IBM Support

QRadar: Unable to add HA

Troubleshooting


Problem

You are not able to add HA in the virtualized environment even if the KMOD and DRBD rpms are updated.

Cause

If the system is configured for UEFI secure boot, and secure boot is enabled, normal kernel modules signed by Red Hat load fine, but the kmod modules compiled by the QRadar team, such as drbd and pr_ring, does not load.

Diagnosing The Problem

While you add HA, you see the following error on the UI:

The DRBD kernel module does not load. Make sure that the system kernel is upgraded to the correct version and that the kmod-drbd RPMs are installed.

Failed HA Error

Resolving The Problem

To resolve the issue, perform the following workaround:

  1. Check the output of the following command on the affected host. 
    # mokutil --sb-state

    SecureBoot enabled.

  2. If the SecureBoot is enabled, then disable the secure boot on both primary and secondary from the VMware.
    Vmware Edit setting

    Disable by clearing the Secure Boot checkbox.
    uncheck secure boot
  3. Once you disable the secure boot, then reboot the system and add HA.
Result:
After you reboot the system and add HA, the issue is fixed.

Note: To know more about how to enable keys for secure boot, see Enabling secure boot.

To know more about the QRadar installation guide, see Installing a QRadar appliance.

Document Location

Worldwide

[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000cwtKAAQ","label":"QRadar Risk and Vulnerability Manager"}],"ARM Case Number":"TS012054472","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]

Document Information

Modified date:
29 June 2023

UID

ibm16984371

Page Feedback