Article Number
000039959
Applies To
RSA Product Set: RSA NetWitness Platform
RSA Product/Service Type: Core Appliance
RSA Version/Condition: 11.5.2.0
Platform: CentOS
O/S Version: 7
Issue
After upgrading to 11.5.2.0, Investigate with the admin account failed to retrieve the meta keys and failed to load the visualization while other accounts have no issue with administrators role as shown below.
Image descriptionImage descriptionFollowing error message is observed in sa.log.
Caused by: javax.persistence.EntityNotFoundException: Unable to find com.rsa.smc.sa.investigation.profile.domain.model.InvestigationProfile with id 42
In this case, you are not able to investigate anything with admin user and this occurs for all the core services.
Cause
The InvestigationProfile is a part of the H2-DB located at "/var/netwitness/uax/db" on the SA box.
As you can see below, the profile ID 42 does not exist at the Mongo DB collection "userInvestigationPreferences" under DB "SA" and those are the stale entries in the DB.
Image descriptionThis mongo DB contains references to the H2 DB table "INVESTIGATIONPROFILE" and the admin user was having the stale entry ("currentInvestigationProfile": 42).
This might have happened during upgrade and this may be a corner case.
Generally we do not see H2 and mongo pointing to a stale entry.
Resolution
InvestigationProfile in H2 DB contains all the profiles that are created to investigate as well as both OOTB and NON-OOTB profiles.
If you face a similar issue, you can get the problematic InvestigationProfile with id 42 from the sa.log and update the mongo DB currentInvestigationProfile to any OOTB-created profiles starting from id 1 to 5.
Command will be like this:
On the SA box,> cd /var/netwitness/common/repo/
> mongo admin -u deploy_admin -p
//enter password
// after connection successful
> use sa
//identify the problematic user and "currentInvestigationProfile" and replace the id with any other "non-ootb" profile id found in "InvestigationProfile" from H2 DB.
>db.userInvestigationPreferences.update({ "currentInvestigationProfile" : 42},{ $set:{"currentInvestigationProfile" : 1}},{multi: true});
//logout and login with the problematic user and try to investigate, the logged in user should be able to investigate.
After the steps above, you are correctly able to retrieve meta key with admin user.