IBM QRadar

IBM QRadar

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only
Back to discussions
Expand all | Collapse all

Backup and Import in Qradar Network Hierarchy Management is failing.

  • 1.  Backup and Import in Qradar Network Hierarchy Management is failing.

    Posted Fri August 27, 2021 02:51 PM

    Hello,

    We are getting an error when attempting to Backup or Import in the QRadar Network Hierarchy Management:

    "Something went wrong! Unknown error occurred, see logs for more detail"

    Note: No app host, apps all run on console.

    We checked,

    /opt/qradar/support/qappmanager and, /opt/qradar/support/recon ps

    Even though we reinstalled and the app is running good, the problem and error still persists.

    The following entry in the apps app.log (/store/docker/volumes/qapp-3852/log) is:

    SSLError(MaxRetryError('HTTPSConnectionPool(host=\'is-qrcons-01.client.net\', port=443): Max retries exceeded with url: /api/config/network_hierarchy/networks?fields=group%2Cname%2Ccidr%2Cdescription%2Cdomain_id%2Cid (Caused by SSLError(SSLError("bad handshake: Error([(\'SSL routines\', \'SSL3_GET_SERVER_CERTIFICATE\', \'certificate verify failed\')],)",),))',),)

    2021-08-26 18:59:55,502 [abstract_qpylib.log] [Thread-18] [ERROR] - 127.0.0.1 [APP_ID/3052][NOT:0000006000] Traceback:

    Traceback (most recent call last):

    File "/app/views.py", line 284, in import_nh

    functions.import_net_hier(file_path=file_path, backup_existing=True)

    File "/app/core/functions.py", line 285, in import_net_hier

    export_net_hier(file_path=bkup_file_path)

    File "/app/core/functions.py", line 261, in export_net_hier

    net_hier = get_net_hier(convert_domain_ids_to_names=convert_domain_ids_to_names)

    File "/app/core/functions.py", line 208, in get_net_hier

    response = api_client.call_rest('GET', Constants.API_NET_HIER_DEPLOYED, params={'fields': 'group,name,cidr,description,domain_id,id'})

    File "/app/core/api_client.py", line 27, in call_rest

    response = REST(*args, **kwargs)

    File "/app/qpylib/qpylib.py", line 45, in REST

    timeout=timeout)

    File "/app/qpylib/live_qpylib.py", line 135, in REST

    timeout=timeout, verify=verify)

    File "/app/qpylib/abstract_qpylib.py", line 55, in RESTget

    data=data, json=json_inst, timeout=timeout)

    File "/usr/lib/python2.6/site-packages/requests/api.py", line 72, in get

    return request('get', url, params=params, **kwargs)

    File "/usr/lib/python2.6/site-packages/requests/api.py", line 58, in request

    return session.request(method=method, url=url, **kwargs)

    File "/usr/lib/python2.6/site-packages/requests/sessions.py", line 508, in request

    resp = self.send(prep, **send_kwargs)

    File "/usr/lib/python2.6/site-packages/requests/sessions.py", line 618, in send

    r = adapter.send(request, **kwargs)

    File "/usr/lib/python2.6/site-packages/requests/adapters.py", line 506, in send

    raise SSLError(e, request=request)

    SSLError: HTTPSConnectionPool(host='is-qrcons-01.client.net', port=443): Max retries exceeded with url: /api/config/network_hierarchy/networks?fields=group%2Cname%2Ccidr%2Cdescription%2Cdomain_id%2Cid (Caused by SSLError(SSLError("bad handshake: Error([('SSL routines', 'SSL3_GET_SERVER_CERTIFICATE', 'certificate verify failed')],)",),))

    Notice that the FQDN the app is referencing (is-qrcons-01.client.net) does not match by case on the actual FQDN of the console (IS-QRCONS-01.CLIENT.NET) UPPER CASE.

    The entry in the (QRadar Local CA) SSL certificate that is installed has the IS-QRCONS-01.CLIENT.NET name as its Subject.

    I think the problem here is that the NHM app is not coded to deal with hostnames that are UPPER case or mixed case.

    Please help!



    #QRadar
    #Support
    #SupportMigration


  • 2.  RE: Backup and Import in Qradar Network Hierarchy Management is failing.

    Posted Fri August 27, 2021 05:38 PM

    I'm not sure what version you are on of QRadar, but there has been a change where all hostnames must comply with an RFC to treat all hostnames as lowercase.

     

    If your QRadar appliance has uppercase hostnames, it can cause app framework issues as described in this APAR: https://www.ibm.com/support/pages/apar/IJ30763

     

    I believe the APAR advises users to confirm hostnames that are uppercase. Depending on your version, qchange_netsetup has been disabled and you need to either contact support or reenable qchange_netsetup and confirm it will run properly as described in the following tech note to be able to change your hostname yourself: Important: A critical issue has been identified in /opt/qradar/bin/qchange_netsetup (IJ31239).

     

    You can either update your hostname or get support assistance on this issue.

     



    #QRadar
    #Support
    #SupportMigration


  • 3.  RE: Backup and Import in Qradar Network Hierarchy Management is failing.

    Posted Mon August 30, 2021 05:35 PM

    Update: There is a workaround for this issue to add the Console's FQDN to nva.conf as described in https://www.ibm.com/support/pages/apar/IJ32496



    #QRadar
    #Support
    #SupportMigration


  • 4.  RE: Backup and Import in Qradar Network Hierarchy Management is failing.

    Posted Thu February 24, 2022 07:08 AM

    As per the apar we have analyzed he nva.conf file and did't found any FQDN value with CAPS,


    please assist with this issue and there is dedicated support for this issue from IBM QRadar support team.


    



    #QRadar
    #Support
    #SupportMigration


Related Content