Known limitations

• External Services for REST Services and Web Services cannot be created.
• External Workflow cannot be created.
• Process applications that are published by Open API cannot be consumed by an Automation Service.

Problem

If the LDAP certificates are changed or expire, IM cannot refresh the certificates automatically, and this results in SSL errors in the platform-auth-service-** pod.

CWPKI0823E: SSL HANDSHAKE FAILURE: The signer might need to be added to local trust store 
[/opt/ibm/wlp/output/defaultServer/resources/security/key.jks], located in SSL configuration alias [defaultSSLConfig]. 
The extended error message from the SSL handshake exception is: [PKIX path building failed: 
sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target].

Workaround

Manually import the new or changed LDAP certificates to IM. For more information, see Configuring LDAP over SSL.

Importing a project with the overwrite option in Document Processing Designer only supports importing projects from the previous version. For example, in 23.0.1, you must only import projects that were exported from version 22.0.2.

When you import a project with the merge option, the current project is merged with the project from the exported archive file. Only nonconflicting document types are imported into the project, and if there are conflicting document types, they are skipped during import. If you need to import a document type that is in conflict, you must first delete that document type from the project before importing the archive file.

After importing a project, it is recommended to retrain both classification and extraction models to avoid issues with the change of document classes in the merged project, and make sure the models are trained and built with the latest features.

Workaround

You must view the batch contents, remove the failed documents, and upload these documents again.

In some situations, the documents continue to be processed by the server and might transition out of the Uploading Error status. When a batch has the Uploading Error status, but none of the documents are in error, you can recover the batch by either adding or removing a document in the batch. The batch status is updated and processing can resume.

You reach the Verify client user interface in different ways, depending on your application. For example, for the single document application, you tab into the content list on the start page, select a document from the list by pressing the Tab or Arrow keys, and then you tab to the context icon (the 3 ...), select the icon by pressing the space bar or the Enter key, and finally press the Arrow keys to select Review document.

When standardizing your data, you can associate a data definition with a field or a document type. These data definitions are used when deploying the project to a runtime environment. For simple fields, you can either create a data definition, or reuse an existing one. For composite fields, you are not able to reuse an existing data definition, you can only create one.

If you attempt to create a data definition with the same name as an existing one, you get a uniqueness error.

For more information, see Saving an ADP Project fails with status code 500 service error.

• Extraction of multiple addresses within a single block is not supported. You cannot define your own composite address field types because you cannot define multiple postal mail address subfields for a single address block.
• You cannot upgrade previous address field types (such as address block or US mail address) to the new Postal mail address and Address information field types. Address field types that you defined in earlier versions remain the same.

  Workaround

  If you want to use the new address functionality, you must deploy a new key class based on the new address field types (Postal mail address and Address information).

• In a FIPS-enabled deployment, you cannot upload or process Microsoft Word documents that have the .doc or .docx format.
• If you observe that the viewer hangs when a multipage Microsoft Word document is loaded to the classification or data extraction issue page, look up the log of your browser development tool console. An error message that is similar to the following one means that the connection between the viewone service and the Application Engine has expired.

  Strict-Transport-Security: The connection to the site is untrustworthy, so the specified header was ignored. v1files x1~1> JS Thread 6 Jun 2022, 08:41:52, UTC-7 (000005615/000002156): finishLoading viewone_ajax-0.js:4856:26 java.lang.ArrayIndexOutOfBoundsException: Invalid page number -1 viewone_ajax-0.js:4856:26

  Workaround

  Refresh the page and reload the document.

• Data highlighting and Click N Key coordinates for DOC and DOCX documents might not capture highlighted text correctly when fixing data extraction issues in the runtime application.

  Workaround

  Use the keyboard to correct any values that encounter this issue.

• While data extraction from simple tables is fully supported, some limitations exist for complex tables, for example when you extract data from the summary section of tables, or if some watermarks, text, or other interfering elements exist in your documents. Complex tables are not fully supported. For the full list of supported tables, and examples of the types of tables that contain limitations, see Best practices on table extraction.

Problem

When you create an application in Business Automation Studio, an application configurator displays where you enter configuration parameters for the application.

However, after the application is created, you cannot access the same configurator. As a result, you cannot change the configuration settings the same way.

Workaround

To reconfigure your settings after the application is created:

1. In Business Automation Studio, open your application.
2. Select Application project settings from the top left drop-down list.
3. Click the Environment variables tab.
4. Edit the following environment variables where applicable:
   • evObjectStoreName (the CPE current object store)
   • evDbaProjectId (the CPE's currently deployed project ID)
   • evRootFolder (the CPE folder, only for the Document Processing template)
5. Click Finish editing to save changes. Click Preview.
6. Export and import your application to the Application Engine.

Business Performance Center

You cannot create an alert for a period KPI if it contains a group. If you want to create an alert for a period KPI, go to the Monitoring tab and remove the Group by keyword. Then, go to the Thresholds tab to create one or more alerts.

Kibana

In the Kibana graphical user interface, the Alerting menu item for monitoring your data and automatically sending alert notifications is present but the underlying feature is not enabled.

Aggregations

Because Business Performance Center uses Elasticsearch as its database, approximation problems can be found with aggregations of numbers greater than 2^53 (that is, about 9 * 10^15). See the Limits for long values section of the Aggregations page of the Elasticsearch documentation.

Fixed date time range

If, in a fixed date time range, you modify only the date or time, your changes are not saved.

Data tables

When any chart is displayed as a data table, only the first 1000 rows are shown.

Data permissions

You can set up data permissions by monitoring source or by team. If you encounter an error when you set a permission by source, try setting the same permission by team.

Defining a high number of fields in an Elasticsearch index might lead to a so-called mappings explosion which might cause out-of-memory errors and difficult situations to recover from. The maximum number of fields in Elasticsearch indices created by IBM Business Automation Insights is set to 1000. Field and object mappings, and field aliases, count towards this limit. Ensure that the various documents that are stored in Elasticsearch indices do not lead to reaching this limit.

Event formats are documented in Reference for event emission.

For Operational Decision Manager, you can configure event processing to avoid the risk of mappings explosion. See Operational Decision Manager event processing walkthrough.

To avoid this issue, edit the filter in the User tasks currently waiting to be processed search. Set the state filter to accept one of the following values: TASK_CREATED, TASK_STARTED, TASK_CLAIM_CANCELLED, TASK_CLAIMED.

• Ensure that cpe is deployed in a highly available setup, with at least two replicas.
• Monitor the cpe pod and restart if issues occur.

If you deployed Business Automation Studio with the Business Automation Workflow server in the same custom resource YAML file, and you do not see process applications from Business Automation Workflow server in Business Automation Studio, restart the Business Automation Workflow server pod.

If you use the kubectl get pods command to check the pods when a pod is in the CrashLoopBackOff state, you get the following error message:

Warning Failed 3m kubelet, <IP_ADDRESS> Error: failed to start container: Error response from daemon: OCI runtime create failed: container_linux.go:348: starting container process caused "process_linux.go:402: container init caused \" rootfs_linux.go:58: mounting

To recover a pod, delete it in the OpenShift® console and create a new pod.

To use Application Engine with Db2® for High Availability and Disaster Recovery (HADR), you must have an alternative server available when Application Engine starts.

IBM Resource Registry can get out of sync.

After you create the Resource Registry, you must keep the replica size.

• If you update the Resource Registry admin secret to change the username or password, first delete the instance_name-dba-rr-random_value pods to cause Resource Registry to enable the updates. Alternatively, you can enable the update manually with etcd commands.
• If you update the Resource Registry configurations in the icp4acluster custom resource instance, the update might not affect the Resource Registry pod directly. It affects the newly created pods when you increase the number of replicas.

After you deploy Business Automation Studio or Application Engine, you cannot change the Business Automation Studio or Application Engine admin user.

Because of a Node.js server limitation, Application Engine trusts only root CA.

• The certificate can be self-signed, or signed by a well-known root CA.
• If you are using a depth zero self-signed certificate, it must be listed as a trusted certificate.
• If you are using a certificate that is signed by a self-signed root CA, the self-signed CA must be in the trusted list. Using a leaf certificate in the trusted list is not supported.
• If you are adding the root CA of two or more external services to the Application Engine trust list, you can't use the same common name for those root CAs.

For more information and to resolve the issue, see Content Platform Engine uneven CBR indexing workload and indexing degradation.