This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject

NetWitness Community

  • Home
  • Products
    • NetWitness Platform
      • Advisories
      • Documentation
        • Platform Documentation
        • Known Issues
        • Security Fixes
        • Hardware Documentation
        • Threat Content
        • Unified Data Model
        • Videos
      • Downloads
      • Integrations
      • Knowledge Base
    • NetWitness Cloud SIEM
      • Advisories
      • Documentation
      • Knowledge Base
    • NetWitness Detect AI
      • Advisories
      • Documentation
      • Knowledge Base
    • NetWitness Investigator
    • NetWitness Orchestrator
      • Advisories
      • Documentation
      • Knowledge Base
      • Legacy NetWitness Orchestrator
        • Advisories
        • Documentation
  • Community
    • Blog
    • Discussions
    • Events
    • Idea Exchange
  • Support
    • Case Portal
      • Create New Case
      • View My Cases
      • View My Team's Cases
    • Community Support
      • Getting Started
      • News & Announcements
      • Community Support Forum
      • Community Support Articles
    • Product Life Cycle
    • Support Information
    • General Security Advisories
  • Training
    • Blog
    • Certification Program
    • Course Catalog
    • New Product Readiness
    • On-Demand Subscriptions
    • Student Resources
    • Upcoming Events
  • Technology Partners
  • Trust Center
Sign InRegister Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Knowledge Base
Find answers to your questions and identify resolutions for known issues with knowledge base articles written by NetWitness experts.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
  • NetWitness Community
  • Knowledge Base
  • RSA ECAT OPSWAT Integration Error: Unexpected character encountered while parsing value: <. Path '',...
  • Options
    • Subscribe to RSS Feed
    • Bookmark
    • Subscribe
    • Email to a Friend
    • Printer Friendly Page
    • Report Inappropriate Content

The content you are looking for has been archived. View related content below.

RSA ECAT OPSWAT Integration Error: Unexpected character encountered while parsing value: <. Path '', line 0, position 0

Article Number

000001628

Applies To

RSA Product Set: NetWitness Endpoint
RSA Product/Service Type: NetWitness Endpoint
RSA Version/Condition: 4.4.0.9, 4.4.x
Platform: Windows

Issue

Configuration of the RSA Netwitness RSA Live and OPSWAT meta service is failing with error messages due to the presence of a proxy service in the environment.

The issue is not easily explained because there are two components that cause issues: the API server, and the presence of a proxy server in the customer environment. Essentially, when the OPSWAT test connection occurs when the user clicks ON in the UI for the OPSWAT service, the test connection process occurs first, to verify the OPSWAT server is reachable. If this fails, we see this error message, which is seen in ConsoleServer.exe.config:

2019-09-10 18:15:30,608 [Auto Restart (PerformConsoleServerCommand)] ERROR - [9] Newtonsoft.Json.JsonReaderException:Unexpected character encountered while parsing value: <. Path '', line 0, position 0.
   at Newtonsoft.Json.JsonTextReader.ParseValue()
   at Newtonsoft.Json.JsonReader.ReadForType(JsonContract contract, Boolean hasConverter)
   at Newtonsoft.Json.Serialization.JsonSerializerInternalReader.Deserialize(JsonReader reader, Type objectType, Boolean checkAdditionalContent)
   at Newtonsoft.Json.JsonSerializer.DeserializeInternal(JsonReader reader, Type objectType)
   at Newtonsoft.Json.JsonConvert.DeserializeObject(String value, Type type, JsonSerializerSettings settings)
   at Newtonsoft.Json.JsonConvert.DeserializeObject[T](String value, JsonSerializerSettings settings)
   at Opswat.Metadefender.Core.Client.MetadefenderCoreClient.ThrowRequestError(HttpResponse response)
   at Opswat.Metadefender.Core.Client.MetadefenderCoreClient.GetEngineVersions()
   at EConsole.Server.RestMetaScanner.CallGetEngineInfo()
   
 

Cause

The cause seems to be a combination of issues related to proxy server preventing a correct response from the OPSWAT server, and errors in connecting to the api server as seen in the Monitoring and External Components API server status. This means there are two aspects to correcting this issue:
1. Getting the correct proxy server settings
2. Resolving the api server errors

Resolution

API Server Troubleshooting:

This is mostly outside the scope of this issue. For general troubleshooting steps, however, the following should be checked:
1. Log On As User for the apiserver user. This user is typically a service managed user, and should be present in the SQL database as well. Typically this user is also used for the ConsoleServer service, and usually is given sysadmin or similar permissions to ensure proper functionality with the ECAT$PRIMARY database.
2. Check the Diagnose option when the api server error is seen. This is the most basic step as information on how to resolve the api server errors may be detailed in the details section under Diagnose.
3. Check the apiserver.exe.config file for discrepancies and compare it to the consoleserver.exe.config file

Proxy Server Troubleshooting:
The problem with troubleshooting proxy issues is that it can be very specific to each environment. Some key points:

  • Scenario 1: Get the IP address of the proxy server. It may be necessary to add a section to the consoleserver.exe.config file to ensure proxy setting redirects are correct.
    1. <system.net>

          <defaultProxy>

                      <proxy

                       usesystemdefault="False"

                       proxyaddress="http://xxx.xxx.xxx:8080"

                       bypassonlocal="true"

                      />

         </defaultProxy>

      </system.net>
    2. After adding the correct settings here, make sure to restart the ConsoleServer service and API server services.
    3. Enable the OPSWAT service and observe if the Initialized confirmation message is shown. If an error is shown, the changes made failed to resolve the issue.
  • Scenario 2: There is an alternate scenario where the proxy setting had to be referenced in the Internet Options of Internet Explorer, rather than simply directly added to consoleserver.exe.config file. It may also require that a Sales Engineer be sent to the site to work on resolving the proxy issues specific to the environment. Below are steps if you suspect scenario 2 is the issue here:
    1. Add the following line to the consoleserver.exe.config file in its own section:
      • <system.net>
        <defaultProxy>
        <proxy
        usesystemdefault="True"
        />
        </defaultProxy>
        </system.net>
    2. After adding the above, open the Internet Explorer settings and go to Internet Options> Connections>Lan Settings and check the proxy and bypass proxy server settings checkboxes. Sometimes after enabling this option, when you return there may be a supplied IP address in the proxy address field. This may need to be removed.
    3. Close the UI, and restart the RSA api server and console server services. Test again in the UI
Regardless of the method used to resolve this issue, confirmation of success will be confirmed only when the error message in the UI is replaced with the Initialized confirmation message.
Tags (12)
  • Customer Support Article
  • KB Article
  • Knowledge Article
  • Knowledge Base
  • NetWitness
  • NetWitness Platform
  • NW
  • RSA NetWitness
  • RSA NetWitness Platform
  • RSA Security Analytics
  • Security Analytics
  • SIEM
0 Likes
Was this article helpful? Yes No
No ratings

In this article

Version history
Last update:
‎2022-02-10 01:15 PM
Updated by:
Administrator nwinfotech Administrator

Related Content

Powered by Khoros
  • Blog
  • Events
  • Discussions
  • Idea Exchange
  • Knowledge Base
  • Case Portal
  • Community Support
  • Product Life Cycle
  • Support Information
  • About the Community
  • Terms & Conditions
  • Privacy Statement
  • Acceptable Use Policy
  • Employee Login
© 2022 RSA Security LLC or its affiliates. All rights reserved.