CA Performance Manager (CAPM) fails to synchronize elements from NFA configured to use HTTPS/SSL

Document ID : KB000032101
Last Modified Date : 22/05/2018
Show Technical Document Details
Introduction:

Configured NFA as a Data Source (DS) for CA Performance Manager (CAPM). The DS status shows as Available and the connection according to the "Test" button is successful. Despite this the NFA elements aren't seen in CAPM after what appears to be a successful synchronization cycle. When this is seen the following factors are true:

  • CAPM and NFA are configured to use HTTPS
  • CAPM is on the DMZ side of the network
  • The firewall is configured to open all the necessary ports between the CAPM and NFA

This situation is because the NFA RIB Query service is not configured to run with HTTPS like the rest of the software.

From the DMService.log file in the CAPM system this problem is observed with the appearance of this error message:

Failed to scan RIB source 
Caused by: com.ca.im.rib.engine.sources.RIBSourceException: Unexpected error occurred while scanning a RIB source 
RIB Source URL: https://<NFA_HostName>:8681/NFARS/ribsource/rib/soap?wsdl 
at com.ca.im.rib.engine.sources.SourceScannerTask.call(SourceScannerTask.java:61) 
at com.ca.im.rib.engine.sources.SourceScannerTask.call(SourceScannerTask.java:36) 
at java.util.concurrent.FutureTask$Sync.innerRun(Unknown Source) 
at java.util.concurrent.FutureTask.run(Unknown Source) 
... 3 more 
Caused by: javax.xml.ws.WebServiceException: Could not send Message.

That log is found in $CAPM_HOME/CA/PerformanceCenter/DM/logs. The default path would be /opt/CA/PerformanceCenter/DM/logs/.

Environment:
CA Performance Management
Network Flow Analysis
 
Instructions:

This solution will allow you to use HTTPS to drill down from CAPC to NFA, but the data from reports will still be transmitted in HTTP:

  1. In CAPM reconfigure the NFA DS to use HTTP but the NFA Web Console to use HTTPS as seen below in the NFA DS Edit UI:
User-added image

 

2.Configure your firewall to permit traffic on port 8681 between the CAPM server to NFA server

3. Run a Full Synchronization for the NFA DS

CAPM should now synchronize with NFA and receive the elements from NFA 

Another option is to configure the NFA RIB Service to use HTTPS which requires an additional certificate on the NFA server under the keystore located at (default path) D:\CA\NFA\Reporter\RIB\NFA\etc. This second cert will also need to be imported into CAPM for cross pollination of the certificates otherwise this will fail.

To configure the NFA RIB Service to use HTTPS, it is highly recommended to contact CA Professional Services.