ICDx

 View Only
  • 1.  ICDx version 1.3 - login issues

    Posted Jun 21, 2019 12:27 PM

    Hi,

     

    I completed the install of ICDX 1.3 on a new redhat 7.6 server.

    After the install completes I attempt to sign in but it never accepts credentials.

    I have attempted to uninstall it and the install with custom credentials but it appears to always have the issue.

    I’ve tried the offline and online version of the installer.

     

    Any recommendations?



  • 2.  RE: ICDx version 1.3 - login issues

    Broadcom Employee
    Posted Jul 01, 2019 07:03 PM

    Here are few thing you can check: 

    - See If there are any errors in any of the logs under $SYMC_LOG folder.

    - If you have SELinux enabled, run the following commands:

    semanage port -a -t http_port_t -p tcp 5671
    setsebool -P httpd_can_network_relay 1
    setsebool -P httpd_can_network_connect 1

    - Check if there are any erros in rabbitmq server log.

     

     



  • 3.  RE: ICDx version 1.3 - login issues

    Broadcom Employee
    Posted Jul 29, 2019 01:04 PM

    Try to use the idusers.sh script to change the user password.  This is documented in the ICDx Admin guide.  

    Basically:

    cd /opt/symantec/icdx/id_epmp_dx-<version> # (or where ICDx is installed to which is $SYMC_HOME)
    
    ./idusers.sh admin admin manage_domain create_system_token view_events openc2

    This command sets the first option 'admin' to be the ICDx username, the second option 'admin' is the username password.  The last options are the rights for ICDx, which for now, the ones listed are all rights available in the current 1.x builds.

     

     



  • 4.  RE: ICDx version 1.3 - login issues

    Posted Aug 05, 2019 09:19 AM

    Did it solve the problem? It's not happening in our setup.

     



  • 5.  RE: ICDx version 1.3 - login issues

    Broadcom Employee
    Posted Aug 12, 2019 04:58 PM

    Please check the /etc/hosts file and see if the names here are similar to your systems hostname.

    On Ubuntu-Server the same problem occurs wheninstalling Ubuntu server from scratch, and then install ICDx immidiatly afterwards.



  • 6.  RE: ICDx version 1.3 - login issues

    Posted Aug 19, 2019 04:08 AM
      |   view attached

    It's still not working. We are using RHEL7.

    In the nginx error log we observed some line which indicates denied API calls. Can it be the issue? Please refer to the attached file and suggest.



  • 7.  RE: ICDx version 1.3 - login issues

    Posted Nov 27, 2020 01:29 PM
    We are also having the same issues, but with version 1.4. we tried all the above troubleshooting steps and no change. have gone through multiple verifications of nginx configs to make sure its not something on the nginx side. 

    Any help is appreciated. Broadcom do you guys have any info on this?


  • 8.  RE: ICDx version 1.3 - login issues

    Posted Dec 02, 2020 11:51 AM
    We are having login issue now with 1.4.  It has been running fine since May of 2020 and all of a sudden we can no longer login.  Active Directory logins fail as does the local account.  Just receive the unable to authenticate.  Please try again later.

    We are also seeing the following error in the nginx error log: nginx error connect() failed (111 connection refused) while connecting to upstream. 

    We have restarted the nginx service and the rabbitmq service.

    ------------------------------
    Mike
    WaveRider Security
    CA
    ------------------------------