Vice Admiral Vice Admiral
Vice Admiral
3091 views

Anyone else having issues with 7.1.2.7396 ?

Just noticed on two different conapps shortly after I applied 7.1.2.7396 the EPS out on the containers dropped to 0.  EPS in was normal but nothing out.  Logs on the container show Connection to [loggername] port 443 failed ping test and then a bunch of java exceptions.  I rebooted the entire conapp, no change.  Smart connectors seem find though, just the conapps.

Labels (2)
54 Replies
Absent Member.
Absent Member.

Hi Dustin,

We have tried various scenarios and did not hit any issue. We have a number of engineers trying out without any luck. Hence if we can have a bit more information such as :

1) What was the upgrade path you have taken ? From which version to 7.1.2 ?

2) Is it standalone or connectors on connapp ?

3) If it is on connapp, what is the hardware model and Connapp version ?

These details would help us narrow down. Thank you for your patience.

-Moehadi

0 Likes
Fleet Admiral
Fleet Admiral

Hi Guys,

I have upgraded the Connector Appliance to latest version 6.4.0.6881.3. Before that upgraded all the connectors from 5.x to 6.x and a week later to 7.1.1 and after observing the stabilization upgraded to 7.1.2. Everything works fine for me.

Maybe the real issue is with the ConApp version or Upgrade path followed during the Container/Connector Upgrade.

0 Likes
Admiral Admiral
Admiral

A similar experience here - I had one error here yesterday installing 7.1.2 on one conApp.  I was upgrading a previous connector (TrendMicro) which was already at v 7.0.7 - I think I might have skipped over 7.1.1 in the process and installed 7.1.2 on top of 7.0.7.  That upgrade failed with a fatal error, I used the "emergency restore" utility to rebuild the container, then installed the 7.1.2 Trend smartConnector once again and everything was ok.  On the other conApp I started with a fresh (empty) container anyway, and when I installed the same Trend connector using 7.1.2 I had no issues there.

The conApp's are 6.4.0.6881.3 as in Balashan's post.  I also wonder if skipping a connector AUP in the upgrade path on conApp #1 might have been what caused the initial issue..? 

0 Likes
Captain
Captain

I am having the same issue.  This is happening with our connector appliances, software connector servers, and local software connectors.  It seems that the events go to ESM just fine and give the "failed ping test on 443" error for all the logger connections.

Per the suggestion in the other responses, I'm currently rolling back v7.1.2.7396.0 on 126 connectors.

I see that the support team is saying that they cannot recreate in their lab.  This seems odd since so many of us are having the issue and I'm sure we are on a plethora of different conap versions (we have the most current patches including the GHOST patch applied) and software platforms (win 2003, 2008, 2012).

**UPDATE**  As soon as I rolled back to 7.1.1.7348 the connections to the Loggers re-established and the cache cleared in minutes.

0 Likes
Commander Commander
Commander

I had a similar situation and found a work around. No reinstall necessary for me.  It was a brand new installation using 7.1.2 (I now supports Oracle audit DB using SSL).

Like your symptoms, data flowed to ESM but not to the logger.  I edited the logger destination hostname (from "NYlogger.tad.net" to "NYlogger"), saved it and data started flowing to the logger.  I did this on five connectors.  Not scientific but try it out.

0 Likes
Micro Focus Contributor
Micro Focus Contributor

Hi Stephanie,

Will you be able to open an official ticket with support so we can look into the logs and troubleshoot the issue?

This is needed especially because we were not able to repro this in our environment.

Let me know.

Thanks

Dipali

0 Likes
Absent Member.
Absent Member.

Why a ticket is needed? I was told a couple of days ago not to use 7.1.2, as ArcSight is already aware of issues in 7.1.2. So right hand does not talk to left hand?

Vice Admiral Vice Admiral
Vice Admiral

Just reading the comments here and what I conclude as the comman scenario where the upgrade does not work is when the connector is running 7.1.1.7348 and is registered to send its logs to Logger, not ESM.  That is the key detail that I think maybe wasnt configured in your lab, to have it send its logs to logger instead of ESM. 


In your lab can you try and setup a logger on 7.1.1.7348 and register it to a logger.  Then with your conapp or arcmc, upgrade it to 7.1.2.  Once the upgrade is done you should see the connector caching, EPS Out is 0, and in the connector agent logs you will see the error message about unable to ping the logger. 


Please give that a try and let us know if you see the same thing that we see or not.

0 Likes
Fleet Admiral
Fleet Admiral

I think this is a known issue. I read about it somewhere, maybe something internal.

0 Likes
Commodore Commodore
Commodore

Happened to find this thread while I was in the process of downloading the 7.1.2 SmartConnector binaries.

If there is a known and serious issue with this version that is hitting multiple customers, why is it still available for download?

@HP: Shouldn't it be removed while a fix/root cause is worked on?

Thanks

Carl

Commodore Commodore
Commodore

Hi,

I had manually upgraded the smart connector to 7.1.2 on couple of windows servers (without using the connector appliance) and ended up having similar issue (ping test failed to the logger destinations). 

I had to rollback to the previous version to resolve the issue.

Thank you

Murali

0 Likes
Absent Member.
Absent Member.

Carl, I found from the past experience that it is not uncommon to see a common sense becoming uncommon with ArcSight. I know it is twisting, but you get what I mean

The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.