67447 - Searches fail with the error "An error occurred during a request to a different service..." in SAS® Visual Investigator 10.6

Problem Note 67447: Searches fail with the error "An error occurred during a request to a different service..." in SAS® Visual Investigator 10.6

You might receive the following message after performing a search:

An error occurred during a request to a different service. The error has been logged and the application administrators have been notified.

 

Possible Causes

This is a generic message that indicates that an error occurred in the Elasticsearch cluster. There can be many causes for this message, including an Elastic node becoming unavailable, an out-of-memory exception, and so on.

If you encounter this error, review the svi-sand service and Elasticsearch log files for the time period when the message was displayed to better understand what the root cause might be.

Rare Cause on SAS^® Visual Investigator 10.6 and SAS^® Visual Investigator 10.7: Search Guard Signing Key

This section covers one possible explanation for this error that is very rare and occurs only on SAS Visual Investigator 10.6 – 10.7 (and associated hot fixes). SAS^® Visual Investigator 10.8 is not affected by this issue.

If searches fail for all users, it is possible that the SIGNING_KEY has not been set for Search Guard.

Determine Whether the Search Guard Signing Key Is the Cause

Complete these steps to confirm whether this issue is the cause:

Open the sg_config.yml file in the /opt/sas/viya/home/libexec/elasticsearch-secure/plugins/search-guard-6/sgconfig/ directory.
Compare the SIGNING_KEY parameter to the JWT verifier key for SASLogon, which is located in the /opt/sas/viya/config/etc/SASSecurityCertificateFramework/private/jwt-privatekey.pem directory.

If the SIGNING_KEY parameter and the JWT verifier key for SASLogonare are the same, then this issue is not the cause for the error.

Resolution If the Search Guard Signing Key Is the Cause

If you confirm that the parameter and key are different, then complete these steps to resolve the issue:

Open the sg_config.yml file in the /opt/sas/viya/home/libexec/elasticsearch-secure/plugins/search-guard-6/sgconfig/ directory.
Set the SIGNING_KEY parameter to the JWT verifier key for SASLogon, which is located in the /opt/sas/viya/config/etc/SASSecurityCertificateFramework/private/jwt-privatekey.pem directory.
Force Search Guard to pick up the new verification key by running the following commands on the primary:

sudo /opt/sas/viya/home/libexec/elasticsearch-secure/plugins/search-guard-6/tools/sgadmin.sh --hostname localhost \

-ts /opt/sas/viya/config/etc/elasticsearch/default/certs/searchguard/trustedcerts.jks \

-ks /opt/sas/viya/config/etc/elasticsearch/default/keys/searchguard/searchguard-key-sgadmin.jks \

-icl -t config -f /opt/sas/viya/home/libexec/elasticsearch-secure/plugins/search-guard-6/sgconfig/sg_config.yml

Run the following command on each Elastic Search Master node where saslogonhost and saslogonport are the host name and port of the primary:

sudo bash /opt/sas/viya/home/share/svi-configuration/update-searchguard-jwtKey.sh --saslogonhost http_proxy_name --saslogonport 443 --searchguardhost elasticsearch_hostname --isheadnode true

Restart the svi-sand service.

Operating System and Release Information

Product Family	Product	System	Product Release		SAS Release
			Reported	Fixed*	Reported	Fixed*
SAS System	SAS Visual Investigator (on SAS Viya 3.x)	Linux for x64	10.6	10.8	Viya	Viya

* For software releases that are not yet generally available, the Fixed Release is the software release in which the problem is planned to be fixed.

Type:	Problem Note
Priority:	medium

Date Modified:	2023-03-16 10:25:06
Date Created:	2021-02-18 08:36:59

Support