IBM QRadar

Hi Community, 

We are using QRadar SIEM 7.5.0 update pack 3. Yesterday we powered off the console VM using command "poweroff" and then increased its RAM to 64GB (previous was 32GB) then again we powered on the machine. Now console is up and running but the new wincollect agent installations are not responding to console.

There is no communication issue between the endpoint and QRadar console for both ports 8413 and 514. 

We have also restarted the WinCollect service multiple times but no PEM file is generated in wincollect config folder. 

Also tried full deployment from console and restarted event collection service but still the error is same. 

The error message is: 

log=SRV.System.WinCollectSvc.Service  msg=Register with configuration server failed -- The certificate presented by the configuration server was either missing or its chain was not validated/trusted -- will try again later

log=SRV.Code.CertificateManager.qradarconsole.com  msg=Cannot connect to configuration server (336032784) 

@Jonathan Pechta, if you can help in this or anyone from community can guide us please.

Hi Community, 

We are using QRadar SIEM 7.5.0 update pack 3. Yesterday we powered off the console VM using command "poweroff" and then increased its RAM to 64GB (previous was 32GB) then again we powered on the machine. Now console is up and running but the new wincollect agent installations are not responding to console.

There is no communication issue between the endpoint and QRadar console for both ports 8413 and 514. 

We have also restarted the WinCollect service multiple times but no PEM file is generated in wincollect config folder. 

Also tried full deployment from console and restarted event collection service but still the error is same. 

The error message is: 

log=SRV.System.WinCollectSvc.Service  msg=Register with configuration server failed -- The certificate presented by the configuration server was either missing or its chain was not validated/trusted -- will try again later

log=SRV.Code.CertificateManager.qradarconsole.com  msg=Cannot connect to configuration server (336032784) 

Hi Community, 

We are using QRadar SIEM 7.5.0 update pack 3. Yesterday we powered off the console VM using command "poweroff" and then increased its RAM to 64GB (previous was 32GB) then again we powered on the machine. Now console is up and running but the new wincollect agent installations are not responding to console.

There is no communication issue between the endpoint and QRadar console for both ports 8413 and 514. 

We have also restarted the WinCollect service multiple times but no PEM file is generated in wincollect config folder. 

Also tried full deployment from console and restarted event collection service but still the error is same. 

The error message is: 

log=SRV.System.WinCollectSvc.Service  msg=Register with configuration server failed -- The certificate presented by the configuration server was either missing or its chain was not validated/trusted -- will try again later

log=SRV.Code.CertificateManager.qradarconsole.com  msg=Cannot connect to configuration server (336032784)