IBM Support

QRadar: Unable to read managed host due to error "No connection to tomcat".

Troubleshooting


Problem

A managed host cannot be readed after successfully being removed while being offline or unreachable (UNKNOWN state). The addition process fails when the managed host tries to connect to Tomcat.

Symptom

On the Console WebUI, the addition process will fail with the following error:
Error01
The following error appears in /var/log/qradar.log:
[hostcontext.hostcontext] [2c3bfc3c-df07-4ea8-a156-cc0a6642c794/SequentialEventDispatcher] com.q1labs.configservices.capabilities.AddHost: [INFO] [NOT:0000006000][<IP of Console>/- -] [-/- -]Executing presence on host <IP of Managed Host> using console ip <IP of Console>
[hostcontext.hostcontext] [2c3bfc3c-df07-4ea8-a156-cc0a6642c794/SequentialEventDispatcher] com.q1labs.configservices.capabilities.AddHost: [ERROR] [NOT:0000003000][<IP of Console>/- -] [-/- -]Failed to read output from ssh connection on host <IP of Managed Host> 
[hostcontext.hostcontext] [2c3bfc3c-df07-4ea8-a156-cc0a6642c794/SequentialEventDispatcher] com.q1labs.configservices.common.ConfigServicesException: Failed to read output from ssh connection on host <IP of Managed Host>

Document Location

Worldwide

[{"Line of Business":{"code":"LOB77","label":"Automation Platform"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000cwtNAAQ","label":"Deployment"}],"ARM Case Number":"TS004662393","Platform":[{"code":"PF016","label":"Linux"}],"Version":"All Version(s)"}]

Log InLog in to view more of this document

This document has the abstract of a technical article that is available to authorized users once you have logged on. Please use Log in button above to access the full document. After log in, if you do not have the right authorization for this document, there will be instructions on what to do next.

Document Information

Modified date:
29 May 2023

UID

ibm16408992