ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

403 error while looking at data graphs in NFA

book

Article ID: 239200

calendar_today

Updated On:

Products

CA Network Flow Analysis (NetQos / NFA)

Issue/Introduction

When trying to look at data in Network Flow Analysis or from the NetOps Portal for all interfaces / devices, you could run into an issue like this:

NFA Error:

An error occurred!
Control(30002): Stacked Protocol Trend - In
The response received from the server was complete but indicated a
protocol-level error. The request failed with HTTP status 403: Forbidden.
NetQoS.DataSource.Client
at NetQoS.DataSource.Client.SoapHttpClientCache.EndInvoke(IAsyncResult
asyncResult) at
NetQoS.DataSource.Client.ReporterAnalyzerWS.EndGetProtocolStackedTrendReport
(IAsyncResult result, Nullable`1& reportMetaData, Nullable`1& error) at
nqPortal.Views.DataSources.ReporterViewDataSource.EndGetData() at
nqPortal.Views.ViewBase.RetrieveAsyncData() at
NetQoS.Ajax.AjaxUserControl.OnPreRender(EventArgs e)

NetOps Portal Error:

Error occurred while running a RIB query on SQL RIB source.
  Possible reason: javax.xml.ws.WebServiceException: Could not send Message.
  Query:
{
SELECT .InterfaceID, .Interface.InterfaceName, .Router.EOVUtilization, .Interface.RouterName, .Interface.Name, .Interfa
ce.InterfaceDescription, .Router.EOVBytes, .Router.EOVRate, .Interface.InBandwidth, .Interface.OutBandwidth FROM CA.Rep
orterAnalyzer.RAWSParameters WHERE .GroupID = '17932' AND .ItemType = 'None' AND .Direction = 'In' AND .StartTime = 164
9522820 AND .EndTime = 1649526420 AND .LimitCount = 10 ORDERBY .Router.EOVUtilization DESC HAVING (.RAWebCall = 'Enterp
riseTopInterfaces') LIMIT 10

Cause

This is caused by a setting in IIS (Internet Information Services) on the NFA Console that tries to forces a site to use SSL only. The setting is called "Require SSL":

This is problematic because NFA requires some internal process to use the HTTP protocol.

Environment

Component : NFA

Resolution

To resolve this we must check the "SSL Settings" feature in IIS for the Default Web Site, Proxy Services, RA, and ReporterAnalyzerDataSource to make sure that the, "Require SSL", option is turned off:

Additional Information

Our developers are working to change this to allow this settings to be set to ensure that not only external but internal communication can be secured. 

Attachments

Powered by Wolken Software