IBM QRadar

IBM QRadar

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only

  • 1.  WinCollect 7.3.0 certificate fails

    Posted Tue August 25, 2020 01:51 PM

    7.3.0 sfs install fails to connect with manually installed 7.3.0 agent



    #QRadar
    #Support
    #SupportMigration


  • 2.  RE: WinCollect 7.3.0 certificate fails

    Posted Tue August 25, 2020 02:04 PM

    What I intended to ask: WinCollect 7.3.0 sfs is installed on QRadar 7.4.1. WinCollect Agent 7.2.9(105) fails to connect with the console and doesn't update to WinCollect 7.3.0.

    This post meant to resolve the issue: https://www.ibm.com/support/pages/node/6260883?myns=swgother&mynp=OCSSBQAC&mync=E&cm_sp=swgother-_-OCSSBQAC-_-E

    Unfortunately the manual installation of WinCollect 7.3.0 as intended resulted in log errors on the QRadar Console.

    Aug 25 15:57:21 ::ffff:x.x.x.x [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_41] com.q1labs.frameworks.crypto.trustmanager.Q1X509CertificateFactory: [WARN] [NOT:0000004000][x.x.x.x/- -] [-/- -]generateCertificateURL skipped ldap:///CN=CAname,CN=AIA,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=company,DC=local?cACertificate?base?objectClass=certificationAuthority because it is an unsupported file.

    Aug 25 15:57:21 ::ffff:x.x.x.x [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_41] com.q1labs.frameworks.crypto.trustmanager.CertificateValidator: [INFO] [NOT:0000006000][x.x.x.x/- -] [-/- -]Audit logging msg:(ecs-ec-ingress) Validating certficate chain failed. chain:[0]X509Certificate : { SubjectDN : CN=company.local, OU=Engineering, O=company, L=location, ST=ZH, C=CH, IssuerDN : CN=CAname, DC=company, DC=local},, params:CertValidatorParameters [enableLegacySupport :false,checkPinning :false,checkRevocation :false,checkSelfsigned :true,checkUsage :true,checkCaIssuersInAuthInfoAccess :false,trustStores :/etc/pki/ca-trust/extracted/java/cacerts,/opt/ibm/si/services/ecs-ec-ingress/current/frameworks_conf/cached_crls,], exception:java.lang.NullPointerException

    Aug 25 15:57:21 ::ffff:x.x.x.x [ecs-ec-ingress.ecs-ec-ingress] [WinCollectConfigHandler_41] com.q1labs.frameworks.crypto.trustmanager.CertificateValidator: [ERROR] [NOT:0000003000][x.x.x.x/- -] [-/- -]null

    After this the WinCollect agent remains logging:

    08-25 16:00:56.382 WARN SRV.System.WinCollectSvc.Service : Register with configuration server failed -- An error was reported on server. Check the server's log files for details. -- will try again later

    Any suggestions?



    #QRadar
    #Support
    #SupportMigration


  • 3.  RE: WinCollect 7.3.0 certificate fails

    Posted Thu October 08, 2020 12:25 PM

    Same here. Waiting for IBM support...

    Do you know anything how to resolve this issue without renaming agent?



    #QRadar
    #Support
    #SupportMigration


  • 4.  RE: WinCollect 7.3.0 certificate fails

    Posted Mon October 12, 2020 12:20 PM

    Hi Jiri

    Sorry for the delay. I was on vacation. IBM support managed to resolve our issue. The changes might not match those required in your case. So, please stay in contact with IBM support. If there's an issue renaming the agent, let them know. They were very fast and efficient with us. The same should apply in your case.

    Take care

    Robert



    #QRadar
    #Support
    #SupportMigration


Related Content