DX NetOps Portal fails to synchronize elements from NFA configured to use HTTPS/SSL
search cancel

DX NetOps Portal fails to synchronize elements from NFA configured to use HTTPS/SSL


Article ID: 32101


Updated On:


CA Infrastructure Management CA Network Flow Analysis (NetQos / NFA) CA Performance Management - Usage and Administration DX NetOps


Configured NFA as a Data Source (DS) for the NetOps Portal. The DS status shows as Available, and the connection according to the "Test" button is successful. Despite this, the NFA elements aren't seen in the NetOps Portal after what appears to be a successful synchronization cycle. When this is seen, the following factors are true:

  • NetOps Portal and NFA are configured to use HTTPS
  • NetOps Portal is on the DMZ side of the network
  • The firewall is configured to open all the necessary ports between the NetOps Portal and NFA

This is because the NFA RIB Query service is not configured to run with HTTPS like the rest of the software.

From the DMService.log file in the CAPM system this problem is observed with the appearance of this error message:

Failed to scan RIB source 
Caused by: com.ca.im.rib.engine.sources.RIBSourceException: Unexpected error occurred while scanning a RIB source 
RIB Source URL: https://<NFA_HostName>:8681/NFARS/ribsource/rib/soap?wsdl 

at com.ca.im.rib.engine.sources.SourceScannerTask.call(SourceScannerTask.java:61) 
at com.ca.im.rib.engine.sources.SourceScannerTask.call(SourceScannerTask.java:36) 
at java.util.concurrent.FutureTask$Sync.innerRun(Unknown Source) 
at java.util.concurrent.FutureTask.run(Unknown Source) 
... 3 more 
Caused by: javax.xml.ws.WebServiceException: Could not send Message.


That log is found under:


The default path would be:



CA Performance Management
Network Flow Analysis


This solution will allow you to use HTTPS to drill down from NetOps Portal to NFA, but the data from reports will still be transmitted in HTTP:

  1. In the NetOps Portal, reconfigure the NFA DS to use HTTP but the NFA Web Console to use HTTPS as seen below in the NFA DS Edit UI:

  2. Configure your firewall to permit traffic on port 8681 between the CAPM server to NFA server

  3. Run a Full Synchronization for the NFA DS


CAPM should now synchronize with NFA and receive the elements from NFA 

Another option is to configure the NFA RIB Service to use HTTPS which requires an additional certificate on the NFA server under the keystore located at (default path):


This second cert will also need to be imported into CAPM for cross pollination of the certificates otherwise this will fail.

To configure the NFA RIB Service to use HTTPS, it is highly recommended to contact CA Professional Services.