CA Service Management

Hi everyone,

we have a problem with the tab reports on SDM , when we click on this tab, it opens a new window and in a few minutes, we get a warning suggesting that we have the "shared secret" misconfigured, but we followed various guides of the product and we have the same shared secret in the file "TrustedPrincipal.conf" (in C:\Program Files\CA\Service Desk Manager\bopcfg\www\CATALINA_BASE\webapps\CAisd), in CMC preferences, on BOXI server, Shared Secret are the same, and the file "web.xml" (C:\Program Files (x86)\CA\SC\CommonReporting3\Tomcat7\webapps\OpenDocument\WEB-INF) also configured correctly.

This is the error message:

Error de comunicación al intentar la conexión con el servidor <server>:6400 (FWM 01009) attempt to establish connection failed: java.net.ConnectException: Connection timed out: connect.

Also ensure the following

1.Trusted Principal authentication is enabled in BOXI.

2.Shared secret is Updated in Trusted Principal.conf file located in NX_ROOT\bopcfg\www\CATALINA_BASE\webapps\CAisd.

3.Both shared secrets mentioned in BOXI and TrustedPrincipal.conf file are same.

My SDM/admin/options mgr/web report settings, are too correctly configured

    - CMS = <server>:6400

     - Location = http://<server>:<8080>

     - secEnterprise

I have an Production enviroment where i click on "Report's Tab" which connects to BOXI server. On BOXI servers all ports are open (6400-6410, 8080), we were created firewall rules that allow communication between two computers and ports 6400-6410 and 8080, but still I've noticed that some ports are not always listening, I tried to use Telnet from Production to BOXI, it's try to connect but in a few seconds says "press any key to continue" and when i pressed, he says that "connection to host lost".

I found a "jsrvr.log" with information and errors of "BOServlets" and others processes, but I don't know how to fix this.

e.g:

07/01 09:33:11.727[http-8080-Processor25] ERROR BOServlet 372 AHD04802: User authentication error

07/01 09:37:38.263[http-8080-Processor23] ERROR UploadServlet ? Connection reset by peer: socket write error

Telnet Errors.

Thanks, and i apologize for my English.

Hi Luis,

FWM 01009 error code refers to network or port connectivity issue. If you are sure that the ports are enabled, then try to telnet using the ipaddress to see if it works.

Thanks,

Naveen

The errors in the jsrvr.log refers to attachments or SDM tomcat. You may verify how the value is defined for @NX_SERVLET_SERVER_URL and @NX_LOCAL_SERVLET_SERVER_URL in the SDM NX.ENV file.

Thanks,

Naveen

Hi,

The value for @NX_SERVLET_SERVER_URL is "http://<production server>:8080, and the variable @NX_LOCAL_SERVLET_SERVER_URL it's not in "nx.env" file.

The route of this file (nx.env) is on "C:\Program FIles\CA\Service Desk Manager" right? and the variable "@NX_SERVLET_SERVER_URL" it must to be the production server or the BOXI server??

thanks.

Hi Naveen,

Telnet doesn't works correctly, but i use "portqry" and all ports are listening (6400, 8080, 6410) from production to BOXI server.

Thanks.

Hi Luis,

The nx.env file path is C:\Program FIles\CA\Service Desk Manager on SDM server. Try to launch the SDM URL in the BOXI server and login to the page.  Click on reports tab and then click on infoview button to see if it shows same error.

Thanks,

Naveen

Hi Naveen,

I launch the SDM URL in the BOXI server, ask me for user and password, i use the same account and password that i use for log on to SD and IE screen goes blank, and display nothing, not even a error.

Thanks.

Hi Luis,

When you launch SDM Reports Tab,  its the  SDM Tomcat engine based BOServlet code that attempts to connect to CABI's  CMS process.   CMS provides a Request Port number back to BOServlet to use and connect to.  BOServlet then initiates a connection on that Request port  for the real authentication (TrustedPrincipal) to complete.  This is where we validate if a UserID in SDM  matches a UserName in CABI.    And there after we'll be able to see the Reports which are displayed via the OpenDocument approach of CABI.

By default such Request port is Ephemeral (ie., we leave up to the OS to allocate which Request port (this is not same as the default listen port 6400) is given to CMS for it to listen on).  In case of firewalls, you'd have to hard code this to a specific port that is open in the firewall.

So, below error: Error de comunicación al intentar la conexión con el servidor <server>:6400 (FWM 01009) attempt to establish connection failed: java.net.ConnectException: Connection timed out: connect.

indicates to me that, BOServlet was not able complete the communication into CMS. 

If you think the firewall is good from communication aspect, it maybe that you would have to enable one of the ports say 6401  to be used as CMS's Request port, restart CMS  and retest.

We have additional explanation about how CABI communication works between CABI Components.  Keep in mind BOServlet  in this case is a CABI Client process.  https://support.ca.com/cadocs/0/CA%20Service%20Desk%20Manager%2012%209-ENU/Bookshelf_Files/HTML/CA%20Business%20Intelligence%20Implementation%20Guide/index.htm?toc.htm?809745.html

Hope this helps

_R

Good Morning Raghu,

I have a user on SDM called "ServiceDesk" his surname is "ServiceDesk" and it has no "name" given ( i've done ), and the login is the same,  on the other han in the CMC i have a user with account name= "ServiceDesk" and full name= "ServiceDesk",  so that users are equal and should not fail for that, right?. obviously when I click on the tab reports, I'm logged in SDM with that user.

secondly my teammates who manage the firewall, have been created rules that allow communication between the two computers through the ports from 6400 to 6410, is it necessary for me to open port 6401 or 6402, for example? or application controls that range of ports and open it if is necessary?. Otherwise, how i can open a specific port for the CMS? (I'm a bit new to all this).

Thanks.

Hi Luis,

In the link I posted previously, there are some steps on how to enable those request ports.

Normally you login to Central Management Console -> Servers ->  identify the Central Management Server there -> Right Click and Properties -->

Under Connection Settings   uncheck the Auto Assign for Request port. Now you can code an appropriate port number there (Ex: 6401).  Save and restart Central Management Server process by right click and restart.

Now CMS  should allow you to connect over 6400+6401.    If you’re still getting connection refused error, a wireshark trace might give an idea on what port is being attempted.

_R

Hi Raghu!!!

I made the step that you have shown me, and it works !!! finally!!  I'm a little embarrassed that after the time we have with this , it has been for this foolishness, but at least is solved.
Thank you very much, really.

Regards.

Glad it worked out Luis.

These cases are tricky, nothing to be embarrassed about.  Especially when the ports appear to be open and the error message is almost the same (there maybe a slight difference in the error message as we saw on this case).

_R

Hi,

Raghu if you do not mind, I have another question, the reports that we now appear in the tab "reports" are outdated,
They are dated 2-3 years ago, and it doesn't leave me any choice, as shown in Infoview, to modify these dates.

I have to modify the entire report ?? something is not set? in the picture attached, you can see where the number 1 is the dates are old, when in Infoview, where the number two is, it always appears one option to indicate the dates that you want. this happen in all reports.

Thanks,

Regards.

Hi Luis,

Its the Ticket data that the report is pulling from "an" SDM server.  Maybe your CABI SDM reports (the CA SDM Universe) are connecting to another CA SDM instance with older data?  Is that a possibility?

It was "refreshed" today though - the day July 14th 2015   signifies that.  So the report was infact run today,  it connected to SDM and fetched the data listed in the report.  My only best guess as to showing data from 2012  is possibly because its pointing to wrong SDM server.   Not all of our reports have Prompts for dates.  Some of them show snapshot of the data in SDM as of when the report was run.

Hope this helps

_R

Hi Raghu,

We are working with Infoview and all reports have the correct dates, and is pointing to the correct universe, because the data in the reports we get are valid.

To avoid any doubt, i would have to check from the BOXI machine, in the Designer right? is the connection to BBDD server?

Thanks.

Correct, this might help -> http://www.ca.com/us/support/ca-support-online/product-content/knowledgebase-articles/tec595754.aspx

Also, would it be OK to raise a new thread on this new reports topic.  It would be easier for other community members to understand the original TrustedPrincipal error and the resolution there.  Thank you !

_R

Hi Luis,

I presume it to be connection issue . you may use Fiddler tool and check if you find any hint about the connection error.

you need to install this tool on SDM and BOXI server and check if you find any errors.

~vinod

Hi Vinod,

I'm not administrator of those computers, so to install anything i need to open a incident to a particular group and wait to install it, so i could be waiting for several days, and in a way I want to fix this as soon as possible, because it is something that needs to have operating.

Thanks you anyway.