This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject

NetWitness Community

  • Home
  • Products
    • NetWitness Platform
      • Advisories
      • Documentation
        • Platform Documentation
        • Known Issues
        • Security Fixes
        • Hardware Documentation
        • Threat Content
        • Unified Data Model
        • Videos
      • Downloads
      • Integrations
      • Knowledge Base
    • NetWitness Cloud SIEM
      • Advisories
      • Documentation
      • Knowledge Base
    • NetWitness Detect AI
      • Advisories
      • Documentation
      • Knowledge Base
    • NetWitness Investigator
    • NetWitness Orchestrator
      • Advisories
      • Documentation
      • Knowledge Base
      • Legacy NetWitness Orchestrator
        • Advisories
        • Documentation
  • Community
    • Blog
    • Discussions
    • Events
    • Idea Exchange
  • Support
    • Case Portal
      • Create New Case
      • View My Cases
      • View My Team's Cases
    • Community Support
      • Getting Started
      • News & Announcements
      • Community Support Forum
      • Community Support Articles
    • Product Life Cycle
    • Support Information
    • General Security Advisories
  • Training
    • Blog
    • Certification Program
    • Course Catalog
    • New Product Readiness
    • On-Demand Subscriptions
    • Student Resources
    • Upcoming Events
  • Technology Partners
  • Trust Center
Sign InRegister Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
NetWitness Knowledge Base Archive
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
  • NetWitness Community
  • NetWitness Knowledge Base Archive
  • RSA Netwitness not able to enable VLC/ Host appliance after changing it's IP Address
  • Options
    • Subscribe to RSS Feed
    • Bookmark
    • Subscribe
    • Email to a Friend
    • Printer Friendly Page
    • Report Inappropriate Content

RSA Netwitness not able to enable VLC/ Host appliance after changing it's IP Address

Article Number

000034148

Applies To

RSA Product Set: Security Analytics
RSA Product/Service Type: SA Security Analytics Server
RSA Version/Condition: 10.5.0.0 and higher releases
Platform: CentOS
 

Issue

- Unable to re-enable/re-provision a host that was provisioned before and got it's IP changed.
- When a host is removed an re-added. 
- Host is discovered but failed to be enabled. 

Resolution

1- Remove an re-purpose the VLC/host from SA UI.
2- Stop puppet service on VLC, using command: service puppet stop
3- Remove SSL folder under /var/lib/puppet.
4- Remove the old node_id file under /var/lib/puppet.
5- Run ./node_id.py script  under /etc/puppet/scripts/node_id.py for creating a new node id. 
6- Edit /etc/puppet/puppet.conf file to include the new node_id  in "certname" field using the "vi" command.
[root@ldecoder ~]# cat /etc/puppet/puppet.conf
[main]
logdir = /var/log/puppet
rundir = /var/run/puppet
ssldir = $vardir/ssl
certname = new node_id

[agent]
classfile = $vardir/classes.txt
localconfig = $vardir/localconfig
server = puppetmaster.local


7- On SA-head server "puppet Master", remove the  VLC certificate under:
/var/lib/puppet/ssl/ca/signed
As an example:
[root@sa-server vars]# cd /var/lib/puppet/ssl/ca/signed
[root@sa-server signed]# ls
13ba7876-5cfe-4de8-9b28-261c5f510e01.pem  bd4527ef-b6ea-4d1a-80d4-30c8b1b36d11.pem
4c163d36-600c-4196-9ee3-65c5a91e71de.pem  cba7d187-c986-4427-94c0-5ab532468c2a.pem
60547245-3ac3-40c4-8dc6-64f73aee8055.pem  ed65d3eb-51fa-489d-8329-a49f322e92ee.pem
8f2aba18-0442-4cc2-97a8-4e50d4be96f0.pem  facc4daa-f52d-47b1-9f2b-f74a627ae63f.pem
a4b06090-f50e-4085-a536-97628b00d074.pem

Search by the host node id to find it's old certificate: 

[root@sa-server signed]# ll | grep -i 13ba7876-5cfe-4de8-9b28-261c5f510e01
-rw-r--r--. 1 puppet puppet 2009 Mar  1  2016 13ba7876-5cfe-4de8-9b28-261c5f510e01.pem

Then remove it:

[root@sa-server signed]#rm -f 13ba7876-5cfe-4de8-9b28-261c5f510e01.pem

8- Remove the old VLC node_ID from inventory.txt under 
/var/lib/puppet/ssl/ca
Use the vi command to edit the file and remove the entry that has the node_id:
[root@sa-server ca]# cat inventory.txt
0x0001 2016-02-22T12:05:56GMT 2021-02-21T12:05:56GMT /CN=Puppet CA: facc4daa-f52d-47b1-9f2b-f74a627ae63f
0x0002 2016-02-22T12:06:00GMT 2021-02-21T12:06:00GMT /CN=facc4daa-f52d-47b1-9f2b-f74a627ae63f
0x0003 2016-02-22T14:51:14GMT 2021-02-21T14:51:14GMT /CN=ed65d3eb-51fa-489d-8329-a49f322e92ee
0x0004 2016-02-23T11:06:36GMT 2021-02-22T11:06:36GMT /CN=60547245-3ac3-40c4-8dc6-64f73aee8055
0x0006 2016-02-29T11:28:56GMT 2021-02-28T11:28:56GMT /CN=4c163d36-600c-4196-9ee3-65c5a91e71de
0x0007 2016-02-29T14:21:30GMT 2021-02-28T14:21:30GMT /CN=8f2aba18-0442-4cc2-97a8-4e50d4be96f0
0x0008 2016-02-29T14:37:49GMT 2021-02-28T14:37:49GMT /CN=bd4527ef-b6ea-4d1a-80d4-30c8b1b36d11
0x0009 2016-02-29T15:16:19GMT 2021-02-28T15:16:19GMT /CN=13ba7876-5cfe-4de8-9b28-261c5f510e01
0x000a 2016-03-08T12:19:46GMT 2021-03-08T12:19:46GMT /CN=cba7d187-c986-4427-94c0-5ab532468c2a
0x000c 2016-07-11T12:58:47GMT 2021-07-11T12:58:47GMT /CN=a4b06090-f50e-4085-a536-97628b00d074
 
9- On VLC, run "puppet agent -t"  for creating a new SSL certs.
10- On SA UI, re-discover the VLC and enable the puppet service on VLC to complete the provisioning. 
 
Tags (23)
  • 10.5
  • 10.5.x
  • 10.6
  • 10.6.x
  • 10.x
  • Customer Support Article
  • KB Article
  • Knowledge Article
  • Knowledge Base
  • NetWitness
  • NetWitness Platform
  • NW
  • RSA NetWitness
  • RSA NetWitness Platform
  • RSA Security Analytics
  • Security Analytics
  • SIEM
  • Version 10
  • Version 10.5
  • Version 10.5.x
  • Version 10.6
  • Version 10.6.x
  • Version 10.x
0 Likes
Was this article helpful? Yes No
Share
No ratings

In this article

Version history
Last update:
‎2020-12-13 06:13 AM
Updated by:
Administrator RSA-KB-Sync Administrator

Related Content

Powered by Khoros
  • Blog
  • Events
  • Discussions
  • Idea Exchange
  • Knowledge Base
  • Case Portal
  • Community Support
  • Product Life Cycle
  • Support Information
  • About the Community
  • Terms & Conditions
  • Privacy Statement
  • Acceptable Use Policy
  • Employee Login
© 2022 RSA Security LLC or its affiliates. All rights reserved.