

Thanks to support who solved my problem.

 

Issue was because of a non-opened port (TCP 5671) for RabbitMQ during WindowsLegacyCollector configuration, causing the failure of the initial certificate exchange.

Even if the port was opened after WLC installation, certificates were not exchanged.

Manualy connecting with 'openssl' command started the communication and now all is running fine.

 

Next step now ....

View solution in original post

0 Likes
4 REPLIES 4

Go to solution
RSAAdmin
Beginner
Beginner

‎2014-01-09 05:18 AM

Thanks to support who solved my problem.

 

Issue was because of a non-opened port (TCP 5671) for RabbitMQ during WindowsLegacyCollector configuration, causing the failure of the initial certificate exchange.

Even if the port was opened after WLC installation, certificates were not exchanged.

Manualy connecting with 'openssl' command started the communication and now all is running fine.

 

Next step now ....

0 Likes

Go to solution
huanzhou1
Beginner
Beginner
In response to RSAAdmin

‎2014-01-12 11:38 AM

I just tried in my lab, i didn't encounter any issue. Or it's because you enabled SSL for the log collector?

 

I'm using default settings.

 

Thanks for sharing. What's the next step suggest by support?

0 Likes

Go to solution
RSAAdmin
Beginner
Beginner
In response to huanzhou1

‎2014-01-13 07:53 AM

support ask to execute command

openssl s_client -conect 192.168.2.120:5671 -key "c:\ProgramData\netwitness\ng\rabbitmq\ssl\keys\privkey.pem" -cert "c:\ProgramData\netwitness\ng\rabbitmq\ssl\keys\cert.pem" -CAfile "c:\ProgramData\netwitness\ng\rabbitmq\ssl\keys\cacert.pem"

on the Windows server (192.168.2.120 is IP address of my localcollector)

and after this it works fine.

 

I tried today to install the SALWC, and connect it to my 10.3.1 Lab but I get the same error, and this time the previous command had no effect.

I tried to remove the SAWLC from my server, but uninstallation failed.... I'm now rebuilding the server.

0 Likes

Go to solution
huanzhou1
Beginner
Beginner
In response to RSAAdmin

‎2014-01-13 10:03 AM

your server got any GPO? for me i'm using default GPO.

0 Likes
© 2022 RSA Security LLC or its affiliates. All rights reserved.