NetWitness Community

RomanZeltser · ‎2017-03-28

I have a simple configuration: server, collector, concentrator/decoder. I have upgraded the server from 10.6.0.0 to 10.6.2.0 with no problem. The next step was to upgrade the decoder. The upgrade went OK and it has updated 84 packages from 84. However, at the end of upgrade, I have rebooted the decoder as requested but the message "Rebooting" was staing there for at least 20-25 min. So, since it is a virtual machine, I have start/stop the VM just to see the same message (seee the picture below). I have restarted the services on the LogDecoder but the message is persistently shown there.

Did anyone had the same problem? In addition, I can't login to the console of the LogDecoder - with a message "login incorrect".

RomanZeltser · ‎2017-03-28

I also found that the LogDecoder is initializing database (see yellow icon):

Note that the version of LogDecoder is 10.6.2.0 here.

ArthurCostigan1 · ‎2017-03-28

Roman,

I have seen instances of this. Here is something to try

https://community.rsa.com/docs/DOC-73181

GuyBruneau · ‎2017-03-28

Roman,

I had similar errors in the past with system upgrade. Two of the things I did to rectify the issue.

First one was to check the /etc/grub.conf file to make sure it was using the correct kernel (it might be set to default 1 vs. default 0 for the new kernel) then reboot for the new kernel to take effect. You can check after rebooting with uname -a
The other is refresh the Hosts tab and re-apply the update again then reboot.

As for the database, it may have to re-index and that is normal. It can also take a while to re-index.

RomanZeltser · ‎2017-03-28

Arthur, thanks for this tip. It has cleared the icon after the successful test, however, I still have the “Rebooting” message.

===============

Roman Zeltser

Sr. IM Security Analyst

CDR Associates

307 International Circle

Suite 300

Hunt Valley, MD 21030

P: 410-560-2269 x.1261

rzeltser@cdrassociates.com<mailto:rzeltser@cdrassociates.com>

RomanZeltser · ‎2017-03-28

Guy, thanks!

For some unknown reason, I can’t login to the VM console to run the commands.

I might re-do the upgrade.

I have already cleared up the services – everything is green.

Interesting that the Services screen show the new version but the Hosts’ screen show the old one.

===============

Roman Zeltser

Sr. IM Security Analyst

CDR Associates

307 International Circle

Suite 300

Hunt Valley, MD 21030

P: 410-560-2269 x.1261

rzeltser@cdrassociates.com<mailto:rzeltser@cdrassociates.com>

RomanZeltser · ‎2017-03-28

Guy, I got to the console but don't see /etc/grub.conf file under /etc. can you specify the precise location? Thanks in advance!

RomanZeltser · ‎2017-03-28

: -)

Perhaps, “uname –a” command has revealed that the kernel is the same as on the RSA-SA-Server that was successfully upgraded to 10.6.2.0. The Concentrator (not upgraded, yet) shows the different version.

===============

Roman Zeltser

Sr. IM Security Analyst

CDR Associates

307 International Circle

Suite 300

Hunt Valley, MD 21030

P: 410-560-2269 x.1261

rzeltser@cdrassociates.com<mailto:rzeltser@cdrassociates.com>

DavidPoirier · ‎2017-03-28

It would be in the /boot/grub/grub.conf

David

DavidPoirier · ‎2017-03-28

If the Kernel was upgraded, we can verify with a rpm-qa | grep kernel

Also, the grub.conf should have the default = 0

Thank you

David

NetWitness Community

Unable to clear "Rebooting" message after upgrade