NetWitness Platform Online Documentation

Browse the official NetWitness Platform Online documentation for helpful tutorials, step-by-step instructions, and other valuable resources.

Options

Subscribe to RSS Feed

Bookmark

Subscribe

Printer Friendly Page

Report Inappropriate Content

Versions

Collections

All Downloads

Table of Contents

TroubleshootingTroubleshooting

This topic provides information about possible issues that NetWitness users may encounter when configuring the System Security and User Management settings in NetWitness. You can look up explanations of issues and their solutions.

Users are able to create a password of 8-chracters or less despite the configured minimum password length of 9 characters in Version 11.3Users are able to create a password of 8-chracters or less despite the configured minimum password length of 9 characters in Version 11.3

Problem	Solutions
When NetWitness was upgraded from 11.2 and previous versions to Version 11.3, the administrator did not set the minimum password length to 9 characters.	In 11.2 and earlier versions, the minimum password length is 8. The minimum password length changed to 9, in Versions 11.3. If you upgrade or update from earlier versions to 11.3, users can still create a password of 8 characters until you explicitly set the minimum password length to 9 characters as described in Configure Password Complexity.

Unable to log in to NetWitness Platform using SSOUnable to log in to NetWitness Platform using SSO

Problem	Solutions
When the Administrator configures the SSO incorrectly and is unable to log in to NetWitness.	Manual Steps to Disable SSO To resolve this issue you must disable SSO manually, using the following commands: SSH to admin server node. Connect to nw-shell. Connect to admin server service using the connect --service admin-server command. Log in to admin server using the login command. Enter the admin username and password. Execute the following commands: cd /rsa/security/authentication/web/saml/sso-enabled set false logout exit systemctl restart rsa-nw-admin-server
Unable to connect to IDP and request session has timed out	Check if the admin server is able to reach the specific IDP metadata URL. Check if the IDP can be to accessed over the internet, if not configure the proxy and try again.
SSL handshake failed as the certificate is not verified	Enable the trust-all-certs-for-idp-metadata flag in the explorer view of admin-server by navigating to RSA>Security>Authentication>Web>SAML. Import the SSL certificate of the IDP metadata server to the JVM trust store, run the command keytool -import -trustcacerts -file /root/selfsignedadfs.cer -alias selfsignedcert -keystore /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.222.b10-0.el7_6.x86_64/jre/lib/security/cacerts on the Admin node.
SSL handshake failed as the hostname is not verified	Check the IDP metadata server's SSL certificate has a valid DN and matches the server hostname. Enable the trust-all-certs-for-idp-metadata flag in the explorer view of admin-server by navigating to RSA>Security>Authentication>Web>SAML.
Fail over IP address changed	Perform the following manual steps to configure the new IP address. 1. Disable SSO using nw-shell after failover from new IP. For more information, see Manual Steps to Disable SSO 2. Generate the new metadata and reupload it in ADFS. For more information, see see the Configure SAML 2.0 provider settings for portals topic in Microsoft documentation.

On this page