CA Performance Manager (CAPM) fails to synchronize elements from NFA configured to use HTTPS/SSL

book

Article ID: 32101

calendar_today

Updated On:

Products

CA Infrastructure Management CA Network Flow Analysis (NetQos / NFA) CA Infrastructure Management CA Performance Management - Usage and Administration CA Performance Management - Data Polling

Issue/Introduction

Configured NFA as a Data Source (DS) for CA Performance Manager (CAPM). The DS status shows as Available and the connection according to the "Test" button is successful. Despite this the NFA elements aren't seen in CAPM after what appears to be a successful synchronization cycle. When this is seen the following factors are true:

  • CAPM and NFA are configured to use HTTPS
  • CAPM is on the DMZ side of the network
  • The firewall is configured to open all the necessary ports between the CAPM and NFA

This situation is because the NFA RIB Query service is not configured to run with HTTPS like the rest of the software.

From the DMService.log file in the CAPM system this problem is observed with the appearance of this error message:

Failed to scan RIB source 
Caused by: com.ca.im.rib.engine.sources.RIBSourceException: Unexpected error occurred while scanning a RIB source 
RIB Source URL: https://<NFA_HostName>:8681/NFARS/ribsource/rib/soap?wsdl 
at com.ca.im.rib.engine.sources.SourceScannerTask.call(SourceScannerTask.java:61) 
at com.ca.im.rib.engine.sources.SourceScannerTask.call(SourceScannerTask.java:36) 
at java.util.concurrent.FutureTask$Sync.innerRun(Unknown Source) 
at java.util.concurrent.FutureTask.run(Unknown Source) 
... 3 more 
Caused by: javax.xml.ws.WebServiceException: Could not send Message.

That log is found in $CAPM_HOME/CA/PerformanceCenter/DM/logs. The default path would be /opt/CA/PerformanceCenter/DM/logs/.



Environment

CA Performance Management
Network Flow Analysis
 

Resolution

This solution will allow you to use HTTPS to drill down from CAPC to NFA, but the data from reports will still be transmitted in HTTP:



  1. In CAPM reconfigure the NFA DS to use HTTP but the NFA Web Console to use HTTPS as seen below in the NFA DS Edit UI:



User-added image



 

2.Configure your firewall to permit traffic on port 8681 between the CAPM server to NFA server



3. Run a Full Synchronization for the NFA DS



CAPM should now synchronize with NFA and receive the elements from NFA 

Another option is to configure the NFA RIB Service to use HTTPS which requires an additional certificate on the NFA server under the keystore located at (default path) D:\CA\NFA\Reporter\RIB\NFA\etc. This second cert will also need to be imported into CAPM for cross pollination of the certificates otherwise this will fail.

To configure the NFA RIB Service to use HTTPS, it is highly recommended to contact CA Professional Services.

Attachments

1558702460077000032101_sktwi1f5rjvs16ky2.png get_app