IBM Support

QRadar: Unable to add managed hosts due to conflictive .jar file in QRadar 7.5.0 UP7

Troubleshooting


Problem

Administrators experience errors when managed hosts are being added into their deployment in QRadar 7.5.0 UP7, the following errors can be found:
"Signers of 'org.bouncycastle.crypto.params.AsymmetricKeyParameter' do not match signers of other classes in package"

Symptom

The conflicting .jar file can cause the following:
  • Administrators can experience the following error when a managed host is being added to their deployment:
    image-20231124094341-1
  • If QNI hosts are part of the deployment, Administrators can experience errors when deploying the changes.

Cause

The error is caused by a conflicting .jar file in deployments that were initially installed in QRadar 7.3

Environment

QRadar 7.5.0 UP7 and newer.

Diagnosing The Problem

The following steps help QRadar Administrators diagnose and confirm the issue:
  • Administrators can find the following stack trace in /var/log/qradar.log:
    com.q1labs.configservices.capabilities.AddHost: [ERROR] [NOT:0000003000][10.x.x.1/- -] [-/- -]Failed to add host. Unable to add ssh keys to known_hosts for ip: 10.x.x.30
    com.q1labs.core.shared.cli.ssh.SshException: com.jcraft.jsch.JSchException: Session.connect: java.security.InvalidKeyException: java.lang.SecurityException: Signers of 'org.bouncycastle.crypto.params.AsymmetricKeyParameter' do not match signers of other classes in package
  • Run the following command in order to find the conflicting .jar file:
    ls /opt/qradar/jars | grep 'bcprov-jdk15on-1.57.jar'
    Expected output:
    bcprov-jdk15on-1.57.jar
    Result
    The administrator confirmed the conflicting .jar file issue and is now ready to move to the Resolving The Problem section.
     

Resolving The Problem

Administrators run the following steps to solve the issue:
Note: Services restart is needed as part of the solution, see QRadar: Core services and the impact of restarting services for more information.
  1. Use SSH to log in to the QRadar Console as the root user.
  2. Create a backup directory:
    mkdir -pv /store/ibm_support
    
  3. Move the conflicting .jar file to the backup directory:
    mv -v /opt/qradar/jars/bcprov-jdk15on-1.57.jar /store/ibm_support/
  4. Stop the hostcontext service:
    systemctl stop hostcontext
  5. Restart the tomcat service:
    systemctl restart tomcat
  6. Start the hostcontext service:
    systemctl start hostcontext
    Result
    The administrator solved the dependencies issue and is now ready to add the host. If the add host process continues failing, contact QRadar Support for assistance.
     

Document Location

Worldwide

[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000cwsyAAA","label":"Admin Tasks"}],"ARM Case Number":"","Platform":[{"code":"PF016","label":"Linux"}],"Version":"7.5.0"}]

Document Information

Modified date:
24 November 2023

UID

ibm17082670