IBM QRadar

IBM QRadar

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only

  • 1.  Deploy Full Configuration dependency on QNI

    Posted Tue November 21, 2023 10:48 PM

    Hi Community,

    I have found out that when status of QNI is "Unknown", triggering of deployment fails. 

    Here are some of the error messages from qradar.error,

    Nov 22 10:01:35 ::ffff:127.0.0.1 [tomcat.tomcat] [RuleCapacity_PersisterTimer] com.q1labs.rpcservices.CREServices: [ERROR] [NOT:0000003000][<IPOfConsole>/- -] [-/- -]Exception occurred while attempting to persist rule performance statistics
    Nov 22 10:02:43 console221 tomcat[84365]: 22-Nov-2023 10:02:43.299 WARNING [iMQReadChannel-3] com.sun.messaging.jmq.jmsclient.ExceptionHandler.throwConnectionException [C4003]: Error occurred on connection creation [127.0.0.1:20001]. - cause: java.net.ConnectException: Connection refused (Connection refused)
    Nov 22 10:02:53 console221 tomcat[84365]: 22-Nov-2023 10:02:53.300 WARNING [iMQReadChannel-3] com.sun.messaging.jmq.jmsclient.ExceptionHandler.throwConnectionException [C4003]: Error occurred on connection creation [127.0.0.1:20001]. - cause: java.net.ConnectException: Connection refused (Connection refused)
    Nov 22 10:03:03 console221 tomcat[84365]: 22-Nov-2023 10:03:03.301 WARNING [iMQReadChannel-3] com.sun.messaging.jmq.jmsclient.ExceptionHandler.throwConnectionException [C4003]: Error occurred on connection creation [127.0.0.1:20001]. - cause: java.net.ConnectException: Connection refused (Connection refused)
    Nov 22 10:03:13 console221 tomcat[84365]: 22-Nov-2023 10:03:13.304 WARNING [iMQReadChannel-3] com.sun.messaging.jmq.jmsclient.ExceptionHandler.throwConnectionException [C4003]: Error occurred on connection creation [127.0.0.1:20001]. - cause: java.net.ConnectException: Connection refused (Connection refused)
    Nov 22 10:03:23 console221 tomcat[84365]: 22-Nov-2023 10:03:23.305 WARNING [iMQReadChannel-3] com.sun.messaging.jmq.jmsclient.ExceptionHandler.throwConnectionException [C4003]: Error occurred on connection creation [127.0.0.1:20001]. - cause: java.net.ConnectException: Connection refused (Connection refused)
    Nov 22 10:03:23 console221 tomcat[84365]: 22-Nov-2023 10:03:23.305 WARNING [iMQReadChannel-3] com.sun.messaging.jmq.jmsclient.ExceptionHandler.logCaughtException [I500]: Caught JVM Exception: com.sun.messaging.jms.JMSException: [C4003]: Error occurred on connection creation [127.0.0.1:20001]. - cause: java.net.ConnectException: Connection refused (Connection refused)
    Nov 22 10:03:23 console221 tomcat[84365]: 22-Nov-2023 10:03:23.306 WARNING [iMQReadChannel-3] com.sun.messaging.jmq.jmsclient.ExceptionHandler.logCaughtException [I500]: Caught JVM Exception: com.sun.messaging.jms.JMSException: [C4004]: Error occurred on connection close. - cause: java.net.SocketException: Socket is closed
    Nov 22 10:03:23 console221 tomcat[84365]: com.sun.messaging.jms.JMSException: [C4002]: Read packet failed. - cause: java.io.EOFException: Trying to read 72 bytes. Already read 0 bytes.
    Nov 22 10:03:25 ::ffff:127.0.0.1 [tomcat.tomcat] [Thread-216489] ComponentOutput: [ERROR] [NOT:0000003000][<IPOfConsole>/- -] [-/- -]ErrorStream postDeployScripts: /sys/firmware/dmi/tables/smbios_entry_point: Permission denied
    Nov 22 10:03:25 ::ffff:127.0.0.1 [tomcat.tomcat] [Thread-216489] ComponentOutput: [ERROR] [NOT:0000003000][<IPOfConsole>/- -] [-/- -]ErrorStream postDeployScripts: /dev/mem: Permission denied
    Nov 22 10:03:25 ::ffff:127.0.0.1 [tomcat.tomcat] [Thread-216489] ComponentOutput: [ERROR] [NOT:0000003000][<IPOfConsole>/- -] [-/- -]ErrorStream postDeployScripts: ERROR: Script /opt/qradar/conf/helpabout.d/ziptie_helpabout.sh is not executable!
    Nov 22 10:03:58 ::ffff:127.0.0.1 [tomcat.tomcat] [admin@<IPOfPC> (8368) /console/JSON-RPC/QRadar.scheduleDeployment QRadar.scheduleDeployment] com.q1labs.configservices.deployment.DeploymentManager: [ERROR] [NOT:0000003000][<IPOfConsole>/- -] [-/- -]Error performing deployment
    Nov 22 10:03:58 ::ffff:127.0.0.1 [tomcat.tomcat] [admin@<IPOfPC> (8368) /console/JSON-RPC/QRadar.scheduleDeployment QRadar.scheduleDeployment] com.q1labs.configservices.common.ConfigServicesException: Error retrieving QNI host information.
    Nov 22 10:03:58 ::ffff:127.0.0.1 [tomcat.tomcat] [admin@<IPOfPC> (8368) /console/JSON-RPC/QRadar.scheduleDeployment QRadar.scheduleDeployment]    at com.q1labs.uiframeworks.valve.ErrorReportValve.invoke(ErrorReportValve.java:47)
    Nov 22 10:04:35 ::ffff:127.0.0.1 [tomcat.tomcat] [configservices@::1 (7974) /console/JSON-RPC System.generateCertFromCSR] com.q1labs.rpcservices.LocalCAServices: [ERROR] [NOT:0000003000][<IPOfConsole>/- -] [-/- -]com.ibm.si.hostcontext.task.GenerateCertFromCSRTask 726a7572-5c5b-46d5-8831-f7c1d4a9cd31 timeout.
    Nov 22 10:04:35 ::ffff:127.0.0.1 [tomcat.tomcat] [configservices@::1 (7974) /console/JSON-RPC System.generateCertFromCSR] com.q1labs.core.ui.servlet.RemoteJavaScript: [ERROR] [NOT:0000003000][<IPOfConsole>/- -] [-/- -]An exception occurred while executing the remote method 'generateCertFromCSR'
    Nov 22 10:04:35 ::ffff:127.0.0.1 [tomcat.tomcat] [configservices@::1 (7974) /console/JSON-RPC System.generateCertFromCSR]    at com.q1labs.uiframeworks.valve.ErrorReportValve.invoke(ErrorReportValve.java:47)
    Nov 22 10:04:53 ::ffff:127.0.0.1 [tomcat.tomcat] [Thread-216537] ComponentOutput: [ERROR] [NOT:0000003000][<IPOfConsole>/- -] [-/- -]ErrorStream replicationPackager: /sys/firmware/dmi/tables/smbios_entry_point: Permission denied
    Nov 22 10:04:53 ::ffff:127.0.0.1 [tomcat.tomcat] [Thread-216537] ComponentOutput: [ERROR] [NOT:0000003000][<IPOfConsole>/- -] [-/- -]ErrorStream replicationPackager: /dev/mem: Permission denied
    Nov 22 10:09:50 ::ffff:127.0.0.1 [tomcat.tomcat] [pool-3-thread-9] com.q1labs.core.qni.util.SSHCommandTask: [ERROR] [NOT:0000003000][<IPOfConsole>/- -] [-/- -]An unhandled exception was thrown during the execution of task: 1854
    Nov 22 10:09:50 ::ffff:127.0.0.1 [tomcat.tomcat] [pool-3-thread-9] java.lang.RuntimeException: Error connecting to <IPOfQNI> by SSH.
    Nov 22 10:10:40 ::ffff:127.0.0.1 [tomcat.tomcat] [Thread-216707] ComponentOutput: [ERROR] [NOT:0000003000][<IPOfConsole>/- -] [-/- -]ErrorStream postDeployScripts: /sys/firmware/dmi/tables/smbios_entry_point: Permission denied
    Nov 22 10:10:40 ::ffff:127.0.0.1 [tomcat.tomcat] [Thread-216707] ComponentOutput: [ERROR] [NOT:0000003000][<IPOfConsole>/- -] [-/- -]ErrorStream postDeployScripts: /dev/mem: Permission denied
    Nov 22 10:10:40 ::ffff:127.0.0.1 [tomcat.tomcat] [Thread-216707] ComponentOutput: [ERROR] [NOT:0000003000][<IPOfConsole>/- -] [-/- -]ErrorStream postDeployScripts: ERROR: Script /opt/qradar/conf/helpabout.d/ziptie_helpabout.sh is not executable!
    Nov 22 10:10:48 ::ffff:127.0.0.1 [tomcat.tomcat] [Thread-216715] ComponentOutput: [ERROR] [NOT:0000003000][<IPOfConsole>/- -] [-/- -]ErrorStream replicationPackager: /sys/firmware/dmi/tables/smbios_entry_point: Permission denied
    Nov 22 10:10:48 ::ffff:127.0.0.1 [tomcat.tomcat] [Thread-216715] ComponentOutput: [ERROR] [NOT:0000003000][<IPOfConsole>/- -] [-/- -]ErrorStream replicationPackager: /dev/mem: Permission denied
    Nov 22 10:11:12 ::ffff:127.0.0.1 [tomcat.tomcat] [configservices@127.0.0.1 (9247) /console/restapi/api/config/deploy_action] com.q1labs.configservices.deployment.DeploymentManager: [ERROR] [NOT:0000003000][<IPOfConsole>/- -] [-/- -]Error performing deployment
    Nov 22 10:11:12 ::ffff:127.0.0.1 [tomcat.tomcat] [configservices@127.0.0.1 (9247) /console/restapi/api/config/deploy_action] com.q1labs.configservices.common.ConfigServicesException: Error retrieving QNI host information.
    Nov 22 10:11:12 ::ffff:127.0.0.1 [tomcat.tomcat] [configservices@127.0.0.1 (9247) /console/restapi/api/config/deploy_action]    at com.q1labs.uiframeworks.valve.ErrorReportValve.invoke(ErrorReportValve.java:47)
    Nov 22 10:11:12 ::ffff:127.0.0.1 [tomcat.tomcat] [configservices@127.0.0.1 (9247) /console/restapi/api/config/deploy_action] com.ibm.si.configservices.api.v3_0.configuration.ConfigAPI: [ERROR] [NOT:0000003000][<IPOfConsole>/- -] [-/- -]Error scheduling deployment
    Nov 22 10:11:12 ::ffff:127.0.0.1 [tomcat.tomcat] [configservices@127.0.0.1 (9247) /console/restapi/api/config/deploy_action] com.q1labs.restapi_annotations.content.exceptions.endpointExceptions.StateConflictException: Cannot schedule deployment at this time: Error performing deployment.See logs for details.
    Nov 22 10:11:12 ::ffff:127.0.0.1 [tomcat.tomcat] [configservices@127.0.0.1 (9247) /console/restapi/api/config/deploy_action]    at com.q1labs.uiframeworks.valve.ErrorReportValve.invoke(ErrorReportValve.java:47)
    Nov 22 10:13:57 ::ffff:127.0.0.1 [tomcat.tomcat] [pool-3-thread-10] com.q1labs.core.qni.util.SSHCommandTask: [ERROR] [NOT:0000003000][<IPOfConsole>/- -] [-/- -]An unhandled exception was thrown during the execution of task: 1855
    Nov 22 10:13:57 ::ffff:127.0.0.1 [tomcat.tomcat] [pool-3-thread-10] java.lang.RuntimeException: Error connecting to <IPOfQNI> by SSH.
     
    Nov 22 10:15:52 ::ffff:127.0.0.1 [tomcat.tomcat] [Thread-216891] ComponentOutput: [ERROR] [NOT:0000003000][<IPOfConsole>/- -] [-/- -]ErrorStream replicationPackager: /sys/firmware/dmi/tables/smbios_entry_point: Permission denied
    Nov 22 10:15:52 ::ffff:127.0.0.1 [tomcat.tomcat] [Thread-216891] ComponentOutput: [ERROR] [NOT:0000003000][<IPOfConsole>/- -] [-/- -]ErrorStream replicationPackager: /dev/mem: Permission denied
    Nov 22 10:16:33 ::ffff:127.0.0.1 [tomcat.tomcat] [Thread-216910] ComponentOutput: [ERROR] [NOT:0000003000][<IPOfConsole>/- -] [-/- -]ErrorStream postDeployScripts: /sys/firmware/dmi/tables/smbios_entry_point: Permission denied
    Nov 22 10:16:33 ::ffff:127.0.0.1 [tomcat.tomcat] [Thread-216910] ComponentOutput: [ERROR] [NOT:0000003000][<IPOfConsole>/- -] [-/- -]ErrorStream postDeployScripts: /dev/mem: Permission denied
    Nov 22 10:16:33 ::ffff:127.0.0.1 [tomcat.tomcat] [Thread-216910] ComponentOutput: [ERROR] [NOT:0000003000][<IPOfConsole>/- -] [-/- -]ErrorStream postDeployScripts: ERROR: Script /opt/qradar/conf/helpabout.d/ziptie_helpabout.sh is not executable!
    Nov 22 10:17:04 ::ffff:127.0.0.1 [tomcat.tomcat] [pool-3-thread-1] com.q1labs.core.qni.util.SSHCommandTask: [ERROR] [NOT:0000003000][<IPOfConsole>/- -] [-/- -]An unhandled exception was thrown during the execution of task: 1856
    Nov 22 10:17:04 ::ffff:127.0.0.1 [tomcat.tomcat] [pool-3-thread-1] java.lang.RuntimeException: Error connecting to <IPOfQNI> by SSH.
    Nov 22 10:17:05 ::ffff:127.0.0.1 [tomcat.tomcat] [configservices@127.0.0.1 (84) /console/restapi/api/config/deploy_action] com.q1labs.configservices.deployment.DeploymentManager: [ERROR] [NOT:0000003000][<IPOfConsole>/- -] [-/- -]Error performing deployment
    Nov 22 10:17:05 ::ffff:127.0.0.1 [tomcat.tomcat] [configservices@127.0.0.1 (84) /console/restapi/api/config/deploy_action] com.q1labs.configservices.common.ConfigServicesException: Error retrieving QNI host information.
    Nov 22 10:17:05 ::ffff:127.0.0.1 [tomcat.tomcat] [configservices@127.0.0.1 (84) /console/restapi/api/config/deploy_action]    at com.q1labs.uiframeworks.valve.ErrorReportValve.invoke(ErrorReportValve.java:47)
    Nov 22 10:17:05 ::ffff:127.0.0.1 [tomcat.tomcat] [configservices@127.0.0.1 (84) /console/restapi/api/config/deploy_action] com.ibm.si.configservices.api.v3_0.configuration.ConfigAPI: [ERROR] [NOT:0000003000][<IPOfConsole>/- -] [-/- -]Error scheduling deployment
    Nov 22 10:17:05 ::ffff:127.0.0.1 [tomcat.tomcat] [configservices@127.0.0.1 (84) /console/restapi/api/config/deploy_action] com.q1labs.restapi_annotations.content.exceptions.endpointExceptions.StateConflictException: Cannot schedule deployment at this time: Error performing deployment.See logs for details.
    Nov 22 10:17:05 ::ffff:127.0.0.1 [tomcat.tomcat] [configservices@127.0.0.1 (84) /console/restapi/api/config/deploy_action]    at com.q1labs.uiframeworks.valve.ErrorReportValve.invoke(ErrorReportValve.java:47)
    Nov 22 10:18:47 ::ffff:127.0.0.1 [tomcat.tomcat] [pool-3-thread-2] com.q1labs.core.qni.util.SSHCommandTask: [ERROR] [NOT:0000003000][<IPOfConsole>/- -] [-/- -]An unhandled exception was thrown during the execution of task: 1857
    Nov 22 10:18:47 ::ffff:127.0.0.1 [tomcat.tomcat] [pool-3-thread-2] java.lang.RuntimeException: Error connecting to <IPOfQNI> by SSH.
    Nov 22 10:20:18 ::ffff:127.0.0.1 [hostcontext.hostcontext] [ConfigChangeObserver Timer[1]] com.q1labs.core.shared.jsonrpc.RPC: [ERROR] [NOT:0000003000][<IPOfConsole>/- -] [-/- -]Error invoking remote method System.getActionRequest with arguments ["<IPOfConsole>"] for result 'N/A'
    Nov 22 10:20:18 ::ffff:127.0.0.1 [hostcontext.hostcontext] [ConfigChangeObserver Timer[1]] com.q1labs.hostcontext.configuration.ConfigChangeObserver: [ERROR] [NOT:0000003000][<IPOfConsole>/- -] [-/- -]java.lang.Exception: java.net.ConnectException: Connection refused (Connection refused)
    Nov 22 10:20:18 ::ffff:127.0.0.1 [hostcontext.hostcontext] [ConfigChangeObserver Timer[1]] com.q1labs.hostcontext.configuration.ConfigChangeObserver: [ERROR] [NOT:0000003000][<IPOfConsole>/- -] [-/- -]Cannot check if action is requested for host:<IPOfConsole>
    Nov 22 10:20:20 ::ffff:127.0.0.1 [tomcat.tomcat] [pool-4-thread-1] com.ibm.si.frameworks.taskmanagement.LocalTaskManager: [ERROR] [NOT:0000003000][<IPOfConsole>/- -] [-/- -]Error occured while trying to update TaskStatus 1861
    Nov 22 10:20:20 ::ffff:127.0.0.1 [tomcat.tomcat] [pool-4-thread-1] com.ibm.si.frameworks.taskmanagement.LocalTaskManager: [ERROR] [NOT:0000003000][<IPOfConsole>/- -] [-/- -]Error occured while trying to update TaskStatus 1859
    Nov 22 10:20:20 ::ffff:127.0.0.1 [tomcat.tomcat] [pool-4-thread-1] com.ibm.si.frameworks.taskmanagement.LocalTaskManager: [ERROR] [NOT:0000003000][<IPOfConsole>/- -] [-/- -]Error occured while trying to update TaskStatus 1860
    Nov 22 10:20:33 ::ffff:127.0.0.1 [ecs-ec.ecs-ec] [pool-6-thread-1] com.q1labs.core.shared.jsonrpc.RPC: [ERROR] [NOT:0000003000][<IPOfConsole>/- -] [-/- -]Error invoking remote method System.updateStatistic with arguments [7,117336839,289,284,0,0,1] for result 'N/A'
    Nov 22 10:20:33 ::ffff:127.0.0.1 [ecs-ec.ecs-ec] [pool-6-thread-1] com.q1labs.core.saf.SAFServices: [ERROR] [NOT:0000003000][<IPOfConsole>/- -] [-/- -]Error performing remote procedure call to update history for ec (id='7') with stats = EventsSend: 0/117336839, EventRate: 289/284, ByteRate: 204409/198536, EventsLeft: 0/0
    Nov 22 10:20:36 ::ffff:127.0.0.1 [ecs-ec.ecs-ec] [LastEventSeenProcessor] com.q1labs.core.shared.jsonrpc.RPC: [ERROR] [NOT:0000003000][<IPOfConsole>/- -] [-/- -]Error invoking remote method System.persistLastEventSeenInfo with arguments ["rO0ABXNyABpnbnUudHJvdmUuVExvbmdMb25nSGFzaE1hcAAAAAAAAAABDAAAeHIAE2dudS50cm92ZS5UTG9uZ0hhc2hW7OSSWIVmOwIAAUwAEF9oYXNoaW5nU3RyYXRlZ3l0ACBMZ251L3Ryb3ZlL1RMb25nSGFzaGluZ1N0cmF0ZWd5O3hwd1UAAAAABQAAAAAAAAA\/AAABi\/TUCWAAAAAAAAAAQQAAAYv01Ek5AAAAAAAAAD4AAAGL9NQj5gAAAAAAAABAAAABi\/TUSvUAAAAAAAAARQAAAYv01E1IeA=="] for result 'N/A'
    Nov 22 10:20:36 ::ffff:127.0.0.1 [ecs-ec.ecs-ec] [LastEventSeenProcessor] com.ibm.si.ec.filters.stat.StatFilter: [ERROR] [NOT:0000003000][<IPOfConsole>/- -] [-/- -]LastEventSeenProcessor encountered an error when attempting to update 5 entries. Last event seen info will be stale until this issue is resolved. Reason: java.net.ConnectException: Connection refused (Connection refused)
    Nov 22 10:20:40 ::ffff:127.0.0.1 [hostcontext.hostcontext] [HostStatusUpdaterThread] com.q1labs.core.shared.jsonrpc.RPC: [ERROR] [NOT:0000003000][<IPOfConsole>/- -] [-/- -]Error invoking remote method System.updateServerHostStatusWithOptions with arguments ["<IPOfQNI>",2,"rO0ABXNyABRqYXZhLnV0aWwuUHJvcGVydGllczkS0HpwNj6YAgABTAAIZGVmYXVsdHN0ABZMamF2YS91dGlsL1Byb3BlcnRpZXM7eHIAE2phdmEudXRpbC5IYXNodGFibGUTuw8lIUrkuAMAAkYACmxvYWRGYWN0b3JJAAl0aHJlc2hvbGR4cD9AAAAAAAAIdwgAAAALAAAAAXQABlNUQVRVU3QAB3Vua25vd254cA=="] for result 'N/A'
    Nov 22 10:20:40 ::ffff:127.0.0.1 [hostcontext.hostcontext] [HostStatusUpdaterThread] com.q1labs.configservices.controller.ServerHostStatusUpdater: [ERROR] [NOT:0000003000][<IPOfConsole>/- -] [-/- -]Could not update status for host <IPOfQNI>
    Nov 22 10:20:49 ::ffff:127.0.0.1 [hostcontext.hostcontext] [Server Host Status Processor] com.q1labs.core.shared.jsonrpc.RPC: [ERROR] [NOT:0000003000][<IPOfConsole>/- -] [-/- -]Error invoking remote method System.updateServerHostStatusWithOptions with arguments ["<IPOfConsole>",0,"rO0ABXNyABRqYXZhLnV0aWwuUHJvcGVydGllczkS0HpwNj6YAgABTAAIZGVmYXVsdHN0ABZMamF2YS91dGlsL1Byb3BlcnRpZXM7eHIAE2phdmEudXRpbC5IYXNodGFibGUTuw8lIUrkuAMAAkYACmxvYWRGYWN0b3JJAAl0aHJlc2hvbGR4cD9AAAAAAAAIdwgAAAALAAAABHQABlNUQVRVU3QAB1JFTU9WRUR0AAhIT1NUTkFNRXQADmNvbnNvbGUyMjEuY29tdAAMVE9UQUxfTUVNT1JZdAAJMjYzOTU3OTcydAAEQ1BVU3QAAjI0eHA="] for result 'N/A'
    Nov 22 10:20:49 ::ffff:127.0.0.1 [hostcontext.hostcontext] [Server Host Status Processor] com.q1labs.configservices.controller.ServerHostStatusUpdater: [ERROR] [NOT:0000003000][<IPOfConsole>/- -] [-/- -]Could not update status for host <IPOfConsole>
    Nov 22 10:20:54 ::ffff:127.0.0.1 [tomcat.tomcat] [pool-3-thread-4] com.q1labs.core.qni.util.SSHCommandTask: [ERROR] [NOT:0000003000][<IPOfConsole>/- -] [-/- -]An unhandled exception was thrown during the execution of task: 1859
    Nov 22 10:20:54 ::ffff:127.0.0.1 [tomcat.tomcat] [pool-3-thread-4] java.lang.RuntimeException: Error connecting to <IPOfQNI> by SSH.

    As I have reconnected QNI on VCenter, Deploy Full Configuration instantly became successful. 

    Has anyone encountered the issue?

    Thank you!



    ------------------------------
    Philip Ng
    ------------------------------


  • 2.  RE: Deploy Full Configuration dependency on QNI

    Posted Wed November 22, 2023 07:32 AM

    Hi Philip,

    This is a known issue covered by the following APAR - https://www.ibm.com/support/pages/apar/IJ39612

    Unfortunately this is not resoved yet.

    The workround is to restore access to the QNI appliance or remove it from the deployment



    ------------------------------
    John Dawson
    ------------------------------

    Original Message


  • 3.  RE: Deploy Full Configuration dependency on QNI
    Best Answer

    Posted Wed November 22, 2023 08:55 PM

    Hi John,

    Thank you for the information. I will follow IJ39612 for the update.



    ------------------------------
    Philip Ng
    ------------------------------

    Original Message


Related Content