When trying to open a report (in JasperServer) using the "Launch Insights" button we get "AHD04405 : CA Service Desk System internal error" inside of std.log
The specific files are the same date and size and both the SDM service and the Tomcat JasperServer-pro service have been started.
Release : 17.1 and higher
Component : JASPERSOFT REPORTS FOR SERVICE MANAGEMENT
Incorrect Certificate using Java keystore instead of Private keystore
There is existing documentation on How to configure SSL with Jasper but in some cases, please follow these additional steps below.
1. Create the SSO certificate on the CABI server so that SDM can setup the impersonation.
2. Register the SSO certificate with SDM so that it can create the impersonation users.
3. If using HTTPS interface for CABI, create SSL trust so SDM can create HTTPS connection to CABI.
Now the specifics of each step
1. Create the SSO certificate. This needs to be done on the CABI server where jasperserver-pro is installed. The process creates a java keystore (format depends on the version of java used, which depends on the CUM used to run the integration). The actual process is the same for creating the SSO certificate regardless of which CABI interface is used for the creation process and the Insight connect interface.
1.a If the creation process will be done using the HTTPS interface for CABI then the setup java instance needs to trust the CABI certificate chain, so the java instances cacerts store needs to have either the CABI server certificate or the root certificate in its cacerts keystore. Note that depending on the version of java different keystore options need to be used. For java 11.x use
keytool -importcert -cacerts -file {full path to base64 certificate}
1b run the CUM setup and select SDM Insight integration.
2. Register the SSO certificate with SDM
2a the documentation is correct and the created keystore and properties files need to be copied to each SDM application server and the SDM service restarted.
3. Update SDM to trust the CABI certificate chain. The SDM java uses a specific keystore not the java instances cacerts keystore.
3a. If the {NX_ROOT}\pdmconf\nx.keystore does not already exist (or is corrupt due to sync issue) then delete the file if it exists.
3b. Update or create the nx.keystore with "pdm_perl pdm_keystore_mgr.pl -import {full path to base64 certificate}
3c. The password for the nx.keystore is put in the NX.ENV file an so is synchronized across all SDM server BUT the actually nx.keystore file is not ans must be manually copied to all the other SDM server (overwriting the nx.keystore file if it is present on the servers already).
3d. The SDM service needs to be restarted once the nx.keystore file has been updated/replaced
4. Update the SDM insight.jasper.xxx parameters to point to the correct URL
4a login to the SDM web interface as a user with administrative role. Select Administration -> xFlow -> General tree item
4b Set filter to %jasper% and search
4c Updated
insight.jasper.domain => {FQDN for CABI server}:{https port}
insight.jasper.host => {FQDN for CABI server}
insight.jasper.protocol => HTTPS
Now any user with the correct privileges can select the Insight tab and Press "Launch Insight" to access the CABI interface
Problem creating Jasper Profile
https://knowledge.broadcom.com/external/article?articleId=143274