After upgrading to 22.2.7 cannot connect to Portal
search cancel

After upgrading to 22.2.7 cannot connect to Portal

book

Article ID: 264063

calendar_today

Updated On:

Products

CA Performance Management - Usage and Administration DX NetOps

Issue/Introduction

After upgrading to 22.2.7 we get ERR_CONNECTION_REFUSED in a web browser when connecting to the Portal.  

Also, if you launch /opt/CA/PerformanceCenter/SsoConfig 

  • Choose 1. DX NetOps
  • Choose 3. Performance Center

 

You will see the following exception

SSO Configuration/DX NetOps/Performance Center:
Apr 13, 2023 4:37:37 PM org.apache.cxf.phase.PhaseInterceptorChain doDefaultLogging
WARNING: Interceptor for {http://netqos.com/SingleSignOnWS}SingleSignOnWSSoapService#{http://netqos.com/SingleSignOnWS}GetPropertyLevel has thrown exception, unwinding now
org.apache.cxf.interceptor.Fault: Could not send Message.

...SNIP...

Caused by: java.net.ConnectException: ConnectException invoking https://portalHostname:8182/pc/center/webservice/sso?WSDL: Connection refused (Connection refused)
        at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
        at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)
        at java.base/jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)

<truncated>

Cannot connect the to DX NetOps SSO Web Service.
Check if DX NetOps is running and retry.


The installation was successful, had no errors, and all services are running.

Environment

DX NetOps Performance Management upgrading to the 22.2.7 release from any version

You will hit this issue if you have configured HTTPS and have installed it in a non-default directory.

Cause

Defect

Resolution

There are two paths for this depending on if you have a backup of your keystores (jetty and cacerts) or not:

1. No backups:

Unfortunately, in this scenario, the only solution will be to revert to HTTP and then set up HTTPS fresh.

a. Revert to HTTP using SslConfig:

Revert NetOps Portal to Using HTTP

b. Set up NetOps Portal to use HTTPS using SslConfig

Enable HTTPS for NetOps Portal

c. If necessary, convert the self-signed certificate to a CA-signed certificate using a CSR

Set Up a CA-Signed Certificate for NetOps Portal Converted from a Self-Signed Certificate

 

2. Have a backup of ../jre/lib/security/cacerts & ../PerformanceCenter/jetty/etc/keystore

a. Revert to HTTP using SslConfig:

Revert NetOps Portal to Using HTTP

b. Set up NetOps Portal to use self-signed certs (temporarily) using SslConfig. You MUST use the same password for the Jetty and cacerts keystores that is already used 

Enable HTTPS for NetOps Portal

c. Stop services

systemctl stop caperf*

d. Restore the backed-up keystores:

cp <backup_dir>/cacerts <install_dir>/CA/jre/lib/security/cacerts

cp <backup_dir>/keystore <install_dir>/PerformanceCenter/jetty/etc/keystore

e. Restart services

systemctl start caperfcenter_sso caperfcenter_eventmanager caperfcenter_devicemanager

systemctl start caperfcenter_console

 

 

Additional Information

The engineering team will be addressing this issue in DE563615