Splunk Enterprise Security

Why am I receiving a '500 Internal server Error' when attempting to configure Rapid7 Nexpose Technology Add-On for Splunk?

Explorer

splunkd logs:
04-17-2018 16:19:12.876 +0000 ERROR UserManagerPro - Failed to get LDAP user="nobody" from any configured servers
04-17-2018 16:24:48.235 +0000 ERROR AdminManagerExternal - Stack trace from python handler:\nTraceback (most recent call last):\n File "/opt/splunk/lib/python2.7/site-packages/splunk/admin.py", line 129, in init\n hand.execute(info)\n File "/opt/splunk/lib/python2.7/site-packages/splunk/admin.py", line 591, in execute\n if self.requestedAction == ACTION_EDIT: self.handleEdit(confInfo)\n File "/opt/splunk/etc/apps/rapid7/bin/nexpose_setup.py", line 146, in handleEdit\n entity.deleteEntity('/storage/passwords/', c.name, namespace=APPNAME, owner='nobody', sessionKey=sessionKey)\n File "/opt/splunk/lib/python2.7/site-packages/splunk/entity.py", line 442, in deleteEntity\n serverResponse, serverContent = rest.simpleRequest(uri, sessionKey=sessionKey, method='DELETE', raiseAllErrors=True)\n File "/opt/splunk/lib/python2.7/site-packages/splunk/rest/init.py", line 583, in simpleRequest\n raise splunk.InternalServerError, (None, serverResponse.messages)\nInternalServerError: [HTTP 500] Splunkd internal error; [{'code': None, 'type': 'ERROR', 'text': "\n In handler 'passwords': Does not exist: /nobody/rapid7/passwords/credential::splunk:"}]\n
04-17-2018 16:24:48.235 +0000 ERROR AdminManagerExternal - Unexpected error "" from python handler: "[HTTP 500] Splunkd internal error; [{'code': None, 'type': 'ERROR', 'text': "\n In handler 'passwords': Does not exist: /nobody/rapid7/passwords/credential::splunk:"}]". See splunkd.log for more details.

My thoughts are that "owner='nobody'" probably needs to be something like owner='admin' but having a hard time tracking down where the config issue lies.

0 Karma

Influencer

Did you follow the setup process? https://splunkbase.splunk.com/app/3457/#/details

0 Karma

Explorer

I am a newer employee, this was built prior to my arrival. Bash history indicates the individual did follow the setup process however as far as I can tell. Also the documentation is pretty brief, not sure what I could have possibly missed other than click a button and install from GUI, there is no HF or anything even required. If I didn't follow the six total steps of pointing and clicking, the nexpose-setup.py would not even exist also. There was no error information in the rapid7 log.

0 Karma

SplunkTrust
SplunkTrust

That implies the stored login is not setup.

0 Karma

Explorer

To backtrack, the failure happens when attempting to configure the rapid7 TA from the UI, the IP, username and pass are all correct when I plug them in, are you implying that a default login is hard coded somewhere?

0 Karma

Explorer

Pretty sure I found the issue. thanks

0 Karma

Observer

I'm also having this error.

What was your solution?

0 Karma
Don’t Miss Global Splunk
User Groups Week!

Free LIVE events worldwide 2/8-2/12
Connect, learn, and collect rad prizes
and swag!