EDR: RabbitMQ Does Not Start after Upgrading to 7.8.0
Article ID: 287648
Updated On:
Products
Carbon Black EDR (formerly Cb Response)
Issue/Introduction
- After upgrading to EDR 7.8.0, starting cb-enterprise fails due to a RabbitMQ error "kombu.exceptions.OperationalError: [Errno 111] Connection refused".
- The RabbitMQ crash logs report "listen_error,{acceptor,{0,0,0,0,0,0,0,0},5671},no_cert}".
- RabbitMQ service starts manually with cbservice, but note all 4 RabbitMQ ports are not listening. AMQP broker does not open port 5004/tcp as expected ( API port 5005, Erlang port 4369 and the Distribution port 25004 start without issue).
Environment
EDR Servers: 7.8.0
Cause
The /etc/cb/rabbitmq/rabbitmq.config was modified from the Carbon Black standard settings.
The comments were removed from line " {ssl_listeners, [5671]},". In 7.8.0, openssl was updated and does not permit communications on port 5671 without the correct TLS certificate. EDR does not use port 5671 or 5672 and the lines should remain commented.
The comments were removed from line " {ssl_listeners, [5671]},". In 7.8.0, openssl was updated and does not permit communications on port 5671 without the correct TLS certificate. EDR does not use port 5671 or 5672 and the lines should remain commented.
Resolution
Set the rabbitmq.config back to the original configuration.
%% By default, RabbitMQ will listen on all interfaces, using
%% the standard (reserved) AMQP port.
%%
%% {tcp_listeners, [5672]},
%% To listen on a specific interface, provide a tuple of {IpAddress, Port}.
%% For example, to listen only on localhost for both IPv4 and IPv6:
%%
%% {tcp_listeners, [{"127.0.0.1", 5672},
%% {"::1", 5672}]},
%% TLS listeners are configured in the same fashion as TCP listeners,
%% including the option to control the choice of interface.
%%
%% {ssl_listeners, [5671]},
Feedback
Yes
No
Powered by
