NFA 22.2.4 - 22.2.6 SOAP HTTPS Issue
search cancel

NFA 22.2.4 - 22.2.6 SOAP HTTPS Issue


Article ID: 260918


Updated On:


DX NetOps CA Network Flow Analysis (NetQos / NFA)


Starting in NFA 22.2.4, we started supporting SOAP HTTPS. This allows us to not use the IIS Port 80 / HTTP Binding.

We found that after enabling SOAP HTTPS, that ASP.NET pages stopped loading due to the fact that the web service was looking to ensure that the IP Address of the NFA Console could be found in the Server certificate. In order to get past the IP lookup in the certificate, we had to create a set of patches to be applied.


Release : 22.2.4-22.2.6


We will be providing 22.2.5 and 22.2.6 patches. If you need a 22.2.4 patch, please contact Broadcom Support. This fix will be included in 22.2.7 and ApplyHTTPS will do these steps for you.

To apply (this assumes HTTPS for IIS is already setup in NFA) :

1. Download the proper patch below and copy it to the NFA Console Server.

2. Extract the contents and follow the readme to apply the patch.

3. Once the patch is applied, we can turn on SOAP HTTPS.

4. Open a CMD Prompt:

  1. mysql -unetqos -pnetqos reporter -t -e "update data_sources2 set port=443;"
  2. mysql -unetqos -pnetqos reporter -t -e "update data_sources2 set consoleport=443;"
  3. mysql -unetqos -pnetqos reporter -t -e "update data_sources2 set protocol='https';"
  4. mysql -unetqos -pnetqos reporter -t -e "update data_sources2 set consoleprotocol='https';"

5. Now go to the x:/CA/NFA/DBUsers/ReporterAnalyzer.ini file and edit:

  1. ReporterAnalyzer.wsschema=https
  2. ReporterAnalyzer.wsport=443
  3. ReporterAnalyzer.Host=<insert the server DNS friendly name like or another address which is found in your certs common name or subject alternative name>

6. Go to x:/CA/NFA/Reporter\NetQoS.ReporterAnalyzer.WebService\web.config and replace all instances of

  1. "mexHttpBinding" with "mexHttpsBinding"
  2. "httpGetEnabled" with "httpsGetEnabled"

7. Go to x:\CA\NFA\Portal\SSO\webapps\sso\configuration and edit ReporterAnalyzer.xml under the <SingleSignOnWebServiceUrl> section:

  1. Set scheme to "https"
  2. Set port to "443"

8. Save the file and restart the CA MySQL Service.

9. At this point we are done. If you have any questions please contact Broadcom Support.


Additional Information

At this time there is no patch for NFA 22.2.4. If you need to apply SOAP HTTPS, please contact Broadcom Support.

We are looking to make it so you can have 1 single HTTPS binding restricted to a single hostname and IP by 22.2.10. 

Attachments get_app get_app