Troubleshooting
Problem
QRadar® login page does not show any content even though all relevant QRadar services are up and running including httpd and tomcat.
Symptom
Launching the QRadar login page by using the URL: https://<hosname>|<IP_address>/console, the page shows blank and does not show the fields to enter the user-name and password.
Cause
One of the possible reasons for this issue could be that the file /opt/qradar/conf/login.conf was modified incorrectly thus causing QRadar to fail loading the file.
Diagnosing The Problem
In the /var/log/qradar.log file, these messages are observed:
::ffff:N.N.N.N [tomcat.tomcat] [HttpServletRequest-74-Idle] com.q1labs.uiframeworks.auth.configuration.LoginConfigurationManager: [INFO] [NOT:0000006000][N.N.N.N/- -] [-/- -]Reading and parsing /opt/qradar/conf/login.conf
::ffff:N.N.N.N [tomcat.tomcat] [HttpServletRequest-74-Idle] com.q1labs.uiframeworks.auth.AuthenticationVerificationFilter: [ERROR] [NOT:0000003000][N.N.N.N/- -] [-/- -]Failed to send redirect to logon.jsp
::ffff:N.N.N.N [tomcat.tomcat] [HttpServletRequest-74-Idle] java.lang.IllegalStateException: The current login configuration is invalid
Resolving The Problem
- Backup /opt/qradar/conf/login.conf to a location such as /store/IBM_Support/
cp -p /opt/qradar/conf/login.conf /store/IBM_Support/ - Confirm that the file was modified recently and whether the contents are readable:
ls -lath /opt/qradar/conf/login.conf cat /opt/qradar/conf/login.confIf the file was modified recently and the contents are not readable, revert to the original file if you have a backup.
If a backup is not available, refresh the contents of the login.conf file by using the following command:cp /opt/qradar/conf/templates/login.conf /opt/qradar/conf/login.confNote: Modifying the contents of the login.conf file by using the previous command and then restarting the Tomcat service, enables the UI and allows local authentication (System authentication) for the administrator to get into the system. Further configuration steps would be necessary if your environment needs to be configured with some other authentication method.
- Restart the tomcat service:
systemctl restart tomcat - Confirm whether the tomcat and httpd services are active:
systemctl status httpd ●httpd.service - The Apache HTTP Server Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset : disabled) Drop-In: /etc/systemd/system/httpd.service.d └─qradar.conf Active: active (running) since...systemctl status tomcat ● tomcat.service - Apache Tomcat Loaded: loaded (/usr/lib/systemd/system/tomcat.service; enabled; vendor preset: disabled) Drop-In: /etc/systemd/system/tomcat.service.d └─ulimit.conf Active: active (running) since... - Have users clear their browser cache and attempt to access the login page again. The login page is now be displayed correctly. If your environment uses any other authentication method, log in using the administrator credentials and take further action to enable the other authentication method.
Document Location
Worldwide
[{"Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000cwtIAAQ","label":"Dashboard"}],"ARM Case Number":"TS005119938","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Version(s)"}]
Was this topic helpful?
Document Information
Modified date:
29 August 2023
UID
ibm16426809