IBM Tivoli Netcool/Impact V7.1.0 Fix Pack 22 (7.1.0-TIV-NCI-FP0022)

Download Description

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
WARNING!

1. Log4j vulnerabilities (CVE-2021-44228,CVE-2021-45105,CVE-2021-45046 and CVE-2021-44832) affect this fix pack.
IBM strongly recommends upgrading to a refreshed fix pack starting at fix pack 23 or later. If upgrading to a refreshed fix pack is not possible, 
you can apply interim fix 10 (7.1.0-TIV-NCI-IF0010).

During the upgrade, the previous versions of Log4j will be moved to a backup location for rollback purposes. These versions are not actively used
by the product however security scans may continue to flag the backup copy. If the files must be removed but the rollback capability is still required, an archive of the backup location should be created before deleting the log4j files.

2. Customers with "fips" enabled, read the first item in the "Known Issues"
section, before attempting to apply this Fix Pack maintenance failure to disable
"fips" will cause the upgrade to fail!                                                                                  
 !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

***********************************************************************************************************************************************************************************************************
* Changes introduced by this fix pack might negatively affect existing product function.  
* For systems at RHEL 6 zLinux only, this fix pack introduces an incompatible version of SVN. SVN is a component of Impact, which handles version control for Impact artifacts.
APAR IJ34702 has been opened for this issue. A workaround is available postinstallation.
Refer to the following documentation for details: https://www.ibm.com/support/pages/node/6484621
* Mutual Authentication is not working with GetHTTP and RESTful DSA: After upgrading to Netcool/Impact 7.1.0 FP19 and above, mutual authentication with GetHTTP or the RESTful DSA fails even when the correct client certificate and key are added to the keystore. The certificate request fails with an SSL handshake failure.
The fix is delivered with APAR IJ33969 planned for 7.1.0-TIV-NCI-FP0023.
Refer to doc https://www.ibm.com/support/pages/apar/IJ33969 for a description of the problem.
* Cannot log in to the Impact GUI if CUSTOM.PROPERTIES is mis-configured.
The issue is fixed with APAR IJ35798 planned for 7.1.0-TIV-NCI-FP0024.
Refer to doc https://www.ibm.com/support/pages/apar/IJ35798 for a description of the problem.
* The impact-http-headers.jar is missing from server only installs.
  The issue is fixed with APAR IJ39619 planned for 7.1.0-TIV-NCI-FP0026.

************************************************************************************************************************************************************************************************************

Before installing or upgrading IBM Tivoli Netcool/Impact 7.1.0.22, refer to the Following documentation:

• https://www.ibm.com/docs/en/tivoli-netcoolimpact/7.1
• Download attached package to review readme file for fix pack 7.1.0.22 Fix pack
• Review list of enhancements, pre-req, installation instruction, and known issues section.

IJ30995: THE PROGRESS FOR STEP 2 OF SEASONALITY CONFIG DOES NOT PROGRESS
IJ31058: MWM - RECURRING DAY OF WEEK WINDOWS DO NOT END
IJ31120: OOM - MEMORY LEAK IN LOG4J
IJ31228: MISSING SERVICE "NOI_CLEANUP_REPORTS
IJ31738: MANY IMPACT CONNECTION POOLS FOR DIFFERENT PROPERTIES: ALLOW SIMPLIFIER CACHE KEY FOR CONNECTION POOLS
IJ31835: INFO LEVEL MESSAGES ON JMS DISCONNECTS WHERE THEY SHOULD BE ERROR OR EXCEPTION LEVEL
IJ32032: REGRESSION: FORM PARAMETERS ARE NOT SENT AS UTF8 IN GETHTTP
IJ32039: THE FUNCTON OF THE PROPERTY UPDATEFORNEWEVENTS IS ADVERSELY AFFECTED BY FP21 (7.1.0-TIV-NCI-FP0021)
IJ32046: MINIMIZE THE NUMBER OF SNMP SESSIONS CACHED
IJ32258: THE CODE IS NOT HANDLING THE CASE WHERE RESOURCE COLUMN NAME ARE IN MIXED CASE IN THE HISTORY DATABASE
IJ32300: THE OBJECTS OF TYPE ORG.POSTGRESQL.JDBC4.JDBC4ARRAY TO BE RETURNED WITHOUT STRING CONVERSION
IJ32332: STRING CONTAINS SINGLE-QUOTE FAILED FOR UPDATEDB IN POSTGRESQL QUERY
IJ32875: PROBLEMS ADDING DATA TO TIMERANGEGROUP DATA TYPE

Security-related APARs:
IJ32976: SECURITY APAR: UPGRADE TO LATEST IBM SDK 8 IN IMPACT 710 FP22
IJ32977: SECURITY APAR: UPGRADE TO LATEST WAS LIBERTY IN IMPACT 710 FP22
IJ32979: SECURITY APAR FOR CVE-2020-8908 POSSIBLE INFORMATION DISCLOSURE IN IMPACT 710
IJ32981: SECURITY APAR FOR CVE-2021-23358 POSSIBLE CODE INJECTION IN IMPACT 710
IJ32579: SECURITY APAR: NEED TO DISABLE WEAK CYPHERS ON COMMANDLINESERVICE PORT 2000 (CVE-2021-29794)

List of Impact APARs that have documentation updates or have additional information:
IJ31738: MANY IMPACT CONNECTION POOLS FOR DIFFERENT PROPERTIES: ALLOW SIMPLIFIER CACHE KEY FOR CONNECTION POOLS
IJ32001: "MAKE A POST, PUT, OR PATCH REQUEST WITH THE GETHTTP FUNCTION" DOCS IS EITHER MISSING ADDITIONAL POLICY EXAMPLES OR EXPLANATION
IJ32039: THE FUNCTON OF THE PROPERTY UPDATEFORNEWEVENTS IS ADVERSELY AFFECTED BY FP21 (7.1.0-TIV-NCI-FP0021)
IJ32107: JAVASCRIPT BASED POLICIES USING "FOR IN" SYNTAX  BROKEN AFTER NOI UPDATE
IJ32140: IMPACTDB/DERBY ADMIN AND MAINTENANCE INFO MISSING FROM DOCS
IJ32187: INCORRECT KEYSTORE USED FOR SSL HANDSHAKE
IJ32300: THE OBJECTS OF TYPE ORG.POSTGRESQL.JDBC4.JDBC4ARRAY TO BE RETURNED WITHOUT STRING CONVERSION
IJ32511: DOCS TO INCLUDE DETAILS OF HOW TO SET:  -XX:+EXITONOUTOFMEMORYERROR
IJ32579: NEED TO DISABLE WEAK CYPHERS ON COMMANDLINESERVICE PORT 2000

2.0 Additional Support added in Fix Pack 22
JazzSM 1.1.3.0 DASH 3.1.3.11
IBM Installation Manager 1.9.1.4
2.1 Browser Support with Fix Pack 22
Browser: Firefox 86, Google Chrome 89, Microsoft Edge 89, Safari 14
Operating Systems: RHEL 8.4, Linux for System z RHEL 7.8, SLES 12.5, 15.2
2.2 Component Updates
Java(TM) SE Runtime Environment "1.8.0_291" (8.0.6.30 (SR6 FP30))
WebSphere Application Server Liberty has been updated to version 21.0.0.5
Apache Ant(TM) version 1.9.15
Note the following Components being deprecated or disabled:
Deprecated support:
Refer to the following published document:
https://www.ibm.com/support/pages/node/6347586
1. IBM Connections integration support
2. Jabber support for 3rd party extensions
Disabled components:
- Starting in FP20, the "Event Isolation and Correlation" is disabled by default. Refer to the following page for more information: https://www.ibm.com/support/pages/node/6357077
- Starting in FP21 there are changes for TLS, with support for the "com.ibm.jsse2.overrideDefaultTLS" property being dropped with Java version "1.8.0_281" (8.0.6.25 (SR6 FP25)). This means it is not possible to enforce TLS1.2 using the jvm.properties file (in FP21 only). TLS 1.2 can be enforced by editing the java.security file instead  For more information see https://www.ibm.com/docs/en/sdk-java-technology/8?topic=customization-matching-behavior-sslcontextgetinstancetls-oracle. 
- Starting in FP22, with Java version "1.8.0_291" (8.0.6.30 (SR6 FP30)), support for the TLS 1.0 and TLS 1.1 protocols is disabled, by default. Both protocols can be re-enabled by removing "TLSv1" and "TLSv1.1" from the jdk.tls.disabledAlgorithms list in <impact install dir>/sdk/jre/lib/security/java.security Refer to https://www.ibm.com/docs/en/sdk-java-technology/8?topic=suites-protocols for more information on supported protocols in Java. Documentation APAR IJ34149 addresses this. 
2.3 Enhancements in Fix Pack 22
Fix Pack 22 includes the following enhancements:

- RFE 149037: Provide Filter Level properties to set a Field in Omnibus AFTER an event is read and BEFORE it is sent for processing
https://www.ibm.com/developerworks/rfe/execute?use_case=viewRfe&CR_ID=149037
With Impact 7.1.0.22, we are adding the option to set a different field/value at restriction filter level.
If any filter level settings are set (regardless of whether this particular event passes the filter) then only filter level will apply.
If no filter level settings are set then only reader filter level will apply.
This is to avoid the situation where the reader level is set to update ImpactFlag = 1 and a filter set to update ImpactFlag = 2
So the filter level setting is instead of the reader level settings.
If only reader level settings are set, then they apply.
If only filter level settings are set, then they apply.
If both filter level and reader level settings are set, then the reader level settings are ignored.
To set filter level field/value to update, edit the props file for the reader. Any changes require a restart of the impact server.
File name is etc\<server>_<reader name>.props
Properties are:
impact.<reader name>.updateforreadevents.<filter number>=true/false
impact.<reader name>.updateforreadeventsexpr.<filter number>=field=value
The latter is optional. If not set, the default is ImpactReadFlag = 1
i.e.
impact.omnibuseventreader.updateforreadevents.2=true
impact.omnibuseventreader.updateforreadeventsexpr.2=ImpactReadFlag2\=4
impact.omnibuseventreader.updateforreadevents.3=true
impact.omnibuseventreader.updateforreadeventsexpr.3=ImpactReadFlag\=7
Refer to the following, for additional information:
https://www.ibm.com/docs/en/tivoli-netcoolimpact/7.1?topic=oers-preventing-event-from-being-reread-while-being-processed

- RFE 12563: Limitation with Maintenance Windows Manager - Recurring window
http://www.ibm.com/developerworks/rfe/execute?use_case=viewRfe&CR_ID=12563
While using Maintenance Windows Manager, need functionality where a recurring window can start on one day and ends on the next day.
For example Friday 10:00pm to Saturday 6:00am
Refer to the following, for additional information: https://www.ibm.com/docs/en/tivoli-netcoolimpact/7.1?topic=windows-creating-recurring-maintenance-window

- RFE 146975: NOI: Related Events. Make Override Global Identity separate from Enable Patterns
http://www.ibm.com/developerworks/rfe/execute?use_case=viewRfe&CR_ID=146975
The goal of this RFE is to:
1. Allow Event Types and Resource to be Overridden, in conjunction with overriding Global Event Identity field(s)
2. To ensure Overriding Global Event Identity field(s) no longer disables patterns
3. Provide a new option to Disable Patterns
Refer to the following, for additional information:
https://www.ibm.com/docs/en/noi/1.6.3?topic=configurations-creating-new-modifying-existing-analytics-configuration
https://www.ibm.com/docs/en/noi/1.6.3?topic=wizard-configuring-event-pattern-processing

3.0 troubleshooting Netcool Impact 7.1
General issues
- You now can (if needed) reset the Derby DB to a default state (in a NOI installation); by using the following steps:
1.Find appropriately named ImpactDB_NOI_FP22.zip file located in $IMPACT_HOME/install/dbcore.
2.Stop all ImpactServers in the cluster (primary and secondary that run Derby DB).
3.Backup/Remove the existing ImpactDB directory structure in $IMPACT_HOME/db/<ServerName>/derby.
4.Copy the zip file found in step 1 to $IMPACT_HOME/db/<ServerName>/derby and unzip it.
5.Start Impact Server primary, let it fully initialize and start, and now start the secondary server and let it re-sync from the primary.

- Enabling LDAP Authentication
When editing the $IMPACT_HOME/install/security/impactdap.properties before enabling LDAP Authentication, ensure the version of the impactdap.properties
is from the latest install!
* Do not copy a props file from a different/older Fix Pack.
* Ensure to only edit the properties, do not delete/remove any of the properties before running the
$IMPACT_HOME/install/security/confAuth4LDAP.sh script

4.0 Known Issues in Fix Pack 22

- The following applies only to Netcool/Impact Clients with Netcool Operations Insight (NOI) - and only for those with Existing configurations:

After upgrading to Netcool/Impact 7.1.0 FP13 (and above), run through the Wizard; confirm, verify & save the configuration.
Refer to: Event Analytics Configuration
1. It is a known issue that custom roll-up changes to properties and params files are overwritten. Running through the wizard will repair these.
2. Also for seasonality View, it is advisable to run through the Wizard to make sure the right columns are displayed. 
Refer to the following link, for appropriate actions related to "Migration of rollups in Netcool/Impact":
https://www.ibm.com/support/knowledgecenter/SSTPTP_1.4.1/com.ibm.netcool_ops.doc/soc/event_analytics/concept/soc_ea_rollup_migrate.html

- The EventReader service for Seasonality Events is called "ProcessSeasonalityEvents" and it does not (by default) read updated or
de-duplicated events. "Get updated events" is not selected (by default) in the UI for the "ProcessSeasonityEvents" Service, on the Event Mapping tab.
The reason for this is due to the wide Filter for the "ProcessSeasonityEvents" Event Reader service. By default, the filter is
set to "1=1". With this wide filter, if "Get updated events" was enabled, and Seasonality rules fired, this could lead to an infinite loop. i.e.
Seasonality Rules updating events which in turn get read by the reader and fire the Seasonality Rules again.
The solution is for the Event Mapping Filter to be set, in such a way, as to avoid already processed events. i.e. if the Seasonality rules are setting the
Service field to "something" then the Event Mapping Filter could be set to restrict these.

- NOI: Impact Event Isolation and Correlation page does not load if non-default cluster name is used (such as NCICLUSTER_Z )
To resolve this issue, perform the following actions:
- stop the Impact GUI server $IMPACT_HOME/bin/stopGUIServer.sh
- copy or rename the file with the correct cluster name. For example:
cp $IMPACT_HOME/opview/displays/NCICLUSTER-EIC_configure.html  $IMPACT_HOME/opview/displays/NCICLUSTER_Z-EIC_configure.html
- restart the Impact GUI server $IMPACT_HOME/bin/startGUIServer.sh
- go to the Event Isolation and Correlation page and confirm the page is displayed without the errors.

- NOI 1.6: The Event Analytics Configuration wizard reports an Unexpected Token error when the Impact GUI server under the Turkish locale
Symptom: When loading the Event Analytics configuration page, an "Unexpected token: E" error is reported. Configuration cannot continue.
Root Cause: When the Impact GUI server is running under the Turkish locale, the GUI server is unable to find the contents of the uiproviderconfig directory.
Resolution: Switch to a different locale and restart the Impact GUI server

- Customization made to web.xml is overwritten Symptom: Any customization made to the web.xml file of a .war file (such as opview.war and netcool.war) may be
overwritten during the upgrade process.
Resolution: Check the web.xml file after completing the upgrade and reapply the customization. You can find the old customization in the following directory.
Merge the customization, as appropriate:
<backup>/install/gui_backup/<prior-fp name>/wlp/usr/servers/ImpactUI/apps/ImpactUI.ear

- For Impact systems since 7.1 FP20 where the Runbook Automation add-on is installed:
In the "RBA_EventReader" service, on the "Event Mapping", under the "Event Matching" tab, the "Stop testing after first match" option needs
to be always selected. The "Test events with all filters" option should not be used (except for limited testing)! The "Test events with all filters"
option will be removed in a future Fix Pack.

- On Test environments, where more than one instance of Impact is installed (under the same user ID), Installation Manager may suppress the open
message "insufficient space for backup directory" when performing the preliminary system checks (at Fix Pack update).
Resolution: A minimum of 900MB of space is required for updates. If it is really to have more than one instance of Impact on the
environment, each instance should be installed under different user IDs and under different directories.

- The Prerequisite Scanner will report a failure when it checks the OS Version for SUSE Linux Enterprise Server 15 or later. This failure can be ignored as
SUSE Linux Enterprise Server 15 is supported by Netcool/Impact.

- In the embedded help documentation, the product version is erroneously listed as 7.1.0.19 for non-English versions in the table of contents and
front page. The embedded documentation for all supported languages is up to date for 7.1.0.22.

- Default type values disappear from the NOI.DEFAULTVALUES table.
Symptoms:  1. An error in PG_PROCESSTYPES policy logs, for example: com.micromuse.response.common.PolicyProcessingException:
ReferenceError: "TYPE_DEFAULT_EVENTID" is not defined. (NOI_UTILS#1594) in PG_PROCESSTYPES
2. An export of the configuration using NOI_DefaultValues_Configure will show undefined values for the following 5 fields:
type.resourcelist=undefined, type.default.eventid=undefined, type.default.eventtype=undefined, type.servername.column=undefined,type.serverserial.column=undefined
3. No IBMExtractedType field will be set for incoming events, which means events won't match deployed patterns.
Resolution:
1. To fix the issue, export the NOI configuration using nci_trigger to call the NOI_DefaultValues_Export policy.
2. Manually edit the produced file to set the 5 fields above. By default, these fields are set to  type.resourcelist=NODE,type.default.eventid=IDENTIFIER, type.default.eventtype=ALERTGROUP, type.servername.column=SERVERNAME,type.serverserial.column=SERVERSERIAL
3. Update the NOI.DEFAULTVALUES table by using nci_trigger to call the NOI_DefaultValues_Configure policy.
Document reference: https://www.ibm.com/docs/en/noi/1.6.3?topic=wizard-exporting-event-analytics-configuration