Event Manager sync fails post Netops Portal upgrade
Article ID: 220330
Updated On:
Products
Issue/Introduction
SYMPTOMS:
- The Event Manager data source will not synchronize.
- The Event Manager data source shows Unable to Contact
- The Data Sources page also shows the Event Manager data source on the same version as prior to the upgrade.
In the (default path) /opt/CA/PerformanceCenter/EM/logs/EMService.log we see this error:
ERROR | qtp66491224-198 | YYYY-MM-DD HH:MM:SS,XXX | com.ca.im.portal.api.security.Encryption
| Error performing encryption operation
javax.crypto.BadPaddingException: Error finalising cipher data: pad block corrupted
at org.bouncycastle.jcajce.provider.BaseCipher.engineDoFinal(Unknown Source)
WARN | qtp66491224-198 | YYYY-MM-DD HH:MM:SS,### | com.ca.im.portal.common.web.util.GlobalAdminAuthInterceptor
| SsoToken is expired or could not be decrypted
WARN | qtp1338698618-24 | 2026-03-11 23:33:46,438 | com.ca.im.portal.api.security.Encryption
| Couldn't complete encryption/decryption due to: Error finalising cipher data: pad block corrupted
WARN | qtp1338698618-24 | 2026-03-11 23:33:46,438 | com.ca.im.portal.common.web.util.AuthInterceptor
| Bearer Token could not be decrypted from x.x.x.x
..................
In both the (default paths) /opt/CA/PerformanceCenter/PC/logs/PCService.log and the /opt/CA/PerformanceCenter/DM/logs/DMService.log we see this error:
ERROR | qtp341763619-246 | 2021-11-03 13:16:14,316 | com.ca.im.portal.api.services.datasource.DataSourcePoll
| Received WebServiceException from version check for data source Event Manager@<EM_Host>. CAUSE=org.apache.cxf.transport.http.HTTPException: HTTP response '401: Unauthorized' when communicating with http://<EM_Host>:8281/EventManager/DataSourceWS.asmx. MESSAGE=Could not send Message.. Returning DS_COMM_FAILURE result.
ERROR | qtp341763619-246 | 2021-11-03 13:16:14,316 | com.ca.im.portal.api.services.datasource.DataSourcePoll
| javax.xml.ws.WebServiceException: Could not send Message.
Column K is missing or set to 0 post upgrade
Environment
All supported DX NetOps Performance Management releases
Cause
The upgrade fails to copy the SsoEncryptionDecryptionKey value to the Event Manager MySql em database.
Resolution
NOTE: When prompted, you will need the Netops Portal MySQL password to enter into the MySQL CLI.
STEPS:
- Gather and compare the SsoEncryptionDecryptionKey value between the netqosportal and em databases.
- Connect to the MySql DB using (default path) this command. Enter the password when prompted.
/opt/CA/MySql/bin/mysql -uroot -p - Run the following to show the value for the netqosportal DB:
a) If you are on 23.3.3 or earlier run
select PropValue,Priority from netqosportal.performance_center_properties where PropName = 'SsoEncryptionDecryptionKey';
b) If you are on 23.3.4 or later run
select PropValue,Priority,K from netqosportal.performance_center_properties where PropName = 'SsoEncryptionDecryptionKey';
- Run the following to show the value for the em DB:
a) If you are on 23.3.3 or earlier run:
select PropValue,Priority from em.performance_center_properties where PropName = 'SsoEncryptionDecryptionKey';
b) If you are on 23.3.4 or later run:?
select PropValue,Priority,K from em.performance_center_properties where PropName = 'SsoEncryptionDecryptionKey';
- Connect to the MySql DB using (default path) this command. Enter the password when prompted.
- The values at the highest Priority value shown should match.
- If the values do not match for the highest Priority value shown, continue with the remaining steps below to resolve the problem.
- If you are on 23.3.4 and later and the K values do not match continue with the remaining steps below to resolve the problem.
- IF the values do match for the highest Priority value shown, contact support for additional assistance.
- Stop the Event Manager service using the command:
systemctl stop caperfcenter_eventmanager - In the MySql prompt run the following to update the em database SsoEncryptionDecryptionKey value to match the netqosportal database value.
- If you are on DX Netsop 23.3.3 or earlier run:
replace into em.performance_center_properties values ('SsoEncryptionDecryptionKey',1,'<keyFrom_netqosportal_DB>','N',UNIX_TIMESTAMP()); - If you are on 23.3.4 or later run:
replace into em.performance_center_properties values ('SsoEncryptionDecryptionKey',1,'<keyFrom_netqosportal_DB>','N',UNIX_TIMESTAMP(),1); - If you are on 23.3.4 or later and the keys match but the K value is 0 in the em database query run:
update em.performance_center_properties set k=1 where propname='SsoEncryptionDecryptionKey' and priority=1;
- If you are on DX Netsop 23.3.3 or earlier run:
- Run the following in the MySql prompt to verify the value is updated and matches in both databases.
- Run the following to show the value for the netqosportal DB:
If on 23.3.3 or earlier run:
select PropValue,Priority from netqosportal.performance_center_properties where PropName = 'SsoEncryptionDecryptionKey';
If on 23.3.4 or later run
select PropValue,Priority,K from netqosportal.performance_center_properties where PropName = 'SsoEncryptionDecryptionKey'; - Run the following to show the value for the em DB:
If on 23.3.3 or earlier run:
select PropValue,Priority from em.performance_center_properties where PropName = 'SsoEncryptionDecryptionKey';
If on 23.3.4 or later run:
select PropValue,Priority,K from em.performance_center_properties where PropName = 'SsoEncryptionDecryptionKey'; - Confirm the highest Priority value from both has a matching value.
- Run the following to show the value for the netqosportal DB:
- Start the Event Manager service using the command:
systemctl start caperfcenter_eventmanager
Confirm the errors are gone from the logs and the Event Manager Data Source is again successfully syncing in the Portal web UI.
This is a sample of a working system. Note the highest Priority value for the netqosportal DB (0) has a value that matches the highest Priority value (1) from the em DB. If these did not match, we'd update the em DB
Priority value 1 to match the netqosportal DB Priority value 0 value.
23.3.3 and earlier
23.3.4 and later
Additional Information
This can also happen if a local override is set for "SsoEncryptionDecryptionKey". In that scenario you will see 2 values for each query.
In that scenario where normally netqosportal only has a value set for Priority 0 we'd see it set with a Priority 1 value as well.
If that is found use the (default path) /opt/CA/PerformanceCenter/SsoConfig tool to reset the value for the SingleSign-On SsoEncryptionDecriptionKey value.
The SsoEncryptionDecryptionKey displayed in the DA rest call is an unencrypted version of SSO key:
http://YOUR-DA:8581/rest/dataaggregator
<SsoEncryptionDecryptionKey>6kEjfmT5</SsoEncryptionDecryptionKey>
On the Portal SsoConfig you will see the unencrypted version of the SSO key:
/opt/CA/PerformanceCenter/SsoConfig
SSO Configuration:
- DX NetOps
Choose an option > 1
SSO Configuration/DX NetOps:
- LDAP Authentication
- SAML2 Authentication
- NetOps Portal
- Single Sign-On
- Test LDAP
- Export SAML2 Service Provider Metadata
- NetOps Portal Local Password Authentication
- Enable or Disable a user account.
Choose an option > 4
SSO Configuration/DX NetOps/Single Sign-On:
Cookie Timeout Minutes: 20
Encryption Decryption Key: 6kEjfmT5
Choose an option > q
In case there is a mismatch of the SsoEncryptionDecryptionKey value based on the highest Priority value in the netqosportal and em databases, you may need to delete/update the entry in the netqosportal db.
See below the MySQL command lines:
delete from netopsportal.performance_center_properties where propname='SsoEncryptionDecryptionKey' and Priority=1;
update netopsportal.performance_center_properties set UpdatedOn=UNIX_TIMESTAMP() where propname='SsoEncryptionDecryptionKey' and Priority=0;
Feedback
