IBM Support

QRadar: Auto Update Proxy Issues "500 SSL NEGOTIATION FAILED" (Updated)

Troubleshooting


Problem

After you upgrade QRadar, automatic updates fail to connect when a proxy is configured with the error message: "Could not contact the update server: 500 SSL negotiation failed: Could not download manifest list". This technical note and script is intended to resolve connection issues for administrators.

Cause

APAR Description
IJ00621 QRADAR AUTOUPDATE ERROR 'COULD NOT CONTACT THE UPDATE SERVER: 500 SSL NEGOTIATION FAILED' WITH QRADAR AND PROXIES

Environment

QRadar 7.3.x and 7.4.x

Diagnosing The Problem

Users with a proxy configured in their auto update settings in QRadar who are unable to receive automatic updates where the auto update log displays the error: Could not contact the update server: 500 SSL negotiation failed: Could not download manifest list.

User interface error message:
image-20200317150131-2

Error log example:
  Fri Mar 6 03:34:03 2020 [WARN] Could not retrieve "manifest_list_512": 500 Can't connect to qmmunity.q1labs.com:443
(Crypt-SSLeay can't verify hostnames)  
Fri Mar 6 03:34:03 2020 [DEBUG] Set error_code to 4  
Fri Mar 6 03:34:03 2020 [DEBUG] Previous Value: 6  
Fri Mar 6 03:34:03 2020 [DEBUG] Updating DB  
Fri Mar 6 03:34:03 2020 [DEBUG] Successfully Updated DB error_code to 4  
Fri Mar 6 03:34:03 2020 [WARN] Could not download manifest list.  
Fri Mar 6 03:34:03 2020 [DEVEL] Cleanup requested with return code 0  
Fri Mar 6 03:34:03 2020 [DEBUG] Set autoupdate_status to 0  
Fri Mar 6 03:34:03 2020 [DEBUG] Previous Value: 1  
Fri Mar 6 03:34:03 2020 [DEBUG] Updating DB  
Fri Mar 6 03:34:03 2020 [DEBUG] Successfully Updated DB autoupdate_status to 0  
Fri Mar 6 03:34:03 2020 [DEVEL] Cleaning up scripts.

Resolving The Problem

Change list

  • 8 October 2021: Updated download link to direct users to latest version of the AUProxyFP.tgz V9.11.
  • 6 September 2021: Updated extract command to prevent errors.
A utility is available on IBM Fix Central to resolve connection issues. The QRADAR-AUProxyFP-9.11.tgz file on IBM Fix Central can be used to resolve proxy connection issues on all QRadar 7.3.x and 7.4.x versions. Users experiencing issues can confirm they have the latest version of the AUProxyFP utility.

Procedure
  1. Download the Auto Update Fix Pack utility from IBM Fix Central to your laptop or workstation: AUProxyFP=9.11.tgz.
  2. Use SSH to log in to the QRadar Console as the root user.
  3. Copy the file to a directory of the QRadar Console, such as /root, /tmp, or /storetmp.
  4. Navigate to the directory where you put the AUProxyFP-9.11.tgz file.
  5. Type the following command to extract the file: gunzip -c AUProxyFP-9.11.tgz | tar xvf -
  6. Navigate to the directory where the file is extracted.
  7. Type the following command to install the proxy fix pack: ./install.sh
  8. After the installation completes, type the following command to verify the connection:
    /opt/qradar/bin/UpdateConfs.pl -testConnect 1 0

    - If successful, the following message is displayed and the administrator can continue to Step #8:
      [AUTOUPDATE] [TESTCONNECT] Test downloaded successfully!
    - If unsuccessful, the following message is displayed and the administrator can verify their proxy configuration:
     [AUTOUPDATE] [TESTCONNECT] Could not download manifest list.
     
  9. Log in to the QRadar Console as an administrator.
  10. Click the Admin tab.
  11. Click Auto Update icon.
  12. Click Get New Updates button.
  13. Wait for the auto update to attempt the connection.
  14. Click View Log to verify the Last Update Status.


    Results
    If you continue to experience issues or error messages related to "Could not contact the update server: 500 SSL negotiation failed: "Could not download manifest list", contact QRadar Support.
 

 

[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000cwtDAAQ","label":"Auto Update"}],"ARM Case Number":"","Platform":[{"code":"PF016","label":"Linux"}],"Version":"All Versions"}]

Document Information

Modified date:
15 December 2021

UID

swg22010655