Troubleshooting
Problem
Administrators cannot create a High Availability (HA) Cluster as the "Add HA Host" menu fails to load.
Symptom
The following error is displayed in the HA Wizard user interface.
The Application error is followed by a related hawizard warning message, 'Error occurred on connection creation' in /var/log/qradar.log:
Sep 23 22:01:55 <Console Hostname> tomcat[29204]: 23-Sep-2021 22:01:55.041
WARNING [admin@<Console IP> (8268) /console/do/hawizard]
com.sun.messaging.jmq.jmsclient.ExceptionHandler.throwConnectionException [C4003]:
Error occurred on connection creation [<Managed Host IP>:7677]. -
cause: java.net.ConnectException: Connection timed out (Connection timed out)
Cause
The QRadar Console is not able to reach the IMQ service port on the Managed host to retrieve the information to load the menu. On deployments without encryption enabled, the network firewalls might block this connection.
Diagnosing The Problem
- Verified the Console and the Managed Host are unencrypted. The Console must always be unencrypted.
/opt/qradar/bin/myver -tunnel
- From the Console, test the port connectivity. The output might show as timeout or connection refused.
nc -zv <Managed Host IP> 7677
- On the Managed Host:
- Verify the IMQ service is active.
systemctl is-active imq
- Verify the IMQ service is listening on port 7677.
ss -pln | grep 7677 tcp LISTEN 0 100 [::]:7677 [::]:* users:(("java",pid=17844,fd=143))
- Verify IP Tables allow the Console to connect to port 7677.
iptables -L -v -n | grep 7677
- Verify the IMQ service is active.
Resolving The Problem
The administrators can perform the following corrective actions to overcome the issue:
- If encryption is enabled on the Console, disable it.
- Log in to QRadar Console as the admin user.
- On the navigation menu ( ), click Admin.
- In the System Configuration section, click System and License Management.
- In the Display list, select Systems.
- Select the Console, and click Deployment Actions, then Edit Host.
- Clear the Encrypt Host Connections checkbox.
- Deploy the changes.
- Engage the network or firewall team responsible for the connection and request the port to be opened. See QRadar port usage for a list of the ports required.
As a workaround, the administrator can encrypt the Managed Host so that the connection goes over an SSH tunnel.
- Log in to QRadar Console as the admin user.
- On the navigation menu ( ), click Admin.
- In the System Configuration section, click System and License Management.
- In the Display list, select Systems.
- Select the Managed Host, and click Deployment Actions, then Edit Host.
- Select the Encrypt Host Connections checkbox.
- Deploy the changes.
- Create the HA Cluster with the Add HA Host option in the user interface.
- Log in to QRadar Console as the admin user.
- On the navigation menu ( ), click Admin.
- In the System Configuration section, click System and License Management.
- In the Display list, select Systems.
- Select the Managed Host, and click Actions, then Add HA Host.
Result
The Add HA Host menu loads and the HA cluster can be created on the Managed Host. If you continue to experience application errors in the user interface when you add an HA host, contact QRadar Support.
Related Information
Document Location
Worldwide
[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000cwtXAAQ","label":"High Availability"}],"ARM Case Number":"TS006951121","Platform":[{"code":"PF016","label":"Linux"}],"Version":"All Versions"}]
Was this topic helpful?
Document Information
Modified date:
21 October 2021
UID
ibm16506493