IBM Support

QRadar: Auto Update Proxy Issues "500 SSL NEGOTIATION FAILED" (Updated)

Troubleshooting


Problem

After you upgrade QRadar, automatic updates fail to connect when a proxy is configured with the error message: "Could not contact the update server: 500 SSL negotiation failed: Could not download manifest list". This technical note and script is intended to resolve connection issues for administrators.

Cause

APAR Description
IJ00621 QRADAR AUTOUPDATE ERROR 'COULD NOT CONTACT THE UPDATE SERVER: 500 SSL NEGOTIATION FAILED' WITH QRADAR AND PROXIES

Diagnosing The Problem

Users with a proxy configured in their auto update settings in QRadar who are unable to receive automatic updates where the auto update log displays the error: Could not contact the update server: 500 SSL negotiation failed: Could not download manifest list.

User interface error message:
image-20200317150131-2

Error log example:
  Fri Mar 6 03:34:03 2020 [WARN] Could not retrieve "manifest_list_512": 500 Can't connect to qmmunity.q1labs.com:443
(Crypt-SSLeay can't verify hostnames)  
Fri Mar 6 03:34:03 2020 [DEBUG] Set error_code to 4  
Fri Mar 6 03:34:03 2020 [DEBUG] Previous Value: 6  
Fri Mar 6 03:34:03 2020 [DEBUG] Updating DB  
Fri Mar 6 03:34:03 2020 [DEBUG] Successfully Updated DB error_code to 4  
Fri Mar 6 03:34:03 2020 [WARN] Could not download manifest list.  
Fri Mar 6 03:34:03 2020 [DEVEL] Cleanup requested with return code 0  
Fri Mar 6 03:34:03 2020 [DEBUG] Set autoupdate_status to 0  
Fri Mar 6 03:34:03 2020 [DEBUG] Previous Value: 1  
Fri Mar 6 03:34:03 2020 [DEBUG] Updating DB  
Fri Mar 6 03:34:03 2020 [DEBUG] Successfully Updated DB autoupdate_status to 0  
Fri Mar 6 03:34:03 2020 [DEVEL] Cleaning up scripts.

Resolving The Problem

A utility is available on IBM Fix Central to resolve connection issues. The QRADAR-AUProxyFP-9.11.tgz file on IBM Fix Central can be used to resolve proxy connection issues on all QRadar 7.3.x, 7.4.x, and 7.5.x versions. Users experiencing issues can confirm they have the latest version of the AUProxyFP utility on 7.3.x and 7.4.x.  On new installs of 7.5.x, if the problem occurs, install the QRADAR-AUProxyFP-9.11.tgz file on the server even if the installed AU version is more recent than 9.11 to fix the problem.

Procedure
  1. Download the Auto Update Fix Pack utility from IBM Fix Central to your laptop or workstation: AUProxyFP-9.11.tgz.
    Note: if it has issues displaying the download, use a private browser.
  2. Use SSH to log in to the QRadar Console as the root user.
  3. Copy the file to a directory of the QRadar Console, such as /root, /tmp, or /storetmp.
  4. Navigate to the directory where you put the AUProxyFP-9.11.tgz file.
  5. Type the following command to extract the file:
    gunzip -c AUProxyFP-9.11.tgz | tar xvf -
  6. Navigate to the directory where the file is extracted.
  7. Type the following command to install the proxy fix pack:
    ./install.sh
    Note: this can take up to 30 minutes to complete, even after the bash prompt is returned. You can check it periodically every 15 minutes with:
    /opt/qradar/bin/UpdateConfs.pl -v
    When it has successfully installed, the version will display 9.11. Then when you run the update, it may display a higher version after it runs successfully.
  8. After the installation completes, type the following command to verify the connection:
    /opt/qradar/bin/UpdateConfs.pl -testConnect 1 0
    - If successful, the following message is displayed and the administrator can continue to Step #9:
    [AUTOUPDATE] [TESTCONNECT] Test downloaded successfully!
    - If unsuccessful, the following message is displayed and the administrator can verify their proxy configuration:
    [AUTOUPDATE] [TESTCONNECT] Could not download manifest list.
     
  9. Log in to the QRadar Console as an administrator.
  10. Click the Admin tab.
  11. Click Auto Update icon.
  12. Click Get New Updates button.
  13. Wait for the auto update to attempt the connection.
  14. Click View Log to verify the Last Update Status.


    Results
    If you continue to experience issues, or error messages related to "Could not contact the update server: 500 SSL negotiation failed: "Could not download manifest list", contact QRadar Support.

[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000cwtDAAQ","label":"Auto Update"}],"ARM Case Number":"TS012962696","Platform":[{"code":"PF016","label":"Linux"}],"Version":"7.3.0;7.3.1;7.3.2;7.3.3;7.4.0;7.4.1;7.4.2;7.4.3;7.5.0"}]

Document Information

Modified date:
24 May 2024

UID

swg22010655