IBM Tivoli Netcool/Impact V7.1.0 Fix Pack 25 (7.1.0-TIV-NCI-FP0025)

Download Description

***********************************************************************************************************************************************************************************************************
* Changes introduced by this fix pack might negatively affect existing product function. 
* The impact-http-headers.jar is missing from server only installs.
  The issue is fixed with APAR IJ39619 planned for 7.1.0-TIV-NCI-FP0026.

************************************************************************************************************************************************************************************************************

Before IBM Tivoli Netcool/Impact 7.1.0.25 is installed or upgraded, refer to the following documentation:

• https://www.ibm.com/docs/en/tivoli-netcoolimpact/7.1
• Download-attached package to review readme file for fix pack 7.1.0.25 Fix pack
• Review list of enhancements, pre-req, installation instruction, and known issues section.

For details of an individual APAR, go to https://www.ibm.com/support/home/. Enter the APAR identifier in "Search Support" and select search.

The following Netcool/Impact APARs are delivered with Fix Pack 25:

IJ36298: UI DATA PROVIDER CONNECTION SLOW WHEN CONNECTED TO SECONDARY IMPACT GUI ON IMPACT CLUSTER
IJ37340: NOI NOT ACTIONING SE RULES ON SOME EVENTS
IJ37369: NETCOOL/IMPACT FP INSTALLER OVERWRITES XMLFILETYPES FILE FOR XML DSA
IJ38011: REGRESSION FIX: FOR PG_LOOKFORPATTERNORPHANS
IJ38064: REGRESSION FIX: ALL THE TYPE NAMES ARE CHANGED TO TYPE0, TYPE1, TYPE2 AND SO ON UNDER ADDITIONAL EVENT TYPES
IJ38167: NETCOOl/IMPACT OPERATOR VIEW NOT RETURNING JSON CONTENT TYPE

Security-related APARs:
IJ36336: SECURITY APAR: UPGRADE TO LATEST IBM SDK 8 IN IMPACT 710 FP25
IJ36516: SECURITY APAR FOR CVE-2021-44228 CVE-2021-45046 UPGRADE LOG4JV2 IN  IMPACT 710
IJ37632: SECURITY APAR: CVE-2021-40690
IJ37634: SECURITY APAR: DENIAL OF SERVICE AFFECTS GSON (WS-2021-0419)
IJ37697: SECURITY APAR: UPGRADE ACTIVEMQ IN IMPACT 710 FP25 (CVE-2022-23305 CVE-2022-23302)
IJ37989: SECURITY APAR: CVE-2021-23450 Prototype Pollution IN IMPACT 710 FP2
IJ38039: SECURITY APAR: CVE-2021-33813 XXE IN JDOM LIBRARY IN IMPACT 710
IJ38040: SECURITY APAR: REMOVE SWAGGERUI IN IMPACT 710 (WS-2021-0461)
IJ38067: SECURITY APAR: UPGRADE POSTGRESQL DRIVER IN IMPACT 710 FP25 (CVE-2022-21724 WS-2022-0080)
IJ38173: SECURITY APAR: UPGRADE JQUERYUI IN IMPACT 710 FP25 (CVE-2016-7103)
IJ38178: SECURITY APAR: WEBSPHERE APPLICATION SERVER LIBERTY IS VULNERABLE TO LDAP INJECTION (CVE-2021-39031)
IJ38193:  SECURITY APAR: REMOVE KC.WAR FROM IMPACT 710

List of Impact APARs that have documentation updates or have additional information:
IJ35320: REGEX FUNCTION FOR PATTERNS
IJ38151: FORMULA CORRECTION FOR CALCULATING MEMORY FOR SEASONALITY
 

2.0 Additional Support added in Fix Pack 25
JazzSM 1.1.3.0 DASH 3.1.3.14
IBM Installation Manager 1.9.2
For On-Prem Event Analytics: compatible with Tivoli Netcool/OMNIbus web GUI 8.1 FP 26
https://www.ibm.com/docs/en/netcoolomnibus/8.1?topic=upgrade-web-gui-installation-prerequisites
NOTE: The IBM Prerequisite Scanner needs to be run in order to confirm proper system libraries are installed, before installing Impact.
Refer to the following IBM Prerequisite Scanner link:
https://www.ibm.com/support/fixcentral/swg/selectFixes?parent=ibm~Tivoli&product=ibm/Tivoli/Prerequisite+Scanner&release=All&platform=All&function=all
Also, refer to the Impact 7.1.0 specific Prerequisite Scanner page: https://www.ibm.com/support/pages/node/6244122
In addition, for On-Prem Event Analytics, refer to the following page for various product compatibility requirements:
https://www.ibm.com/docs/en/netcoolomnibus/8.1?topic=upgrade-web-gui-installation-prerequisites

Operating Systems: AIX 7.3, Linux for System z SLES 12.5, SLES 15.3, RHEL 8.5, Windows 11 Enterprise, Windows Server 2022
NOTE: The Windows Operating Systems require the following three packages:
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.30.30704
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.30.30704

2.1 Browser Support with Fix Pack 25
Browser: Firefox 98, Google chrome 99, Microsoft Edge 99, Safari 15

2.2 Component Updates
Java(TM) SE Runtime Environment "1.8.0_311" (8.0.7.0 (SR7))
WebSphere Application Server Liberty has been updated to version 22.0.0.2
Please note the following Components being deprecated or disabled:
Deprecated support:
Refer to the following published document:
https://www.ibm.com/support/pages/node/6347586
1. IBM Connections integration support
2. Jabber support for 3rd party extensions
Disabled components:
- Starting in FP20, the "Event Isolation and Correlation" is disabled by default. Refer to the following page for more information:
https://www.ibm.com/support/pages/node/6357077

2.3 Enhancements in Fix Pack 25
Fix Pack 25 includes the following enhancements:
- A new option was added to the nci_collect_logs script, that allows for the inclusion of the Impact fix pack backup files during the "MustGather" collection process.
  This might at times be necessary if the backup files have not already been supplied (if there is needed for the issue being investigated):
  -DincludeBackupFiles=true
  To get a full list of available options, use the "--help" option (see below):
  nci_collect_logs --help

- The WSInvokeDL policy function supports a new parameter, WSSPolicyFile. The new parameter can be used to configure Web Services Security through an optional WS-SecurityPolicy
   language file. Refer to the WSInvokeDL topic for more information: https://www.ibm.com/docs/en/tivoli-netcoolimpact/7.1?topic=functions-wsinvokedl

 - Enablement of TLS 1.3 support in Impact 7.1
   With the introduction of TLS 1.3 support, in the latest versions of Java, there is a need to provide that support in Impact 7.1. 
   Therefore, a mechanism is now available in Impact 7.1.0 FP25 to enable the TLS 1.3 support.
   - Known Issues:
   1. Impact TLS 1.3 does not work with Derby when Derby has SSL is enabled.
       Do not enable Impact to TLS 1.3 version if Derby is running on SSL mode!
   2. The configImpactTLSv13.sh script provides three options to configure the Impact TLS version. They are: "TLSv1.3", "TLSv1.2" and
       "TLSv1.3,TLSv1.2". However, the option "TLSv1.3,TLSv1.2" is not functional. The option "TLSv1.3,TLSv1.2" shall not be used
       Refer to the following, for more information:
   - Configuring TLSv1.3:
     https://www.ibm.com/docs/en/tivoli-netcoolimpact/7.1?topic=security-setting-up-ssl-communication

 - RFE: Apache Kafka data source adapter (DSA) support
   https://www.ibm.com/developerworks/rfe/execute?use_case=viewRfe&CR_ID=148963
   https://automation-management.ideas.ibm.com/ideas/IRISCART-I-505
   https://automation-management.ideas.ibm.com/ideas/IRISCART-I-468
   Provide a Kafka Data Source Adapter (DSA) to subscribe to Kafka topics
   Fix Pack 25 provides a new DSA for communicating with Kafka servers. A new  option on the Data Model tab provides the ability to create a Kafka Data Source. 
   A new option on the Services tab provides the ability to create a Kafka reader. A new Impact policy function, called SendKafkaMessage, is available to send messages to a Kafka server.
   Refer to the following, for more information: 
   The KAFKA DSA feature has been provided as a Technical Preview in this Impact Fix Pack release. For details see:
   https://www.ibm.com/docs/en/tivoli-netcoolimpact/7.1?topic=dsas-technical-preview-working-apache-kafka-dsa

 - RFE: SAML support in Impact 7.1
   https://automation-management.ideas.ibm.com/ideas/IRISCART-I-556
   https://automation-management.ideas.ibm.com/ideas/IRISCART-I-676
   SSO - Single sign-on for Impact GUI and DASH
   Netcool/Impact UI will be able to single sign-on with DASH using SAML integration. Netcool/Impact Server and Netcool/Impact GUI Server run in
   WebSphere Application Server Liberty profile and SAML will need to be configured in Liberty.
   Refer to the following, for more information:
   https://www.ibm.com/docs/en/SSSHYH_7.1.0/admin/imag_configure_single_signon_impact_dash.html
   Consult the following Liberty documentation:
   https://www.ibm.com/docs/en/was-liberty/base?topic=authentication-saml-20-web-browser-single-sign
   https://www.ibm.com/docs/en/was-liberty/base?topic=SSEQTP_liberty/com.ibm.websphere.wlp.nd.multiplatform.doc/ae/twlp_config_saml_web_sso.html
   https://www.ibm.com/docs/en/was-liberty/nd?topic=liberty-configuring-saml-web-inbound-propagation-in

3.0 Troubleshooting Netcool Impact 7.1
General issues 

- You now can (if needed) reset the Derby DB to a default state (in a NOI installation); by using the following steps:

  1.Find appropriately named ImpactDB_NOI_FP25.zip file located in $IMPACT_HOME/install/dbcore.

  2.Stop all ImpactServers in the cluster (primary and secondary that run Derby DB).

  3.Backup/Remove the existing ImpactDB directory structure in $IMPACT_HOME/db/<ServerName>/derby.

  4.Copy the zip file found in step 1 to $IMPACT_HOME/db/<ServerName>/derby and unzip it.

  5.Start Impact Server primary, let it fully initialize and start, and now start the secondary server and let it re-sync from the primary.

 - Enabling LDAP Authentication

   When editing the $IMPACT_HOME/install/security/impactdap.properties before enabling LDAP Authentication, ensure the version of the impactdap.properties

   is from the latest install!

   * Do not copy a props file from a different/older Fix Pack. 

   * Ensure to only edit the properties, do not delete/remove any of the properties before running the

    $IMPACT_HOME/install/security/confAuth4LDAP.sh script

4.0 Known Issues in Fix Pack 25

 - The Impact GUI, JazzSM's console integration, and Firefox's private browsing
Symptom: The Impact GUI does not load inside the JazzSM's console integration portlet when Firefox's private browsing is enabled.
Resolution: Private browsing will need to be turned off.

- The EventReader service for Seasonality Events is called "ProcessSeasonalityEvents" and it does not (by default) read updated or
de-duplicated events. "Get updated events" is not selected (by default) in the UI for the "ProcessSeasonityEvents" Service, on the Event Mapping tab.
The reason for this is due to the wide Filter for the "ProcessSeasonityEvents" Event Reader service. By default, the filter is
set to "1=1". With this wide filter, if "Get updated events" was enabled, and Seasonality rules fired, this could lead to an infinite loop. i.e.
Seasonality Rules updating events which in turn get read by the reader and fire the Seasonality Rules again. 
The solution is for the Event Mapping Filter to be set, in such a way, as to avoid already processed events. i.e. if the Seasonality rules are setting the
Service field to "something" then the Event Mapping Filter could be set to restrict these.

- NOI 1.6: The Event Analytics Configuration wizard reports an Unexpected Token error when the Impact GUI server under the Turkish locale
Symptom: When loading the Event Analytics configuration page, an "Unexpected token: E" error is reported. Configuration cannot continue.
Root Cause: When the Impact GUI server is running under the Turkish locale, the GUI server is unable to find the contents of the uiproviderconfig directory.
Resolution: Switch to a different locale and restart the Impact GUI server

- Customization made to web.xml is overwritten
Symptom: Any customization made to the web.xml file of a .war file (such as opview.war and netcool.war)  may be overwritten during the upgrade process.
Resolution: Please check the web.xml file after completing the upgrade and reapply the customization. You can find the old customization in the following directory. 
Merge the customization, as appropriate:
<backup>/install/gui_backup/<prior-fp name>/wlp/usr/servers/ImpactUI/apps/ImpactUI.ear

- For Impact systems since 7.1 FP20 where the Runbook Automation add-on is installed:
In the "RBA_EventReader" service, on the "Event Mapping", under the "Event Matching" tab, the "Stop testing after first match" option needs
to be always selected. The "Test events with all filters" option should not be used (except for limited testing)! The "Test events with all filters" 
option will be removed in a future Fix Pack.

- On Test environments, where more than one instance of Impact is installed (under the same user ID), Installation Manager may suppress the pop-up
message "insufficient space for back-up directory" when performing the preliminary system checks (at Fix Pack update).
Resolution: A minimum of 900MB of space is required for updates. If it is really to have more than one instance of Impact on the
environment, each instance should be installed under different user IDs and under different directories.

- The Prerequisite Scanner will report a failure when it checks the OS Version for SUSE Linux Enterprise Server 15 or later. This failure can be ignored as
SUSE Linux Enterprise Server 15 is supported by Netcool/Impact.

- MWM: On some systems, the Time Zone value will default to blank when creating new Maintenance Windows. Creating new Maintenance Windows
with a blank Time Zone option will cause MWM to break.
Symptoms: When there is a Maintenance Window with values that cannot be processed properly, the MWM policy will throw an error and not
process the rest of the Maintenance Windows, causing the entire functionality to stop working properly.
Resolution: Set the Time Zone to a non-blank value before saving new Maintenance Windows.
If MWM is saved with a blank Time Zone by error, it needs to be removed from the Derby database manually (under the table IMPACT.MM_WINDOWS).

- Impact on Windows 11 and Windows Server 2022
Symptoms: New installations of Impact will not function properly on Windows 11 and Windows Server 2022, if the appropriate "Microsoft Visual
C++" packages are not installed.
Resolution: Prior to installing Impact on Windows 11 or Windows Server 2022, the following Windows Visual C++ three packages need to be installed:
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.30.30704
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.30.30704
NOTE: The "Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005" is included in the Impact Full Installer package

To check the APARs that were part of the previous Fix Pack (7.1.0.24), please check this link:
https://www.ibm.com/support/pages/ibm-tivoli-netcoolimpact-v710-fix-pack-24-710-tiv-nci-fp0024