IBM Security QRadar

 View Only

  • 1.  Auto update Error

    Posted Tue January 03, 2023 01:36 AM
    Hi,
    Auto update is not working, I have tried the below steps but no luck.

    Auto update error: Could not verify the authenticity of scripts/AUScripts.tgz | IBM Security QRadar

    au-cert.pem is missing in the directory /store/autoupdates

    I tried the command /opt/qradar/bin/UpdateConfs.pl -runall
    and ran the Get new updates in GUI but it is not retrieved.

    If any of you know how to resolve the issue, please assist me.

    Error:
    Could not retrieve "dau/dau.manifest.xml": 500 Can't connect to auto-update.qradar.ibmcloud.com:443
    sha512sum differ! Downloaded file sha f561a1e268555eec96059a67f26a34b41e01a3a02b15e6c435214005d30122c4257536f4293a9c8ce26470ebbbc5e4193b5c6ad4a5274af2538cefd9b3e9ce16 vs Expected manifest sha 044235ca4e0be5038280f2a2501f4d976fbd359e1f4eaa9322594689c6749d601d8d95c6cd3fb0137663557f229dd44c9ad454e91c7264f621099a1ed6884788
    wau/wau.manifest.xml had a problem downloading.  Trying again ...  0 of 3 attempts
    sha512sum differ! Downloaded file sha 3ae4e8fdd6f192a5c6154ce8c50dafa0ca5b12ec45728b8ebe68340f3bef403efeb7550b6a03699cb73780a19d051f9b21dfb5f0c02c79f8856ea871b9aa7810 vs Expected manifest sha 044235ca4e0be5038280f2a2501f4d976fbd359e1f4eaa9322594689c6749d601d8d95c6cd3fb0137663557f229dd44c9ad454e91c7264f621099a1ed6884788
    wau/wau.manifest.xml had a problem downloading.  Trying again ...  1 of 3 attempts
    sha512sum differ! Downloaded file sha f561a1e268555eec96059a67f26a34b41e01a3a02b15e6c435214005d30122c4257536f4293a9c8ce26470ebbbc5e4193b5c6ad4a5274af2538cefd9b3e9ce16 vs Expected manifest sha 044235ca4e0be5038280f2a2501f4d976fbd359e1f4eaa9322594689c6749d601d8d95c6cd3fb0137663557f229dd44c9ad454e91c7264f621099a1ed6884788
    wau/wau.manifest.xml had a problem downloading.  Trying again ...  2 of 3 attempts
    sha512sum differ! Downloaded file sha 7cd59dd8f405fa089db85fd76037dbb605a9312bba46fd1aa1b5cdc26207ebdfefb388a3bd6017c0eeac8f26c6e762fe0c13ea1617c4c2cd10bbcdb397a5b1d2 vs Expected manifest sha eb0b2abb6d3c1068be1967b4f74e06a9ee4becdcc5edfa83ed5941fe650b150804f9d900f3bf03cd2f22cddc96f126be1028a4ff4e214923dcd067c2a5e6f1b2
    scripts/AUScripts.tgz had a problem downloading.  Trying again ...  0 of 3 attempts
    sha512sum differ! Downloaded file sha de1dc9cb37e6fe3483c4f1dba90a7a768530c5f4ce5eb95830bc25ba5c63077a8ad63771cd0ddbfe54e394cb8330b6fd564c1ac5a38ba2b671823a8a5dee7d83 vs Expected manifest sha eb0b2abb6d3c1068be1967b4f74e06a9ee4becdcc5edfa83ed5941fe650b150804f9d900f3bf03cd2f22cddc96f126be1028a4ff4e214923dcd067c2a5e6f1b2
    scripts/AUScripts.tgz had a problem downloading.  Trying again ...  1 of 3 attempts
    sha512sum differ! Downloaded file sha d4df906275b72641024abbd6121b36195c4f60fb2d490a5f044f777866b296fe114a60c2899edea76b476832ce40239c08da61b0b041f439ae6bcb79c33acb41 vs Expected manifest sha eb0b2abb6d3c1068be1967b4f74e06a9ee4becdcc5edfa83ed5941fe650b150804f9d900f3bf03cd2f22cddc96f126be1028a4ff4e214923dcd067c2a5e6f1b2
    scripts/AUScripts.tgz had a problem downloading.  Trying again ...  2 of 3 attempts
    Could not verify the authenticity of scripts/AUScripts.tgz.

    Thanks

    ------------------------------
    Arunkumar R
    ------------------------------


  • 2.  RE: Auto update Error

    Posted Wed January 04, 2023 01:36 AM
    Edited by Vishal Tangadkar Wed January 04, 2023 01:39 AM

    This is a known issue in this week's auto update where the au-cert.pem file experiences a signature error. The result of this issue is the error message you reported:

    Fri Jun 25 08:51:09 2021 [ERROR] Bad signature! Rejecting the manifest, aborting Fri Jun 25 08:51:09 2021 [ERROR] Could not verify the authenticity of scripts/AUScripts.tgz.

    There is a workaround to remove the pem file, then run the auto update again.

    What to do

    Note: If you are not comfortable removing files, open a case and QRadar Support can assist you with this workaround.

    1. Log in to the QRadar Console as the root user.
    2. Navigate to the /store/autoupdates directory.
    3. Move or rename the au-cert.pem file to /root
    4. Type the following command to run the auto update:
    /opt/qradar/bin/UpdateConfs.pl -runall

    The auto update should complete successfully.


    For more details please check:

    https://www.ibm.com/support/pages/qradar-common-issues-and-troubleshooting-auto-update-version-911

    ------------------------------
    Vishal Tangadkar
    ------------------------------

    Original Message


  • 3.  RE: Auto update Error

    Posted Wed January 04, 2023 07:16 AM
    Thank you.  But I already tried this as I mentioned in my query post itself.

    ------------------------------
    Arunkumar R
    ------------------------------

    Original Message


  • 4.  RE: Auto update Error

    Posted Tue February 21, 2023 12:48 AM

    I'm having the same issue with multiple deployments.

    The issue started towards the end of 2022 and is affecting my 7.4.3 and 7.5.0 deployments. All our deployments use a proxy to get out to the internet (i.e. no direct connectivity). Support supplied me anew auWeb.pm file to use but this has not solved the problem either.

    I have a lab deployment where updates are working (it has direct internet access) but in /store/autoupdates there is no au-Cert.pm file at all. Auto update version is 9.16. We have done lots of troubleshooting with the team that look after our proxies and cannot identify any issues there.

    This issue has been ongoing for a while, so hopefully its on the dev team's radar and they are looking at it?

    Cheers

    Brian



    ------------------------------
    Brian Robertson
    ------------------------------

    Original Message


  • 5.  RE: Auto update Error

    Posted Thu March 23, 2023 07:02 AM

    Hello, 

    I face the same issue as you. Have you found solution for this issue?



    ------------------------------
    Tahir Yagubov
    ------------------------------

    Original Message


  • 6.  RE: Auto update Error

    Posted Fri August 25, 2023 07:38 AM

    Hello, I have observed the same issue after upgrading Qradar from 7.4.2 to 7.5.0 UP5 auto updates are not working properly. Running version of auto updates are 9.17 and i even tried to download old version 9.11 from fix central after installation version again upgraded to 9.17, issue is still not fixed. From console in View logs there is no error find out , however all updates are downloaded successfully but installed with errors.

    If any of you know how to resolve the issue, please assist me.



    ------------------------------
    Zeeshan Ahmed
    ------------------------------

    Original Message


  • 7.  RE: Auto update Error

    Posted Sun August 27, 2023 11:42 PM

    Hi Zeeshan, 

    Does your deployment use a proxy to get updates or does it go direct out? 
    Our ones had an issue with downloading the updates not the installing side of things, can you post a copy of the error from the log in the auto-update GUI widgit?



    ------------------------------
    Brian Robertson
    ------------------------------

    Original Message