GishBandara Super Contributor.
Super Contributor.
2581 views

OMI 10.01 IP3 Integration with APM 9.26 fails - Step 2

Jump to solution

Hi,

I have some issue with OMi 10.01 integration with APM 9.26 where "Step2: OMi to APM Setup" is failing with following failure message.

Status:failed:Trust for event synchronisation failed.

Current Deployment -

OMi - Single server (GW_DPS)

APM - Distributed (1GW and 1DPS)

APM connected server ha sbeen created and validate the topology synchronization. Then after edit the connected server and select the Step 2 under "Synchronization" section, it provided the above failure message.

Omi server has been setup to use TLS, therefore i have imported the CA root certificates to GW and DPS java key store.

bbcutil -ping is provide successful "eServiceOk" for following checks,

OMi ->APM GW

OMI -> APM DPS

APM GW -> OMI

APM DPS ->OMi

Manually ran the BBCTrustServer.bat to make sure Omi and APM DPS+GW has a trusted relationship as well.

 

Any help will be appreciated.

 

Thanks,

Gish

0 Likes
1 Solution

Accepted Solutions
GishBandara Super Contributor.
Super Contributor.

Re: OMI 10.01 IP3 Integration with APM 9.26 fails - Step 2

Jump to solution

Hi All,

 

The issue has been finally resolved after discussing with support/LAB for a long time. Following was the issue in my environment. 

 

HP OMi had TLS enabled and and it was using HTTPS. But HP BSM was using the plain text communication HTTP.

Therefore the the LWSSO cookie generated by OMi wasn't visible for HP BSM when its first launch. Therefore it provides the login screen without doing single sign on.

After setup HTTPS on BSM, the LWSSO issue was resolved and single sign on work for both ways now.

Omi -> BMS

BSM -> OMi

Therefore It is either a requirement or a limitation where OMi and BSM cannot be integrated, if only one application is using HTTPS.

And that's not specified in any document. I have asked to update the integration guide, so future customers won't face this issue.

Thanks,

Gish

0 Likes
15 Replies
OpenView_Mike Trusted Contributor.
Trusted Contributor.

Re: OMI 10.01 IP3 Integration with APM 9.26 fails - Step 2

Jump to solution

I have encountered the exact same issue, so if you come up with a solution, please let me know what you did to solve it, and I will do the same for you, of course. Thanks!

Best Regards,

~ Michael Stollaire
0 Likes
Acclaimed Contributor.. KAKA_2 Acclaimed Contributor..
Acclaimed Contributor..

Re: OMI 10.01 IP3 Integration with APM 9.26 fails - Step 2

Jump to solution

give a try using IP 4. for me integration is working with IP4. -KAKA-

0 Likes
OpenView_Mike Trusted Contributor.
Trusted Contributor.

Re: OMI 10.01 IP3 Integration with APM 9.26 fails - Step 2

Jump to solution

Thanks for the advice. I actually tried that, and I am at IP4 now.

 

However, the APM integration is still broken. 😞

 

Step 1: Topology Sync works just fine.

Step 2: Event Integration ~ fails, saying that the trust relationship between OMi and APM is broken.

I've run BBCTrustServer.bat bi-directionally, and all certificates have imported fine.

I can exectute bbcutil -ping bi-directionally, using short host name, FQDN and https://<FQDN>

 

Is there any specific log I can put into full DEBUG mode, so I can see what's happening (or NOT happening) in a more granular fashion?

 

The main issue besides the events is that in the OMi 10.01 Workspace, none of the APM components yield any data. Searching online, I see that you need to add other components, such as Watch View or Top View, and when you select the Business Application from BPM (for instance) in these other Views, the APM component should populate with data, but it does not. There are no specific errors shown in the OMi Workspace. The components are just blank!

 

Soooooo frustrating.

 

Thanks, and FYI, searching the HP support site's KB for this issue yields plenty of results, most of which are HP internal cases on this OMi 10/APM 9.2x integration issue.

Best Regards,

~ Michael Stollaire
0 Likes
Micro Focus Expert
Micro Focus Expert

Re: OMI 10.01 IP3 Integration with APM 9.26 fails - Step 2

Jump to solution

Can you verify the secure HTTP datacomm is working between ALL servers: ie, from each OMi10 GW, OMi10 DPS, APM GW and APM DPS try to ping all the others using this command:

bbcutil -ovrg server -ping hostname.fqdn

Note the use of "-ovrg server" which ensures the server cert is used rather than the node cert.

 

CP.

0 Likes
OpenView_Mike Trusted Contributor.
Trusted Contributor.

Re: OMI 10.01 IP3 Integration with APM 9.26 fails - Step 2

Jump to solution

I just executed this, and both come back with eServiceOK.

Best Regards,

~ Michael Stollaire
0 Likes
OpenView_Mike Trusted Contributor.
Trusted Contributor.

Re: OMI 10.01 IP3 Integration with APM 9.26 fails - Step 2

Jump to solution

Update. In Step 2 of the integration, I get trust for event syncronization failed. This is after running bbctrustserver.bat bi-directionally and verifying that bbcutil -ping works to https and to FQDN and short host name. Weirdly, when I log into OMi, I seem to be logged out of APM/BSM, and wonder if this is a symptom of an LW SSO issue?

However, just as an experiment, I attempted this in Internet Explorer 11 versus Firefox 43.0.4. Java 1.8.66 is installed FYI.

In Firefox, the APM Component just does nothing. It goes blank. If I change the refresh rate, the new HP "refreshing" icon pops up for a second or two and then promptly goes away, still leaving an empty component in the OMi Workspace.

In IE, it is different. Up comes an error message, something about a security issue, and I am not going to let you display this information in a frame, so click here to open it in a new window. So, if I click on new window, BSM launches and I get a message that says I need to select an application to filter on. I bring up Watch List and Watch By View for instance and choose End User Management and select a business application.

Then, a pop up box appears, saying "Failed to get a response from the server. Check your network connection."

This is the link on the APM server, that it is trying to hit:

http://<FQDN of APM Server>/topaz/TopazSiteServlet?OWASP_CSRFTOKEN=3IF4-H9OI-XF8C-3UU7-8PBR-NKOI-NR77-IVGS

Best Regards,

~ Michael Stollaire
0 Likes
GishBandara Super Contributor.
Super Contributor.

Re: OMI 10.01 IP3 Integration with APM 9.26 fails - Step 2

Jump to solution

Hi Mike,

I still have this issue and get the same experience with LWSSO as it automatically logs out.

I have upgraded OMi to 10.10 and unfortunately the issue remains.

I'll keep investigate this and update if i get any progress with this.

 

 

0 Likes
OpenView_Mike Trusted Contributor.
Trusted Contributor.

Re: OMI 10.01 IP3 Integration with APM 9.26 fails - Step 2

Jump to solution

Yep. Installing Intermediate Patches, at least one of them, most likely IP4, resets the APM 9.26 server's initstring in LW-SSO. If OMi was installed first, its initstring needs to be configured on the APM server again. This fixed the issue for me, but this should be checked after every patch install and upgrade. HP Software needs to fix this glitch.

Best Regards,

~ Michael Stollaire
GishBandara Super Contributor.
Super Contributor.

Re: OMI 10.01 IP3 Integration with APM 9.26 fails - Step 2

Jump to solution

Hi Mike,

In my environment, initstring was setup in both systems(Actually few times while i was troubleshooting) and used the APM initstring as it was the first app before OMi 10.10 installed.

Step 2 failure is resolved now as it turned out to be an authentication issue for the inetgration account. (APM was setup to use only LDAP integration) Account used in the APM connected server in HP OMi 10.10 was a internal account created following the instructions in integration guide.

After i turned on the mixed authentication in APM side, the step 2 executed successfully and have APM components in OMI 10.10.

But facing a new issue, as i cannot load APM contents in OMi 10.10. APM dashboards are not displaying and in APM log files has following errors for LWSSO authentication.

"ERROR - Error handling LW login"

"Got empty username from LW cookie for request ...."

So i believe the APM side lwsso still not correct, even the JMX initstring has the correct value.(Checked confirmed few times)

I got a new post for the issue i'm facing now and hopefully will be able to identify teh root cause.

http://community.hpe.com/t5/Operations-Manager-i-Support/OMi-10-10-and-APM-2-26-integration-Issue-LWSSO/m-p/6827957#M1777

Thanks,

Gish

0 Likes
OpenView_Mike Trusted Contributor.
Trusted Contributor.

Re: OMI 10.01 IP3 Integration with APM 9.26 fails - Step 2

Jump to solution

Well, this is good news and bad news. However, at least you are making progress. I experienced what you are now as well. It's like the initStrings do not "take" in the configuration. Just out of curiousity, have you attempted reversing the initStrings? In other words, APM was there first, so as per the Integration Guide, you would put the APM initString in APM's JMX and OMi's JMX. Have you tried putting OMi's initString in both places? I will update your new thread as well. Again, glad some progress is being made. However, I think this entire integration should be AUTOMATED by HP Support. It simply should not be this hard!

Best Regards,

~ Michael Stollaire
0 Likes
Highlighted
Alex Ulbrich Honored Contributor.
Honored Contributor.

Re: OMI 10.01 IP3 Integration with APM 9.26 fails - Step 2

Jump to solution

I've done this a few times now.  Step two was broken for me due to LDAP/AD being active in BSM 9.26  The docuementation says to create a local integration user, but that only works for the topology sync.  My workaround is to use the local account for step one, which creates an integration point and credentials.  Then, for step two, edit the conencted server to use a LDAP/AD account.  This seems to work.  Then step three will work also.  

OpenView_Mike Trusted Contributor.
Trusted Contributor.

Re: OMI 10.01 IP3 Integration with APM 9.26 fails - Step 2

Jump to solution

Alex:

 

Wouldn't it be great if this was in the Integration Guide?

 

~ OVM

Best Regards,

~ Michael Stollaire
0 Likes
Micro Focus Expert
Micro Focus Expert

Re: OMI 10.01 IP3 Integration with APM 9.26 fails - Step 2

Jump to solution

Absolutely.   if you see anything in the product documentation that could be improved, please click the link at the end of the doc where it says "Send Documentation Feedback".  Your email goes directly to the people who write the documentation.  I use this link so I know that they do capture such doc defects and enhancement requests officially and they also reply to each request.

CP.

0 Likes
GishBandara Super Contributor.
Super Contributor.

Re: OMI 10.01 IP3 Integration with APM 9.26 fails - Step 2

Jump to solution

Hi All,

 

The issue has been finally resolved after discussing with support/LAB for a long time. Following was the issue in my environment. 

 

HP OMi had TLS enabled and and it was using HTTPS. But HP BSM was using the plain text communication HTTP.

Therefore the the LWSSO cookie generated by OMi wasn't visible for HP BSM when its first launch. Therefore it provides the login screen without doing single sign on.

After setup HTTPS on BSM, the LWSSO issue was resolved and single sign on work for both ways now.

Omi -> BMS

BSM -> OMi

Therefore It is either a requirement or a limitation where OMi and BSM cannot be integrated, if only one application is using HTTPS.

And that's not specified in any document. I have asked to update the integration guide, so future customers won't face this issue.

Thanks,

Gish

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.