Troubleshooting
Problem
After you upgrade QRadar, automatic updates fail to connect when a proxy is configured with the error message: "Could not contact the update server: 500 SSL negotiation failed: Could not download manifest list". This technical note and script is intended to resolve connection issues for administrators.
Cause
APAR | Description |
IJ00621 | QRADAR AUTOUPDATE ERROR 'COULD NOT CONTACT THE UPDATE SERVER: 500 SSL NEGOTIATION FAILED' WITH QRADAR AND PROXIES |
Diagnosing The Problem
Users with a proxy configured in their auto update settings in QRadar who are unable to receive automatic updates where the auto update log displays the error: Could not contact the update server: 500 SSL negotiation failed: Could not download manifest list.
User interface error message:
Error log example:
User interface error message:
Error log example:
Fri Mar 6 03:34:03 2020 [WARN] Could not retrieve "manifest_list_512": 500 Can't connect to qmmunity.q1labs.com:443
(Crypt-SSLeay can't verify hostnames)
Fri Mar 6 03:34:03 2020 [DEBUG] Set error_code to 4
Fri Mar 6 03:34:03 2020 [DEBUG] Previous Value: 6
Fri Mar 6 03:34:03 2020 [DEBUG] Updating DB
Fri Mar 6 03:34:03 2020 [DEBUG] Successfully Updated DB error_code to 4
Fri Mar 6 03:34:03 2020 [WARN] Could not download manifest list.
Fri Mar 6 03:34:03 2020 [DEVEL] Cleanup requested with return code 0
Fri Mar 6 03:34:03 2020 [DEBUG] Set autoupdate_status to 0
Fri Mar 6 03:34:03 2020 [DEBUG] Previous Value: 1
Fri Mar 6 03:34:03 2020 [DEBUG] Updating DB
Fri Mar 6 03:34:03 2020 [DEBUG] Successfully Updated DB autoupdate_status to 0
Fri Mar 6 03:34:03 2020 [DEVEL] Cleaning up scripts.
Resolving The Problem
A utility is available on IBM Fix Central to resolve connection issues. The QRADAR-AUProxyFP-9.11.tgz file on IBM Fix Central can be used to resolve proxy connection issues on all QRadar 7.3.x, 7.4.x, and 7.5.x versions. Users experiencing issues can confirm they have the latest version of the AUProxyFP utility on 7.3.x and 7.4.x. On new installs of 7.5.x, if the problem occurs, install the QRADAR-AUProxyFP-9.11.tgz file on the server even if the installed AU version is more recent than 9.11 to fix the problem.
Procedure
Procedure
- Download the Auto Update Fix Pack utility from IBM Fix Central to your laptop or workstation: AUProxyFP-9.11.tgz.
Note: if it has issues displaying the download, use a private browser. - Use SSH to log in to the QRadar Console as the root user.
- Copy the file to a directory of the QRadar Console, such as /root, /tmp, or /storetmp.
- Navigate to the directory where you put the AUProxyFP-9.11.tgz file.
- Type the following command to extract the file:
gunzip -c AUProxyFP-9.11.tgz | tar xvf -
- Navigate to the directory where the file is extracted.
- Type the following command to install the proxy fix pack:
./install.sh
/opt/qradar/bin/UpdateConfs.pl -v
When it has successfully installed, the version will display 9.11. Then when you run the update, it may display a higher version after it runs successfully. - After the installation completes, type the following command to verify the connection:
/opt/qradar/bin/UpdateConfs.pl -testConnect 1 0
[AUTOUPDATE] [TESTCONNECT] Test downloaded successfully!
[AUTOUPDATE] [TESTCONNECT] Could not download manifest list.
- Log in to the QRadar Console as an administrator.
- Click the Admin tab.
- Click Auto Update icon.
- Click Get New Updates button.
- Wait for the auto update to attempt the connection.
- Click View Log to verify the Last Update Status.
Results
If you continue to experience issues, or error messages related to "Could not contact the update server: 500 SSL negotiation failed: "Could not download manifest list", contact QRadar Support.
Related Information
[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000cwtDAAQ","label":"Auto Update"}],"ARM Case Number":"TS012962696","Platform":[{"code":"PF016","label":"Linux"}],"Version":"7.3.0;7.3.1;7.3.2;7.3.3;7.4.0;7.4.1;7.4.2;7.4.3;7.5.0"}]
Was this topic helpful?
Document Information
Modified date:
24 May 2024
UID
swg22010655