Troubleshooting
Problem
Unable to add a Secondary QRadar Appliance to a HA cluster and receiving the error "Error installing ssh keys. (Is the secondary password correct?)".
Cause
This issue could be caused by an invalid iptables entry.
Resolving The Problem
To resolve this issue, add the IP address of the Primary HA host to the iptables of the Secondary HA Managed host. You can SSH from the Console to both the Primary High Availability (HA) Managed host and the Secondary HA Managed host.
Procedure to add the Primary HA Managed host to the iptables of the Secondary HA Managed host.
- Using an editor, modify the file /opt/qradar/conf/iptables.pre file.
vi /opt/qradar/conf/iptables.pre
- Add an entry for the IP address of the Primary HA Managed host similar to the one below.
-A INPUT -i eth0 -m state --state NEW -m tcp -p tcp --dport 22 -s<IP address of Primary HA host>-j ACCEPT
- Run the update script to update and restart iptables.
/opt/qradar/bin/iptables_update.pl
- Then, add the Secondary HA host to the HA Cluster.
Where do you find more information?
[{"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"High Availability","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"7.2","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]
Was this topic helpful?
Document Information
Modified date:
16 June 2018
UID
swg21984713