NetWitness Community

Hey, I am using the HTTPS method .!! Do I need to add the certificate in the SA console as well or just on the server/desktop?

no need, just on the server/desktop enable ssl.

I added the certificate in the console as well (just as a tryout) but after that my error message in the log collector changed to the below one:

"Transient network issues. (There is an active subscription with the event source.)"

Can you suggest any solution for this.!

I'd recommend you check your DNS resolver settings, for forward and reverse lookups. (Does the name links to the right IP address and vice versa? Your PTR and A/CNAME records in DNS). In the original post, the machine was added by IP address (10.x.x.x), and I guess the reverse lookup didn't work, which means that Kerberos cannot know the domain name and is not able to determine which Kerberos domain domain to use to login.

Can you please suggest where to look for the DNS Resolver settings because I am guessing that is the issue happening. I have now configured the event source using FQDN and now it is showing issue of DNS Resolution. PFB error:

Possible causes:

- DNS resolution failed or name/address incorrect.

Hello,

Yes, check your log collector. If you do not have a separate log collector this will be the same machine as the log decoder. This is generally a separate machine from the main Security Analytics server, except if you are using an All-In-One.

The (Remote/Virtual) Log Collector is the component that will go out, authenticate to your Windows server using Kerberos and retrieve the logs. All the Kerberos details should be handled by the Graphical User Interface, but you can take a peek at  /etc/krb5.conf to see how it is configured. The DNS settings should be in /etc/resolv.conf. You can test these by running 'nslookup' or 'host' commands on IP addresses or hostnames.

Michel.

Hi Michel,

Have you solved this error? I am receiving same error for couple of windows servers.

Need your help.