Release Automation

Expand all | Collapse all

CA - PROACTIVE NOTIFICATION - RACORE - CRITICAL ALERT - CRACORE-100282

  • 1.  CA - PROACTIVE NOTIFICATION - RACORE - CRITICAL ALERT - CRACORE-100282

    Broadcom Employee
    Posted Sep 20, 2016 11:33 AM

    Dear CA Customer:

    The purpose of this Critical Alert is to inform you of a potential problem that has been recently identified with CA Release Automation. Please read the information provided below and follow the instructions in order to avoid being impacted by this problem.

     

    PRODUCT(S) AFFECTED:

    CA Release Automation      

     

    RELEASE:

    All Releases

     

    PROBLEM DESCRIPTION:

    Release Automation ASAP (SWING UI) has a signed certificate that will expire on Mon Oct 17 02:59:59 IDT 2016.

    Once the certificate expires, users will not be able to open ASAP UI and any usage of the ASAP tool will be blocked.


    SYMPTOMS:
    Unable to open and use ASAP UI.

     
    IMPACT:
    Users will not be able to perform administration tasks that can only be done with ASAP UI.
      
    PROBLEM RESOLUTION:
    Resolution in progress, we will be publishing cumulative patches for all supported versions by the end of this week.

    If you have any questions about this Critical Alert, please contact CA Support.
     
    Thank you



  • 2.  Re: CA - PROACTIVE NOTIFICATION - RACORE - CRITICAL ALERT - CRACORE-100282

    Posted Sep 21, 2016 02:18 AM

    please provide the information, when the patch is released as a comment on this thread. thank you

     

    also: might be a good idea to send this out via mass mail as well.



  • 3.  Re: CA - PROACTIVE NOTIFICATION - RACORE - CRITICAL ALERT - CRACORE-100282

    Broadcom Employee
    Posted Sep 21, 2016 02:37 AM

    Thanks Michael for this reply.

    The notification email was sent by support to RA customers ... I was just thinking it would be good to add it here as it might be that that email will not reach all required people.

    We plan to release this cumulative by the end of this week or by 9/25 at the latest/

    I will update this thread once it is release.



  • 4.  Re: CA - PROACTIVE NOTIFICATION - RACORE - CRITICAL ALERT - CRACORE-100282

    Broadcom Employee
    Posted Sep 21, 2016 08:38 AM

    Thanks Guys. The email that Meir is talking about is the email sent by the proactive notifications system which everyone can register for using the steps that Keith-Puzey-CA made available to us here: CA Release Automation Product Notification Services 



  • 5.  Re: CA - PROACTIVE NOTIFICATION - RACORE - CRITICAL ALERT - CRACORE-100282

    Broadcom Employee
    Posted Sep 22, 2016 02:04 AM

    The cumulative packs have been posted on support.ca.com (http://www.ca.com/us/support/ca-support-online/product-content/recommended-reading/technical-document-index/ca-release-automation-solutions-patches.aspx?intcmp=searchresultclick&resultnum=2).

     

    1 -  6.2.0.3029

    2 -  6.1.0.1093

    3 -  5.5.2.488

    4 – 5.5.1.1634

    5 – 5.0.2.231



  • 6.  Re: CA - PROACTIVE NOTIFICATION - RACORE - CRITICAL ALERT - CRACORE-100282

    Broadcom Employee
    Posted Sep 22, 2016 03:40 AM

    Hi Meir,

     

    How to verify the pack after installation? Will the pack impact the flows & process? Is it enough to just verify ASAP and ROC login, or do we need to run and verify the existing processes?

     

    Our current version is 5.0.2.216, so we can install 5.0.2.231 directly without any other prior build, right?

     

    Thanks

    Yang



  • 7.  Re: CA - PROACTIVE NOTIFICATION - RACORE - CRITICAL ALERT - CRACORE-100282

    Broadcom Employee
    Posted Sep 22, 2016 03:53 AM

    The cumulative pack includes all the latest fixes of Release Automation for the relevant release. Details of these fixes can be viewed in the cumulative readme file.

    Specifically to this critical update, the cumulative also replaces the internal certificate which is used for signing the ASAP jar files which are being authenticated from the client machine over to the NAC machine.

     

    To validate the certificate update, you can launch the ASAP application and in the "do you want to run this application by CA", press the "More Information" link. This will open up a view of the certificate details. One of those is the validity date ... After applying the cumulative, the expiration will be updated to 2019

     

    Hope this helps.



  • 8.  Re: CA - PROACTIVE NOTIFICATION - RACORE - CRITICAL ALERT - CRACORE-100282

    Broadcom Employee
    Posted Sep 22, 2016 04:07 AM

    Hi Meir,

     

    Understand the certificate fix and we will verify in ASAP.

     

    Since this pack includes all the latest fixes, do these fixes impact the existing flows and processes? Do we need to verify the implemented flows and processes after the installation?

     

    Our current version is 5.0.2.216, so we can install 5.0.2.231 directly without any other prior build, right?

     

    Thanks

    Yang



  • 9.  Re: CA - PROACTIVE NOTIFICATION - RACORE - CRITICAL ALERT - CRACORE-100282

    Posted Sep 22, 2016 04:11 AM

    I'm also interested to know that. I hoped for just a single replacing of some files, but now that it is a full patch installation and we're still running on 191, I need a downtime of the system.

     

    too bad, they don't expire at 11/01/16, then I would have installed the patch with our upgrade to 6.2



  • 10.  Re: CA - PROACTIVE NOTIFICATION - RACORE - CRITICAL ALERT - CRACORE-100282

    Posted Sep 22, 2016 04:23 AM

    Can you confirm again, that only the ASAP is not working after the 10/17/2016? So, everything we can configure via ROC is still doable and deployments are also not affected?



  • 11.  Re: CA - PROACTIVE NOTIFICATION - RACORE - CRITICAL ALERT - CRACORE-100282

    Broadcom Employee
    Posted Sep 22, 2016 04:36 AM

    For 5.0.2, the baseline for installation is 193 which was a cumulative after that GA.  

    As best practice, it is always recommended to take backup before upgrade (cold DB + NAC/NES folder structure). It is also recommended to test patch on "side" environment before rolling out on production.

     

    True that "only" ASAP UI will be blocked.  BUT there are some functionality that can only done via this tool and not through the web designer (will change in the future). That said, it is critical this patch will be applied before the certificate expiration date



  • 12.  Re: CA - PROACTIVE NOTIFICATION - RACORE - CRITICAL ALERT - CRACORE-100282

    Posted Sep 22, 2016 04:41 AM

    well, as far as I can tell, it is only really needed for user/permission  management and maybe remote installation of agents.

     

    I'm just trying to evaluate if it is worth going through a downtime, when we're planning to update to 6.2 on the 31st of october, so it would only be 2 weeks without ASAP, because we can't test this patch anywhere, as our PRE-PROD CA-ARA environments are already running on 6.2



  • 13.  Re: CA - PROACTIVE NOTIFICATION - RACORE - CRITICAL ALERT - CRACORE-100282

    Posted Sep 22, 2016 04:25 AM

    Note that in the 5.0.2 cumulative patch readme file its state specific build number: 

    RA 5.0.2 installation with cumulative pack build 193 must be installed prior to installing this patch

    While in other versions it slightly different

    e.g

    6.2

    RA 6.2.0 GA b3017 (or higher) needs to be installed prior to this patch

    5.5.1
    RA 5.5.1 GA (b1312) or higher build of this release,  must be installed prior to installing this patch

    tamme01 is it only documentation issue?



  • 14.  Re: CA - PROACTIVE NOTIFICATION - RACORE - CRITICAL ALERT - CRACORE-100282

    Broadcom Employee
    Posted Sep 22, 2016 04:37 AM

    This is not documentation mistake.

    For 5.0.2 specifically, we need baseline of previous cumulative (193). For all others, the GA version of that release is "good enough".



  • 15.  Re: CA - PROACTIVE NOTIFICATION - RACORE - CRITICAL ALERT - CRACORE-100282

    Broadcom Employee
    Posted Sep 22, 2016 04:56 AM

    Hi Meir,

     

    For 5.0.2, we need baseline of previous cumulative (193). Does that mean we must install the 231 based on 193 or we can also install 231 based on any other version higher than 193?

     

    Our version is 216 and I don't think we can back to 193.



  • 16.  Re: CA - PROACTIVE NOTIFICATION - RACORE - CRITICAL ALERT - CRACORE-100282

    Broadcom Employee
    Posted Sep 22, 2016 05:05 AM

    When you applied b216 of 5.0.2, was it after you applied the b193?   I assume the answer is yes.

    Assuming this is correct, you can apply the latest 231 patch ... no need to revert back to previous build and upgrade again.



  • 17.  Re: CA - PROACTIVE NOTIFICATION - RACORE - CRITICAL ALERT - CRACORE-100282

    Posted Sep 22, 2016 08:27 AM

    Hi Meir,

     

    for 6.2 it does say b3017 is required, for us the installation of b3010 didn't cause any problems on our DEV and PRE-PROD environment. Can we install the patch on b3010 as well or do we need to run the b3017 installer first for an update?

     

    thanks.

     

    best regards

    Michael



  • 18.  Re: CA - PROACTIVE NOTIFICATION - RACORE - CRITICAL ALERT - CRACORE-100282

    Posted Sep 22, 2016 08:43 AM

    also, when trying to attempt the download of the 6.2 patch, I'm getting the following alert, don't know if it is just internal for us or if the zipfile was created differently this time, because I know I already did download a patch for 6.1 once

     

    just thought I let you know

     

    I'm not getting this alert for the 5.5.2 and 6.1 patch...weird



  • 19.  Re: CA - PROACTIVE NOTIFICATION - RACORE - CRITICAL ALERT - CRACORE-100282

    Broadcom Employee
    Posted Sep 22, 2016 10:13 AM

    Hi Michael,

     

    Agreed, strange. What steps are you using to download this patch? I just used the product support page and see that the source file mentioned in your screenshot is not where the link for the RA620 3029 cumulative is pointing. 

    CA Release Automation Solutions & Patches - CA Technologies 

     

    Regards,

    Gregg



  • 20.  Re: CA - PROACTIVE NOTIFICATION - RACORE - CRITICAL ALERT - CRACORE-100282

    Posted Sep 22, 2016 10:36 AM

    Hi Gregg,

     

    yeah, I'm using the same page as you, although I can't download anything on this page using Chrome, I get a "no such file found", but this seems to be a browser issue, just don't know what chrome's problem is 

     

    so I'm using firefox, then clicking on the zip file, a pop up comes up, where it ask if the "ftp.ca.com" really should be opened, I click yes and normally the download should start, but I'm getting the virus alert for the 6.2 patch.

     

    I'm a bit afraid, that I messed that up, because the first time I accidentally clickt "no" instead of "yes", not sure if this causes the file to be blocked for all my machines or the hole munich re. which would be kinda stupid.

     

    on the other side, as I said, I can download the patch for 6.1 and 5.5.2 without getting the alert, so it seems like something is wrong the zip file or at least our scanner does think so

     

     

    regards

    michael



  • 21.  Re: CA - PROACTIVE NOTIFICATION - RACORE - CRITICAL ALERT - CRACORE-100282

    Broadcom Employee
    Posted Sep 22, 2016 11:08 AM

    I am using Chromium and able to download. I just tried restricting my browser down but couldn't replicate the behavior you described. But maybe I'm just not configuring the right setting. It may be in their somewhere.

     

    As for the behavior you see in Firefox, maybe it is being blocked now by Kaspersky. Maybe you have a place where you could remove this file/url from the blocked list. Or, maybe this will help. The direct url for the patch is this:

    ftp://ftp.ca.com/pub/releaseautomation/ReleaseAutomation/Fixes/RA_62/RA620cumulativeb3029_26518298337708185.zip



  • 22.  Re: CA - PROACTIVE NOTIFICATION - RACORE - CRITICAL ALERT - CRACORE-100282

    Posted Sep 22, 2016 11:19 AM

    Hi Gregg,

     

    when I first clicked the direct link the download started and reached the complete file size, for the saving of the file I think there is a check running, this one seems to fail as the file gets removed and the download fails.when I now click the direct link again, I'm getting the virus alert

     

    seems like I need to whitelist the file or page somehow.

     

    best regards

    Michael



  • 23.  Re: CA - PROACTIVE NOTIFICATION - RACORE - CRITICAL ALERT - CRACORE-100282

    Posted Sep 22, 2016 11:26 AM

    btw. I was wrong about being able to download the other patches, I assumed it works because I didn't get the error at the start, but I just tried to download the 6.1 patch and at the end I'm getting the same problem as with 6.2, downloads the complete file, then the check notices something fishy and after that I'm always getting the alert

     

    although got a different one this time



  • 24.  Re: CA - PROACTIVE NOTIFICATION - RACORE - CRITICAL ALERT - CRACORE-100282

    Posted Oct 07, 2016 01:25 AM

    I wanted to catch up on the virus issue I had:

     

    I finally had this checked by our security and it really was just a false-positive on the kaspersky labs scanner on our proxy, they now gave me the zip file



  • 25.  Re: CA - PROACTIVE NOTIFICATION - RACORE - CRITICAL ALERT - CRACORE-100282

    Broadcom Employee
    Posted Oct 07, 2016 09:02 AM

    Thanks for posting your confirmation of the issue.

     

    Cheers,

    Gregg



  • 26.  Re: CA - PROACTIVE NOTIFICATION - RACORE - CRITICAL ALERT - CRACORE-100282

    Posted Sep 29, 2016 05:42 AM

    I face the problem in CA RA 6.1 after import the action packs.

    I already install patch 1093, the problem still occur, cannot create and view action in design tab.

     

    Please suggest

     

    BR,

    Peerawat K. 



  • 27.  Re: CA - PROACTIVE NOTIFICATION - RACORE - CRITICAL ALERT - CRACORE-100282

    Broadcom Employee
    Posted Oct 04, 2016 03:21 AM

    Hi Peerawat,

    This thread is about the ASAP certificates expiring and what needs to be done to prevent it. If you're facing different problems, please create a separate thread or support case to have it looked into.

    regards,

    Leo



  • 28.  Re: CA - PROACTIVE NOTIFICATION - RACORE - CRITICAL ALERT - CRACORE-100282

    Posted Sep 30, 2016 03:51 AM

    Note for those using custom SSL Certificates

     

    If you have a custom ASAP truststore (company SSL certificates instead of OOTB certs), then you need to copy your custom truststore back to webapps/nolio-app/apps/v2.0.0/lib/custom-truststore.jar. Similarly, if you are running the NAC as another user than root, then you will need to change the ownership of the files under webapps/nolio-app/apps/v2.0.0/lib/ to that user:group.