Symptoms
 

The SSIM GUI and configuration console will not come up. SSIM Agents are not able to send events to the SSIM Manager. You see the following errors in the SSIM Manager's files:

/opt/Symantec/sesa/servletengine/logs/catalinia.out
17:19:45,473 INFO [ApplicationContext] Application context created
java.lang.Exception: ### HARD ERROR: SYSTEM BOOTSTRAP FILES MISSING. HALTING

/opt/Symantec/sesa/Agent/cimom.log:
java.lang.Exception: File: /etc/symantec/ses/ses_machine.dat - Key store has changed since encoding property file
at com.symantec.management.util.Secure_Props.load(Unknown Source)

/opt/Symantec/sesa/logs/eventservice.log
2007-10-17 13:09:30,392 6205888 [TP-Processor2] WARN com.symantec.sim.eventservice.EventServlet - init starting
2007-10-17 13:09:30,396 6205892 [TP-Processor2] WARN com.symantec.sim.eventservice.EventServlet - Error initializing Event Service; shutting it down

/opt/Symantec/sesa/Agent/logs/sesa-agent.log:
2007-10-24 07:51:43,422 INFO [Logging] >>ForwardingProvider.sendEvents() - Exception: java.lang.Exception: unable to get connection until boostrapped
2007-10-24 07:51:43,422 ERROR [Logging] java.lang.Exception: unable to get connection until boostrapped

/opt/Symantec/sesa/Agent/logs/ucf.log
ERROR 2007-10-08 12:12:04,864 com.symantec.cas.ucf.collector.CollectorFactory main Error while creating collector "unix_syslog"
com.symantec.management.applib.SESException: No machine ID

status output: sesmanager and assetsvc services are down and all other services are up.
NOTE: If this is not a correlation box, then simserver will also be down.

 

The SSIM Manager has lost its bootstrap.

You will need to rebootstrap the SSIM appliance. There is one way to do this, but two ways to issue the command.

Interactive registration

To Interactively register the agent:

1. Putty into the SSIM appliance and change to the root account with the command: su -
2. Change to the /usr/sbin directory witht he command: cd /usr/sbin
3. At the prompt, run the command: ./sesa-setup --reg-external
4. Answer the prompts.
5. It takes about 20 minutes for the process to complete. 
   Note: Ignore the log4j [Failed] as seen below. Other [Failed]'s must be investigated.
6. Below are all of the prompts that you will see.  This example was run on a single SSIM correlation box that is the directory box with all accounts using a common password of "password".  Your values maybe different.

[root@spr-ssim-01 ~]# cd /usr/sbin
[root@spr-ssim-01 sbin]# ./sesa-setup --reg-external

Please provide SESA Directory connection parameters:

Enter external SESA directory ip/hostname and press [ENTER]: 127.0.0.1

NOTE: 127.0.0.1 was used as this is the directory box. Otherwise put in the IP / Name of the directory SSIM Manager.

Enter external SESA directory port (636) and press [ENTER]: 636
Enter external SESA domain username (administrator) and press [ENTER]: cn=root
Enter external SESA domain password and press [ENTER]: password
Enter external SESA directory domain (Symantec.SES) and press [ENTER]: Symantec.ses

Enter external Directory Administrator password and press [ENTER]: password

Enter the local SESA database user (symcmgmt) and press [ENTER]: symcmgmt

Enter the local SESA database user password and press [ENTER]: password

Installation prefix:            /opt/Symantec/sesa
JDK:                    /opt/Symantec/sesa/jdk
JRE:                    /opt/Symantec/sesa/_jvm
IBM JDK:                        /opt/IBMJava2-142
Domain:                 Symantec.ses
Domain user:            administrator
Daemon user:            sesuser
Directory host:         127.0.0.1
Directory port:         636
Directory admin:                cn=root
Database prefix:                /dbsesa
LDAP instance port:             3700
LDAP instance user:             ldapdb2
Database user:          symcmgmt
Database port:          50000
DB2 instance owner:             db2admin

Validating directory connection:                           [  OK  ]
Validating datastore connection:                           [  OK  ]

*** Registering SESA Datastore ***

Registering datastore component:                           [  OK  ]

*** Reinstalling SESA Manager ***

Service "sesmanager" is not running.
Stopping "sesevents"...
Waiting for "sesevents" to terminate...
Reinstalling manager component:
                                                           [  OK  ]

*** Finalizing ***

Configuring agent:
                                                           [  OK  ]
Starting services:                                         [  OK  ]
Processing Agent inventory:                                [  OK  ]
Installing default system queries: log4j:WARN No appenders could be found for logger (com.symantec.sim.rx.RXInvocationHandler).
log4j:WARN Please initialize the log4j system properly.
                                                           [FAILED]

*** Completed ***

[root@spr-ssim-01 sbin]#

Specify Parameters with the command to register
The following command for Symantec Security Information Manager will register the appliance with a directory:

1. Connect to the SSIM appliance via SSH and change to the root user with the command: su -

2. At the command prompt, run the command:
   
   /usr/sbin/sesa-setup --ldap-ip <ip address> --ldap-port 636 --ldap-user administrator --ldap-domain <domain.ses> --db-user symcmgmt --reg-external
   
   Note: <domain.ses> is the domain you created when you installed Symantec Security Information Manager, by default it would be Symantec.ses.
   
   With this command you already specify the parameters to connect to the directory, but you still must specify and are prompted for:
   Domain user logon name. By default it is administrator
   Domain user Password.
   ldap-user password
   db-user password. In the command the db user is symcmgmt.