Article Number
000001628
Applies To
RSA Product Set: NetWitness Endpoint
RSA Product/Service Type: NetWitness Endpoint
RSA Version/Condition: 4.4.0.9, 4.4.x
Platform: Windows
Issue
Configuration of the RSA Netwitness RSA Live and OPSWAT meta service is failing with error messages due to the presence of a proxy service in the environment.
The issue is not easily explained because there are two components that cause issues: the API server, and the presence of a proxy server in the customer environment. Essentially, when the OPSWAT test connection occurs when the user clicks ON in the UI for the OPSWAT service, the test connection process occurs first, to verify the OPSWAT server is reachable. If this fails, we see this error message, which is seen in ConsoleServer.exe.config:
2019-09-10 18:15:30,608 [Auto Restart (PerformConsoleServerCommand)] ERROR - [9] Newtonsoft.Json.JsonReaderException:Unexpected character encountered while parsing value: <. Path '', line 0, position 0.
at Newtonsoft.Json.JsonTextReader.ParseValue()
at Newtonsoft.Json.JsonReader.ReadForType(JsonContract contract, Boolean hasConverter)
at Newtonsoft.Json.Serialization.JsonSerializerInternalReader.Deserialize(JsonReader reader, Type objectType, Boolean checkAdditionalContent)
at Newtonsoft.Json.JsonSerializer.DeserializeInternal(JsonReader reader, Type objectType)
at Newtonsoft.Json.JsonConvert.DeserializeObject(String value, Type type, JsonSerializerSettings settings)
at Newtonsoft.Json.JsonConvert.DeserializeObject[T](String value, JsonSerializerSettings settings)
at Opswat.Metadefender.Core.Client.MetadefenderCoreClient.ThrowRequestError(HttpResponse response)
at Opswat.Metadefender.Core.Client.MetadefenderCoreClient.GetEngineVersions()
at EConsole.Server.RestMetaScanner.CallGetEngineInfo()
Cause
The cause seems to be a combination of issues related to proxy server preventing a correct response from the OPSWAT server, and errors in connecting to the api server as seen in the Monitoring and External Components API server status. This means there are two aspects to correcting this issue:
1. Getting the correct proxy server settings
2. Resolving the api server errors
Resolution
API Server Troubleshooting:
This is mostly outside the scope of this issue. For general troubleshooting steps, however, the following should be checked:
1. Log On As User for the apiserver user. This user is typically a service managed user, and should be present in the SQL database as well. Typically this user is also used for the ConsoleServer service, and usually is given sysadmin or similar permissions to ensure proper functionality with the ECAT$PRIMARY database.
2. Check the Diagnose option when the api server error is seen. This is the most basic step as information on how to resolve the api server errors may be detailed in the details section under Diagnose.
3. Check the apiserver.exe.config file for discrepancies and compare it to the consoleserver.exe.config file
Proxy Server Troubleshooting:
The problem with troubleshooting proxy issues is that it can be very specific to each environment. Some key points:
- Scenario 1: Get the IP address of the proxy server. It may be necessary to add a section to the consoleserver.exe.config file to ensure proxy setting redirects are correct.
- <system.net>
<defaultProxy>
<proxy
usesystemdefault="False"
proxyaddress="http://xxx.xxx.xxx:8080"
bypassonlocal="true"
/>
</defaultProxy>
</system.net> - After adding the correct settings here, make sure to restart the ConsoleServer service and API server services.
- Enable the OPSWAT service and observe if the Initialized confirmation message is shown. If an error is shown, the changes made failed to resolve the issue.
- Scenario 2: There is an alternate scenario where the proxy setting had to be referenced in the Internet Options of Internet Explorer, rather than simply directly added to consoleserver.exe.config file. It may also require that a Sales Engineer be sent to the site to work on resolving the proxy issues specific to the environment. Below are steps if you suspect scenario 2 is the issue here:
- Add the following line to the consoleserver.exe.config file in its own section:
- <system.net>
<defaultProxy>
<proxy
usesystemdefault="True"
/>
</defaultProxy>
</system.net>
- After adding the above, open the Internet Explorer settings and go to Internet Options> Connections>Lan Settings and check the proxy and bypass proxy server settings checkboxes. Sometimes after enabling this option, when you return there may be a supplied IP address in the proxy address field. This may need to be removed.
- Close the UI, and restart the RSA api server and console server services. Test again in the UI
Regardless of the method used to resolve this issue, confirmation of success will be confirmed only when the error message in the UI is replaced with the Initialized confirmation message.