Skip to main content
Skip table of contents

LogRhythm API Gateway Error on Windows Server 2012 R2

After upgrading to LogRhythm SIEM version 7.19, you may experience issues completing API calls/operations on servers that operate on Windows Server 2012 R2. This can be resolved by adjusting enabled cipher suites in the LogRhythm API Gateway.

Microsoft support for Windows Server 2012 R2 ended October 2023, as detailed in this article from Microsoft. This error has arisen because Microsoft no longer patches Windows Server 2012 R2, so it does not have the latest, most secure cipher suite support.

LogRhythm also no longer supports Windows Server 2012 R2 on versions 7.19 and later. It is recommended to upgrade to a newer version of Windows Server to avoid this issue rather than using the workaround detailed in this guide.

Possible Errors

You may see one of the following error messages when using the API after upgrading to LogRhythm SIEM 7.19:

Admin API Log

TLS Handshake failed: Cannot read handshake packet: EOF.

Console Investigation Error

Unable to complete operation since JSON Web Token was not passed. Please ensure that API gateway authentication services are running OK on platform manager.

Resolution

To resolve this issue on an affected Windows Server 2012 R2 server, take the following steps:

  1. Open the API console at localhost:8500.

  2. Navigate to:

CODE
Key/Values/services/lr-api-gateway
  1. Create a folder named “configs”.

Leave the Value blank in order to create a folder.

  1. Within the new “configs” folder, create a new key named CIPHERS with the Value set to the following:

CODE
CDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK:!SHA1:!DSS
  1. Click Save.

  2. Restart the LogRhythm API Gateway service.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.