CA Tuesday Tip: EEM for APM Important Reminders

Discussion created by SergioMorales Employee on May 30, 2013
CA Wily Tuesday Tip by Sergio Morales for 05/28/2013

Hi All,

Here is a list of some recommendations and common issues reported to support. I hope this information helps your migration.

1. APM 9.x is supported with EEM 8.4 SP3, 8.4 SP4, 12.0 including any fix packs on top of these releases.
EEM is a 32bit application which runs as 32bit application on 64bit Operating Systems.
For more details, refer to the APM compatibility guides:

2. Limitations:
a) You cannot use LDA group in the Access Policies tab in the CEM UI. However, this can be done from the EEM UI.
b) You cannot disable the "CEM Administration" tab if you define Business Application Policies for Frontends, this is because by design,we only create one type of resources called Business Applications (and do not distinguish between ISCP Biz Apps & CEM).

3. EEM doesn’t pull new Ldap group inside of EEM UI:
If new Groups created do not appear immediately inside of EEM, try to lower the value of "Cache Update Time".
In general the value of this is set to 1440 minutes (24 hours), try setting this to a lower value, wait for that much time, do a refresh and the newly created groups should appear.

4. EEM failover on realms.xml: there is no special settings on the EM server, the failover logic is done on EEM side.
In the Introscope side, you only enter one of EEM servers, the eem sdk that is part of the EM does the switching between servers. Here is a KD that explain how to configure this on the EEM side:
Or refer to the attached doc: EEM Failover Setup.pdf

5. How to migrate LOCAL custom domains and security to EEM?
At the present time, there is no tool to automatically migrate your local custom definitions to EEM repository, this is a manual process. I have created the below document that illustrate step by step how to do that using an example.
How to migrate LOCAL custom domains and security to EEM.pdf

Below 3 additional documents illustrating how to configure EEM with APM:
- How to configure APM authentication with EEM configured with LDAP.pdf
- How to configure APM Authentication with EEM local authentication.pdf
- How to define Business application policies for CEM UI in EEM configured with LDAP.pdf

For more information about integrating APM with EEM see APM security guide.

6. EEM authentication not working, logging takes long time?
a) Find out if the problem reproducible when connecting directly to the EEM UI? This will help you isollate if the issue is EEM or EM related. If the problem is not reproducible when connecting to the EEM directly, then the problem could be related to a performance issue on the APM side, you should review the EM logs.
b) Change the base DN to a location closer to the user and verify if the problem persists.
c) Are you using nested groups?
d) Are you using multiple EEMs, make sure failover is configured on the EEM not APM side (realms.xml), see EEM Failover Setup.pdf

7. Application/Business Services Access Policies not working?
a) Verify that the access policy is working using EEM ui.
Select Manage Access Policies > Permission Check. Make sure to enable the "Display debug information"option. Enter information to validate the policy.
b) There is a known issue, a change made in EEM requires a restart of the Introscope EM. (BUG# 79780). Fix is available in 9.1.5.

8.Blank pages in CEM UI, slowness in connecting and navigating in the UI when using EEM?
There is a known issue related to the requests going beyond 4kb which is a default limit for Jetty web server. To fix the issue:
a) Increase the default Buffer sizes, add the below 2 highlighted lines to the EM_HOME\config\em-jetty-config.xml:
<New class="com.wily.webserver.NoNPESocketConnector">
<Set name="port">8081</Set>
<Set name="HeaderBufferSize">8192</Set>
<Set name="RequestBufferSize">16384</Set>
<Set name="ThreadPool">
b) uncomment the below line in
c) restart the EM

9. Business Application policies restrictions are not applied to CEM UI \ Administration \ Business Application tab, this allows user to be able to remove any CEM Business Application definition. BUG# 79822. Fixed in 9.1.2

10. What to collect in case you need to escalate an issue?

- Zipped content of the EM_HOME\log – please make sure to enable DEBUG
- EM_HOME\config\reamls.xml, server.xml, domains.xml
- Export of APM application from EEM: Configuration > EEM Server > Export Application > Select all Objects list – this will allow us confirm if the problem is related to permissions and recreate the issue in-house.
- Screenshot from Permission Check.
- Collect EEM logs and config files: igateway logs, iPoz logs and *.conf under \Program Files\CA\SharedComponents\iTechnology folder

If possible enable EEM Server Trace:
a) Stop iGateway Service (From Command or from Services.msc)
Net stop iGateway (On Windows Platform)
S99igateway stop (On *Unix Platform)
b) Open the iPoz.conf file for editing ( this will be located in the iTechnology folder)
Use the shortcut %IGW_LOC% on Windows Platform and $IGW_LOC on *Unix platforms
Search for <LogLevel>WARNING</LogLevel>
c) Replace WARNING with TRACE (this needs to be in upper case)
d) Save the iPoz.conf file
e) Restart the iGateway service