IBM Support

QRadar: Auto Update Proxy Issues "500 SSL NEGOTIATION FAILED" (Updated)

Troubleshooting


Problem

After upgrading QRadar, automatic updates fail to connect when a proxy is configured with the error message: "Could not contact the update server: 500 SSL negotiation failed: Could not download manifest list". This technical note and script is intended to resolve connection issues for administrators..

Cause

APAR Description
IJ00621 QRADAR AUTOUPDATE ERROR 'COULD NOT CONTACT THE UPDATE SERVER: 500 SSL NEGOTIATION FAILED" WITH QRADAR AND PROXIES

Environment

QRadar 7.3.x and 7.4.x

Diagnosing The Problem

Users with a proxy configured in their auto update settings in QRadar who are unable to receive automatic updates where the auto update log displays the error: Could not contact the update server: 500 SSL negotiation failed: Could not download manifest list.

User interface error message:
image-20200317150131-2

Error log example:
Fri Mar 6 03:34:03 2020 [WARN] Could not retrieve "manifest_list_512": 500 Can't connect to qmmunity.q1labs.com:443 (Crypt-SSLeay can't verify hostnames)
Fri Mar 6 03:34:03 2020 [DEBUG] Set error_code to 4
Fri Mar 6 03:34:03 2020 [DEBUG] Previous Value: 6
Fri Mar 6 03:34:03 2020 [DEBUG] Updating DB
Fri Mar 6 03:34:03 2020 [DEBUG] Successfully Updated DB error_code to 4
Fri Mar 6 03:34:03 2020 [WARN] Could not download manifest list.
Fri Mar 6 03:34:03 2020 [DEVEL] Cleanup requested with return code 0
Fri Mar 6 03:34:03 2020 [DEBUG] Set autoupdate_status to 0
Fri Mar 6 03:34:03 2020 [DEBUG] Previous Value: 1
Fri Mar 6 03:34:03 2020 [DEBUG] Updating DB
Fri Mar 6 03:34:03 2020 [DEBUG] Successfully Updated DB autoupdate_status to 0
Fri Mar 6 03:34:03 2020 [DEVEL] Cleaning up scripts.

Resolving The Problem

A utility has been released to to IBM Fix Central to resolve manifest and connection issues. The QRADAR-AUProxyFP.tgz file on IBM Fix Central can be used to resolve proxy connection issues on all QRadar 7.3.x and 7.4.x versions.
  1. Download the Auto Update Fix Pack utility from IBM Fix Central to your laptop or workstation: AUProxyFP.tgz.
       SHA256: 51d95cd1c090b4b45986c1a19823e365d756b3d38ce0581aaf0b8ae1f03f6830
  2. SCP the file to a directory of the QRadar Console, such as /root, /tmp, or /storetmp.
  3. Using SSH, log in to the QRadar Console as the root user.
  4. Type the following command to extract the file: gunzip -c AUProxyFP.tgz | tar zxvf -
  5. Navigate to the directory with the extracted file.
  6. Type the following command to install the proxy fix pack: ./install.sh
  7. After the installation completes, type the following command to verify the connection:
    /opt/qradar/bin/UpdateConfs.pl -testConnect 1 0

    - If successful, the following message is displayed and the administrator can continue to Step #8:
      [AUTOUPDATE] [TESTCONNECT] Test downloaded successfully!
    - If unsuccessful, the following message is displayed and the administrator should verify their proxy configuration:
     [AUTOUPDATE] [TESTCONNECT] Could not download manifest list.
     
  8. Log in to the QRadar Console as an administrator.
  9. Click the Admin tab.
  10. Click Auto Update icon.
  11. Click Get New Updates button.
  12. Wait for the auto update to attempt the connection.
  13. Click View Log to verify the Last Update Status.


    Results
    If you continue to experience issues or error messages related to "Could not contact the update server: 500 SSL negotiation failed: Could not download manifest list", then contact QRadar Support.
 

 

[{"Business Unit":{"code":"BU008","label":"Security"},"Product":{"code":"SSBQAC","label":"IBM QRadar SIEM"},"Component":"Admin Console","Platform":[{"code":"PF016","label":"Linux"}],"Version":"7.3.x","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Document Information

Modified date:
16 July 2020

UID

swg22010655