Hi All!

Has anyone seen any issues with UARS in CUP SP13.1, ERM SP13.2?

We are having issues with the testing. The UARs that worked perfectly in SP11.1, no longer flow from ERM to CUP.

Regards,

John

Anyone working on RAR SP13 Patch 2? Any feedback on that version?

Really appreciate it.

Another issue in SP13.

after rule files upload, permission level rules not generated......

discussed in another thread.... so thought should complie here.

SAP note- 1168120 which says this issue has been resolved in Patch 2 of SP13

Moderators can we have this thread on top......

Regards,

Surpreet

I can also confirm that after installing CUP patch 1 and RAR patch 2 the mitigation control creation and assignment webservices in CUP are now functional.

One thing we did notice after installing the SP13 patch 1 for CUP, is that CUP now displays the mitigating control long description field whereas it has always previously displayed the mitigating control short description field when searching for & assigning a mitigating control. Did others see this same change?

Has anyone installed and tested the CUP 13.1 Hot Fix? Does it solve the mitigation webservice issue?

Thanks,

John

All!

Please let us know if the CUP 13.1 Hot Fix solves the mitigation webservice issue. We will not be able to address it this month at my client, but would like to know if it will allow us to go forward.

Thanks in advance!

-john

Hi All!

Regarding the Mitigation WS error:

GRC Development agreed to have an update for me on this issue this week.

Keep you posted.

-john

Hi All!

Regarding the Mitigation WS error:

I am pushing SAP Support for a hotfix in the meantime. Waiting till Dec 10, 2010 for a fix is not an acceptable solution.

Keep you posted.

-john

Hi All!

Regarding the AE Request Mitigation Error:

X Mitigating control creation failed: Exception in communicating with the web service : Service call exception; nested exception is: java.rmi.RemoteException: The host of endpoint URL "http://SERVER:PORT/VirsaCCMitigation5_0Service/Config1?wsdl&style=document" was not found. Check if the WS Client is configured correctly. Probably endpoint URL is not set or use of HTTP Proxy is required.; nested exception is: java.net.UnknownHostException: proxy

SAP Support has provided us with a workaround:

"...yesterday afternoon we found a workaround that

we tried on my system and it resolved the issue for me:

Go to Mitigation > Mitigation URI > and change the host name to

the IP address of the GRC system. If you use HTTPS there may be

additional issues,..."

We are currently testing this workaround and I will update this forum when our testing is complete.

Regards,

John

Just for you to know and avoid "surprises" in CP13 I would like to share a response from an OSS Message where we asked why management report date shown in the header frame fo the informer tab was not updated after running management report.

The functionality of the summary date changed in the later supportpackages. It now will only show the last date when a violation occured.

Hope it helps. Kind regards,

Imanol

Imanol,

This is the Mitigation Error from CUP we get:

X Mitigating control creation failed: Exception in communicating with the web service : Service call exception; nested exception is: java.rmi.RemoteException: The host of endpoint URL "http://[SERVER]:[PORT]/VirsaCCMitigation5_0Service/Config1?wsdl&style=document" was not found. Check if the WS Client is configured correctly. Probably endpoint URL is not set or use of HTTP Proxy is required.; nested exception is: java.net.UnknownHostException: proxy

Are you still getting this error in CUP after you applied the SP13, patch 1 for RAR?

Regards,

John

Hi,

We have applied RAR SP13 Patch 1 and either from ERM or CUP when trying to retrieve Mitigation Control information, an error message is shown.

Is this the mitigation issue you are refering to?

Thanks in advance. Best regards,

Imanol

Daniela,

Please let us know if the patch solves the mitigation webservice issue ASAP.

Thanks in advance!

-john

All,

Regarding the AE Mitigation Error, I have recieved the following response from SAP Support as their "Proposed Solution":

"This has been resolved in SP13.1, but the SAP note has not been

updated to reflect this particular error.

Can you apply the RAR package only for 13.1 and close this message

when you have retested? There are two other critical issues resolved

in 13.1 where risk analysis will fail with a web service error and it's

related to all web services."

-john

Either moving to SP13 Patch 1 or applies SAP Note 1508611 - RAR Risk Analysis Web Service Performance work around.

Hope it helps.

Hi all,

Any of you is using ERM under SP13?

We are experiencing a very strange behaviour in the system.

For new roles created, when we search for them, select any of them and click on bottom modfiy, we get the initial screen for creating a new rol with an error message at the top instead of the screen with the data of the role selected to modify it.

Has anyone of you experiencing this in ERM SP13?

Thanks in advance. Kind regards,

Imanol

Hi all,

Any of you is using ERM under SP13?

We are experiencing a very strange behaviour in the system.

For new roles created, when we search for them, select any of them and click on bottom modfiy, we get the initial screen for creating a new rol with an error message at the top instead of the screen with the data of the role selected to modify it.

Has anyone of you experiencing this in ERM SP13?

Thanks in advance. Kind regards,

Imanol

Regarding "advanced view in the risk analysis on a request ", I believe you will need Risk Analysis Risks found in different systems on the same requests. At this time, we cannot test that.

-john

Regarding "advanced view in the risk analysis on a request ", we have the same issue. All we get is blank with both web services.

-john

Thanks Vit & Imanol for pointing me to the patch 1 - I was just looking under the general AC section not the VIRSA CC area. I appreciate the help.

In CUP has anyone got the new advanced view in the risk analysis on a request working? This is the new feature that should let you see permission level detail of a risk violation in CUP.

When we click the advanced view button, it just gives us a pop-up window with no information. We've tested it with both the original Risk Analysis web service and the new risk analysis v1 web service that was released.

Thanks!

Patch 1 for SP13 can be found under Downloads > Support Packages and Patches within the SAP Marketplace.

Vit, what about role import? Is it loading all files properly?

We are having the issue for the mitigation call web service from ERM to RAR

We have reported to SAP the issue with the XML files and the mitigation also.

Let's keep updated.

Many thanks to you all for sharing all these useful information.

Hi All,

We've been testing SP13 here the last week or so and I can confirm we are also experiencing the issues that most have raised in the thread.

In regards to the risk analysis timeout, note: 0001508611 does solve this issue. It recommends inserting a config setting directly into the VIRSA_CC_CONFIG table at the database level for the new "Store Web Service..." config parameter in RAR. Trying to maintain this configuration option through the application front-end was not possible for us either.

Several have mentioned this parameter setting is fixed with SP13 patch 1 ? Looking in the service marketplace download area I did not see a patch 1 for SP13. Where can I locate SP13 with patch 1?

Thanks!

Hi,

After applying SP13 last week we are unable to see the error messages for ERM.

We have followed the required steps to upload XML files but still, the red brackets are shown instead.

Any tip on fixing this?

Thanks for all. Kind regards,

Imanol

Hi,

In SAP note 1168508 under SP13 section it is said that:

"If a request has multiple firefighter ID's on it with different approvers, if any approver approves, all firefighter ID's are assigned. With this support pack, new configuration has been added to treat firefight ID's like roles so approval happens like roles."

Have any of you tested this? We have run some tests and still the whole provisioning (for all FF ID) is taken effect as soon as one owner approves the request.

Note that in the stage definition we have set "Any approver", approval based on "Role" and CAD is selected as "Super Access Owner".

Any input would be appreciated.

Thanks for all. Kind regards,

Imanol

Thanks for your update Benjamin.

I feel a bit (just a bit) more relax listening that I am not the only one.

I will keep updating this post if new issues are identified in our tests.

Thanks for all. Regards,

Imanol

Hi Imanol,

regarding your post:

"These are:

1) Use Net Weaver Logical Lock Yes/No?

2) Store WebService Input/Output parameters objects in database Yes/No?

We set their values to YES and NO as suggested in the description.

The weird thing is that from time to time these values get automatically cleared. We set them again and after some time they get cleared again.

Note that J2EE server was restarted after these parameters were set.

Has anyone noticed this in their systems? Answers will be appreciated."

we are also experiencing this.

I have set the parameters (Server has not been restarted yet because some other guys are doing testing on it right now).

After a while the configuration for those two options is empty again.

I am suspecting it has also somethin to do with the BrowserSessions (Change the parameters, log out of RAR, close all Browser windows, login again an check parameters)

Regarding post:

"Another issue identified is that when running background processes in RAR (i.e: sync, risk analysis, management reports etc) job status shows error instead of running. I don't know if any of you is having this also."

Yes, we are also experiencing this. There's lots of null-pointer execptions in the log and the job shows as "Error". After it has finished it will show as "Completed" in our installation.

Regards,

Benjamin

Edited by: Benjamin Schlotz on Sep 22, 2010 5:34 PM

Hi all,

After upgrading to SP13 there are two new parameters in RAR under Configuration > Risk Analysys > Performance Tuning.

These are:

1) Use Net Weaver Logical Lock Yes/No?

2) Store WebService Input/Output parameters objects in database Yes/No?

We set their values to YES and NO as suggested in the description.

The weird thing is that from time to time these values get automatically cleared. We set them again and after some time they get cleared again.

Note that J2EE server was restarted after these parameters were set.

Has anyone noticed this in their systems? Answers will be appreciated.

Thanks for all. Kind regards,

Imanol

Hi all,

We are experiencing the same issue Vit describes when calling the mitigation web service from ERM.

We are opening an OSS Message also.

Another issue identified is that when running background processes in RAR (i.e: sync, risk analysis, management reports etc) job status shows error instead of running. I don't know if any of you is having this also.

Thanks for all. Kind regards,

Imanol

Hi,

I'm having problem with the VirsaCCMitigation5_0Service when I'm trying to mitigate a risk or creating a mitigation control in CUP.

The error message is:

Mitigating control creation failed: Exception in communicating with the web service : Service call exception; nested exception is: java.rmi.RemoteException: The host of endpoint URL "http://xxxx.corp:xxxx/VirsaCCMitigation5_0Service/Config1?wsdl&style=document" was not found. Check if the WS Client is configured correctly. Probably endpoint URL is not set or use of HTTP Proxy is required.; nested exception is: java.net.UnknownHostException: proxy

I masked the URL, but the real one is working. Any one else having this problem?

A message is sent to grc dev support.

regards,

Vit