Article Number
000030799
Applies To
RSA Product Set: Security Analytics
RSA Product/Service Type: Security Analytics Server, Security Analytics UI
RSA Version/Condition: 10.4.x, 10.5.0.0, 10.5.0.1
Platform: CentOS
O/S Version: EL6
RSA Product/Service Type: Security Analytics Server, Security Analytics UI
RSA Version/Condition: 10.4.x, 10.5.0.0, 10.5.0.1
Platform: CentOS
O/S Version: EL6
Issue
When clicking on sessions for a meta value in Security Analytics investigations, an Exception System Error is displayed with a message similar to the example below.
Image description
While the issue is occurring, the service on which investigations are being performed (or its underlying service from which it is aggregating) displays no users or roles on its View -> Security page, as shown below.
Image description
2015-07-01 12:15:57,224 [qtp819238905-108200] ERROR org.atmosphere.handler.ReflectorServletProcessor - onRequest()
org.springframework.web.util.NestedServletException: Request processing failed; nested exception is com.netwitness.platform.server.common.carlos.NextGenCarlosException: Failure checking device availability : user1@xxx.xxx.xxx.xxx:56005 received error: Invalid handle (2358729) specified.; nested exception is com.rsa.netwitness.carlos.clients.nextgen.NextGenException: user1@xxx.xxx.xxx.xxx:56005 received error: Invalid handle (2358729) specified.
org.springframework.web.util.NestedServletException: Request processing failed; nested exception is com.netwitness.platform.server.common.carlos.NextGenCarlosException: Failure checking device availability : user1@xxx.xxx.xxx.xxx:56005 received error: Invalid handle (2358729) specified.; nested exception is com.rsa.netwitness.carlos.clients.nextgen.NextGenException: user1@xxx.xxx.xxx.xxx:56005 received error: Invalid handle (2358729) specified.
Image descriptionWhile the issue is occurring, the service on which investigations are being performed (or its underlying service from which it is aggregating) displays no users or roles on its View -> Security page, as shown below.
Image descriptionCause
This issue occurs because of a known issue with the underlying connection between the Security Analytics server and the affected service.
Resolution
This issue has been permanently resolved in Security Analytics 10.5.1.0.
Workaround
Restarting the jettysrv service on the Security Analytics server with the commands below will resolve the occurrence and allow investigations to be performed again.
Stopping this service will cause the Security Analytics UI to be inaccessible for up to 5 minutes while the web server re-initializes, and will log out any users currently using the platform.
[root@SA-Server ~]# stop jettysrv jettysrv stop/waiting [root@SA-Server ~]# start jettysrv jettysrv start/running, process 4126
Stopping this service will cause the Security Analytics UI to be inaccessible for up to 5 minutes while the web server re-initializes, and will log out any users currently using the platform.
In this article
