DX NetOps Portal fails to synchronize elements from NFA configured to use HTTPS/SSL
search cancel

DX NetOps Portal fails to synchronize elements from NFA configured to use HTTPS/SSL

book

Article ID: 32101

calendar_today

Updated On:

Products

CA Infrastructure Management CA Network Flow Analysis (NetQos / NFA) CA Performance Management - Usage and Administration DX NetOps

Issue/Introduction

Configured NFA as a Data Source (DS) for the NetOps Portal. The DS status shows as Available, and the connection according to the "Test" button is successful. Despite this, the NFA elements aren't seen in the NetOps Portal after what appears to be a successful synchronization cycle. When this is seen, the following factors are true:

  • NetOps Portal and NFA are configured to use HTTPS
  • NetOps Portal is on the DMZ side of the network
  • The firewall is configured to open all the necessary ports between the NetOps Portal and NFA

This is because the NFA RIB Query service is not configured to run with HTTPS like the rest of the software.

From the DMService.log file in the CAPM system this problem is observed with the appearance of this error message:

Failed to scan RIB source 
Caused by: com.ca.im.rib.engine.sources.RIBSourceException: Unexpected error occurred while scanning a RIB source 
RIB Source URL: https://<NFA_HostName>:8681/NFARS/ribsource/rib/soap?wsdl 

at com.ca.im.rib.engine.sources.SourceScannerTask.call(SourceScannerTask.java:61) 
at com.ca.im.rib.engine.sources.SourceScannerTask.call(SourceScannerTask.java:36) 
at java.util.concurrent.FutureTask$Sync.innerRun(Unknown Source) 
at java.util.concurrent.FutureTask.run(Unknown Source) 
... 3 more 
Caused by: javax.xml.ws.WebServiceException: Could not send Message.

 

That log is found under:

$CAPM_HOME/CA/PerformanceCenter/DM/logs

The default path would be:

/opt/CA/PerformanceCenter/DM/logs/



Environment

CA Performance Management
Network Flow Analysis
 

Resolution

This solution will allow you to use HTTPS to drill down from NetOps Portal to NFA, but the data from reports will still be transmitted in HTTP:

  1. In the NetOps Portal, reconfigure the NFA DS to use HTTP but the NFA Web Console to use HTTPS as seen below in the NFA DS Edit UI:



  2. Configure your firewall to permit traffic on port 8681 between the CAPM server to NFA server

  3. Run a Full Synchronization for the NFA DS

 

CAPM should now synchronize with NFA and receive the elements from NFA 

Another option is to configure the NFA RIB Service to use HTTPS which requires an additional certificate on the NFA server under the keystore located at (default path):

D:\CA\NFA\RIB\NFA\etc

This second cert will also need to be imported into CAPM for cross pollination of the certificates otherwise this will fail.

To configure the NFA RIB Service to use HTTPS, it is highly recommended to contact CA Professional Services.