Adding Peer Logger with ESM 6.5 Error

I want to peer a soft Logger 6.1 with Arcsight ESM 6.5 and when I attempt to peer I get this error:

There was a problem saving your changes: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

I put at Peer Host Name the  IP or FQDN  of my ESM but i get the same error. My cert are not expired.

Anyone have any idea how to get past this error?

Tks!

Tags:

  • Hi ,

    How was the cert created? With hostname or IP?

    If hostname, are the hostnames listed in both "hosts" files?

    How did you initiate the peering? with logger or command center?

    Which port have you used to do the peering? I tested this briefly in my lab yesterday.

    I ended up using port 9000.

    Hope this helps.

    Lar

  • Verified Answer

    Hi Lar,

    Tks for your answer.

    Now, I have another error.

    IF I initiate peering from Logger to ESM  and I am using port 8443 I have error: "Remote peer  Arcsight.ESM   returned HTTP Return Code 302", if I am using port 9000: "Remote peer Arcsight.ESM returned error:Peer logger 192.168.5.3 could not be pinged!"

    IF I initiate peering from ESM to logger (on port 9000 or 8443) i have error: " Please verify that [logger] is available and is running an Arcsight product that supports peering with this server"

    Bogdan!

  • Verified Answer

    Hi Lar,

    Tks for your answer.

    Now, I have another error.

    IF I initiate peering from Logger to ESM  and I am using port 8443 I have error: "Remote peer  Arcsight.ESM   returned HTTP Return Code 302", if I am using port 9000: "Remote peer Arcsight.ESM returned error:Peer logger 192.168.5.3 could not be pinged!"

    IF I initiate peering from ESM to logger (on port 9000 or 8443) i have error: " Please verify that [logger] is available and is running an Arcsight product that supports peering with this server"

    Bogdan!

  • I experienced a similar error peering ESM v6.91c managers:

    There was a problem saving your changes: Logger Exception: com.arcsight.common.exception.ArcSightException: Exception calling: com.arcsight.logger.distributed.https.PeerLoggerClientMgr.getInstance().establishAssociation.

    Arcsight support was clueless and kept asking redundant questions. After reading some of the Protect724 articles I tried using just the IP Addresses and it worked BUT you must update the httpd.conf file and use the server IP Address instead of the FQDN (as stated in the documentation).

    I surmise that the issue is most likely related to the application NOT using DNS to resolve the FQDN entered in the Peer Configuration. I would also bet that adding the FQDN's of all peers into the /etc/hosts files on all ESM managers would work also, but I have not tested that configuration.

  • I can confirm adding resolution via /etc/hosts works.