Guest

CiscoWorks Wireless LAN Solution Engine (WLSE)

Field Notice: FN - 62155 - Sun JAVA Cryptography Extension (JCE) 1.2.1 Expires on July 27, 2005


Revised July 26, 2005

July 22, 2005


Products Affected

Product

Comments

CWWLSE-1130 SOFTWARE - 2.7

And All Previous Versions

CWWLSE-1105 software - 2.7

And All Previous Versions

Host Solution Engine (HSE) - 1.7.3

And All Previous Versions

Cisco WAN Manager (CWM) - 11.0.10

SOL-2.7 and SOL-2.8

Cisco WAN Manager (CWM) - 12.0.00

-

Problem Description

The Sun Java Cryptography Extension (JCE) 1.2.1 used in several Cisco products is set to expire at Midnight on July 27th, 2005.

Products using this version of the Java Cryptography Extension will experience issues where key functionality will stop working.

Background

JCE 1.2.1 is at the "End of Service Life" for Sun Microsystems, and is no longer supported.

Additional information regarding the JCE 1.2.1 End of Service Life can be found in the Sun Microsystems Bulletin.

Problem Symptoms

Products affected by this JCE 1.2.1 expiration (After July 27th, 2005) will experience product and feature functionality issues. Product symptoms will include:

Cisco WAN Manager (CWM)

CWM 11.0.10 (both Solaris 7 and Solaris 8) and 12.0 use the Sun JRE 1.3.1 and Java Cryptography Extension (JCE) version 1.2.1 for PC clients to establish a secure connection to the server and launch GUI applications. Since JCE 1.2.1 expires on July 27th, 2005 three applications of CWM (Network Configurator, Network Browser, and CiscoView) can not be launched and used by PC clients. Other applications do not rely on JCE 1.2.1 and can be launched from PC client via Network Topology.

Note: The CWM 11.0.10, 11.0.10 patches, 12.0 and 12.0 patches require the JCE 1.2.2 patch. The JCE 1.2.2 patch must be applied after every new CWM 11.0.10, 11.0.10 patch, 12.0 and 12.0 patch installation.

Later releases of CWM such as 15.0, CWM 15.0 patches and 15.1 use JRE 1.4 which does not have any expiration date. CWM 15.0 and 15.1 use the JRE 1.4.2 features.

Earlier releases of CWM such as 10.4 and 10.5 do not have a PC client option.

CiscoWorks Wireless LAN Solution Engine (CWWLSE)

When the certificate expires, key WLSE functionality such as high availability (HA), Configuration, and AP firmware update jobs will be unavailable until the patch is installed.

Host Solution Engine (HSE)

HSE Customers encountering this issue will receive Error 500 Interrupt Messages and the application will not work.

Example:

Error: 500 
Location: /servlet/com.cisco.nm.hsa.ui.devNav.DevMgr 
Internal Servlet Error: 
java.lang.NoClassDefFoundError: javax/crypto/b 
at javax.crypto.Cipher.getInstance([DashoPro-V1.2-120198])

Workaround/Solution

There is no workaround for this issue. The recommended resolution is to install the assigned patch releases for CWM, CWWLSE, and HSE. Follow the instructions below for each of these products as they apply to your applications infrastructure:

Cisco WAN Manager (CWM)

Download CWM Patch from Cisco Software Center and follow installation instructions.

Note: These patches can be installed on top of any patches or special binaries customers are currently running on these releases.

CWM 11.0.10

URL: 
http://www.cisco.com/cgi-bin/tablebuild.pl?wantype=strataview&wanrel=11.0.10SOL2.8P4.1 
File Name: CWM11JCEpatch.tar 
Readme File: CWM11-JCE122-README.txt 

CWM 12.0.00

URL: 
http://www.cisco.com/cgi-bin/tablebuild.pl?wantype=strataview&wanrel=12.0.00P3 
File Name: CWM12JCEpatch.tar 
Readme File: CWM12-JCE122-README.txt

CiscoWorks Wireless LAN Solution Engine (CWWLSE)

WLSE 1130 users - upgrade to a newer release, e.g. WLSE 2.11. Release 2.11 can be found on Cisco Software Center at:

URL: http://www.cisco.com/cgi-bin/tablebuild.pl/wlan-sol-eng 
File Name: WLSE-2.11u-K9.zip 
Readme: WLSE-2.11-K9.readme-V2.txt 

WLSE 1105 users running release 2.7.1 or 2.7 - Download the following Readme File from Cisco Software Center, and follow the patch download and installation instructions

URL: http://www.cisco.com/cgi-bin/tablebuild.pl/wlan-sol-eng 
File Name: WLSE-2.x-CSCsb39389 
Readme: WLSE-2.x-CSCsb39389.readmeV1.txt

Host Solution Engine (HSE)

Download the following Patch and readme file from Cisco Software Center and follow installation instructions

URL: http://www.cisco.com/cgi-bin/tablebuild.pl/1105-host-sol 
File Name: HSE-CSCsb40275.info and HSE-CSCsb40275.zip 
Readme File: HSE-CSCsb40275.readme.txt 

DDTS

To follow the bug ID link below and see detailed bug information, you must be a registered user and you must be logged in.

DDTS

Description

CSCei55908 (registered customers only)

CWM Ver. 11 and 12 are impacted by JCE 1.2.1 July 27th, 2005 expiration date

CSCsb39389 (registered customers only)

JCE 1.2.1 expiration on 7/28 breaks some WLSE functionality

CSCsb40275 (registered customers only)

Sun JCE library expiration and HSE fail to login to device

For More Information

If you require further assistance, or if you have any further questions regarding this field notice, please contact the Cisco Systems Technical Assistance Center (TAC) by one of the following methods:

Receive Email Notification For New Field Notices

Product Alert Tool - Set up a profile to receive email updates about reliability, safety, network security, and end-of-sale issues for the Cisco products you specify.