Article Number
000002140
Applies To
NetWitness Product Set: NetWitness Platform
NetWitness Product/Service Type: Endpoint Advanced Agent
NetWitness Version/Condition: 11.X,12.X
Platform: CentOS 7 / Alma
NetWitness Product/Service Type: Endpoint Advanced Agent
NetWitness Version/Condition: 11.X,12.X
Platform: CentOS 7 / Alma
Issue
NetWitness Endpoint Agent with NAT couldn't communicate with NetWitness Endpoint Server.
Network team confirmed that all ports for Endpoint server/agents are opened and network test tools(nmap) shows that it can communicate via the dedicated ports.
But 'NWEAgent.exe /testnet' results failure.
Image descriptionCause
The agent with NAT is in the same Endpoint sources group with other non-NAT agents, and same policy is applied.
Endpoint Agents with NAT should have an independent policy and group with Endpoint Server Forwarder configuration.
Resolution
- Go to Netwitness UI - Admin - Endpoint Sources page, and click Policies tab.
- Create a new policy for the Agents with NAT. Make sure you select 'Endpoint Server Settings' and enter the correct Forwarder information.
Image description
- Go to Groups tab, and create a new group with the agent with NAT and the policy you create at step2.
- Go to Agent Packager page(Admin - Services - Endpoint Server - Config - Agent Packager tab). And enter the Endpoint Server Forwarder, then click 'Generate Agent Packager'.
- Move the packager file to the agent machine.
- Remove the old NWEAgent.
C:\> msiexec /x {63AC4523-5F19-42F0-BC43-97C8B5373589} - Run the AgentPackager.exe as administrator, then run the nwe-agent-package.exe.
- Check the connectivity with 'NWEAgent.exe /testnet'
In this article
