How to rebootstrap the Event Agent on a SSIM Manager
Last Updated September 09, 2010
The SSIM GUI and configuration console will not come up. SSIM Agents are not able to send events to the SSIM Manager. You see the following errors in the SSIM Manager's files:
/opt/Symantec/sesa/servletengine/logs/catalinia.out 17:19:45,473 INFO [ApplicationContext] Application context created java.lang.Exception: ### HARD ERROR: SYSTEM BOOTSTRAP FILES MISSING. HALTING
/opt/Symantec/sesa/Agent/cimom.log: java.lang.Exception: File: /etc/symantec/ses/ses_machine.dat - Key store has changed since encoding property file at com.symantec.management.util.Secure_Props.load(Unknown Source)
/opt/Symantec/sesa/Agent/logs/sesa-agent.log: 2007-10-24 07:51:43,422 INFO [Logging] >>ForwardingProvider.sendEvents() - Exception: java.lang.Exception: unable to get connection until boostrapped 2007-10-24 07:51:43,422 ERROR [Logging] java.lang.Exception: unable to get connection until boostrapped
/opt/Symantec/sesa/Agent/logs/ucf.log ERROR 2007-10-08 12:12:04,864 com.symantec.cas.ucf.collector.CollectorFactory main Error while creating collector "unix_syslog" com.symantec.management.applib.SESException: No machine ID
status output: sesmanager and assetsvc services are down and all other services are up. NOTE: If this is not a correlation box, then simserver will also be down.
The SSIM Manager has lost its bootstrap.
You will need to rebootstrap the SSIM appliance. There is one way to do this, but two ways to issue the command.
To Interactively register the agent:
Putty into the SSIM appliance and change to the root account with the command: su -
Change to the /usr/sbin directory witht he command: cd /usr/sbin
At the prompt, run the command: ./sesa-setup --reg-external
Answer the prompts.
It takes about 20 minutes for the process to complete. Note: Ignore the log4j [Failed] as seen below. Other [Failed]'s must be investigated.
Below are all of the prompts that you will see. This example was run on a single SSIM correlation box that is the directory box with all accounts using a common password of "password". Your values maybe different.
[root@spr-ssim-01 ~]# cd /usr/sbin [root@spr-ssim-01 sbin]# ./sesa-setup --reg-external
Please provide SESA Directory connection parameters:
Enter external SESA directory ip/hostname and press [ENTER]: 127.0.0.1
NOTE: 127.0.0.1 was used as this is the directory box. Otherwise put in the IP / Name of the directory SSIM Manager.
Enter external SESA directory port (636) and press [ENTER]: 636 Enter external SESA domain username (administrator) and press [ENTER]: cn=root Enter external SESA domain password and press [ENTER]: password Enter external SESA directory domain (Symantec.SES) and press [ENTER]: Symantec.ses
Enter external Directory Administrator password and press [ENTER]: password
Enter the local SESA database user (symcmgmt) and press [ENTER]: symcmgmt
Enter the local SESA database user password and press [ENTER]: password
Validating directory connection: [ OK ] Validating datastore connection: [ OK ]
*** Registering SESA Datastore ***
Registering datastore component: [ OK ]
*** Reinstalling SESA Manager ***
Service "sesmanager" is not running. Stopping "sesevents"... Waiting for "sesevents" to terminate... Reinstalling manager component: [ OK ]
*** Finalizing ***
Configuring agent: [ OK ] Starting services: [ OK ] Processing Agent inventory: [ OK ] Installing default system queries: log4j:WARN No appenders could be found for logger (com.symantec.sim.rx.RXInvocationHandler). log4j:WARN Please initialize the log4j system properly. [FAILED]
*** Completed ***
Specify Parameters with the command to register The following command for Symantec Security Information Manager will register the appliance with a directory:
Connect to the SSIM appliance via SSH and change to the root user with the command: su -
Note: <domain.ses> is the domain you created when you installed Symantec Security Information Manager, by default it would be Symantec.ses.
With this command you already specify the parameters to connect to the directory, but you still must specify and are prompted for: Domain user logon name. By default it is administrator Domain user Password. ldap-user password db-user password. In the command the db user is symcmgmt.
ID: Etrack 1154733
Imported Document ID: TECH85731
Subscribing will provide email updates when this Article is updated. Login is required to Subscribe