CiscoWorks Network Compliance Manager

Release Notes for CiscoWorks Network Compliance Manager 1.5.03

  • Viewing Options

  • PDF (228.8 KB)
  • Feedback
Release Notes for CiscoWorks Network Compliance Manager 1.5.03

Table Of Contents

Release Notes for CiscoWorks Network Compliance Manager 1.5.03



Installing the CiscoWorks NCM 1.5.03 Patch

What's Been Fixed in CiscoWorks NCM 1.5.03

Supported Platforms

Supported Databases

Additional CiscoWorks NCM Configurations

Additional Required Applications

Hardware Requirements


Accessing the CiscoWorks NCM Documentation Set

Obtaining Documentation and Submitting a Service Request

Release Notes for CiscoWorks Network Compliance Manager 1.5.03

These release notes are for CiscoWorks Network Compliance Manager (NCM) 1.5.03.

CiscoWorks NCM 1.5.03 is a patch release that you can install on top of CiscoWorks NCM 1.5.01 or CiscoWorks NCM 1.5.02.

Note You cannot install CiscoWorks NCM 1.5.03 directly on top of CiscoWorks NCM 1.5. You have to upgrade to CiscoWorks NCM 1.5.01 or CiscoWorks NCM 1.5.02 before installing CiscoWorks NCM 1.5.03.


This document contains the following sections:


Installing the CiscoWorks NCM 1.5.03 Patch

What's Been Fixed in CiscoWorks NCM 1.5.03

Supported Platforms

Supported Databases

Additional CiscoWorks NCM Configurations

Additional Required Applications

Hardware Requirements


Accessing the CiscoWorks NCM Documentation Set

Obtaining Documentation and Submitting a Service Request


CiscoWorks NCM tracks and regulates configuration and software changes in a multivendor network environment. It provides visibility into network changes and tracks compliance with a broad variety of regulatory, IT, corporate governance, and technology requirements. CiscoWorks NCM helps IT staff identify and correct trends that could lead to problems, such as network instability and service interruption.

CiscoWorks NCM is integrated with CiscoWorks and is initially launchable from the CiscoWorks home page. CiscoWorks NCM is interoperable with other CiscoWorks applications, such as the LAN Management Solution (LMS) bundle through the Common Services Device Credential Repository (DCR).

Installing the CiscoWorks NCM 1.5.03 Patch

To install the CiscoWorks NCM 1.5.03 patch:

Step 1 Unzip the patch bundle on the CiscoWorks NCM server.

Step 2 Run the patch script.

For Windows, execute the patch.bat script from the command line.

For Linux or Solaris, execute the script by using the following commands:

% sh


% ./

A log file named patch.log is created in the <CWNCM_Install_Directory>/server/log/ directory, when the patch script is executed. The errors that occur during the installation process are logged in the patch.log file.

The patch installer creates a subdirectory named patch_backups in the root of the CiscoWorks NCM installation directory. This subdirectory includes a directory with the patch build number. The files that are changed by the patch installer are backed up in this directory. The backup.log file lists the files that are backed up and the original location of the files.

To remove the patch and roll back to the pre-patch state:

Step 1 Stop the NCM Management Engine.

Step 2 Restore the files that are changed by the patch installer to their original locations.

Step 3 Restart the NCM Management Engine.

What's Been Fixed in CiscoWorks NCM 1.5.03

Table 1 describes the issues fixed in CiscoWorks NCM 1.5.03.

Table 1 Issues fixed in CiscoWorks NCM 1.5.03 

Bug ID
Bug Summary
Fix Description


FYI recipients of workflow process did not receive approval emails.

Approval mails are now sent to the FYI recipients of workflow process.


Showing task details with a large list caused OutOfMemory errors.

This problem has been resolved.


Community String propagation did not trigger configuration polling in NNMi.

NNMi Community String propagation now triggers configuration poll in NNMi for devices. As a result, new Community Strings take effect immediately.


You cannot import a policy if left square bracket  character or other regex characters are included in the condition.

You can now import policies that include left square bracket character or other regex characters in the condition.


Running a command script to insert a line into an ACL using the ACL ID on a group of devices occasionally replaced the entire ACL.

This problem has been resolved.


When Network Node Manager (NNMi) was integrated with CiscoWorks NCM 1.5, the nodes were not included in NCM and actions were not included in NNMi.

This problem has been resolved.


Failure to import the Panda URL action file from NCM 1.3 integration.

Panda URL action file is now imported properly.


The Get Snapshot API did not work when a Site was specified.

The Get Snapshot API now works properly.


Malformed query in the Policy Manager caused an exception.

The Policy Manager now works properly.


The version returned by the show version command and the version displayed on the About CiscoWorks Network Compliance Manager page were different.

The current version of CiscoWorks NCM is now properly displayed.


Missing "checkSoftwareLevel" type caused a SQL exception error.

This problem has been resolved.


Inconsistent information was displayed due to API calls.

API calls now function properly.


SQLServerException was generated when "All Changes Made in the Last XX Hours" configuration was selected for System reports.

System reports are now properly generated for all configurations.


The NNMi Connector installers prompt for NNM8-X server information. This leads to confusion when NNMi version 9 is used.

This problem has been resolved.


After ncm_nnm_coresidency installation, the CiscoWorks NCM menus installed in NNMi referenced incorrect ports in the URL. As a result, cross launching from NNMi to CiscoWorks NCM did not work.

This problem has been resolved.


Check Policy Compliance task was skipped when Device Selector was used.

This problem has been resolved.


NNMi/NCM import failed when port 1099 was configured as the JNDI port on the co-residency connector.

NNMi/NCM import functions properly when port 1099 is configured as the JNDI port on the co-residency connector.


ORA-02292: integrity constraint error occurred when a record was deleted from RN_IP.

ORA-02292: integrity constraint error no longer occurs when you delete a record from RN_IP.


FK Constraint error occurred when custom scripts were imported.

Custom scripts are now imported properly.


SQL COUNT REGION caching locked up NCM.

Internal caching has been changed to resolve this issue.


Editing the groups resulted in unnecessary cache flushing.

Unnecessary cache flushing does not occur when large number of groups are edited.


Policy Manager did not exit the `while' loop.

Policy Manager now functions properly.


Permission check with new JCS cache code caused the group page rendering to crawl.

This problem has been resolved.


NoSuchMethodException was thrown when CiscoWorks NCM was integrated with NNMi.

This problem has been resolved.


Current device and working group were not updated properly.

Current device and working group are now updated properly.


"Must Contain Only" option in the New Rule page was not working properly.

This problem has been resolved.


Oracle query with greater than (or equal to) 1000 devices caused ORA-01795 error.

This problem has been resolved.


Expect script failed when a new password rule was implemented.

This problem has been resolved.


SiteName: GroupName partition preamble was displayed in the Device Groups listing.

Device groups are now properly displayed.


Shutting down the NCM server while SSH proxy sessions are active, leaves the SSH proxy connections in the FIN_WAIT2 state.

SSH proxy connections are now properly closed before the system is shut down.


Local authentication must be allowed only when third party authentication is enabled.

To enable this feature, after installing CiscoWorks NCM 1.5.03, you need to add the following lines to the adjustable_options.rcx file:

<option name="security/local_auth/enabled">true</option>

<array name="security/local_auth/accounts">




Reload the settings by running the "reload server options" command from the CiscoWorks NCM CLI or by restarting the NCM Management Engine.

Note Before making modification to the .rcx files, make sure you backup the current .rcx files. The backup must be made outside of the NCM system environment as the backup files could still be loaded if they are copied elsewhere on the NCM system.


Topology Parser might hold onto memory when no longer needed.

This problem has been resolved.


Logs to track Java Perl Calls without the additional noise.

This problem has been resolved.


Modifications to CLI to gain visibility into JavaPerl system.

CLI has been modified to provide visibility into JavaPerl system.


Some of the rcx files were corrupted in the CiscoWorks NCM 1.5.02 release.

This problem has been resolved.


Dynamic Groups Auto-recalculation option in the Server page was not working properly.

This problem has been resolved.


Changes to device related information might not cause cache invalidation in all cases.

This problem has been resolved.


NullPointerException in DeviceAccess method.

This problem has been resolved.


HTTP Monitor showed false negative in NCM/NNM co-residency.

This problem has been resolved.


Editing tasks set up on a selection of devices times-out.

This problem has been resolved.


Drop down for the group selected different than the group showing.

To resolve this issue, after installing CiscoWorks NCM 1.5.03, you need to delete the groups that were added to your Favorites list after installing CiscoWorks NCM 1.5.02, and add them back to the Favorites list.

To identify those groups, place your mouse over the group name in your Favorites list and review the link in the status bar. If the link looks like the following example, delete it from your Favorites list and then add it back.

https://<NCM IP>/<Group ID>

If the link looks like the following example, you do not have to do anything.

https://<NCM IP>/ Type=Device&deviceGroupID=<Group ID>

Note You can delete a group from your Favorites list by going to your Workspace settings (under User Settings), finding the group under "Favorites Links", and deleting it.


RMI SecurityException error message was displayed while logging out of NCM Core 1 in a Distributed System environment.

To resolve this issue, after installing CiscoWorks NCM 1.5.03, you need to edit the appserver.rcx file:

1. Under the following section in the appserver.rcx file:

<array name="security/no_context_ok">

add the following entry:


2. Reload the settings by running the "reload server options" command from the CiscoWorks NCM CLI or by restarting the NCM Management Engine.


Write mem (enforce save) should be handled differently for Cisco drivers.

Write mem is now handled differently for Cisco drivers.


After upgrading to CiscoWorks NCM 1.5.02, the Partition Select list box was not displayed on the Edit Policy page.

This problem has been resolved.


NullPointerException in DeviceDataManager.

This problem has been resolved.


NumberFormatException: Error adding FastLookupData - name System Memory

This problem has been resolved.


Password Rule shown on device home page can be incorrect/misleading.

This problem has been resolved.


NullPointerException when running Multi-Task Project.

This problem has been resolved.


Ensure that SCP connections are always closed.

SCP connections are now properly closed.


NCM Core hangs when running diagnostics on large number of devices.

This problem has been resolved.


Ensure that Socket Connections are closed gracefully.

Socket Connections are now closed gracefully.


Provide an option to Disable Dynamic Device Group Recalculation.

In a multi NCM Core mesh configuration, the dynamic group recalculation task does not need to run on all NCM Cores in the mesh, because the result of running it on one NCM Core is replicated among all other NCM cores in the mesh.

This hotfix provides the option to disable dynamic group recalculation on specific NCM Cores.

To disable dynamic group recalculation:

1. Add the following option to one of the .rcx files (preferably /jre/adjustable_options.rcx). Make sure to add it between "options" root element.

<option name="dynamic_group/disable">true</option>

2. Reload the settings by running the "reload server options" command from the CiscoWorks NCM CLI or by restarting the NCM Management Engine.


Custom variables are ignored with the latest Driver Pack.

This problem has been resolved.


Dynamic Group Update caused Runtime Exception.

This problem has been resolved.


Reported replication issues in CiscoWorks NCM 1.5.02 High Availability + Horizontal Scalability deployment on Oracle platform.

This problem has been resolved.


Constraint violation error occurred when a port was removed from RN_DEVICE_PORT.

This problem has been resolved.


Search results exported to CSV file did not match NCM WebUI results.

This problem has been resolved.

Supported Platforms

Table 2 shows the supported platforms for CiscoWorks NCM 1.5.x.

Table 2 Supported Platforms for CiscoWorks NCM 1.5.x



Windows Server, Enterprise Edition (32-bit and 64-bit)



Sun Microsystems

Solaris (patch 118833-36 or later)


Dual UltraSparc IIIi+, 1.3 GHz

Red Hat

RH AS 4 32-bit, and RH AS 5 32-bit and 64-bit

4 and 5



Enterprise Linux Server



The following operating systems are no longer supported:

Windows 2000

Solaris 9

Red Hat AS3

SuSE 9

Supported Databases

Table 3 shows the databases that are supported by CiscoWorks NCM 1.5.x.

Table 3 Supported Databases for CiscoWorks NCM 1.5.x


Oracle 10g ( Standard Edition

If you are running CiscoWorks NCM in a Distributed System environment, you will need Oracle Enterprise Edition.

Microsoft SQL Server 2005 Standard and Enterprise Edition


MySQL 5.0.41 or later versions (including 5.0.58)

MySQL 5.0.58 ships with CiscoWorks NCM.

The following databases are no longer supported:

Oracle 9i and Oracle 9.2

Microsoft SQL Server 2000


Additional CiscoWorks NCM Configurations

Table 4 shows the database requirements for Oracle and Microsoft SQL server in a High Availability Distributed System environment for CiscoWorks NCM 1.5.x.

Table 4 Database Requirements for Oracle and Microsoft SQL Server


Oracle Enterprise Edition and

Maximum of five CiscoWorks NCM Cores can be configured.

MS-SQL Server Enterprise Edition 2005 SP2 or higher

No more than two CiscoWorks NCM Cores can be configured. The maximum number of devices should not exceed 6,500.

See the High Availability Distributed System on Oracle Configuration Guide for CiscoWorks Network Compliance Manager or the High Availability Distributed System on Microsoft SQL Configuration Guide for CiscoWorks Network Compliance Manager for information on configuring High Availability Distributed System environment.

Table 5 shows the supported platforms for CiscoWorks NCM 1.5.x in Satellite environment.

Table 5 Supported Platforms for Satellite Environment


Red Hat

RHEL AS (32-bit)

3 and 4



SuSE Enterprise Linux Server



Sun Microsystems

Solaris (patch 118833-36 or later)

9 and 10

Sun Sparc

See the Satellite User's Guide for CiscoWorks Network Compliance Manager for information on configuring Satellite environment.

Table 6 shows the supported platforms for CiscoWorks NCM in a Virtual Environment.

Table 6 Supported Platforms for CiscoWorks NCM in Virtual Environment


Sun Microsystems

Solaris Zones


VMware ESX 3.5 or 4.0


2003, SP1

Note Troubleshooting and performance issues related to VMware cannot be resolved via Cisco Technical Support.

Note the following while running CiscoWorks NCM in Virtual Environment:

Running CiscoWorks NCM and the database in the same Virtual Environment is not recommended.

Running the database for CiscoWorks NCM High Availability Core in Virtual Environment is not recommended.

The maximum number of devices is 3,000.

The maximum number of concurrent tasks is less than 20.

The minimum VMware Guest requirements include:

2.6 GHz CPU

4 GB dedicated RAM

40 to 60 GB HD

100 Mbps or higher dedicated Ethernet port

Linux RHEL AS 3 and 4

CiscoWorks NCM is not certified to run with Oracle in a VMware instance.

CiscoWorks NCM is not certified to run in an environment where VMotion is used with the Virtual Environment.

Additional Required Applications

You need to install the following applications:

CiscoWorks NCM supports the following browsers:

Mozilla Firefox 2.0 or 3.0

Internet Explorer 6.x, 7.0

Note Mozilla Firefox 1.x is no longer supported.

Microsoft Excel 2000 or higher, if you are viewing Summary Reports from the CiscoWorks NCM server.

Adobe® Acrobat Reader™ version 4.0 or higher, if you are viewing CiscoWorks NCM documentation from the CiscoWorks NCM server.

ActivePerl 5.8.x (for Windows).

Perl 5.8.x (for Solaris and Linux).

Note Third-party products mentioned in this documentation are manufactured by vendors independent of Cisco. Cisco makes no warranty, implied or otherwise, regarding the performance or reliability of these products. We provide third-party contact information to help you find technical support. However, third-party contact information is subject to change without notice and, therefore, Cisco can in no way guarantee the accuracy of this contact information.

Hardware Requirements

Table 7 shows the hardware requirements for an application server.

Table 7 Hardware Requirements for Application Server



Intel Xeon or equivalent, 3.0+ GHz (Windows, Linux), Dual UltraSparc IIIi+, 1.3 GHz (Solaris)



Swap Space

4 GB


40 GB, Fast SCSI


100 Mbps Fast Ethernet, full duplex

Table 8 shows the hardware requirements for a database server.

Table 8 Hardware Requirements for Database Server



Intel Xeon or equivalent, 3.0+ GHz



Swap Space

4 GB


60 to 100 GB, Single Channel RAID, Fast SCSI


100 Mbps Fast Ethernet, full duplex


This section contains information about the limitations and problems known to exist in CiscoWorks NCM 1.5.x

RSA SecurID Support in CiscoWorks NCM 1.5.x

Bug ID: QCCR1D103053

While using RSA SecurID 4.x 128-bit tokens with CiscoWorks NCM 1.5.x for device authentication, you must use the RSA SecurID 3.x software token client with RSA SecurID 4.x 128-bit tokens to import the devices.

VLAN Data Gathering Diagnostic

Bug ID: QCCR1D102848

If you are running several diagnostics, including the VLAN Data Gathering diagnostic, on a device that does not support the VLAN Data Gathering diagnostic, there is no Session Log available for that task.

Workaround: Remove the VLAN Data Gathering diagnostic from the task.

Stopping the CiscoWorks NCM Management Engine on a Solaris platform

Bug ID: QCCR1D102881

While running CiscoWorks NCM on a Solaris platform, if you select the Start/Stop Services option from the Admin menu, and then select the Stop option for the NCM Management Engine, the NCM Management Engine will not be stopped.

Workaround: Go to the operating system and run the /etc/init.d/truecontrol stop command.

VLAN Searches

Bug ID: QCCR1D102754

Previously saved VLAN searches are not valid in CiscoWorks NCM 1.5.x due to the addition of new VLAN features. If you try to view a saved VLAN search, you could see the following error message:

Error executing query VLAN: PortInVlanName is not a valid field name for this query.

Workaround: Remove the VLAN search and re-create a new VLAN search.

Provision Device Task

Bug ID: QCCR1D102620

Although the Provision Device task enables you to select more than one device, the task only works with one device. Attempting to select more than one device or a device group, using the Device Selector will cause an error.

Using Firefox 2.0

Bug ID: QCCR1D102330

For most versions of Firefox 2.0, the browser crashes when you try to expand the Device Selector or Device Group Selector.

Workaround: Upgrade to Firefox or higher.

Device Selector Display

Bug ID: QCCR1D101145

Some of the Device Selector display features might not work properly in Internet Explorer 6 due to browser limitations.

Workaround: Upgrade to Internet Explorer 7.

Security Partitions

Bug ID: QCCR1D102646

While modifying Security Partition details, if you save the Security Partition before the Device Selector loads, you will lose all the devices from that Security Partition.

Canceling Tasks

Bug ID: QCCR1D101509

If you cancel a task that is currently communicating with a device, CiscoWorks NCM will mark subsequent attempts to run the task (or similar tasks) as skipped.

This issue can occur if CiscoWorks NCM is trying to end communication between the task and the device before actually canceling the task. As a result, CiscoWorks NCM will continue to execute the task. Any attempt to rerun the task before it is canceled will appear to CiscoWorks NCM as if the task is already in progress. As a result, CiscoWorks NCM will mark the new task as skipped.

Using the $tc_device_enable_password$ Variable in Command Scripts

Bug ID: QCCR1D100314

While using the $tc_device_enable_password$ variable in a command script, if an at sign (@) character is included in the device enable password, the at sign character will be preceded by a backslash.

Device Managed IP Addresses Page

Bug ID: QCCR1D101755

Changes made to the Device Managed IP Address are not reflected properly in the Device Managed IP Address page.

Workaround: Click the Reset Last Used IP link in the Device Managed IP Addresses page.

Setting Parent Task Priority

Bug ID: QCCR1D98393

If you change the priority of a parent task that is currently running, any existing child tasks that are in the Pending or Waiting state will appropriately change their priority. However, child tasks that have not been created yet or are in other states, such as Running or Paused will retain the parent task's original priority.

If you change the priority of a parent task that is not running, all child tasks take the new priority.

Duplicate VLANs Displayed in Layer 2 Diagrams

Bug ID: QCCR1D100138

When diagramming VLANs, if a VLAN includes an IP address, it is possible for the VLAN port table to include both the VLAN name and the VLAN ID. As a result, duplicate VLANs could be displayed in Layer 2 diagrams since NCM assumes the VLAN name and the VLAN ID refer to different VLANs.

Using LDAP Servers

Bug ID: QCCR1D99663

If you are using a LDAP server for external user authentication, you might need to modify certain LDAP related options in the appserver.rcx file. The default settings will work with the ActiveDirectory server under most situations. However, for other types of LDAP servers (depending on the LDAP schema configurations), you might need to customize the following settings if you are experiencing issues with the default settings:

<!-- Attribute mapping for Generic LDAP server-->

<option name="ldap_server/attr_mapping/Generic/group_search">group,organizationalunit, container,groupOfUniqueNames</option>

<option name="ldap_server/attr_mapping/Generic/group_name">name,cn,commonName</option>

<option name="ldap_server/attr_mapping/Generic/member_search">member,uniqueMember </option>

<option name="ldap_server/attr_mapping/Generic/username_search">samAccountName,uid,cn </option>

You can ignore the following settings:

<!-- Attribute mapping for SunLDAP server-->

<!-- Attribute mapping for OpenLDAP server-->

The group_search option specifies the list of LDAP entries to be searched for LDAP groups. This information is used in Step 3 of LDAP Setup Wizard, where you define the LDAP groups whose members are allowed to login to CiscoWorks NCM.

Make sure that the list contains all necessary group attributes. For example, it might be necessary to add groupOfName to the list for the LDAP group search to work properly.

The same concept applies to username_search and member_search options. Both of these options are used during the CiscoWorks NCM login process to identify the user and to determine the user's group memberships. If the default LDAP attribute names do not match your LDAP schema configuration, change them accordingly.

Testing OpenLDAP User Authentication

Bug ID: QCCR1D100201

While configuring OpenLDAP for CiscoWorks NCM user authentication, the Test function might not work. In this case, save all the options before testing if they work.

Device Relationships

Bug ID: QCCR1D100298

Scripting to a vSwitch is done via direct API calls to the containing ESX server. As a result, the scripts modify the ESX server settings that are not related to the vSwitch. This occurs even if the MSP permissions are granted only to the vSwitch.

Running CiscoWorks NCM on a Solaris Platform

Bug ID: QCCR1D99873

While starting the CiscoWorks NCM server on a Solaris platform, there is a possibility that the CiscoWorks NCM server will crash due to an error in the native frame_sparc.cpp file. This is due to a bug in the Solaris JVM Biased Locking feature.

Workaround: Add the following VM argument to the jboss_wrapper.conf file located in <NCM_Install_Dir>/server/ext/wrapper/conf:

Where # is the next number in sequential order of all parameters. For example, if the jboss_wrapper.conf file has the following arguments, the workaround VM argument would be number 6.\NA\server\ext\jboss\bin

Viewing VLAN Information for a Port/Interface

Bug ID: QCCR1D98139

While viewing device MAC address details on the MAC Address Details page, the VLAN field is not populated.

Workaround: To display VLAN information for a port or interface, click the Port Name link for that port on the MAC Address Details page. The Interface Details page will appear. Scroll down to the Member VLANs field to view the VLAN information.

Using Active Directory

Bug ID: QCCR199633

If you are using Active Directory, you must modify the corresponding options in the appserver.rcx file to include the correct attributes in the search mapping session. To do this:

Step 1 Locate <!-- Attribute mapping for Generic LDAP server--> session in the appserver.rcx file.

Step 2 Make sure that:

groupOfName is included in the group_search

uid is included in the username_search

member is included in the member_search

Step 3 Save the changes to the appserver.rcx file.

Step 4 Restart the CiscoWorks NCM server.

Using ActiveState ActivePerl on Windows

Bug ID: QCCR1D92850

Due to limitations of ActiveState ActivePerl on Windows, if you use this environment you will not be able to use SSH connections with the CiscoWorks NCM Perl API.

Workaround: Install the CiscoWorks NCM client on a supported Linux or Solaris system and run the CiscoWorks NCM Perl API from that system.

Including URLs in Policies

Bug ID: QCCR1D98621

When creating a policy and including a vendor solution URL or a vendor advisory URL, the URL must start with the "http://" prefix, otherwise the link might not be correctly interpreted by the browser.

Java Plug-in Version

Bug ID: QCCR1D88659

If the Connect function fails and the CiscoWorks NCM server hangs, check the Java version that you are currently running on your Windows system. This might be an issue with the Java Plug-in of your Web browser.

To check the Java version that you are currently running on your system:

1. Choose Start > Control Panel.

2. Double-click Java.

3. In the General tab, click the About button.

If you have Version 6 Update 11 or later, you must install an older JRE on your Windows system. This issue will not occur in Version 6 Update 10 and earlier.

Using the Device Group Selector

Bug ID: QCCR1D98865

Some Chinese characters will not be displayed when using the Device Group Selector.

Using CiscoWorks NCM with NNMi

Bug ID: QCCR1D71332

When you add a device manually to CiscoWorks NCM integrated with NNMi, and navigate from NNMi to the device in CiscoWorks NCM, an error message (indicating that the NNMi UUID is unknown) is displayed.


1. Remove the device from CiscoWorks NCM and then add the device to NNMi. Run the Import task to import the device into CiscoWorks NCM.

2. Choose Administrative Settings > Server > Device Import and set the Overwrite Existing Devices option to yes and then run the NNMi Import task.

Creating Advanced Perl Scripts

Bug ID: QCCR1D97574

While creating an advanced Perl script, remember that CiscoWorks NCM treats variables that do not have space in between them as reserved variables. If you use $-pairs in the script for non CiscoWorks NCM variables, separate them with a space.

For example:

Incorrect: my($host,$port,$user,$pass) = ('localhost','$tc_proxy_telnet_port$', '$tc_user_username$','$tc_user_password$');

Correct: my($host, $port, $user, $pass) = ('localhost','$tc_proxy_telnet_port$', '$tc_user_username$','$tc_user_password$');

Error When Viewing Results for Diagnostics with Single Quotes in their Name

Bug ID: QCCR1D95437

When a diagnostic is created with single quotes in its name (for example, `Ana's Diagnostic'), the diagnostic results are not displayed for that device.

Workaround: Do not use single quotes in diagnostic names.

Diagnostic Name Limit

Bug ID: QCCR1D96090

CiscoWorks NCM allows you to enter up to 100 characters while naming a diagnostic. However, it allows only 50 characters for the diagnostic name, while running the diagnostics.

Workaround: Limit diagnostic names to 50 or less characters.

Using SCP with Devices in Remote Realms

Bug ID: QCCR1D87003

Devices in remote Realms cannot use the Secure Copy (SCP) Transfer Protocol, because the remote Gateway Satellite Agent cannot use the SSH/SCP port 22 (the Gateway OS uses the SSH/SCP port 22).

Workaround: Disable SCP for devices in remote Realms.

MySQL Install and Upgrade

Bug ID: QCCR1D87961

If you are using a MySQL database and MySQL is installed or upgraded on a CiscoWorks NCM build generated before February 5, 2009, do the following:

Step 1 Stop CiscoWorks NCM services.

Step 2 On Windows, open the my.ini file (under the MySQL Install folder).

On Solaris or Linux, open the /etc/my.cnf file.

Step 3 Search for max_allowed_packet.

If not found, append max_allowed_packet=16776192 to the bottom of the file. If found, change its value to 16776192.

Step 4 Restart MySQL.

Step 5 Restart CiscoWorks NCM services.

Solaris and SecurID

Bug ID: QCCR1D86370

Configuring CiscoWorks NCM to use SecurID as the authentication method can cause the management service to crash. The SecurID libraries provided by RSA cause this problem. Currently, this problem occurs on Solaris 10 with a version string, SunOS 5.10 Generic_118833-22. However, SunOS 5.10 Generic_120011-14 version works fine.

Workaround: Update your OS to SunOS 5.10 Generic_120011-14 version, if you are experiencing problems with SecurID on Solaris.

Using SCP on Linux and Solaris

Bug ID: QCCR1D82379

While using SCP on a Linux platform, you need to modify your system's SSH daemon (SSHD) to run on an alternate port and restart the SSHD service. Port 8022 is recommended.

After reconfiguring the system's SSHD, restart the CiscoWorks NCM to bind it to Port 22. Use the following command to login via the system's SSHD:

ssh -p 8022 username@host

Note Use ssh username@host for a direct connection to the CiscoWorks NCM proxy.

After logging into CiscoWorks NCM, navigate to the Device Access page. Enter the SSH Username and SSH Password in the SSH Device Access field. The device driver will use this information while copying the files to the CiscoWorks NCM server.

The device specific settings must be configured to enable SCP and SSH to function properly. In addition, the device and the device driver must support SCP to use the NCM SSH server for SCP.

To use SCP with remote Realms, the SCP connection must be made back to the managing NCM server. A SCP connection to the NCM Gateway will not succeed because the NCM Gateway runs the Linux and Solaris system SSHD. The NCM Gateway sets the host to the NCM Gateway and not the managing NCM Core. This can be overridden by setting an access variable (TFTPServer) to the IP address of the managing NCM Core. See Satellite User Guide for CiscoWorks Network Compliance Manager 1.5 for detailed information.

Using SCP

Bug ID: QCCR1D80180

The SSH protocol runs on port 22. By default, Linux and Solaris installs run on port 8022. Windows installs run on port 22.

For Windows installs, if the port is switched to 8022, there could be connectivity issues. This issue is uncommon because most devices do not allow for the specification of an alternate port.

SCP will not work if the device is in a remote Realm and access to the device is managed via a CiscoWorks NCM Satellite. You must run the CiscoWorks NCM SSHD proxy on port 22.

If you use port 8022 on any platform, SCP copies from a device to CiscoWorks NCM will not work. Refer to the Satellite User Guide for CiscoWorks Network Compliance Manager 1.5 for information on configuring CiscoWorks NCM Satellites.

Using a Non-English Operating System

Bug ID: QCCR1D86705

When you run the CiscoWorks NCM on a non-English operating system, unreadable text will be displayed in the Password Information section of the Edit Device page, if you select a Partition from the drop-down menu.

Auto-remediation Scripts

Bug ID: QCCR1D86831

While creating an Auto-remediation script on the New Policy Rule page, if you input extended characters in the Rule Conditions field, it will produce unreadable text.

Proxy Interface

Bug ID: QCCR1D86391

If you login to CiscoWorks NCM as a limited access user and attempt to connect to a device via the proxy interface, your session will be disconnected.

Searching for Diagnostics

Bug ID: QCCR1D79575

CiscoWorks NCM Topology Data Gathering diagnostic has two options: CiscoWorks NCM Topology Data Gathering and Topology. Selecting either of these options will only search for the CiscoWorks NCM Topology Data Gathering diagnostic.

SNMP Timeouts

Bug ID: QCCR1D75228

Using SNMP device discovery over networks with latency can cause SNMP timeouts. To resolve this issue:

Step 1 Login to CiscoWorks NCM.

Step 2 Choose Admin > Administrative Settings > Device Access.

The Device Access page appears.

Step 3 Scroll down to the Detect Network Devices Task Settings section and set the SNMP Timeout to a higher value (for example, 2500 milliseconds).

-sync Option

Bug ID: QCCR1D79600

When Workflow is enabled, attempting to run a CLI or API task with the -sync option will fail with a "No such directory" error.

Database Passwords

Bug ID: QCCR1D61595

CiscoWorks NCM does not accept multiple dollar signs ($$). If the password that you use to connect to the database contains multiple dollar signs, you must modify the password before installing CiscoWorks NCM.

Installation Address

Bug ID: QCCR1D78975

The IPv4 address range is reserved for link-local usage (referred to as Automatic Private Internet Protocol Addressing (APIPA) by Microsoft) and is not an applicable address range for CiscoWorks NCM. For more information, refer to (rfc3330 and rfc3927).

SSH Communication

Bug ID: QCCR1D78861

CiscoWorks NCM 1.5.x uses a new set of keys for SSH communication. In previous releases, CiscoWorks NCM used only one Digital Signature Algorithm (DSA) key for all installations.

When you install CiscoWorks NCM 1.5.x, it creates two new 1024-bit keys. The first key uses the DSA algorithm. The second key uses the RSA algorithm. These keys are used when you connect to CiscoWorks NCM via SSH.

Custom Data Setup

Bug ID: QCCR1D77153

The Custom data field in the Custom Data Setup page accepts alphanumerics and underscores. Though you can use dashes, custom data field names with dashes cannot be used for the tc_device_custom device variables in custom scripts.

Advanced ACL Scripts

Bug ID: QCCR1D74295

If you click the Update Script button while specifying an advanced ACL script, the values are locked. As a result, running (or re-running) the script could result in variables not being updated properly.

Workaround: Avoid using the Update Script button with advanced ACL scripts.

Use of Dollar Signs ($) in Scripts

Bug ID: QCCR1D69342

If generating a script from a Telnet/SSH session log, the script will fail or perform in unexpected ways if the session contains dollar signs ($) in the executed commands.

OS Analysis Task

Bug ID: QCCR1D67566

When CiscoWorks NCM is used in an environment with overlapping IP addresses, the OS Analysis task is not supported for devices behind the remote Realm gateways.

OS Analysis tasks run on the devices that are located in the locally reachable network. As a result, there is a possibility of error in the image recommendation generated for the devices behind the gateway.

CiscoWorks NCM will report OS recommendations for a device in the default Realm instead of a remote Realm if they share an IP address.

Device Tasks Ignores the User-defined enforce_save Device Variable

Bug ID: QCCR1D64674

Device tasks that modify a device's configuration, such as the Deploy Password or Deploy Configuration tasks ignore the enforce_save device access setting. As a result, the current configuration is always saved to startup (via a mechanism such as "write memory").

Workaround: The "DeviceInteraction/EnforceConfigurationSave/ConfiguringModels" configuration option (in appserver.rcx file) can be set to false. This has the effect of disabling the save from running to startup configuration for all device tasks that reconfigure the device.

Email Report Task

Bug ID: QCCR1D69342

While scheduling an Email Report task, if you select a report other than Summary Reports in the Reports To Run field, the task is reported as failed. However, the report is successfully emailed to the recipient. You can ignore the error message.

Template Scripts

Bug ID: QCCR1D70552

When using template scripts, selecting the Run Again option will rerun the same script. Attempting to change fields will not change the script that is run.

CiscoWorks NCM Core Gateways

Bug ID: QCCR1D68751

You cannot configure redundant CiscoWorks NCM Core Gateways in the same CiscoWorks NCM Realm as a single CiscoWorks NCM Core.

Workaround: Edit the adjustable_options.rcx file and add the IP addresses of other CiscoWorks NCM Core Gateways.


<array name="rpc/allowed_ips">



Potential for Task Failure while Using Reserved CiscoWorks NCM Characters in Device Prompts

Bug ID: QCCR1D70102

There are 11 characters that have special meaning in CiscoWorks NCM:

Opening square bracket ( [ )

Opening round bracket and the closing round bracket ( ( ) ).

Backslash ( \ )

Caret ( ^ )

Dollar sign ( $ )

Period or dot ( . )

Vertical bar or pipe symbol ( | )

Question mark ( ? )

Asterisk or star ( * )

Plus sign ( + )

If you use these characters in a device prompt, null pointer exception errors could occur during task execution. As a result, the task will fail. These characters should not be used while naming devices that interact with CiscoWorks NCM.

Oracle Database Errors Cause Failed Tasks and Other Issues

Bug ID: QCCR1D69094

Oracle database errors cause tasks to fail and other issues due to a bug in the JDBC Oracle driver. You could get the following error message:

OALL8 is in an inconsistent state.

Workaround: Update your version of Oracle Database Server.

ACLs with the Same Name, But Different Case in CiscoWorks NCM, Is Not Recommended

Bug ID: QCCR1D61744

CiscoWorks NCM supports case-sensitivity in ACL names. Therefore, you can have two ACLs with the same name, but different case.

If you delete one of those ACLs, all ACLs with the same name are deleted, regardless of the case. It is recommended that you do not use multiple ACLs with same name, but with differing case in CiscoWorks NCM.

Use of the Dollar Sign ($) in Perl Code

Bug ID: QCCR1D61867

If you convert a Telnet/SSH Proxy session that contains a dollar sign ($) to Perl, CiscoWorks NCM will not interpret the dollar sign properly in the generated Perl code.

Workaround: Edit the script and add a backslash (\) in front of the dollar sign.

Downloading Software Images from

Bug ID: QCCR1D66891

You can download software images from for devices that are not currently in your CiscoWorks NCM system. However, you may need to modify the driver or model information or both to successfully deploy the software image.

To successfully deploy the software image:

Step 1 Choose Devices > Device Tools > Software Images.

The Software Images page opens.

Step 2 In the Action column, click Edit next to the software image that you want to modify.

The Edit Software Image page opens.

Step 3 In the Image Set Requirements field, modify the driver and model information to be compatible with the device in CiscoWorks NCM.

Step 4 Click Save Software.

High Availability Distributed System: Importing Devices

Bug ID: QCCR1D59742

If you import two devices with identical IP addresses into two separate CiscoWorks NCM Cores at the same time, you cannot detect if there is a duplicated device.

Workaround: Manually run the Deduplication task after importing the devices. One device will be automatically de-duplicated and set to Inactive state. (See Chapter 7 in the User Guide for CiscoWorks Network Compliance Manager 1.5 for information on running the Deduplication task.)

Passing Your CiscoWorks NCM Password to Advanced Scripts

Bug ID: QCCR1D50037

$tc_user_password$ will not work, if you are using the advanced scripts.

Workaround: Use $Password$ instead of $tc_user_password. $Password$ can only be used in the Parameters part of the advanced script. You need to add the code to your script to get the password from the command line arguments when the script runs.

High Availability Distributed System External Authentication

Bug ID: QCCR1D53815

When external authentication is used in a High Availability Distributed System environment, the External Authentication Type, for example, TACACS+ or Active Directory, is global (shared between all CiscoWorks NCM Cores). Specific authentication server information is CiscoWorks NCM Core specific.

Workaround: Set the External Authentication Type to None in the User Authentication page. Configure each CiscoWorks NCM Core individually with the authentication server information or Active Directory setup. After configuring all CiscoWorks NCM Cores, you can set the External Authentication Type on one of the CiscoWorks NCM Cores. The External Authentication Type setting is replicated on all CiscoWorks NCM Cores.

RADIUS External Authentication

Bug ID: QCCR1D9099

CiscoWorks NCM authenticates a user against the CiscoWorks NCM local password, if the RADIUS server does not respond to the authentication request of the user. This happens even if you configure CiscoWorks NCM to not to fail-over on external authentication.

Nmap Scanning

Bug ID: QCCR1D19036

Some network topologies can result in very long scans. It is recommended that you do not scan Internet addresses. If you think your Nmap scan will take more than a few minutes, you can use the following Nmap options to limit the scanning time:

max_scan_delay milliseconds

where milliseconds is a value between 1 and 1000.

Nmap settings can be changed by using the Administrative Settings option. See the Nmap documentation at for detailed Nmap information.

SecurID Software Token Software, Version 3.x

Bug ID: QCCR1D18988

If the CiscoWorks NCM server is installed with the 3.x SecurID token software, turn off copy protection while exporting SecurID software token keys on the RSA server. Otherwise, CiscoWorks NCM will report an error while accessing SecurID software tokens.

A patched version of the SecurID software is available at

Canceling or Deleting Tasks

Bug ID: QCCR1D16257

Some of the CiscoWorks NCM tasks will spawn external processes to run PERL scripts, Expect scripts, user-provided executables, or shell scripts. Sometimes, CiscoWorks NCM may not be able to kill these external processes, when the spawning task is cancelled or deleted. This could include scripts that spawn sub-processes or processes that are coded to catch kill signals.

Workaround: Manually stop the external process on the CiscoWorks NCM server.

Tasks: A Task Scheduled for the 31st Might Run on the 1st

Bug ID: QCCR1D11142

If you schedule a monthly recurring task for the 31st of every month, CiscoWorks NCM may run the task on the 1st, 2nd, or 3rd day of the next month depending on the number of days in the previous month. For example, if you schedule a task in February (with 28 days) for the 30th of every month, the task will actually run on March 2nd.

Workaround: If you want to run the task on the last day of the month, you must set the date correctly.

Inventory: Data from Device Overwrites Manually Entered Values

Bug ID: QCCR1D11942

Some of the data on the Device Details page is auto-populated. If you manually change the data, CiscoWorks NCM overwrites the values during the next snapshot.

The automatically populated data includes:

Domain Name

Host Name


Serial Number



Console Server: SSH Access is not Supported

Bug ID: QCCR1D11402

CiscoWorks NCM does not support console server access via SSH. If you use a console server to access a device, you must use the Telnet connectivity.

If you select the Use To Access Device option in the New Device page or Edit Device page, you should also select the Telnet option in the Connection Information section.

Sending Reports to External Email Addresses

Bug ID: QCCR1D15982

Even though you may have properly configured CiscoWorks NCM to contact your SMTP server, for network security reasons your SMTP server could have been configured to reject messages from the NCM server address. In this case, you would see the following error message, and CiscoWorks NCM messages would not be delivered.

Error occurred when sending email. Please check the email address and/or your SMTP server settings.

If this occurs, you will need to configure the SMTP server to enable the CiscoWorks NCM server to relay email messages through it.

Accessing the CiscoWorks NCM Documentation Set

All or any part of the CiscoWorks NCM documentation set, including this document, might be upgraded over time. Therefore, we recommend that you access the CiscoWorks NCM documentation set using the following URL:

Tip To cut and paste a two-line URL into the address field of your browser, you must cut and paste each line separately to get the entire URL without a break.

Obtaining Documentation and Submitting a Service Request

For information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly What's New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at:

Subscribe to the What's New in Cisco Product Documentation as a Really Simple Syndication (RSS) feed and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free service and Cisco currently supports RSS Version 2.0.

Open a service request online at:

View a list of Cisco worldwide contacts at: