Description
This article describes how to troubleshoot FortiSIEM while attempting to to register a new VA. This article contains related troubleshooting information to the following error message 'The server is temporarily unable to service your request due to maintenance downtime or capacity problems'
Scope
After installing a new VA server and then trying to register using web page "https://<FortiSIEM IP Address>/phoenix/register.jsf" (version 3.x) or "https://<FortiSIEM IP Address>/phoenix/licenseUpload.html" (version 4.x & 5.x) the user get's the following error: "The server is temporarily unable to service your request due to maintenance downtime or capacity problems. Please try again later." along with "Apache/2.2.3 (CentOS) Server at <FortiSIEM IP Address> Port 443."
This issue happens mostly when there is already an NFS mount point and FortiSIEM detects that there's already an eventdb. If the mount point already has an eventdb, then FortiSIEM will determine that the VA is a worker and deploy it as such. If the mount point does not have an eventdb, then FortiSIEM will determine that the VA is a super and deploy it as such.
Solution
FortiSIEM log will have messages like the following:
Nov 28 10:13:03 usea-aosuper phMonitorWorker[3637]: [PH_LICENSE_INFO_INVALIDATED]:[eventSeverity]=PHL_ERROR,[procName]=phMonitorWorker,[fileName]=phLicenseWatcher.cpp,[lineNumber]=55,[phLogDetail]=Invalid license
Nov 28 10:13:03 usea-aosuper phMonitorWorker[3637]: [PH_GENERIC_INFO]:[eventSeverity]=PHL_INFO,[procName]=phMonitorWorker,[fileName]=phHttpEventPuller.cpp,[lineNumber]=35,[phLogDetail]=Register this host!
Nov 28 10:13:06 usea-aosuper phMonitorWorker[3637]: [PH_GENERIC_ERROR]:[eventSeverity]=PHL_ERROR,[procName]=phMonitorWorker,[fileName]=phHttpClient.cpp,[lineNumber]=512,[phLogDetail]=Http Response code 503
Run the command:
#phstatus
The following should appear. Note that appsvr and postgres are not listed at all
phParser DOWN
phQueryWorker DOWN
phRuleWorker DOWN
phDataManager DOWN
phReportWorker DOWN
phIpIdentityWorker DOWN
phPerfMonitor DOWN
phAgentManager DOWN
phCheckpoint DOWN
phMonitor 1-00:47:03 0 780m 534m
Apache 1-00:46:31 0 236m 9960
Run
#phLicenseTool
This will provide an similar output to the one below.This will happen even if a license has not been pulled yet.
[root@usea-aosuper ~]# phLIcenseTool --show
Report License: workers=2; citems=0; eps=5000;storage=25000; starttime=0; endtime=0; mode=1; SP=0; or anizationNum=0; country=; customerId=0; customerName=; collectors=0; profile=0
Segmentation fault
[root@usea-aosuper ~]# phLIcenseTool --verify
Segmentation fault
This is due to a known, but rarely encountered, bug in 3.6.3.
To fix this, go to the following directory:
#cd /opt/phoenix/deployment/jumpbox
Now run this command:
#phinitsuper
After this finishes and the system is rebooted, go to the registration web page, "https://<FortiSIEM_IP_Address>/phoenix/register.jsf" or https://<FortiSIEM_IP_Address>/phoenix/licenseUpload.html.
If not then reinstall the VM image and try again.
Related Articles
Technical Note: [Accelops KB] If a user has changed their IP or DNS on AO-VA and gets 'Please regist...
Technical Note: [Accelops KB] Change of IP, DNS, moved AO to another ESXI gives registration error
Troubleshooting Tip: How to troubleshoot error while registering new VA.
