Known Issues

The following are the known issues in 20.1.0:
uim201
The following are the known issues in 20.1.0:
Application is Vulnerable to Insecure Communication Vulnerability
Symptom:
User-specific sensitive authentication data is transmitted in clear text, which can be sniffed by an attacker to compromise users identity and obtain unauthorized access to the application.
Solution:
Use SSL on any authenticated connection or whenever sensitive data is being transmitted. Use SSL for all connections that are authenticated or transmitting sensitive or value data, such as credentials, credit card details, health, and other private information. Ensure that communications between infrastructure elements, such as between web servers and database systems, are appropriately protected via the use of transport layer security or protocol level encryption for credential's and intrinsic data.
Basic Alarms are Not Generated on UMP with IPv6 Installation
Symptom:
After installing UIM and UMP with IPv6, basic alarms are not generated for probes like cdm and net_connect.
Solution:
This issue occurs as the messages are queued up in NAS. Add the key
subscr_block_size
=20 in the NAS Raw Configuration file and restart the NAS probe.
CABI Does Not Work with TLS v1.2 Enabled CA UIM Environments on SQL Server 2017
CABI is not supported for TLS v1.2 enabled UIM environments which have SQL Server 2017 as the database. Currently, Jaspersoft does not provide support for TLS v1.2 on SQL Server 2017. Therefore, if TLS v1.2 is enabled in your CA UIM environment, and your database is SQL Server 2017, then CABI Dashboards will not be supported. As a result, you cannot view CABI reports in CA UIM.
CABI Probe 3.2 Does Not Work when Installed with Microsoft SQL Server 2016 as the Database
Symptom:
The CABI probe version 3.2 does not work when you install on Microsoft SQL Server 2016 as the UIM database.
Workaround:
When you install Microsoft SQL Server 2016, Microsoft SQL Server Native Client 11.0 is installed (sqlncli11).
Install the SQL Server Native Client 11.0 on the robot before you deploy CABI on the robot. Install the client from the following location:
Nimsoft\install\setup\win\SQLNativeClient11
Alternatively, you can perform a raw configuration change in the data_engine probe configuration file before deploying the cabi probe.
Follow these steps:
  1. Navigate to the data_engine probe in the Admin Console.
  2. Select Raw Configure, Setup, and search for the Key provider.
  3. Replace the existing key from
    sqlncli11
    to
    SQLOLEDB
    .
  4. Select Update and restart the probe.
CABI Installation Fails When Using Special Characters in UMP and LDAP Account Names
When you use special characters (\, |, [ ], `, ", ', ~, !, #, $, %, ^, &, [,], *, +, =, ;, * :, ?, <, >, }, {, ), (, ], [, /, @) in the UMP or LDAP account names, account synchronization with CABI fails which results in a failed installation.
Cannot Collect Non-Default QoS Metrics When Using Enhanced Templates
Symptom:
When using the enhanced templates, the probe configuration file is not updated with the QoS metric information.
Solution:
The QoS collection for default metrics works as expected for legacy templates. However, for enhanced templates, the probe configuration file is not updated as there is no mapping in the template for the non-default QoS collection.
Cannot View Active Sessions on UMP
When users login to the UMP using the Standalone JavaServer Pages (JSP) in the URL (standalone.jsp), then those sessions are not recorded and you cannot view the actual number of active standalone sessions, however other sessions can be viewed.
CDM Probe Setting Might Impact the Performance of discovery_server When Monitored Devices Are Using a Shared File System
By default, the CDM Probe configuration has the Setup/allow_remote_disk_info set to Yes. This allows the CDM Probe to generate the Device ID for all shared drives on a monitored device using a shared file system. In this situation, cdm creates duplicate perspectives for the same shared file system. This can impact the performance of the discovery_server.
To correct this issue, use Raw Configure to change the cdm Setup/allow_remote_disk_info set to No. Review the UIM database and remove duplicate perspectives. This should return the performance of the discovery_server to a normal operating level.
Changes to Alarm Filters Are Not Reflected Immediately in USM
If you use Account Admin to modify the alarm filter of an ACL, and then immediately view alarms in USM with that ACL, the alarms that are shown might not reflect the change that is made to the alarm filter. This occurs because the default refresh interval for the alarm cache is set to 5 minutes for performance reasons.
Custom URL Frame in a Unified Reporter Dashboard Does Not Refresh
If you create a Unified Reporter dashboard and add a custom URL, you have the option of selecting an auto-refresh interval for the custom URL frame or manually refreshing the URL frame. Due to a known limitation with JasperReports, if you select either the auto-refresh interval or the
Manual Only
refresh option, the frame will not successfully refresh.
Therefore, if you use a custom URL in a dashboard, it is recommended that you:
  • Do
    not
    select an auto-refresh interval
  • Avoid clicking the refresh button
To successfully refresh the custom URL frame, reload the dashboard.
Configure User Account Session Timeout
Symptom:
The application does not have proper user account timeout.
Solution:
The session timeout is an expired time limit for a logged in user who has been inactive for the specified time. Modify the session timeout setting in the portal-ext.properties file. It should not be set too high (except in special cases) because every open session is holding onto memory.
Follow these steps:
  1. Deactivate the wasp probe.
  2. Open the following file for editing:
    <UIM_Installation>
    \probes\service\wasp\webapps\ROOT\WEB-INF\classes\portal-ext.properties
  3. Identify and modify the following section.
    1. Identify the following section:
      session.timeout=5
      session.timeout.warning=1
      session.timeout.auto.extend=true
      From the above, we can infer that the time-out occurs after 5 minutes, and the but automatically requests an extension after 1 minute as long as the user is browsing the portal page.
    2. Modify the above to match the session timeout to 1 minute, which redirects the user to the login page after 1 minute of inactivity:
      session.timeout=1
      session.timeout.warning=0
      session.timeout.auto.extend=false
      session.keepalive.tolerance=1
      session.timeout.redirect.on.expire=true
  4. Also comment-out the <session-timeout> value in the web.xml file.
    1. Open the web.xml file for editing:
      <UIM_Installation>
      \probes\service\wasp\webapps\ROOT\WEB-INF\web.xml.
    2. Comment-out the <session-timeout> value.
      Performing this step ensures that the redirect to the login page occurs after you change the value in the portal-ext.properties file. However, if you do not comment-out the <session-timeout> value in the web.xml file, then the timeout value set in the web.xml file overrides the timeout value in the portal-ext.properties file.
  5. Reactivate the wasp probe.
Deploying Probes on Dual Stack Mode (IPv4 and IPv6) Not Supported
Symptom:
When you run the Nimsoft Loader (nimldr) utility and configure the primary hub using IPv6 address and are running the dual stack mode, then one of the following occurs:
  • When an IPv4 address is given for the Primary Hub, then the installation fails.
  • When an IPv6 address is given for the Primary Hub, then the Robot is installed, however you cannot deploy or configure any probe on the Robot.
Solution:
Dual-stack mode does not work as the primary hub of the UIM environment is in the dual-stack IPv6 and the IP address that is used in the robot.cfg is dual-stack IPv4.
Downgrading Robot 7.96 to 7.93 Not Working
Symptom:
You downgrade robot 7.96 to 7.93; however, you do not downgrade hub 7.96 to 7.93. In this scenario, you encounter unexpected issues because hub 7.96 does not work properly with previous versions.
Workaround:
It is not recommended to downgrade only robot. If you want to downgrade, then downgrade both robot and hub to 7.93.
Downloading CABI from Web Archive Using the Admin Console Fails
Symptom:
Download fails and stalls when downloading CABI from Web Archive using the Admin Console.
Solution:
This occurs when the RAM allocated to wasp on startup is not sufficient. We recommended configuring this to a maximum value of 4 GB.
Follow these steps:
  1. Navigate to the wasp probe in Admin Console.
  2. Select Configure, and modify the following parameters in the Java Startup Parameters section:
    1. Initial Memory (MB): 2048
    2. Maximum Memory (MB): 4096
  3. Select Save to save the configuration
  4. Restart the wasp probe.
  5. Restart the CABI package download.
Dashboard Design Permission Requires Bus User Privileges
In the Account Admin portlet, you can add the Dashboard Design permission to an ACL for an account contact user if the user wishes to create custom dashboards. However, the permission functions only for a bus user. Dashboard Design permission that is applied to an account contact user is ignored.
Enabling Sub-tenancy Before Mapping the User to Origins Restricts the Access to UMP Server
Symptom:
If you enable sub-tenancy without mapping the users to one or more origins,
all
the users fail to login to the UMP server unless either the users are mapped to one or more origins or you disable the feature.
Solution:
To allow the users to log in to the UMP server, you
must
map the users to the origins before enabling the sub-tenancy option.
Existing Unified Reporter Schema Name Issues During Upgrade
Using an existing schema or catalog name on the Database Connection panel during Unified Reporter upgrade can generate an error that the entered name is already in use. To fix this error, use a different schema or catalog name.
Exchange Monitor Set up Template Localization Issue
In CA UIM 9.0.2, the default profile name is not localized in the Exchange Monitor Setup MCS template.
ems Probe Does Not Work After Upgrading to 10.17 from 9.00
Upgrading from ems 9.x to 10.17 requires deleting the cache.
To upgrade to 10.17 from 9.x, follow these steps, on the primary hub server:
  • Deactivate the ems probe.
  • Delete ems db folder from the following location:
    <UIM_Installation>\Nimsoft\probes\service\ems\db
  • Deploy the latest version of ems probe.
  • Activate ems probe.
nas (Alarm Server) v9.00 is a prerequisite for upgrading to ems v10.17. If you are using an earlier version of nas, upgrade to nas 9.00.
Friendly Name with Special Characters Fails to Deploy the Schema
Symptom:
When you deploy a schema that has characters that are not valid in file names, the schema fails to deploy with the following error: Error occurred while creating/deploying schema probe package, Failed to deploy the probe package for the schema, <friendly_name> ScaleIO97db5264cdf49dbadf1de5928b0d9c98 :: <friendly_name>_schema.json."
Solution:
Define the friendly names with the characters that are valid in filenames.
Garbled Characters Displayed with IPv6 Address
Symptom:
When you install UIM 9.0.2 on a Linux machine and select the pre-installation summary during installation, the hub IPv6 address is displayed with scope ID appended to it.
Solution:
Currently, there is no workaround for this issue. This does not impact the functionality of UIM.
Isilon Schema fails to Upload
Symptom:
Upload Isilon Schema fails with this error "There was a problem while importing. Please contact administrator." press OK to Continue
Solution:
This error typically occurs if the schema size is more than 1 MB. You can upload the Isilon schema with 1 MB as the maximum file size.
Interface Groups Not Supported with Mobile App
Currently, the application does not support interface groups with either Android or iOS devices.
Installation Fails on RHEL 7.4
Symptom:
UIM installation fails on RHEL 7.4 machines.
Solution:
If you are using RHEL 7.4, ensure that either the fonts local.conf file is configured or the dejavu-serif-fonts package is installed. For more information, see the RHEL Documentation.
Option 1
: The fonts local.conf file is configured. Create the /etc/fonts/local.conf file with the following contents:
<?xml version=
'1.0'
?>
<!DOCTYPE fontconfig SYSTEM
'fonts.dtd'
>
<fontconfig>
<alias>
<family>serif</family>
<prefer><family>Utopia</family></prefer>
</alias>
<alias>
<family>sans-serif</family>
<prefer><family>Utopia</family></prefer>
</alias>
<alias>
<family>monospace</family>
<prefer><family>Utopia</family></prefer>
</alias>
<alias>
<family>dialog</family>
<prefer><family>Utopia</family></prefer>
</alias>
<alias>
<family>dialoginput</family>
<prefer><family>Utopia</family></prefer>
</alias>
</fontconfig>
Option 2
: Run the yum install command to install the dejavu-serif-fonts package.
yum install dejavu-serif-fonts
Java-Based Probes Might Not Start on Secondary Robot Deployment
CA Unified Infrastructure Manager v8.51 and later are installed with Java 8. When upgrading to CA UIM v8.51 or later, if Java-based probes that are previously deployed to a robot use an older version of Java (for instance, Java 7), the probes might not start. To resolve this, redeploy java_jre version 1.7 to the robot and then restart the robot.
Java SDK Environment Variable Requirement
If you use the Java SDK to send messages to UIM, set the following environment variable to designate the loopback IP address for contacting the local robot. For example:
NIM_ROBOT_IP=127.0.0.1
JSON Schema Validation Fails
Symptom:Subsystems
Upload a JSON schema and the validation fails resulting in the following error:
[<schema_name>.json] is/are missing UIM metric definitions syntax.
Solution:
This error typically occurs when the UIM
metrics
definition section is missing from the JSON file or contains incorrect values in the
operator
and
severity
attributes.
To resolve the error, edit the schema file, and perform either of the actions:
  • In the
    metrics
    section of the schema, define only one value for the following attributes:
    operator
    and
    severity
    . These attributes do not support an array of values.
    Or
  • Remove the following attributes from the
    metrics
    section in the schema:
    thresholdenabled
    ;
    operator
    ;
    severity
    ;
    custom_message
    ;
    custom_clear_message
Liferay Issue Might Cause Permissions Error in UMP Portlets
Due to a known issue with Liferay Enterprise Edition v6.1.30 (used by UMP v7.5 and later), users might encounter a permissions error in UMP portlets. This issue can occur in UMP instances that were created as follows: an administrator exported pages as a LAR file, created a site template and imported the LAR file, created a site that is based on the template, and then deleted one or more pages from the template.
This issue can be avoided if you export and import a LAR file with the
Permissions
checkbox selected. When you export pages as a LAR file, select the
Permissions
checkbox under the heading Other. When you create the site template and import the LAR file, ensure that you again select the
Permissions
checkbox.
If you encounter this issue, the work-around is to select the gear icon in the upper right-hand corner of each UMP portlet. In the Configuration pane, select the
Permissions
tab, and then select the
View
checkbox for each user in the Role column.
Links to Public and Private Pages Does Not Work After Upgrade
Symptom:
After upgrading to UIM 9.0.2 from UMP and UIM 8.5.1, change the robot.cfg to have IPv6 address for hub and robot and restart the UMP. If you open the UMP, select
Go To
, and then select
My Public Pages
or
My Private Pages
, the page displays an error.
Solution:
  • To access Private pages, we recommend using the following format for URL:
http://[IPv6 address]/user/administrator/home#
  • To access Public pages, we recommend using the following format for URL:
http://[IPv6 address]/web/administrator/home#
Localization Can Result in a Mix of Output Languages
Under certain circumstances, non-English QOS characters may appear in output encoding is inconsistent in the configuration of probes (such as wasp, dashboard_engine, or alarm_enrichment) that persist data to the database.
Manually Copy Security Certificates on the CABI External (Secondary Robot)
Before you deploy CABI External version 3.4 and enable TLS v1.2 you need to manually copy the security certificates from the primary robot to the secondary robot.
When you are using Microsoft SQL Server as the database, you need to manually copy the trust store files (jks) from the primary robot to the secondary robot. The files are placed in the <Nimsoft>\security folder.
When you are using Oracle as the database, you need to manually copy the wallet files (SSO/PKCS12) from the primary robot to the secondary robot. The files are placed in the <Nimsoft>\security folder.
Manually Apply Operator Console Basic ACL Permission For Accessing Operator Console (Upgrade Scenario)
When upgrading to UIM 9.0.2, users will not have access to the Operator Console. You must add the
Operator Console Basic
ACL permission in the Account Admin portlet. By default, this permission is only available to Administrators and Superusers. For more information, see ACL Permissions List and Using Account Admin.
MCS Configuration Profiles Might Not Be Applied to All Members of Large Dynamic Groups
Dynamic groups are updated by default every 5 minutes. In large CA UIM environments, dynamic groups could have a thousand members or more. It is unlikely that Monitoring Configuration Service will be able deploy or update configuration profiles to all members of a large dynamic group within the 5-minute interval. To resolve the issue, you can increase the configured interval. The interval is set with the group_maintenance_interval on nis_server. For details about modifying the group_maintenance_interval on nis_server, see the
Configure the Update Interval for Automatic Groups
section in the Create and Manage Groups in USM article.
MCS MySQL, Oracle, or SQL Server Device-level Configuration Profile Overrides Might Not Be Marked with an Asterisk
Using Monitoring Configuration Service, you can create group-level MySQL, Oracle, or SQL Server configuration profiles. After MCS applies the group configuration profile to all members of a group, you can make device-level overrides. MCS marks each field with a device-level override on the device configuration profile with an asterisk. Under the following conditions, you might not see an asterisk on some of the device-level
alarm
fields that have overrides:
  • The group-level profile for a checkpoint was set to publish
    None
    or
    QoS
    , and then
  • The device-level override for the same checkpoint is set to
    Alarm
    or
    QoS and Alarms
mon_config_service Does Not Activate after Restart
Symptom:
When I restart the mon_config_service probe from Admin Console/ IM, the probe remains deactivated.
Resolution:
If the mon_config_service probe remains deactivated after restarting, navigate to the Admin Console/ IM and select > Activate.
mon_config_service.log File Rotation Not Working Properly
Both log4j and NimLog are currently writing to the mon_config_service.log and this prevents the log file entries from rolling properly. To correct this issue, you need to modify the log4j.properties file and add an appropriate file size for the mon_config_service.log file. The workaround to correct this issue is:
  1. In Remote Desktop, open the log4j.properties file that is at <uim>\Nimsoft\probes\service\mon_config_service in a text editor.
  2. Remove FILE from the 'log4j.rootCategory=ERROR, FILE, CONSOLE' statement on the first line of the file.
    The statement becomes 'log4j.rootCategory=ERROR, CONSOLE'.
  3. Save the file.
  4. Specify an appropriate file size for the mon_config_service.log file. The default file size is 1024 KB.
    1. Access Admin Console.
    2. Select the hub on the
      Robots
      tab, and then select the
      Probes
      tab.
    3. Select the inline menu button for the mon_config_service.log file, and select
      Raw Configure
      .
    4. Select the
      Setup
      section.
    5. Select '
      +
      ' in the top right corner to create a key.
    6. Enter
      logsize
      in the Key field.
    7. In the Value field, enter an appropriate file size in kilobytes for the mon_config_service.log file.
    8. Select
      Create
      to add the log size key value.
    9. Select Update to save your changes.
Monitoring Configuration Service Profile Type Field Names
While MCS profile types and the associated probe configuration GUIs (either in Admin Console or Infrastructure Manager) for a particular probe will have the same configuration options, individual field names might not always match between them. For more information about the available fields for each probe GUI, see the documentation for each probe on the Probes site.
Monitors Not Deleting Even After Removing the Last Child Template (Override) for a Device
Symptom:
Create a group and add a device to this group. Also, ensure that no other override template is defined for the device. Then, override a template in this group and verify that the override template applies (monitors are published). Now, delete the override template. Even after deleting the override template, monitors created from the template for the device do not delete.
Workaround:
When all the child template profiles that are associated with a device are removed, the device entry is deleted from the probe configuration file. The probe processes for all the devices that are found in the configuration file. Therefore, any device that was found earlier and now not present in the file is not processed. That is, monitors created earlier are not dropped.
In the current implementation, no way is available to manage the devices that are removed from the configuration file. As a workaround, restart the probe whenever this scenario occurs.
Name Resolution Conflicts on Debian Systems with the automated_deployment_engine Probe
By default Debian v6 uses the address 127.0.1.1 as the name resolution address. When a robot is deployed to a Debian 7 or 8 system using automated_deployment_engine, after system restart, the robot attempts to bind to 127.0.1.1 as the available address. Use the following work-around to avoid contention for 127.0.1.1 on your Debian system:
  • When installing the robot manually or with automated_deployment_engine, you must go to the target system after installation and must add the following line to the robot.cfg file:
robotip = ip_address
where
ip_address
is the desired IP address that the robot should bind to on the target system.
  • When deploying to Debian 6.0.5 using XML, you must define the
    <robotip>ip_address</robotip>
    option, where
    ip_address
    is the IP address that the robot should bind to on the target system.
New Installation of Unified Reporter 9.0.2 Is Not Supported
New installation of Unified Reporter is not supported in 9.0.2. However, you can upgrade from Unified Reporter 8.5.1 to Unified Reporter 9.0.2.
Oracle Instant Client 12.2 Not Working
Symptom:
CA UIM 9.0.2 does not work with Oracle Instant Client 12.2.
Workaround:
As a workaround, use Oracle Instant Client 12.1.
Probe Administration Returns an Unknown Error in a Windows Cluster Environment
When you attempt to configure a probe, probe administration might return an
unknown error
message in a Windows Cluster environment. Specifically, this problem has occurred with the ems probe, but can happen with other probes. To work around the issue, follow these steps:
  1.    Log in to Infrastructure Manager as the administrator.
  2.    On the Security tab, select
    Probe Administration
    .
  3.    Select
    New Probe
    to add an entry for the ems probe.
    1.        Select ems in the
      Probe
      drop-down list.
    2.        Select Admin in the
      Access
      drop-down list.
    3.        Enter an asterisk ( * ) in the
      IP Mask
      field, and select
      OK
      to save your changes.
Profile Reconciliation Function Removed From Monitoring Configuration Service
The Reconciliation function was moved from the mon_config_service probe to a new MCS Utilities Tools. The MCS Utilities Tool provides more flexibility to schedule reconciliation, more in-depth reports of detected differences, and increases the performance of the mon_config_service probe. To fix differences in configuration profiles that are managed by Monitoring Configuration Service, use the MCS Utilities Tool.
Printed Performance Reports Display Legends When No Data (Null) is Graphed
In CA UIM 8.5, when a QoS series on a scheduled PRD report does not have any data (all null values or no data) and the “stacked” option is selected, a legend for the series is still printed in the report footer.
Probes Stop Working after Renaming the Robot Name and Restarting the Robot
Symptom:
The probes do not work after the robot name is changed and restarted.
Workaround:
You must validate the probes after renaming the robot name. Validation can be done through the Infrastructure Manager interface.
Reduced the Number of Probe License Checks (Salesforce Case 436860)
Monitoring Configuration Service was checking for licenses for the probes that are associated with profile types every 60 seconds. With this release, Monitoring Configuration Service checks for probe licenses less frequently.
Robot Installation Fails on UNIX
Symptom:
UNIX robot installation fails or the robot fails to start right after installation.
Solution:
Robot installations from UMP work as expected. However, this occurs with the silent installation using the Nimsoft Loader (nimldr) utility. If you see the following error message, then reattempt the installation a second time.
./niminit stop Failed to stop nimbus.service: Unit nimbus.service not loaded.
./niminit start Failed to start nimbus.service: Unit nimbus.service failed to load: No such file or directory.
If a robot fails to start, then stop and restart the robot.
Sub-tenancy is Not Supported by CABI Reports
Symptom:
CABI Reports currently do not support sub-tenancy feature. The data of all origins would be visible to the user on the CABI reports.
Solution:
There is no workaround available for this issue.
Subsystems Value On Alarms Generated by Spooler Incorrect
Symptom:
When you install a robot using the UIM installer, all events that are generated by the Spooler's subsystem value are marked as alarm irrespective of the system ID.
Solution:
This occurs as the latest robot 7.96 has not been deployed. Deploy the latest robot_update 7.96 package.
  1. Log in to Admin Console.
  2. Select a hub, and then select the Archive tab.
  3. Select the inline menu button next to the robot_update version 7.96 package, and then select Deploy.
  4. In the Hubs pane, select the check box next to a hub to select all the robots under the hub. Or, drill-down into the hub and select individual robots. To return to the list of hubs, select the back arrow in the middle pane.
  5. The Target Robots pane updates to show the selected robots.
  6. Select Deploy.
The nas AO (Auto Operator) Command Action Does Not Execute When There Is A Space in the Path (Support Cases 246133, 315782)
A command action cannot be parsed when the path contains spaces. Do not use spaces in the AO command path.
Trend Reports Show Deleted Devices
Devices that are deleted in USM still appear in the Elements to Show list in Group Trend Reports, though they are not included in the charts.
UMP Installation Message When Verifying Robot
Symptom:
The UMP 9.0.2 installation wizard displays the following message when verifying the selected Robot:
The install wizard was unable to determine whether the selected robot meets the minimum requirements for UMP. This may be because the CDM probe is not installed on the selected robot or because the CDM probe is not available.
Solution:
This message appears when the CDM probe is not installed on the selected robot or is not available. This can also occur when the computer where CDM is installed responds slowly. Though the message appears, you can select Next to proceed with the installation.
Unable to Migrate Existing Profiles to Enhanced Profiles After Upgrading from UIM 8.5.1 to UIM 9.0.2
Symptom:
After upgrading to UIM 9.0.2 from UIM 8.5.1, I do not see the enhanced profiles on UMP for my existing profiles, even after deploying the MCS package for enhanced profiles.
Resolution:
You need to upgrade to the latest (non-enhanced) MCS template package before attempting to migrate the existing profiles to enhanced profiles. For detailed instructions, see
Migrating and Converting Existing profiles
in the Configuring Alarm Thresholds in MCS page.
Unable to Change "Need Client Authentication" in the data_engine UI
Symptom:
This issue occurs when TLS v1.2 is enabled for Oracle (UIM database) and you try to change the
Need Client Authentication
option. In the data_engine IM interface, when you try to change the
Need Client Authentication
option, the appropriate value for this option is not set in the sqlnet.ora file. The sqlnet.ora file is available in the
<
Nimsoft>\security
folder on the UIM Server computer.
Workaround:
As a workaround, you must manually update the value of the SSL_CLIENT_AUTHENTICATION parameter. To do so, follow these steps:
  1. On the UIM Server computer, navigate to the
    <
    Nimsoft>\security
    folder.
  2. Locate and open the sqlnet.ora file.
  3. Update the SSL_CLIENT_AUTHENTICATION parameter in the sqlnet.ora file based on whether the
    Need Client Authentication
    option is selected or not (in the data_engine IM interface).
    For example, if the option is selected in the IM interface, the parameter must be set as follows:
    SSL_CLIENT_AUTHENTICATION = TRUE
    If the option is not selected, the parameter must be set as follows:
    SSL_CLIENT_AUTHENTICATION = FALSE
  4. Restart the data_engine probe.
Unable to Uninstall the Secondary Robot on an IPv6 Environment
Symptom:
On a pure IPv6 environment; if you try to remove the secondary robot from the hub, the
Ok
button is disabled after entering the IP address of the secondary robot.
Workaround:
Detach the robot first from the hub and then uninstall it for successful removal of the secondary robot.
Unable to Deploy the Robot using USM Interface
Symptom:
Deployment of the robot fails when trying to install using USM interface in an IPv6 environment.
Workaround:
For a successful robot deployment, use the host xml. Host xml must contain the following keys:
  • ip_version with the value “ipv4 ipv6”
  • do_not_broadcast with value “no”
After you successfully deploy the robot using the host xml, the
Unable to communicate with controller
error message is displayed on UMP. You can ignore this message.
Unable to Open Admin Console from USM (Deployed on Secondary Robot) using Actions > Admin Console
Symptom:
The Admin Console does not open from Actions menu.
Workaround:
Add the key
adminconsole_url
in the
ump_common
section of wasp probe through Raw Configuration. The value of the
adminconsole_url
key should be the complete URL of the Admin Console on the primary hub.
Unable to Open USM and PRD Portlets using Firefox
Symptom:
USM and PRD portlets does not open when using Firefox.
Workaround:
Use hostname instead of the IP Address.
Unified Reporter Does Not Work on Oracle and SQL Databases
The Unified Reporter installer package does not work on Oracle and SQL Databases.
Unified Reporter Does Not Work on Certain Firefox and Chrome Versions
The Unified Reporter does not work on the latest Firefox and Chrome browsers.
USM Reports (Trend, At a Glance, and Group Trend ) Do Not Display Data Accurately
Symptom:
When the retention period is set on the data_engine for 30 days, the USM reports (Trend, At a Glance, and Group Trend) displays data only for 30 days and not for preceeding days.
Solution:
This feature works as designed. USM reports like Trend, At a Glance, and Group Trend retrieve data from the RN_* Table in the database. When the retention period is configured on the data_engine for the delete_raw_samples and delete_history_samples values, the RN_* table retieves data only for the specified days. As a result, the USM reports display from the available data.
Addressing CVE-2018-13820 and CVE-2018-13819 Vulnerabilities
Unified Reporter will continue to work as per functionality. However, creation of custom reports or modification of existing UR reports using iReport will not work after you perform the upgrade.
For more information about the list of impacted probes, see Addressing CVE-2018-13820 and CVE-2018-13819 Vulnerabilities.
UMP User Authentication Reverts to screenName After Upgrading to UIM 9.0.2
Symptom:
In UIM 8.5.1, the user authentication (auth.type) for UMP is set to emailAddress. However, after upgrading to UIM 9.0.2, you cannot log in to the UMP using the email ID and password.
Solution:
This is a known issue where the auth.type which has been set to
emailAddress
reverts to
screenName
. You need to reconfigure UMP for email address login.
Follow these steps to configure email address login to UMP:
  1. Deactivate the wasp probe.
  2. Open the following file for editing: <
    UIM_Installation
    >\probes\service\wasp\webapps\ROOT\WEB-INF\classes\portal-ext.properties.
  3. Change the value of the parameter
    company.security.auth.type=screenName
    to
    company.security.auth.type=emailAddress
    .
  4. Remove all instances of the
    screenName
    parameter from the
    portalpreferences
    table in the NimsoftSLM database:
    1. Run the following query:
      select * from portalpreferences where preferences like ‘%screenName%’
      If no rows in the preferences column contain the screenName parameter, go to step 5.
    2. Issue the following command to delete all rows that contain screenName from the table:
      delete from portalpreferences where preferences like ‘%screenName%’
  5. Reactivate the wasp probe.
Unable to Create cdm Non-Enhanced Profile (Legacy)
Symptom:
I installed CA UIM 9.0.2. Now, when I try to create the cdm non-enhanced profile (legacy profile), I am unable to create it.
Solution:
The cdm non-enhanced (legacy) template requires cdm 6.30-MC to be present in the Local Archive. By default, cdm 6.30-MC is not present in the Local Archive. Therefore, if you want to create a cdm legacy template profile, ensure that cdm 6.30-MC is available in the Local Archive.
Unable to Open Probe Configuration Using Admin Console
Symptom:
The Configuration window does not open when you select the Configuration option for any probe in the Admin Console.
Solution:
This issue occurs when popups are blocked on your browser. Ensure that popup is not blocked for the Admin Console and select the Configuration option.
Unknown Error Occurs During Some Alarm Operations
You might see the following error when using the
Acknowledge
,
Set invisible
, or
Assign
icons in the USM Alarm View:
An unknown error has occurred.
Refreshing your browser may resolve the issue.
Details:
com.firehunter.ump.exceptions.DataFactoryException : null
Stack Trace:
org.springframework.orm.jpa.JpaSystemException: org.hibernate.jdbc.BatchedTooManyRowsAffectedException: Batch update returned unexpected row count from update [0]; actual row count: 2; expected: 1; nested exception is javax.persistence.PersistenceException: org.hibernate.jdbc.BatchedTooManyRowsAffectedException: Batch update returned unexpected row count from update [0]; actual row count: 2; expected: 1
Caused by: javax.persistence.PersistenceException: org.hibernate.jdbc.BatchedTooManyRowsAffectedException: Batch update returned unexpected row count from update [0]; actual row count: 2; expected: 1
Caused by: org.hibernate.jdbc.BatchedTooManyRowsAffectedException: Batch update returned unexpected row count from update [0]; actual row count: 2; expected: 1
You can safely ignore this error.
Removing Dependency on EOL Microsoft VC++ Runtime Libraries
The following are the known issues:
  • When deploying a probe that is dependent on the Microsoft Visual C++ Redistributable for Visual Studio 2017 package version 1.0 (vs2017_vcredist_x86 1.0 and vs2017_vcredist_x64 1.0), Windows operating system restart occurs on the robot where the probe is deployed. In the VS2017 package version 1.0, there is no "norestart" option specified in the Post Install command. Therefore, the Post Install might trigger OS reboot as part of the package installation. We recommend you to download the vs2017_vcredist_x86 1.01 and vs2017_vcredist_x64 1.01 package (as required) from the Nimsoft archive to avoid the computer auto-restart. For a detailed workaround, see the KB Article Windows OS Reboot After Probe Deployment.
  • Infrastructure Manager is not in the scope for the EOL Microsoft Visual C++ Redistributable dependency removal.
  • Microsoft Windows XP, 2003, 2008, and 2008 R2 are not supported in this case.
  • Hub is not supported on 32-bit Windows and Linux platforms in this case.
  • Unified Reporter will continue to work as per functionality. However, creation of custom reports or modification of existing UR reports using iReport will not work after you apply the upgrade patch.
  • If you use the automated_deployment_engine (ADE) probe to deploy the new robot (available in this release) onto your Windows computers, the robot is deployed successfully but the new "Microsoft Visual C++ Redistributable for Visual Studio 2017" might not be installed. To address this issue, we recommend that you follow the information in the article Update for Universal C Runtime in Windows (KB2999226) before you try to install the new robot using ADE.
  • Though this release removes the dependency on the EOL Microsoft Visual C++ Redistributable for the affected CA UIM components, it does not delete them from the computer. It is possible that some other application in your environment is using these old redistributables.
  • If you want to use the impacted probe versions with CA UIM releases prior to CA UIM 9.0.2, ensure that you download and deploy the vs2017_vcredist_x64 package that is available in Archive.
  • CA UIM 9.0.2 installation deploys the vs2017_vcredist_x64 package by default. With this package deployment, only the impacted probes can work. For other probes that use the EOL Microsoft Visual C++ Redistributables or for older versions of the impacted probes, you must download and deploy the vs2008_redist_x64 package from Archive.
Upgrade Self-signed Certificates
The Java version was updated to Java 8. You must upgrade any self-signed certificates that are generated by CA UIM from previous CA UIM versions. If you do not upgrade the pre-existing certificates, HTTPS connections to CABI Server will not work due to the change in security encryption levels in Java 1.8. For more information, see Configure HTTPS in Admin Console or UMP.
Using Variables for a Profile Name is Supported (Salesforce Case 418533)
The Monitoring Configuration Service now allows users to enter variable (for example, {device.ip} or {device.name}) for a Profile Name.
USM Does not Create Empty Automatic Groups for User Tags
For Oracle users, if there are no systems with user tags assigned and the user creates an automatic group in USM with User Tag 1 or User Tag 2 selected as the parent, no group is created.
delete_qos Callback Missing from data_engine 9.02
The delete_qos callback is missing from the data_engine 9.02 probe. This causes the s_qos_table not getting cleaned up, because CA UIM tries to execute the delete_qos callback, which is no longer available. Therefore, when you try to delete a device from the USM portlet in UMP, the device is deleted; however, the s_qos_table entry is not removed. You can find the following error in the UMP wasp.log file. This error is received when CA UIM tries to execute the delete_qos callback and cannot find it:
Oct 26 12:47:52:974 ERROR [http-bio-80-exec-6, com.nimsoft.nisapi.core.UIMProbe] error() Request.send() failed. Reason: (11) command not found, Received status (11) on response (for sendRcv) for cmd = 'delete_qos'
Oct 26 12:47:52:975 ERROR [http-bio-80-exec-6, com.nimsoft.nisapi.core.services.element.ElementServiceImpl] error() Could not completely delete device(s). Reason: java.lang.Exception: (11) command not found, Received status (11) on response (for sendRcv) for cmd = 'delete_qos'
wasp Contains a Non-functional Key for Service-host Address
Functionality for the service_host probe has been moved to wasp, and the probe is no longer installed as part of CA UIM. An address key for the probe still exists in the ump_common section of wasp but is not functional.
Creation of Alarm Policies on Legacy Profiles
Operator Console is allowing the creation of alarm policies on non-enhanced (legacy) profiles. However, such alarm policies do not work because no alarms can be generated for these alarm policies.
data_engine Errors After Upgrading to CA UIM 9.0.2
Symptom:
After upgrading to CA UIM 9.0.2 in an environment where the back-end database server is Microsoft SQL Server 2008 R2, data_engine may experience failures even though the upgrade appears successful.
The following log message is logged in the data_engine.log:
Oct 31 17:33:30:007 [1864] 0 de: ExecuteNoRecords - Query: exec spn_bas_SetVersion 'initialize', 'NIS_QOS_DATA',9.0200,5; go begin update qos_data set checksum = CONVERT(VARCHAR(41),HashBytes('SHA1', convert(varchar(1024), CONCAT(qos_data.qos,'#',qos_data.source,'#',qos_data.target,'#',qos_data.origin))),2) FROM S_QOS_DATA qos_data INNER JOIN S_QOS_DATA T on qos_data.table_id = T.table_id and T.checksum!=CONVERT(VARCHAR(41),HashBytes('SHA1', convert(varchar(1024), CONCAT(qos_data.qos,'#',qos_data.source,'#',qos_data.target,'#',qos_data.origin))),2); end; exec spn_bas_SetVersion 'finalize', 'NIS_QOS_DATA', null, 5; Oct 31 17:33:30:007 [1864] 0 de: [main] ExecuteNoRecords - 2 errors Oct 31 17:33:30:007 [1864] 0 de: (1) ExecuteNoRecords [Microsoft OLE DB Provider for SQL Server] Incorrect syntax near 'go'. Oct 31 17:33:30:007 [1864] 0 de: (2) ExecuteNoRecords [Microsoft OLE DB Provider for SQL Server] 'CONCAT' is not a recognized built-in function name. Oct 31 17:33:30:007 [1864] 0 de: COM Error [0x80040e14] IDispatch error #3092 - [Microsoft OLE DB Provider for SQL Server] Incorrect syntax near 'go'.
Solution:
Use the data_engine 9.02HF1 hotfix that is available at the Hotfix Index website.
To apply the patch, follow these steps:
  1. Import the data_engine-9.02HF1.zip file into the local archive.
  2. Deploy the imported package to the primary hub robot system.
Unable to Access the robot.cfg File Configuration Link in the UMP Installer
Symptom:
I am unable to access the robot.cfg file configuration link that is displayed in the following error message:
The selected robot doesn't contain cryptkey entry in cfg file. Please copy pem file from server and configure cryptkey path in robot.cfg. Please refer https://docops.ca.com/display/UIMS/.Configure+the+robot.cfg+File+v9.0.2 for more details.
I receive this error during the UMP installation when I try to upgrade from CA UIM 8.5.1 to 9.0.2.
Solution:
The robot.cfg file configuration link that is displayed in the error message is not correct. Access the correct link "Configure the robot.cfg File" to review the required information.
Windows Computer Restarts After probe Deployment
Symptom:
When deploying a probe, Windows OS restart occurred on the robot where the probe was deployed.
Solution:
This issue occurs for all the probes that have a dependency on the Microsoft Visual C++ Redistributable for Visual Studio 2017 package version 1.0 (vs2017_vcredist_x86 1.0 and vs2017_vcredist_x64 1.0). In the VS 2017 package version 1.0, there is no "norestart" option specified in the Post Install command. Therefore, the Post Install might trigger OS reboot as part of the package installation. We recommend you to download the vs2017_vcredist_x86 1.01 and vs2017_vcredist_x64 1.01 package (as appropriate) from the Nimsoft web archive to avoid the computer auto-restart. For a detailed workaround, see the KB Article Windows OS Reboot After Probe Deployment.
UIM Server Installation Not Working on Oracle 12c (TLS Enabled) Installed on Linux
The UIM Server installation does not work in the following scenario; this is a known issue in CA UIM 9.0.2:
You have Oracle 12c (with TLS enabled) installed on a Linux computer. You try to install UIM Server, point it to this Oracle database, and enable the TLS option while installing UIM Server. You receive an error and cannot proceed with the installation in this case.
(For 9.0.2 or Later) Finding and Fixing Profile Differences using mon_config_service_cli
The following process to find and fix profile differences will not be applicable:
  1. Issue the Find-Profile-Diffs command to find robots with configuration profile differences.
  2. Issue the Fix-Profile-Diffs command to fix profile differences.
  3. Re-issue the Find-Profile-Diffs command with a file that lists the robots that had profile differences to verify that profile differences no longer exist.
Wasp does not extract the webapps
Symptom:
wasp does not extract the webapps and the entries like below are found in the wasp.log:
Feb 24 17:18:41:028 INFO  [Catalina-utility-1, org.apache.catalina.core.ContainerBase.[wasp-engine].[localhost].[/]] No Spring WebApplicationInitializer types detected on classpath Feb 24 17:18:44:050 ERROR [Catalina-utility-1, org.apache.catalina.core.ContainerBase] startInternal() A child container failed during start Feb 24 17:18:44:051 ERROR [Catalina-utility-1, org.apache.catalina.core.ContainerBase] java.util.concurrent.ExecutionException: org.apache.catalina.LifecycleException: Failed to start component [[email protected]]     at java.util.concurrent.FutureTask.report(FutureTask.java:122)     at java.util.concurrent.FutureTask.get(FutureTask.java:192)     at org.apache.catalina.core.ContainerBase.startInternal(ContainerBase.java:916)     at org.apache.catalina.core.StandardHost.startInternal(StandardHost.java:841)     at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183)     at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1384)     at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1374)
Solution:
  1. Open registry
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NimbusWatcherService
    . In the key "ImagePath" change the value to path (same case) as it appears in Windows Explorer. (for.e.g. "C:\Program Files\Nimsoft\bin\nimbus.exe").
  2. Restart the "Nimsoft Robot Watcher" service.
UMP doesn't allow content from a trusted domain and its sub-domains, also doesn't pass the Content security policy filter
When a web site administrator wants to allow content from a trusted domain and all its sub-domains (it does not have to be the same domain that the CSP is set on).
Update the value of the parameter
“Content-Security-Policy”
in the filter
“Header Filter - No Cache - No Pragma”
Example: Content-Security-Policy:
default-src 'self' *.trusted.com
File Name: liferay-web.xml
File location: ~ \Nimsoft\probes\service\wasp\webapps\ROOT\WEB-INF
UMP doesn't allow to modify Referrer-Policy according to client request to the origin
Referrer-Policy specifies the desired referrer information that is to be sent along with requests made from a particular request client to any origin.
By default, it is set to “no-referrer-when-downgrade”, use below values as per requirement. Refer below reference link for additional information.
  • no-referrer
  • no-referrer-when-downgrade
  • same-origin
  • origin
  • strict-origin
  • origin-when-cross-origin
  • strict-origin-when-cross-origin
  • unsafe-url
Update the value of the parameter
“Referrer-Policy”
in the filter
“Header Filter - No Cache - No Pragma”
File Name: liferay-web.xml
File location: ~\Nimsoft\probes\service\wasp\webapps\ROOT\WEB-INF
Existing reports which have the machine names with FQDN name will not work properly
After 9.2.0, few probes generated data with DNS name and other probes generated with FQDN name for a single machine. Due to this, reports display two duplicate entries for a single machine, one with original name and another with fully qualified domain name. This issue is fixed as part of 20.1 release and displays only DNS name and shows consolidated data in the reports.
With this change, the existing reports which have the machine names with FQDN name will not work properly. There is no issue with the newly created reports.
Orgin update in hub probe and override origin set by the hub in controller probe functionality is not working properly
When the Origin is updated on the hub or the controller, Origin name is not updating on alarms until we clear the alarms manually or restarting robot manually.
In the NAS, key is created including origin, which is then compared with existing key to update the database based on which new entry or required fields are updated. If origin is updated then for every incoming suppressed alarm, to avoid the issues in the alarm clear, new entry will be created.
Enabling Content Security in the portlets as current configuration is not working.
To enable the Content Security in the below portlets.
  • Accountadmin  
  • Cloudmonitor
  • Dashboard
  • Listdesigner
  • Listviewer
  • Mytickets
  • Policyeditor
  • Qoschart
  • Reports
  • Reportscheduler
  • Servicedesk
  • Slareports
  • Slm
  • Unifiedreports
  • usm
Follow these steps:
  1. Go to WEB-INF folder of respective portlet
    ~\Program Files\Nimsoft\probes\service\wasp\webapps\
    <portlet_name>
    \WEB-INF
  2. Open liferay-web.xml in any Text editor
  3. Find “Header Filter - No Cache - No Pragma” filter
  4. Replace <filter-class>com.liferay.portal.servlet.filters.header.HeaderFilter</filter-class>
    To
    <filter-class>com.liferay.portal.kernel.servlet.PortalClassLoaderFilter</filter-class>
  5. Add new init-param after filter class parameter
    <init-param>
                 <param-name>filter-class</param-name>
                 <param-value>com.liferay.portal.servlet.filters.header.HeaderFilter</param-value>
    </init-param>
  6. Restart WASP
  7. Find the reference filter after modifying
    <filter>
    <filter-name>Header Filter - No Cache - No Pragma</filter-name>
                                <filter-class>com.liferay.portal.kernel.servlet.PortalClassLoaderFilter</filter-class>
                               <init-param>
                                             <param-name>filter-class</param-name>
                                             <param-value>com.liferay.portal.servlet.filters.header.HeaderFilter</param-value>
                                </init-param>
                                <init-param>
                                             <param-name>Cache-Control</param-name>
                                             <param-value>no-cache, no-store</param-value>
                                </init-param>
                                <init-param>
                                             <param-name>Expires</param-name>
                                             <param-value>0</param-value>
                                </init-param>
                                <init-param>
                                             <param-name>Pragma</param-name>
                                             <param-value>no-cache</param-value>
                                </init-param>
                                <init-param>
                                             <param-name>Referrer-Policy</param-name>
                                             <param-value>no-referrer-when-downgrade</param-value>
                                </init-param>
                                <init-param>
                                             <param-name>Content-Security-Policy</param-name>
                                             <param-value>default-src 'self' 'unsafe-eval' 'unsafe-inline';  img-src 'self' data:;</param-value>
                                </init-param>
    </filter>