Table Of Contents
Release Notes for CiscoWorks Network Compliance Manager 1.5.02
May 28, 2010
These release notes are for CiscoWorks Network Compliance Manager (NCM) 1.5.02.
CiscoWorks NCM 1.5.02 is a patch release that you can install on top of CiscoWorks NCM 1.5.01.
Note The Docs tab provided in the CiscoWorks NCM user interface might not include links to the latest documents. Therefore, we recommend that you access the CiscoWorks NCM documentation set using the following URL: http://www.cisco.com/en/US/products/ps6923/tsd_products_support_series_home.html
This document contains the following sections:
CiscoWorks NCM tracks and regulates configuration and software changes in a multivendor network environment. It provides visibility into network changes and tracks compliance with a broad variety of regulatory, IT, corporate governance, and technology requirements. CiscoWorks NCM helps IT staff identify and correct trends that could lead to problems, such as network instability and service interruption.
CiscoWorks NCM is integrated with CiscoWorks and is initially launchable from the CiscoWorks home page. CiscoWorks NCM is interoperable with other CiscoWorks applications, such as the LAN Management Solution (LMS) bundle through the Common Services Device Credential Repository (DCR).
Installing the CiscoWorks NCM 1.5.02 Patch
To install the CiscoWorks NCM 1.5.02 patch:
Step 1 Unzip the patch bundle on the CiscoWorks NCM server.
Step 2 Run the patch script.
For Windows, execute the patch.bat script from the command line.
For Linux or Solaris, execute the patch.sh script using the following commands:
% sh patch.sh
A log file named patch.log is created in the <CWNCM_Install_Directory>/server/log/ directory, when the patch script is executed. The errors that occur during the installation process are logged in the patch.log file.
The patch installer creates a subdirectory named patch_backups in the root of the CiscoWorks NCM installation directory. This subdirectory includes a directory with the patch build number. The files that are changed by the patch installer are backed up in this directory. The backup.log file lists the files that are backed up and the original location of the files.
To remove the patch and roll back to the pre-patch state:
Step 1 Stop the NCM Management Engine.
Step 2 Restore the files that are changed by the patch installer to their original locations.
Step 3 Restart the NCM Management Engine.
What's Been Fixed in CiscoWorks NCM 1.5.02
Table 1 describes the issues fixed in CiscoWorks NCM 1.5.02.
Known Problems in CiscoWorks NCM 1.5.02
Table 2 describes the known problems in CiscoWorks NCM 1.5.02.
Table 3 shows the supported platforms for CiscoWorks NCM.
Note CiscoWorks NCM 1.5.02 is a 32-bit application that runs in 32-bit mode on 64-bit Windows and Linux operating systems. CiscoWorks NCM 1.5.02 runs in 64-bit mode on Solaris platforms.
The following operating systems are no longer supported:
•Red Hat AS3
While upgrading to CiscoWorks NCM 1.5, if you are moving from a deprecated operating system to a supported operating system, do the following:
Step 1 Back up the CiscoWorks NCM folder.
Step 2 Upgrade the operating system.
Step 3 Upgrade to CiscoWorks NCM 1.5.
Note For all operating system upgrades, please see the respective vendor documentation or contact your system support personnel. Cisco is not responsible for issues that might arise during third-party product upgrades.
While installing CiscoWorks NCM, the database can be installed on any platform.
Table 4 shows the databases that are supported by CiscoWorks NCM.
CiscoWorks NCM supports 64-bit Oracle and SQL Server.
The following databases are no longer supported:
•Oracle 9i and Oracle 9.2
•Microsoft SQL Server 2000
Note Existing MySQL 3.x databases can be upgraded to MySQL 5.0.41 or higher using the MySQL Upgrade Installer. See the Installation and Upgrade Guide for CiscoWorks Network Compliance Manager 1.5 for more information.
While upgrading to CiscoWorks NCM 1.5, if you are moving from a deprecated version of the database, to a supported version of the database, do the following:
Step 1 Back up the CiscoWorks NCM database.
Step 2 Upgrade the database.
Step 3 Upgrade to CiscoWorks NCM 1.5.
Note For all database upgrades, please see the respective vendor documentation or contact your database analyst. Cisco is not responsible for issues that might arise during third-party product upgrades.
Additional CiscoWorks NCM Configurations
Table 5 shows the database requirements for Oracle and Microsoft SQL server in a High Availability Distributed System environment.
See the High Availability Distributed System on Oracle Configuration Guide for CiscoWorks Network Compliance Manager or the High Availability Distributed System on Microsoft SQL Configuration Guide for CiscoWorks Network Compliance Manager for information on configuring High Availability Distributed System environment.
Table 6 shows the supported platforms for CiscoWorks NCM in Satellite environment.
Table 6 Supported Platforms for Satellite Environment
Vendor OS Version Architecture
RHEL AS (32-bit)
3 and 4
SuSE Enterprise Linux Server
Solaris (patch 118833-36 or later)
9 and 10
Note SuSE Linux 9 and Solaris 9 are supported on the Satellite remote gateway, however, these two operating systems are not supported in CiscoWorks NCM 1.5 Core.
See the Satellite User's Guide for CiscoWorks Network Compliance Manager for information on configuring Satellite environment.
Table 7 shows the supported platforms for CiscoWorks NCM in a Virtual Environment.
Table 7 Supported Platforms for CiscoWorks NCM in Virtual Environment
Vendor OS Version
VMware ESX 3.5 or 4.0
Note Troubleshooting and performance issues related to VMware cannot be resolved via Cisco Technical Support.
Note the following while running CiscoWorks NCM in Virtual Environment:
•Running CiscoWorks NCM and the database in the same Virtual Environment is not recommended.
•Running the database for CiscoWorks NCM High Availability Core in Virtual Environment is not recommended.
•The maximum number of devices is 3,000.
•The maximum number of concurrent tasks is less than 20.
•The minimum VMware Guest requirements include:
–2.6 GHz CPU
–4 GB dedicated RAM
–40 to 60 GB HD
–100 Mbps or higher dedicated Ethernet port
–Linux RHEL AS 3 and 4
•CiscoWorks NCM is not certified to run with Oracle in a VMware instance.
•CiscoWorks NCM is not certified to run in an environment where VMotion is used with the Virtual Environment.
Additional Required Applications
You need to install the following applications:
•CiscoWorks NCM supports the following browsers:
–Mozilla Firefox 2.0 or 3.0
–Internet Explorer 6.x, 7.0
Note Mozilla Firefox 1.x is no longer supported.
•Microsoft Excel 2000 or higher, if you are viewing Summary Reports from the CiscoWorks NCM server.
•Adobe® Acrobat Reader™ version 4.0 or higher, if you are viewing CiscoWorks NCM documentation from the CiscoWorks NCM server.
•ActivePerl 5.8.x (for Windows).
•Perl 5.8.x (for Solaris and Linux).
Note Third-party products mentioned in this documentation are manufactured by vendors independent of Cisco. Cisco makes no warranty, implied or otherwise, regarding the performance or reliability of these products. We provide third-party contact information to help you find technical support. However, third-party contact information is subject to change without notice and, therefore, Cisco can in no way guarantee the accuracy of this contact information.
Table 8 shows the hardware requirements for an application server.
Table 9 shows the hardware requirements for a database server.
Table 9 Hardware Requirements for Database Server
Intel Xeon or equivalent, 3.0+ GHz
4 GB RAM
60 to 100 GB, Single Channel RAID, Fast SCSI
100 Mbps Fast Ethernet, full duplex
Please read the following usability issues before using CiscoWorks NCM 1.5.x.
RSA SecurID Support in CiscoWorks NCM 1.5.x
Bug ID: QCCR1D103053
While using RSA SecurID 4.x 128-bit tokens with CiscoWorks NCM 1.5.x for device authentication, you must use the RSA SecurID 3.x software token client with RSA SecurID 4.x 128-bit tokens to import the devices.
VLAN Data Gathering Diagnostic
Bug ID: QCCR1D102848
If you are running several diagnostics, including the VLAN Data Gathering diagnostic, on a device that does not support the VLAN Data Gathering diagnostic, there is no Session Log available for that task.
Workaround: Remove the VLAN Data Gathering diagnostic from the task.
Stopping the CiscoWorks NCM Management Engine on a Solaris platform
Bug ID: QCCR1D102881
While running CiscoWorks NCM on a Solaris platform, if you select the Start/Stop Services option from the Admin menu, and then select the Stop option for the NCM Management Engine, the NCM Management Engine will not be stopped.
Workaround: Go to the operating system and run the /etc/init.d/truecontrol stop command.
Bug ID: QCCR1D102754
Previously saved VLAN searches are not valid in CiscoWorks NCM 1.5.x due to the addition of new VLAN features. If you try to view a saved VLAN search, you could see the following error message:
Error executing query VLAN: PortInVlanName is not a valid field name for this query.
Workaround: Remove the VLAN search and re-create a new VLAN search.
Uploading Large Image Files
Bug ID: QCCR1D99027
Currently, CiscoWorks NCM is limited to uploading device configurations less than 250MB.
Provision Device Task
Bug ID: QCCR1D102620
Although the Provision Device task enables you to select more than one device, the task only works with one device. Attempting to select more than one device or a device group, using the Device Selector will cause an error.
Using Firefox 2.0
Bug ID: QCCR1D102330
For most versions of Firefox 2.0, the browser crashes when you try to expand the Device Selector or Device Group Selector.
Workaround: Upgrade to Firefox 184.108.40.206 or higher.
Device Selector Display
Bug ID: QCCR1D101145
Some of the Device Selector display features might not work properly in Internet Explorer 6 due to browser limitations.
Workaround: Upgrade to Internet Explorer 7.
Bug ID: QCCR1D102646
While modifying Security Partition details, if you save the Security Partition before the Device Selector loads, you will lose all the devices from that Security Partition.
Bug ID: QCCR1D101509
If you cancel a task that is currently communicating with a device, CiscoWorks NCM will mark subsequent attempts to run the task (or similar tasks) as skipped.
This issue can occur if CiscoWorks NCM is trying to end communication between the task and the device before actually canceling the task. As a result, CiscoWorks NCM will continue to execute the task until that point is reached. Any attempt to rerun the task before it is canceled will appear to CiscoWorks NCM as if the task is already in progress. Therefore, CiscoWorks NCM will mark the new task as skipped.
Using the $tc_device_enable_password$ Variable in Command Scripts
Bug ID: QCCR1D100314
While using the $tc_device_enable_password$ variable in a command script, if the device enable password contains an at sign (@) character, the at sign character will be preceded by a backslash.
Device Managed IP Addresses Page
Bug ID: QCCR1D101755
Changes made to the Device Managed IP Address are not reflected properly in the Device Managed IP Address page.
Workaround: Click the Reset Last Used IP link in the Device Managed IP Addresses page.
Setting Parent Task Priority
Bug ID: QCCR1D98393
If you change the priority of a parent task that is currently running, any existing child tasks that are in the Pending or Waiting state will appropriately change their priority. However, child tasks that have not been created yet or are in other states, such as Running or Paused will retain the parent task's original priority.
If you change the priority of a parent task that is not running, all child tasks take the new priority.
Duplicate VLANs Displayed in Layer 2 Diagrams
Bug ID: QCCR1D100138
While drawing VLANs diagrams, if a VLAN includes an IP address, both the VLAN name and the VLAN ID are included in the VLAN port table. Duplicate VLANs could be displayed in Layer 2 diagrams.
Using LDAP Servers
Bug ID: QCCR1D99663
If you are using a LDAP server for external user authentication, you might need to modify certain LDAP related options in the appserver.rcx file. The default settings will work with the ActiveDirectory server under most situations. However, for other types of LDAP servers (depending on the LDAP schema configurations), you might need to customize the following settings if you are experiencing issues with the default settings:
<!-- Attribute mapping for Generic LDAP server-->
<option name="ldap_server/attr_mapping/Generic/group_search">group,organizationalunit, container,groupOfUniqueNames</option>
<option name="ldap_server/attr_mapping/Generic/member_search">member,uniqueMember </option>
<option name="ldap_server/attr_mapping/Generic/username_search">samAccountName,uid,cn </option>
You can ignore the following settings:
<!-- Attribute mapping for SunLDAP server-->
<!-- Attribute mapping for OpenLDAP server-->
The group_search option specifies the list of LDAP entries to be searched for LDAP groups. This information is used in Step 3 of LDAP Setup Wizard, where you define the LDAP groups whose members are allowed to login to CiscoWorks NCM.
Make sure that the list contains all necessary group attributes. For example, it might be necessary to add groupOfName to the list for the LDAP group search to work properly.
The same concept applies to username_search and member_search options. Both of these options are used during the CiscoWorks NCM login process to identify the user and to determine the user's group memberships. If the default LDAP attribute names do not match your LDAP schema configuration, change them accordingly.
Testing OpenLDAP User Authentication
Bug ID: QCCR1D100201
While configuring OpenLDAP for CiscoWorks NCM user authentication, the Test function might not work. In this case, save all the options before testing if they work.
Bug ID: QCCR1D100298
Scripting to a vSwitch is done via direct API calls to the containing ESX server. As a result, the scripts modify the ESX server settings that are not related to the vSwitch. This occurs even if the MSP permissions are granted only to the vSwitch.
Running CiscoWorks NCM on a Solaris Platform
Bug ID: QCCR1D99873
While starting the CiscoWorks NCM server on a Solaris platform, there is a possibility that the CiscoWorks NCM server will crash due to an error in the native frame_sparc.cpp file. This is due to a bug in the Solaris JVM Biased Locking feature.
Workaround: Add the following VM argument to the jboss_wrapper.conf file located in NCM_INSTALLED_DIR/server/ext/wrapper/conf:
Where # is the next number in sequential order of all parameters. For example, if the jboss_wrapper.conf file has the following arguments, the workaround VM argument would be number 6.
wrapper.java.additional.1=-DTCMgmtEngine=1 wrapper.java.additional.2=-Duser.dir=C:\NA\server\ext\jboss\bin wrapper.java.additional.3=-Xmn170m
wrapper.java.additional.4=-Djava.awt.headless=true wrapper.java.additional.5=-Dfile.encoding=UTF8 wrapper.java.additional.6=-XX:-UseBiasedLocking
Viewing VLAN Information for a Port/Interface
Bug ID: QCCR1D98139
While viewing device MAC address details on the MAC Address Details page, the VLAN field is not populated.
Workaround: To display VLAN information for a port or interface, click the Port Name link for that port on the MAC Address Details page. The Interface Details page will appear. Scroll down to the Member VLANs field to view the VLAN information.
Using Active Directory
Bug ID: QCCR199633
If you are using Active Directory, you must modify the corresponding options in the appserver.rcx file to include the correct attributes in the search mapping session. To do this:
Step 1 Locate
<!-- Attribute mapping for Generic LDAP server-->session in the appserver.rcx file.
Step 2 Make sure that:
–groupOfName is included in the group_search
–uid is included in the username_search
–member is included in the member_search
Step 3 Save the changes to the appserver.rcx file.
Step 4 Restart the CiscoWorks NCM server.
Using ActiveState ActivePerl on Windows
Bug ID: QCCR1D92850
Due to limitations of ActiveState ActivePerl on Windows, if you use this environment you will not be able to use SSH connections with the CiscoWorks NCM Perl API.
Workaround: Install the CiscoWorks NCM client on a supported Linux or Solaris system and run the CiscoWorks NCM Perl API from that system.
Including URLs in Policies
Bug ID: QCCR1D98621
When you create a policy and include a vendor solution URL or a vendor advisory URL, the URL must start with http:// prefix. Otherwise, the link might not be correctly interpreted by the browser.
Java Plug-in Version
Bug ID: QCCR1D88659
If the Connect function fails and the CiscoWorks NCM server hangs, check the Java version that you are currently running on your Windows system. This might be an issue with the Java Plug-in of your Web browser.
To check the Java version that you are currently running on your system:
1. Choose Start > Control Panel.
2. Double-click Java.
3. In the General tab, click the About button.
This issue will not occur in Version 6 Update 10 and earlier.
Using the Device Group Selector
Bug ID: QCCR1D98865
Some of the Chinese characters are not displayed in the Device Group Selector.
Using CiscoWorks NCM with NNMi
Bug ID: QCCR1D71332
When you add a device manually to CiscoWorks NCM integrated with NNMi, and navigate from NNMi to the device in CiscoWorks NCM, an error message (indicating that the NNMi UUID is unknown) is displayed.
1. Remove the device from CiscoWorks NCM and then add the device to NNMi. Run the Import task to import the device into CiscoWorks NCM.
2. Choose Administrative Settings > Server > Device Import and set the Overwrite Existing Devices option to yes and then run the NNMi Import task.
Creating Advanced Perl Scripts
Bug ID: QCCR1D97574
While creating an advanced Perl script, remember that CiscoWorks NCM treats variables that do not have space in between them as reserved variables. If you use $-pairs in the script for non CiscoWorks NCM variables, separate them with a space.
my($host,$port,$user,$pass) = ('localhost','$tc_proxy_telnet_port$', '$tc_user_username$','$tc_user_password$');
my($host, $port, $user, $pass) = ('localhost','$tc_proxy_telnet_port$', '$tc_user_username$','$tc_user_password$');
Error When Viewing Results for Diagnostics with Single Quotes in their Name
Bug ID: QCCR1D95437
When a diagnostic is created with single quotes in its name (for example, `Ana's Diagnostic'), the diagnostic results are not displayed for that device, .
Workaround: Do not use single quotes in diagnostic names.
Diagnostic Name Limit
Bug ID: QCCR1D96090
CiscoWorks NCM allows you to enter up to 100 characters while naming a diagnostic. However, CiscoWorks NCM allows only 50 characters for the diagnostic name, while running the diagnostics.
Workaround: Limit diagnostic names to 50 or less characters.
Using SCP with Devices in Remote Realms
Bug ID: QCCR1D87003
Devices in remote Realms cannot use the Secure Copy (SCP) Transfer Protocol because the remote Gateway Satellite Agent cannot use SSH/SCP port 22. The Gateway OS uses the SSH/SCP port 22.
Workaround: Disable SCP for devices in remote Realms.
MySQL Install and Upgrade
Bug ID: QCCR1D87961
If you are using a MySQL database and MySQL is installed or upgraded on a CiscoWorks NCM build generated prior to February 5, 2009, do the following:
Step 1 Stop CiscoWorks NCM services.
Step 2 On Windows, open the my.ini file (under the MySQL Install folder).
On Solaris or Linux, open the /etc/my.cnf file.
Step 3 Search for max_allowed_packet.
If not found, append max_allowed_packet=16776192 to the bottom of the file. If found, change its value to 16776192.
Step 4 Restart MySQL.
Step 5 Restart CiscoWorks NCM services.
Solaris and SecurID
Bug ID: QCCR1D86370
Configuring CiscoWorks NCM to use SecurID as the authentication method can cause the management service to crash. The SecurID libraries provided by RSA cause this problem. Currently, this problem occurs on Solaris 10 with a version string, SunOS 5.10 Generic_118833-22. However, SunOS 5.10 Generic_120011-14 version works fine.
Workaround: Update your OS to SunOS 5.10 Generic_120011-14 version, if you are experiencing problems with SecurID on Solaris.
Using SCP on Linux and Solaris
Bug ID: QCCR1D82379
While using SCP on a Linux platform, you need to modify your system's SSH daemon (SSHD) to run on an alternate port and restart the SSHD service. Port 8022 is recommended.
After reconfiguring the system's SSHD, restart the CiscoWorks NCM to bind it to Port 22. Use the following command to login via the system's SSHD:
ssh -p 8022 username@host
Note Use ssh username@host for a direct connection to the CiscoWorks NCM proxy.
After logging into CiscoWorks NCM, navigate to the Device Access page. Enter the SSH Username and SSH Password in the SSH Device Access field. The device driver will use this information while copying the files to the CiscoWorks NCM server.
The device specific settings must be configured to enable SCP and SSH to function properly.
The SCP connection must be made to the managing CiscoWorks NCM server to use SCP with remote Realms. A SCP connection to the CiscoWorks NCM Gateway will not succeed if the CiscoWorks NCM Gateway runs the Linux and Solaris system SSHD. See the User Guide for CiscoWorks Network Compliance Manager 1.5 for detailed information.
Bug ID: QCCR1D80180
The SSH protocol runs on port 22. By default, Linux and Solaris installs run on port 8022. Windows installs run on port 22.
For Windows installs, if the port is switched to 8022, there could be connectivity issues. This issue is uncommon because most devices do not allow for the specification of an alternate port.
SCP will not work if the device is in a remote Realm and access to the device is managed via a CiscoWorks NCM Satellite. You must run the CiscoWorks NCM SSHD proxy on port 22.
If you use port 8022 on any platform, SCP copies from a device to CiscoWorks NCM will not work. Refer to the Satellite User's Guide for CiscoWorks Network Compliance Manager for information on configuring CiscoWorks NCM Satellites.
Using a Non-English Operating System
Bug ID: QCCR1D86705
When you run the CiscoWorks NCM on a non-English operating system, unreadable text will be displayed in the Password Information section of the Edit Device page, if you select a Partition from the drop-down menu.
Bug ID: QCCR1D86831
While creating an Auto-remediation script on the New Policy Rule page, if you input extended characters in the Rule Conditions field, it will produce unreadable text.
Bug ID: QCCR1D86391
If you login to CiscoWorks NCM as a limited access user and attempt to connect to a device via the proxy interface, your session will be disconnected.
Searching for Diagnostics
Bug ID: QCCR1D79575
CiscoWorks NCM Topology Data Gathering diagnostic has two options: CiscoWorks NCM Topology Data Gathering and Topology. Selecting either of these options will only search for the CiscoWorks NCM Topology Data Gathering diagnostic.
Bug ID: QCCR1D75228
Using SNMP device discovery over networks with latency can cause SNMP timeouts. To resolve this issue:
Step 1 Login to CiscoWorks NCM.
Step 2 Choose Admin > Administrative Settings > Device Access.
The Device Access page appears.
Step 3 Scroll down to the Detect Network Devices Task Settings section and set the SNMP Timeout to a higher value (for example, 2500 milliseconds).
Bug ID: QCCR1D79600
When you enable the Workflow and run a CLI or API task with -sync option, the task will fail and the following error message will be displayed:
No such directory
Bug ID: QCCR1D61595
CiscoWorks NCM does not accept multiple dollar signs ($$). If the password that you use to connect to the database contains multiple dollar signs, you must modify the password before installing CiscoWorks NCM.
Bug ID: QCCR1D78975
The IPv4 address range 169.254.0.0/16 is reserved for link-local usage (referred to as Automatic Private Internet Protocol Addressing (APIPA) by Microsoft) and is not an applicable address range for CiscoWorks NCM. For more information, refer to http://www.ietf.org/ (rfc3330 and rfc3927).
Bug ID: QCCR1D78861
CiscoWorks NCM 1.5.x uses a new set of keys for SSH communication. In previous releases, CiscoWorks NCM used only one Digital Signature Algorithm (DSA) key for all installations.
When you install CiscoWorks NCM 1.5.x, it creates two new 1024-bit keys. The first key uses the DSA algorithm. The second key uses the RSA algorithm. These keys are used when you connect to CiscoWorks NCM via SSH.
Custom Data Setup
Bug ID: QCCR1D77153
The Custom data field in the Custom Data Setup page accepts alphanumerics and underscores. Though you can use dashes, custom data field names with dashes cannot be used for the tc_device_custom device variables in custom scripts.
Advanced ACL Scripts
Bug ID: QCCR1D74295
If you click the Update Script button while specifying an advanced ACL script, the values are locked. As a result, running (or re-running) the script could result in variables not being updated properly.
Workaround: Avoid using the Update Script button with advanced ACL scripts.
Use of Dollar Signs ($) in Scripts
Bug ID: QCCR1D69342
If the script generated from a Telnet/SSH session log, contains dollar signs ($) in the executed commands, the script will fail or will not work properly.
OS Analysis Task
Bug ID: QCCR1D67566
When CiscoWorks NCM is used in an environment with overlapping IP addresses, the OS Analysis task is not supported for devices behind the remote Realm gateways.
OS Analysis tasks run on the devices that are located in the locally reachable network. As a result, there is a possibility of error in the image recommendation generated for the devices behind the gateway.
CiscoWorks NCM will report OS recommendations for a device in the default Realm instead of a remote Realm if they share an IP address.
Device Tasks Ignores the User-defined enforce_save Device Variable
Bug ID: QCCR1D64674
Device tasks that modify a device's configuration ignore the enforce_save device access setting. Because of this, startup configuration is always set as the current configuration.
Workaround: The DeviceInteraction/EnforceConfigurationSave/ConfiguringModels configuration option in appserver.rcx file can be set to false. In this way, startup configuration is not run for all device tasks that reconfigure the device.
Email Report Task
Bug ID: QCCR1D69342
While scheduling an Email Report task, if you select a report other than Summary Reports in the Reports To Run field, the task is reported as failed. However, the report is successfully emailed to the recipient. You can ignore the error message.
Bug ID: QCCR1D70552
While using template scripts, selecting the Run Again option will rerun the same script.
CiscoWorks NCM Core Gateways
Bug ID: QCCR1D68751
You cannot configure redundant CiscoWorks NCM Core Gateways in the same CiscoWorks NCM Realm as a single CiscoWorks NCM Core.
Workaround: Edit the adjustable_options.rcx file and add the IP addresses of other CiscoWorks NCM Core Gateways.
Potential for Task Failure while Using Reserved CiscoWorks NCM Characters in Device Prompts
Bug ID: QCCR1D70102
There are 11 characters that have special meaning in CiscoWorks NCM:
•Opening square bracket ( [ )
•Opening round bracket and the closing round bracket ( ( ) ).
•Backslash ( \ )
•Caret ( ^ )
•Dollar sign ( $ )
•Period or dot ( . )
•Vertical bar or pipe symbol ( | )
•Question mark ( ? )
•Asterisk or star ( * )
•Plus sign ( + )
If you use these characters in a device prompt, null pointer exception errors could occur during task execution. As a result, the task will fail. These characters should not be used while naming devices that interact with CiscoWorks NCM.
Oracle Database Errors Cause Failed Tasks and Other Issues
Bug ID: QCCR1D69094
Oracle database errors cause tasks to fail and other issues due to a bug in the JDBC Oracle driver. You could get the following error message:
OALL8 is in an inconsistent state.
Workaround: Update your version of Oracle Database Server.
ACLs with the Same Name, But Different Case in CiscoWorks NCM, Is Not Recommended
Bug ID: QCCR1D61744
CiscoWorks NCM supports case-sensitivity in ACL names. Therefore, you can have two ACLs with the same name, but different case.
If you delete one of those ACLs, all ACLs with the same name are deleted, regardless of the case. Cisco does not recommend multiple ACLs with same name, but with differing case in CiscoWorks NCM.
Use of the Dollar Sign ($) in Perl Code
Bug ID: QCCR1D61867
If you convert a Telnet/SSH Proxy session that contains a dollar sign ($) to Perl, CiscoWorks NCM will not interpret the dollar sign properly in the generated Perl code.
Workaround: Edit the script and add a backslash (\) in front of the dollar sign.
Downloading Software Images from Cisco.com
Bug ID: QCCR1D66891
You can download software images from Cisco.com for devices that are not currently in your CiscoWorks NCM system. However, you may need to modify the driver or model information or both to successfully deploy the software image.
To successfully deploy the software image:
Step 1 Choose Devices > Device Tools > Software Images.
The Software Images page opens.
Step 2 In the Action column, click Edit next to the software image that you want to modify.
The Edit Software Image page opens.
Step 3 In the Image Set Requirements field, modify the driver and model information to be compatible with the device in CiscoWorks NCM.
Step 4 Click Save Software.
High Availability Distributed System: Importing Devices
Bug ID: QCCR1D59742
If you import two devices with identical IP addresses into two separate CiscoWorks NCM Cores at the same time, you cannot detect if there is a duplicated device.
Workaround: Manually run the Deduplication task after importing the devices. One device will be automatically de-duplicated and set to Inactive state. (See Chapter 7 in the User Guide for CiscoWorks Network Compliance Manager 1.5 for information on running the Deduplication task.)
Passing Your CiscoWorks NCM Password to Advanced Scripts
Bug ID: QCCR1D50037
$tc_user_password$ will not work, if you are using the advanced scripts.
Workaround: Use $Password$ instead of $tc_user_password. $Password$ can only be used in the Parameters part of the advanced script. You need to add the code to your script to get the password from the command line arguments when the script runs.
High Availability Distributed System External Authentication
Bug ID: QCCR1D53815
When external authentication is used in a High Availability Distributed System environment, the External Authentication Type, for example, TACACS+ or Active Directory, is global (shared between all CiscoWorks NCM Cores). Authentication server information is CiscoWorks NCM Core specific.
Workaround: Set the External Authentication Type to None in the User Authentication page. Configure each CiscoWorks NCM Core individually with the authentication server information or Active Directory setup. After configuring all CiscoWorks NCM Cores, you can set the External Authentication Type on one of the CiscoWorks NCM Cores. The External Authentication Type setting is replicated on all CiscoWorks NCM Cores.
RADIUS External Authentication
Bug ID: QCCR1D9099
CiscoWorks NCM authenticates a user against the CiscoWorks NCM local password, if the RADIUS server does not respond to the authentication request of the user. This happens even if you configure CiscoWorks NCM to not to fail-over on external authentication.
Scripts: Output Results in HTML Format
Bug ID: QCCR1D21216
While executing an advanced script or a Run External Application task, any text that the advanced script or external application writes to stdout stream is stored in CiscoWorks NCM as the task result.
If your script output begins with anything other than <html>, the script results will be treated as plaintext.
Bug ID: QCCR1D19036
Some network topologies can result in very long scans. It is recommended that you do not scan Internet addresses. If you think your Nmap scan will take more than a few minutes, you can use the following Nmap options to limit the scanning time:
where milliseconds is a value between 1 and 1000.
Nmap settings can be changed by using the Administrative Settings option. See the Nmap documentation at www.insecure.org for detailed Nmap information.
SecurID Software Token Software, Version 3.x
Bug ID: QCCR1D18988
If the CiscoWorks NCM server is installed with the 3.x SecurID token software, turn off copy protection while exporting SecurID software token keys on the RSA server. Otherwise, CiscoWorks NCM will report an error while accessing SecurID software tokens.
A patched version of the SecurID software is available at http://www.rsasecurity.com.
Canceling or Deleting Tasks
Bug ID: QCCR1D16257
Some of the CiscoWorks NCM tasks will spawn external processes to run PERL scripts, Expect scripts, user-provided executables, or shell scripts. Sometimes, CiscoWorks NCM may not be able to kill these external processes, when the spawning task is cancelled or deleted.
Workaround: Manually stop the external process on the CiscoWorks NCM server.
Tasks: A Task Scheduled for the 31st Might Run on the 1st
Bug ID: QCCR1D11142
If you schedule a monthly recurring task for the 31st of every month, CiscoWorks NCM may run the task on the 1st, 2nd, or 3rd day of the next month depending on the number of days in the previous month. For example, if you schedule a task in February (with 28 days) for the 30th of every month, the task will actually run on March 2nd.
Workaround: If you want to run the task on the last day of the month, you must set the date correctly.
Inventory: Data from Device Overwrites Manually Entered Values
Bug ID: QCCR1D11942
Some of the data on the Device Details page is auto-populated. If you manually change the data, CiscoWorks NCM overwrites the values during the next snapshot.
The automatically populated data includes:
Console Server: SSH Access is not Supported
Bug ID: QCCR1D11402
CiscoWorks NCM does not support console server access via SSH. If you use a console server to access a device, you must use the Telnet connectivity.
If you select the Use To Access Device option in the New Device page or Edit Device page, you should also select the Telnet option in the Connection Information section.
Sending Reports to External Email Addresses
Bug ID: QCCR1D15982
When the SMTP server is configured to reject messages from the CiscoWorks NCM server address, CiscoWorks NCM messages are not delivered and the following error message will be displayed:
Error occurred when sending email. Please check the email address and/or your SMTP server settings.
If this occurs, you need to configure the SMTP server to enable the CiscoWorks NCM server to relay email messages through it.
Accessing the CiscoWorks NCM Documentation Set
All or any part of the CiscoWorks NCM documentation set, including this document, might be upgraded over time. Therefore, we recommend that you access the CiscoWorks NCM documentation set using the following URL: http://www.cisco.com/en/US/products/ps6923/tsd_products_support_series_home.html
Tip To cut and paste a two-line URL into the address field of your browser, you must cut and paste each line separately to get the entire URL without a break.
Obtaining Documentation and Submitting a Service Request
For information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly What's New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at:
Subscribe to the What's New in Cisco Product Documentation as a Really Simple Syndication (RSS) feed and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free service and Cisco currently supports RSS Version 2.0.
The following notices pertain to this software license.
OpenSSL/Open SSL Project
This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/).
This product includes cryptographic software written by Eric Young (firstname.lastname@example.org).
This product includes software written by Tim Hudson (email@example.com).
The OpenSSL toolkit stays under a dual license, i.e. both the conditions of the OpenSSL License and the original SSLeay license apply to the toolkit. See below for the actual license texts. Actually both licenses are BSD-style Open Source licenses. In case of any license issues related to OpenSSL please contact firstname.lastname@example.org.
Copyright © 1998-2007 The OpenSSL Project. All rights reserved.
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
1. Redistributions of source code must retain the copyright notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions, and the following disclaimer in the documentation and/or other materials provided with the distribution.
3. All advertising materials mentioning features or use of this software must display the following acknowledgment: "This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/)".
4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to endorse or promote products derived from this software without prior written permission. For written permission, please contact email@example.com.
5. Products derived from this software may not be called "OpenSSL" nor may "OpenSSL" appear in their names without prior written permission of the OpenSSL Project.
6. Redistributions of any form whatsoever must retain the following acknowledgment:
"This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/)".
THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT "AS IS"' AND ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
This product includes cryptographic software written by Eric Young (firstname.lastname@example.org). This product includes software written by Tim Hudson (email@example.com).
Original SSLeay License:
Copyright © 1995-1998 Eric Young (firstname.lastname@example.org). All rights reserved.
This package is an SSL implementation written by Eric Young (email@example.com).
The implementation was written so as to conform with Netscapes SSL.
This library is free for commercial and non-commercial use as long as the following conditions are adhered to. The following conditions apply to all code found in this distribution, be it the RC4, RSA, lhash, DES, etc., code; not just the SSL code. The SSL documentation included with this distribution is covered by the same copyright terms except that the holder is Tim Hudson (firstname.lastname@example.org).
Copyright remains Eric Young's, and as such any Copyright notices in the code are not to be removed. If this package is used in a product, Eric Young should be given attribution as the author of the parts of the library used. This can be in the form of a textual message at program startup or in documentation (online or textual) provided with the package.
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
1. Redistributions of source code must retain the copyright notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
3. All advertising materials mentioning features or use of this software must display the following acknowledgement:
"This product includes cryptographic software written by Eric Young (email@example.com)".
The word `cryptographic' can be left out if the routines from the library being used are not cryptography-related.
4. If you include any Windows specific code (or a derivative thereof) from the apps directory (application code) you must include an acknowledgement: "This product includes software written by Tim Hudson (firstname.lastname@example.org)".
THIS SOFTWARE IS PROVIDED BY ERIC YOUNG "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
The license and distribution terms for any publicly available version or derivative of this code cannot be changed. i.e. this code cannot simply be copied and put under another distribution license [including the GNU Public License].
Cisco and the Cisco Logo are trademarks of Cisco Systems, Inc. and/or its affiliates in the U.S. and other countries. A listing of Cisco's trademarks can be found at www.cisco.com/go/trademarks. Third party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1005R)
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.
© 2010 Cisco Systems, Inc. All rights reserved.