Guest

CiscoWorks Network Compliance Manager

Release Notes for CiscoWorks Network Compliance Manager 1.7

  • Viewing Options

  • PDF (333.8 KB)
  • Feedback
Release Notes for CiscoWorks Network Compliance Manager 1.7

Table Of Contents

Release Notes for CiscoWorks Network Compliance Manager 1.7

Introduction

What's New in CiscoWorks NCM 1.7

What's Been Fixed in CiscoWorks NCM 1.7

Documentation Addendum

Supported Platforms

Supported Databases

Additional CiscoWorks NCM Configurations

Virtual Environments

Additional Required Applications

Hardware Requirements

Additional Product Issues

Known Problems in CiscoWorks NCM 1.7

Accessing the CiscoWorks NCM Documentation Set

Obtaining Documentation and Submitting a Service Request


Release Notes for CiscoWorks Network Compliance Manager 1.7


Published: May 6, 2011

These release notes are for CiscoWorks Network Compliance Manager (NCM) 1.7. It contains the following sections:

Introduction

What's New in CiscoWorks NCM 1.7

What's Been Fixed in CiscoWorks NCM 1.7

Documentation Addendum

Supported Platforms

Supported Databases

Additional CiscoWorks NCM Configurations

Virtual Environments

Additional Required Applications

Hardware Requirements

Additional Product Issues

Known Problems in CiscoWorks NCM 1.7

Accessing the CiscoWorks NCM Documentation Set

Obtaining Documentation and Submitting a Service Request

Introduction

CiscoWorks NCM tracks and regulates configuration and software changes in a multivendor network environment. It provides visibility into network changes and tracks compliance with a broad variety of regulatory, IT, corporate governance, and technology requirements. CiscoWorks NCM helps IT staff identify and correct trends that could lead to problems, such as network instability and service interruption.

CiscoWorks NCM is integrated with CiscoWorks and is initially launchable from the CiscoWorks home page. CiscoWorks NCM is interoperable with other CiscoWorks applications, such as the LAN Management Solution (LMS) bundle through the Common Services Device Credential Repository (DCR).

What's New in CiscoWorks NCM 1.7

CiscoWorks NCM 1.7 includes the following new features:

Policy Manager API—A rich set of new API commands are now available to define, provision, edit, and list NCM policies. These new APIs can be issued in various combinations to externally create and edit policies to ensure network device compliance.

Using the new API commands, you can:

Create policies

Create policy rules

Create rule exceptions and conditions

Set Boolean logic of rules

Assign auto-remediation scripts

Set policy rule logic

Modify policies, policy rules, and conditions

Delete CLI/API calls

Check policy compliance

SNMPv3 Support—Network devices using SNMPv3 for device discovery are now detectable using NCM. Using less secure network device detection methods is avoided when SNMPv3 protocol is used, enabling the use of the most up-to-date SNMP security mechanisms.

Viewing Device Groups—You can now view a listing of devices from the perspective of any of the parent groups in its ancestry. This enables batch editing of devices from the desired parent group's perspective. In addition, there is now a tree presentation of the Device Groups page. This replaces the previous multi-page, drill-down navigation design.

Custom notifications to logged-on users—Administrators can create customized messages that can serve as notification messages to all logged-in users. Administrators can also see the email address of all logged-in users and send emails to selected users.

NNMi/NCM Integration Enhancements:

Single sign-on between NCM and NNMi

Embedded interfacing between NCM and NNMi

SNMP community string forwarding between NCM and NNMi

The NNMi/NCM Integration Connector is no longer used in CiscoWorks NCM 1.7. NNMi/NCM integration occurs via the WebServices call between the two products.

All NNMi/NCM integration configuration is done in the NNMi UI.


Note Due to new NNMi/NCM integration architecture, Ciscoworks NCM 1.7 supports only NNMi 9.1.


Improved searching—You can now quickly search device configurations using a full text editor.

What's Been Fixed in CiscoWorks NCM 1.7

Table 1 describes the issues fixed in CiscoWorks NCM 1.7.

Table 1 Issues Fixed in CiscoWorks NCM 1.7 

Bug ID
Bug Summary
Fix Description

QCCR1D68111

Cannot detect devices with SNMPv3 configuration using Detect Network Devices task.

The Detect Network Devices task can now detect devices with SNMPv3 configuration.

QCCR1D78689

ACL handles caused Oracle database errors when the Oracle database was updated.

ACL handles are no longer causing Oracle database errors when CiscoWorks NCM updates the Oracle database.

QCCR1D82459

Only users with Admin permissions must be allowed to create, execute, and delete Quick Launches.

You now need Admin permissions to create, execute, and delete Quick Launches.

QCCR1D83072

Cannot search for configuration text that includes HTML characters.

You can now search for configuration text that includes HTML characters.

QCCR1D83198

Cannot enable the FTPMonitor on a Solaris platform.

You can now enable the FTPMonitor on a Solaris platform.

QCCR1D83226

Cannot delete device issues in a NNMi/NCM integration environment.

You can now delete device issues in a NNMi/NCM integration environment.

QCCR1D83230

Cannot select device groups from the drop-down menu on the Device Groups page.

You can now select device groups from the drop-down menu on the Device Groups page.

QCCR1D83490

Block text for port scanning was not supported.

Block text for port scanning is now supported.

QCCR1D83957

Need an option to disable dynamic device group recalculation on the Administrative Setting's Server page.

There is now an option to disable dynamic device group recalculation on the Administrative Setting's Server page.

QCCR1D84076

Need to provide a VLAN link on the Device VLANs page for devices that support VLAN provisioning.

A new VLAN link is available on the Device VLANs page for devices that support VLAN provisioning.

QCCR1D84210

Cannot run a policy compliance task against a device using the CiscoWorks NCM API.

You can now run a policy compliance task against a device using the CiscoWorks NCM API.

QCCR1D84234

Policy created dynamic groups names did not contain the name of the policy.

Policy created dynamic groups names now contain the name of the policy.

QCCR1D84368

Workflow logic did not work with task command scripts.

Workflow logic now works with task command scripts.

QCCR1D84682

Cannot enter more than 128 characters in the device description field.

You can now enter more than 128 characters in the device description field.

QCCR1D84865

The Event Notification script box was not populated.

The Event Notification script box is now populated.

QCCR1D85147

Error in processing "show port" CLI command.

The "show port" CLI command now functions properly.

QCCR1D85419

The SNMP community string was listed more than once when running the Deploy Password task.

The SNMP community string is now listed only once when running the Deploy Password task.

QCCR1D85910

Configured sites were not included in the "list image" command output.

Configured sites are now listed in the "list image" command output.

QCCR1D85911

Password rules were not listed on the Edit Device page.

Password rules are now listed on the Edit Device page.

QCCR1D111222

NCM now includes the functionality for synchronizing deleted devices with NNMi (when the integration is configured).

You can now synchronize deleted devices with NNMi (when the integration is configured).


Documentation Addendum

This section contains information on:

Multi-task Projects: Option to Continue or Stop the Sub-tasks, When a Sub-task Completes with a Warning Status

Enabling FIPS Mode

Changing CiscoWorks NCM Credentials While Connecting to a New Database Location

Multi-task Projects: Option to Continue or Stop the Sub-tasks, When a Sub-task Completes with a Warning Status

You can run the subsequent sub-tasks or cancel all the remaining sub-tasks, if a sub-task of a multi-task project completes with a Warning status. This feature enables you to cancel the tasks that are running against a device that could be experiencing issues.

To enable this feature:


Step 1 Choose Admin > Custom Data Setup.

Step 2 Scroll down to the API Name field under the Tasks section.

Step 3 In the API Name field, enter: subtask_control.

Step 4 In the Display Name field, enter: Cancel remaining tasks that have warning messages.

Step 5 Check the Limit To check box and enter Yes or No in the Values field.

Step 6 Click Save.


If this feature is enabled, a new field (with the name, Cancel Remaining Tasks That Have Warning Messages) is displayed on all sub-task pages, when you create sub-tasks for a multi-task project.

This field has the following options:

Blank—The remaining sub-tasks continue to run.

Yes—The remaining sub-tasks are canceled.

No—The remaining sub-tasks continue to run.

To disable this feature, uncheck the API Name check box on the Custom Data Setup page and click Save.

Enabling FIPS Mode

The Federal Information Processing Standardization (FIPS) specifies cryptography requirements for both software and hardware.

In CiscoWorks NCM, FIPS functionality is applicable only for the devices that support SSH/SCP or SNMPv3. Devices that do not support SSH/SCP or SNMPv3 are not affected.

Enabling FIPS mode provides the following in terms of device access:

Restricts what encryption algorithms can be used (for example, AES and 3DES are allowed, however Blowfish and DES are not allowed).

Replaces implementation of other encryption algorithms with a FIPS-compliant one.


Note Enabling the FIPS mode, restricts the algorithms that the CiscoWorks NCM uses to communicate with the devices, thereby rendering some non-FIPS compliant devices unreachable.


To enable FIPS mode:


Step 1 Add the following line to the adjustable_options.rcx file:

<option name="crypto/fips/enabled">true</option>

Step 2 Restart the CiscoWorks NCM.

The following message is displayed in the log file, if the FIPS mode is enabled.

{system/crypto} [main] 75 FIPS140Mode: Loading FIPS JCE Provider

Step 3 Login to CiscoWorks NCM as Admin.

Step 4 Choose Admin System Status > BaseServerMonitor > View Details.

The following message is displayed:

crypto/fips/cipher_list = [3des-cbc, aes128-cbc, aes128-ctr, aes192-cbc

crypto/fips/mac_list = [hmac-sha1, hmac-sha1-96]


To disable FIPS mode:


Step 1 Add the following line to the adjustable_options.rcx file:

<option name="crypto/fips/enabled">false</option>

Step 2 Restart the CiscoWorks NCM.


Changing CiscoWorks NCM Credentials While Connecting to a New Database Location

If the CiscoWorks NCM database has been moved to a new server, you can configure CiscoWorks NCM to connect to the new database location using the tc_tools utility.

The tc_tools utility enables you to update the following information on the CiscoWorks NCM server:

Database server name

Database name

Database username

Database user password

The CiscoWorks NCM database must be configured through database administration tasks or through the CiscoWorks NCM install procedure. See CiscoWorks NCM 1.7 Upgrade and Installation Guide for information on installing the CiscoWorks NCM database.

The tc_tools utility is located at:

<installdir>/client/tc_tools.bat (Windows platform)

<installdir>/client/tc_tools.sh (Unix platform)

To execute the tc_tools utility:


Step 1 Run the tc_tools utility.

The following options are displayed:

1 - Change database connection information

2 - Save device passwords to file

3 - Reset update in progress information

4 - Exit

Step 2 Select Option 1 (Change database connection information).

The following message is displayed:

Database Server [devsql2k]:Database Name [Caladan_Bruce]:Database User [sa]:Database Password [********]:Database connection information changed.

The entries inside the brackets are the previous values. If you are confirming an existing value, you can retype it or simply press Enter. To confirm all existing values without updating them, you can exit the script by entering ctrl-C.

Step 3 Make the required changes and save the file.

Step 4 Select Option 4 (Exit) or enter ctrl-C.

Step 5 Restart the CiscoWorks NCM Management Engine.


Supported Platforms

Table 2 shows the supported platforms for CiscoWorks NCM 1.7.

Table 2 Supported Platforms for CiscoWorks NCM 1.7

Operating System
Architecture
32-bit
64-bit 1

Windows Server 2008 R2

x86_64

 

X

Windows Server 2003 SP2

X86_32

X

 

Solaris 10 SPARC2 ,3

Sun4u, Sun4v

 

X

RedHat RH AS 44

x86_32

X

 

RedHat RHEL Server 5

x86_64

 

X

SuSE Enterprise Linux Server 10

x86_64

 

X

1 CiscoWorks NCM 1.7 full installs are supported only on 64-bit architecture. You can upgrade from an existing 32-bit CiscoWorks NCM platform to a 64-bit platform. If you are using a RHEL 5 Server x64, it is required that you upgrade to 64-bit platform.

2 Before installing CiscoWorks NCM 1.7 on a Solaris 10 platform, you must reconfigure the Syslog server on Solaris 10 to ignore the remote Syslog messages. The Solaris Zone on which CiscoWorks NCM runs must use a dedicated Network Interface Card (NIC).

3 A large amount of swap space is required due to the fork() system call on Solaris. When you fork a 24 GB process, Solaris allocates 24 GB in the swap file. If the 24 GB is not available in swap, the fork() system call fails.

4 The last supported CiscoWorks NCM version on this platform is CiscoWorks NCM 1.5.x.


The following operating systems are no longer supported:

Windows 2000

Solaris 9

Red Hat AS3

SuSE 9

While upgrading to CiscoWorks NCM 1.7, if you are moving from a deprecated operating system to a supported operating system, do the following:


Step 1 Stop CiscoWorks NCM.

Step 2 Backup the CiscoWorks NCM folder.

Step 3 Upgrade the operating system.

Step 4 Restart CiscoWorks NCM and verify that CiscoWorks NCM is working properly.

Step 5 Follow the CiscoWorks NCM 1.7 upgrade procedure.



Note For all operating system upgrades, please see the respective vendor documentation or contact your system support personnel. Cisco is not responsible for issues that might arise during third-party product upgrades.


Supported Databases

Table 3 shows the databases that are supported by CiscoWorks NCM 1.7.

Table 3 Supported Databases for CiscoWorks NCM 1.7 

Database
Notes

Oracle 10g (10.2.0.2 and 10.2.0.4) Standard and Enterprise Edition

64-bit Oracle is supported. If you are running CiscoWorks NCM 1.7 in a Distributed System environment, you will need Oracle 10g or 11gR1 Enterprise Edition.

Oracle 11g (11.1.0.7.0) Standard and Enterprise Edition

64-bit Oracle is supported. If you are running CiscoWorks NCM 1.7 in a Distributed System environment, you will need Oracle 10g or 11gR1 Enterprise Edition.

Microsoft SQL Server 2005 and 2008 Standard and Enterprise Edition

64-bit Microsoft SQL Server is supported. High Availability Distributed System on Microsoft SQL Server requires SQL Server 2005 Service Pack 2 (Standard Edition or Enterprise Edition) or SQL Server 2008 (Standard Edition or Enterprise Edition).

MySQL 5.0.58

MySQL 5.0.58 ships with CiscoWorks NCM 1.7.


Except for modest deployments without full enterprise scale and performance requirements, the application server and database server should be on separate physical machines. In addition, the database server should be dedicated to CiscoWorks NCM, rather than serving multiple applications.


Note CiscoWorks NCM 1.7 does not support the use of Microsoft SQL Named Instances.


The following databases are no longer supported:

Oracle 9i and Oracle 9.2

Microsoft SQL Server 2000

MySQL 3


Note Existing MySQL 3.x databases can be upgraded to MySQL 5.0.58 or later using the MySQL Upgrade Installer.


While upgrading to CiscoWorks NCM 1.7, if you are moving from a deprecated version of the database to a supported version of the database, do the following:


Step 1 Stop CiscoWorks NCM.

Step 2 Backup the CiscoWorks NCM database.

Step 3 Upgrade the database.

Step 4 Restart CiscoWorks NCM and verify that CiscoWorks NCM is working properly.

Step 5 Follow the CiscoWorks NCM 1.7 upgrade procedure.



Note For all database upgrades, please see the respective vendor documentation or contact your database analyst. Cisco is not responsible for issues that might arise during third-party product upgrades.


Additional CiscoWorks NCM Configurations

If you have configured a High Availability Distributed System, the database requirements for Oracle and Microsoft SQL Server include:

Database
Restrictions

Oracle 10g Standard or Enterprise Edition (10.2.0.2 and 10.2.0.4)

No more than five CiscoWorks NCM Cores can be configured together.

Oracle 11g Standard or Enterprise Edition (11.1.0.7.0)

No more than five CiscoWorks NCM Cores can be configured together.

Microsoft SQL Server Standard and Enterprise Edition 2005 (SP2 or higher) and 2008

No more than two CiscoWorks NCM Cores can be configured together. The maximum number of devices should not exceed 6500.


If you have configured a Horizontal Scalability environment, the database requirements for Oracle and Microsoft SQL Server include:

Database
Restrictions

Oracle 10g Standard or Enterprise Edition (10.2.0.4)

No more than five CiscoWorks NCM application servers can be configured together with a single database.

Oracle 11g Standard or Enterprise Edition (11.1.0.7.0)

No more than five CiscoWorks NCM Cores can be configured together with a single database.

Microsoft SQL Server Standard and Enterprise Edition 2005 (SP2 or higher) and 2008

No more than five CiscoWorks NCM application servers can be configured together with a single database.


See the High Availability Distributed System Configuration Guide for CiscoWorks Network Compliance Manager for information on configuring High Availability Distributed System environment.

See the Horizontal Scalability User Guide for CiscoWorks Network Compliance Manager for information on configuring Horizontal Scalability environment.


Note High Availability and Horizontal Scalability environments are not supported for MySQL.


Virtual Environments

Note the following points while running CiscoWorks NCM in a virtual environment:

VMWare guests can be run on a VMWare ESX 3.5 or VMWare ESX 4.0 server (preferred). It is important that the Disk I/O be split. The ESX server must have two arrays, one for the ESX operating system and one for the virtual machines.

Use of Vmotion is not recommended.

If you plan to use virtual machines for both CiscoWorks NCM and your database, ensure that they are running on different VMWare Guests. Note that this only works if you set a limit on managed devices and keep it low. It is recommended that you have the database on a different ESX host so there is no conflicting I/O on the array.

If you plan to run VMWare in a Distributed System or Horizontal Scalability environment, the maximum number of CiscoWorks NCM Cores should not exceed two.

Some VMWare Guests time drift. Syncing to an external time source can solve this issue.

The CiscoWorks NCM VMWare Guest system requirements are double that of standalone server requirements.

CiscoWorks NCM can be network intensive, therefore, if you have many virtual machines sharing a virtual switch and network interface card, you could experience unexpected behavior, including time-outs and failed tasks. In addition, each virtual environment is different and could function differently under loads with shared VM Guests.

If you there any performance issues while running CiscoWorks NCM in a virtual environment, do the following:

Increase hardware resources

Ensure that resources are dedicated through your ESX Administrator

Decrease the number of VMWare Guests running simultaneously

Add a dedicated network interface card to the ESX server for CiscoWorks NCM to use exclusively

Significant performance degradation has been seen on ESX servers running multiple virtual machines where one or more virtual machine was under heavy load. It is critical that the ESX server running CiscoWorks NCM in a virtual environment be properly resourced to avoid performance degradation.


Note The number of managed devices does not have as significant of an impact on performance as the number of concurrent tasks. If performance issues are seen, reduce the number of concurrent tasks and ensure that CiscoWorks NCM is getting the appropriate resources.


Additional Required Applications

You need to install the following applications:

CiscoWorks NCM supports the following browsers:

Mozilla Firefox 3.x and higher

Internet Explorer 7.x and higher


Note Windows pop-up blockers must be disabled for the browser. Cookies must be enabled for the browser.


Adobe® Flash Player 9.x and above for the browser.

Microsoft Excel 2000 or higher, if you are viewing Summary Reports from the CiscoWorks NCM server.

Adobe® Acrobat Reader™ version 4.0 or higher if you are viewing CiscoWorks NCM documentation from the CiscoWorks NCM server.

ActivePerl 5.8.x for Windows).

Perl 5.8.x for Solaris and Linux (CiscoWorks NCM Convert-to-Perl script feature uses Perl).

Perl Net::SSH::Expect module (for using the Connect module with SSH)


Note Third-party products mentioned in this documentation are manufactured by vendors independent of Cisco. Cisco makes no warranty, implied or otherwise, regarding the performance or reliability of these products.


Hardware Requirements

CiscoWorks NCM requires the following minimum hardware:

Table 4 Application Server Requirements

Application Server

CPU

Intel Xeon or equivalent, 3.0+ GHz (Windows, Linux), Dual UltraSparc IIIi+, 1.3 GHz (Solaris)

Memory

4 GB RAM

Swap Space

4 GB

Disk

40 GB, Fast SCSI

Network

100 Mbps Fast Ethernet, full duplex


Table 5 Database Server Requirements

Database Server

CPU

Intel Xeon or equivalent, 3.0+ GHz

Memory

4 GB RAM

Swap Space

4 GB

Disk

60 to 100 GB, Single Channel RAID, Fast SCSI

Network

100 Mbps Fast Ethernet, full duplex


Additional Product Issues

Incorrect SNMPv3 Configuration Prevents Correct Device Detection

Bug ID: QCCR1B86730

For a device whose configuration includes SNMPv3 settings, NCM first tries to communicate with the device using SNMPv3. NCM then tries the SNMPv1 or SNMPv2c settings. If the SNMPv3 settings are incorrect, NCM does not recognize that the SNMPv3 connection failed and detects the device as a non-active node or an unrecognized host. Hence NCM does not attempt SNMPv1 or SNMPv2c communication with the device.

Workaround: Correct the SNMPv3 settings or remove the SNMPv3 configuration so NCM uses only SNMPv1 or SNMPv2.

Using SNMPv3 with Privacy and AES192 and AES256 Encryption

Bug ID: QCCR1D88942

Several tasks, including Detect Network Devices and Discover Driver, do not correctly use SNMPv3 with the AES192 or AES256 encryption privacy protocol.

Workaround: Use a different encryption method, such as AES128.

SNMP Timeout Value Might Be Too Short for SNMPv3 Communications

Bug ID: QCCR1B87867

If you encounter frequent timeouts during communications with SNMPv3 devices, increase the value of the SNMP Timeout setting on the Device Access tab of the Administrative Settings page.

Telnet and SSH Sessions (IPv6 devices)

Bug ID: QCCR1B87641

NCM does not cache telnet or SSH sessions to IPv6 devices. Therefore, these histories are not available from the device information page.

Alternate Driver Discovery (IPv6 devices)

Bug ID: QCCR1B87801

Alternate driver discovery incorrectly interprets the first colon (:) of an IPv6 address as indicating a port on the device.

Driver Discovery with SNMP (IPv6 devices)

Bug ID: QCCR1B87825

Driver discovery using a supplied SNMP community string fails for IPv6 devices.

Users Without Permissions to All Partitions Might Not Be Able to Compare Device Configurations

Bug ID: QCCR1D94263

Users with access to some, but not all, partitions do not see the options for comparing devices on the Configuration Changes tab of the Devices page.

Known Problems in CiscoWorks NCM 1.7

This section contains information about the limitations and problems known to exist in CiscoWorks NCM 1.7.

Custom Diagnostics

Bug ID: QCCR1B86671

CiscoWorks NCM enables you to define custom diagnostics to capture specific information that is useful in your environment. If the name of a custom diagnostic is longer than 80 characters, the Device Diagnostic page shows the content of the most recent diagnostic. However, the Diagnostics History table at the bottom of the page does not appear due to a rendering error.

Polices Page

Bug ID: QCCR1D86308

Users with Admin permissions can view the full list of policies on the Policies page and segment polices into separate policy tags. However, users with Full Access permissions cannot filter policies based on policy tags when there is more than one site partition.

NNMi/NCM Integration (IPv6 devices)

Bug ID: QCCR1B86228

NNMi/NCM integration does not support synchronizing IPv6 devices. Only IPv4 devices are supported.

Using the "mod authentication" command

Bug ID: QCCR1D116666

When using the "mod authentication" command, if there are no device specific authentication records to modify for a device, the system reports the following error:

GEN_FAILURE: The Device Password Information for Device you requested cannot be found. It may have been deleted.

Workaround: You can use the "add authentication" command to create a new entry.

Start/stop service error for SWIM server (on Solaris and Linux platforms)

Bug ID: QCCR1B88733

While running CiscoWorks NCM on Solaris or Linux platforms, if you select the Start/Stop Services option from the Admin menu, and then select the Stop option for the SWIM server, the SWIM server will be stopped, but the following error message will be displayed:

Unable to stop the server

You can ignore this error message.

Downloading Troubleshooting Information File

Bug ID: QCCR1B88735

After downloading the troubleshooting information file, the user could not login to CiscoWorks NCM if the session times out. The Download Manager dialog box appears whenever the user tries to login.

Workaround: Clear the browser cache before logging in.

CNC Task

Bug ID: CSCtn81668

Cisco Network Component (CNC) task fails if Catalyst 6k device with latest image is included in the device group.

Workaround: Leave the Vendor field blank and re-run the task.

Network Diagrams

Bug ID: QCCR1D113667

CiscoWorks NCM generates Network diagrams that can be viewed in Visio, static JPEG, or interactive JPEG format. But when CiscoWorks NCM is installed on Windows Server 2008 R2, icons are not displayed in the JPEG formatted network diagrams.

Memory Allocation Error

Bug ID: QCCR1D114717

If you have installed CiscoWorks NCM on a Linux platform, you might see the following error in the log messages or within the results of failed CiscoWorks NCM tasks:

Caused by: java.io.IOException: java.io.IOException: error=12, Cannot allocate memory

This error occurs when the JVM (Java process) attempts to run an external shell script, such as a custom action or memory monitor. To run the external shell script, the system must fork its process (a mechanism that requires the parent process to copy itself for the child process). Making a copy of the parent process could send a request to the system kernel for more memory than the system can allocate.

Workaround: Run the following command at the root shell prompt:

echo 1> /proc/sys/vm/overcommit_memory

Using API calls to move sites and tasks

Bug ID: QCCR1D112938

Currently, CiscoWorks NCM does not support failover scripts when a NCM Core goes down in a Distributed System or Horizontal Scalability environment.

Workaround: CiscoWorks NCM provides API calls for moving sites and tasks from an inactive NCM Core to an active NCM Core (You must move the sites before moving the tasks).

RSA Server Authentication Manager

Bug ID: QCCR1D115349

RSA device authentication is available only on 32-bit Windows 2003.

Oracle Database Server

Bug ID: QCCR1D75206

Oracle Database Server does not support case insensitive queries. As a result, all searches in CiscoWorks NCM are case sensitive if you are using Oracle Database Server.

Uninstalling CiscoWorks NCM 1.7

Bug ID: QCCR1D113930

After upgrading from CiscoWorks NCM 1.5.x to CiscoWorks NCM 1.7, when uninstalling CiscoWorks NCM 1.7, the CiscoWorks NCM 1.5.x version of the Uninstaller is used.

Workaround: If you upgrade from a 32-bit CiscoWorks NCM platform to a 64-bit CiscoWorks NCM platform, check the CiscoWorks NCM install directory. If there is a directory named jre_old, do the following before uninstalling CiscoWorks NCM:


Step 1 1. Stop CiscoWorks NCM services (this includes TFTP, Syslog, SWIM, and FTP).

Step 2 2. Rename <CWNCM_Install_dir>/jre.

Step 3 3. Rename <CWNCM_Install_dir>/jre_old to <CWNCM_Install_dir>/jre.

Step 4 4. Run the CiscoWorks NCM Uninstaller.


FTP Server error

Bug ID: QCCR1D114963

The results of the most recent monitor runs are stored in the Monitor log file and can be viewed in the System Status page. Sometimes the following error message is displayed, even when the FTP server is running properly.

Unknown IOException: com.oroinc.net.ftp.FTPConnectionClosedException: FTP response 421 received. Server closed connection.

The error message will not displayed if you restart the CiscoWorks NCM Management Engine.

FTP Service (Starting)

Bug ID: QCCRID114411

If you restart CiscoWorks NCM through the CLI on a Linux or Solaris platform, the FTP service will not start. You must start the FTP service via the CiscoWorks NCM Web UI after the CiscoWorks NCM has been started.

Note that there are cases where FTP configuration is changed and the FTP service needs a restart to reflect the changes. In this case, you must do this via the NCM Web UI.

FTP Service (Stopping)

Bug ID: QCCRID114923

In some UNIX environments, you cannot stop the FTP service from the CiscoWorks NCM Web UI.

Workaround: Manually stop the FTP service via the console by executing the following command:

<CWNCM_Install_dir>/server/ext/wrapper/bin/StopFTPWrapper.sh

FTP Accounts

Bug ID: QCCR1D112098

The CiscoWorks NCM UserManager class utilizes a configuration option to identify the username and password of the authorized FTP account. If the administrator changes the configuration value in CiscoWorks NCM, the FTP server will not be aware of the change until it has been restarted because the FTP server does not reload configuration options before performing a user check.

Workaround: The FTP server runs as a separate process outside of CiscoWorks NCM and is not notified when changes to the .rcx files are made. Restart the FTP server if the FTP account username or password is changed.

CLI driver discovery via Bastion Host does not work for some devices

Bug ID: QCCR1D104772

The Discover Driver task fails with the following error message when you configure a device to use a Bastion Host server with SSH:

This task did not complete

The Session Log is not stored for the failed task.

Workaround: Discover the driver without the Bastion Host or manually assign the driver.

Oracle Database Log Files

Bug ID: QCCR1D1114453

Oracle database users could encounter the following error in their log files, associated with a failed query:

java.sql.SQLException: ORA-00600: internal error code, arguments: [kglhdgn_1], [0xA000000], [0], [2], [], [], [], []

This is an Oracle internal error. Causes of this message include:

Timeouts

File corruption

Failed data checks in memory

Hardware, memory, or I/O errors

Incorrectly restored files

Report this error to your DBA or Oracle Support Services.

Batch editing parent device groups or device groups

Bug ID: QCCR1D61742

When you batch edit parent device groups or device groups and partitions that have no devices, an invalid error message is displayed:

You do not have Modify Device Permission for any of the devices you selected.

Workaround: To batch edit all devices in a parent device group, you must do a batch edit against each child group in the parent device group.

Detect Network Devices Task

CiscoWorks NCM prevents you from inadvertently running more than one Detect Network Devices task concurrently. Although the Detect Network Devices task generates only a minimal level of traffic, CiscoWorks NCM provides this protection to help minimize additional traffic when running duplicate or additional Detect Network Devices tasks simultaneously.

If a second or third Detect Network Devices task is scheduled while an earlier Detect Network Devices task is running, CiscoWorks NCM will place the new tasks in the Waiting state. The new tasks will be executed individually after the first Detect Network Devices task has completed.

Running External Application tasks presents a possible security risk

Bug ID: QCCR1D14089

All external application tasks run the application with root (UNIX) or system (Windows) privileges. This is a potential security risk that should be acknowledged by the System Administrator before using the Run External Application feature.

VLAN Data Gathering Diagnostic

Bug ID: QCCR1D102848

If you are running several diagnostics, including the VLAN Data Gathering diagnostic, on a device that does not support the VLAN Data Gathering diagnostic, there is no Session Log available for that task.

Workaround: Remove the VLAN Data Gathering diagnostic from the task.

Stopping the CiscoWorks NCM Management Engine on a Solaris platform

Bug ID: QCCR1D102881

While running CiscoWorks NCM on a Solaris platform, if you select the Start/Stop Services option from the Admin menu, and then select the Stop option for the NCM Management Engine, the NCM Management Engine will not be stopped.

Workaround: Run the /etc/init.d/truecontrol stop command.

VLAN Searches

Bug ID: QCCR1D102754

Previously saved VLAN searches are not valid in CiscoWorks NCM 1.7 due to the addition of new VLAN features. If you try to view a saved VLAN search, you could see the following error message:

Error executing query VLAN: PortInVlanName is not a valid field name for this query.

Workaround: Remove the VLAN search and re-create a new VLAN search.

Uploading Large Image Files

Bug ID: QCCR1D99027

Currently, CiscoWorks NCM is limited to uploading device configurations less than 1GB.

Provision Device Task

Bug ID: QCCR1D102620

Although the Provision Device task enables you to select more than one device, the task only works with one device. Attempting to select more than one device or a device group, using the Device Selector will cause an error.

Device Selector Display

Bug ID: QCCR1D101145

Some of the Device Selector display features might not work properly in Internet Explorer 6 due to browser limitations.

Workaround: Upgrade to Internet Explorer 7.

Security Partitions

Bug ID: QCCR1D102646

While modifying Security Partition details, if you save the Security Partition before the Device Selector loads, you will lose all the devices from that Security Partition.

Canceling Tasks

Bug ID: QCCR1D101509

If you cancel a task that is currently communicating with a device, CiscoWorks NCM will mark subsequent attempts to run the task (or similar tasks) as skipped.

This issue can occur if CiscoWorks NCM is trying to end communication between the task and the device before actually canceling the task. As a result, CiscoWorks NCM will continue to execute the task. Any attempt to rerun the task before it is canceled will appear to CiscoWorks NCM as if the task is already in progress. As a result, CiscoWorks NCM will mark the new task as skipped.

Using the $tc_device_enable_password$ Variable in Command Scripts

Bug ID: QCCR1D100314

While using the $tc_device_enable_password$ variable in a command script, if an at sign (@) character is included in the device enable password, the @ character will be preceded by a backslash (\) character.

Device Managed IP Addresses Page

Bug ID: QCCR1D101755

Changes made to the Device Managed IP Address are not reflected properly in the Device Managed IP Address page.

Workaround: Click the Reset Last Used IP link in the Device Managed IP Addresses page.

Setting Parent Task Priority

Bug ID: QCCR1D98393

If you change the priority of a parent task that is currently running, any existing child tasks that are in the Pending or Waiting state will appropriately change their priority. However, child tasks that have not been created yet or are in other states, such as Running or Paused will retain the parent task's original priority.

If you change the priority of a parent task that is not running, all child tasks take the new priority..

Using LDAP Servers

Bug ID: QCCR1D99663

If you are using a LDAP server for external user authentication, you might need to modify certain LDAP related options in the appserver.rcx file. The default settings will work with the ActiveDirectory server under most situations. However, for other types of LDAP servers (depending on the LDAP schema configurations), you might need to customize the following settings if you are experiencing issues with the default settings:

<!-- Attribute mapping for Generic LDAP server-->

<option name="ldap_server/attr_mapping/Generic/group_search">group,organizationalunit, container,groupOfUniqueNames</option>

<option name="ldap_server/attr_mapping/Generic/group_name">name,cn,commonName</option>

<option name="ldap_server/attr_mapping/Generic/member_search">member,uniqueMember </option>

<option name="ldap_server/attr_mapping/Generic/username_search">samAccountName,uid,cn </option>

You can ignore the following settings:

<!-- Attribute mapping for SunLDAP server-->

<!-- Attribute mapping for OpenLDAP server-->

The group_search option specifies the list of LDAP entries to be searched for LDAP groups. This information is used in Step 3 of LDAP Setup Wizard, where you define the LDAP groups whose members are allowed to login to CiscoWorks NCM (see User Guide for CiscoWorks Network Compliance Manager 1.7 for more information).

Make sure that the list contains all necessary group attributes. For example, it might be necessary to add groupOfName to the list for the LDAP group search to work properly.

The same concept applies to username_search and member_search options. Both of these options are used during the CiscoWorks NCM login process to identify the user and to determine the user's group memberships. If the default LDAP attribute names do not match your LDAP schema configuration, change them accordingly.

Testing OpenLDAP User Authentication

Bug ID: QCCR1D100201

While configuring OpenLDAP for CiscoWorks NCM user authentication, the Test function might not work. In this case, save all the options before testing if they work.

Duplicate VLANs Displayed in Layer 2 Diagrams

Bug ID: QCCR1D100138

When diagramming VLANs, if a VLAN includes an IP address, it is possible for the VLAN port table to include both the VLAN name and the VLAN ID. As a result, duplicate VLANs could be displayed in Layer 2 diagrams.

Device Relationships

Bug ID: QCCR1D100298

Scripting to a vSwitch is done via direct API calls to the containing ESX server. As a result, the scripts modify the ESX server settings that are not related to the vSwitch. This occurs even if the MSP permissions are granted only to the vSwitch.

Running CiscoWorks NCM on a Solaris Platform

Bug ID: QCCR1D99873

While starting the CiscoWorks NCM server on a Solaris platform, there is a remote chance that the CiscoWorks NCM server will crash due to an error in the native frame_sparc.cpp file. This is due to a bug in the Solaris JVM Biased Locking feature.

Workaround: Add the following VM argument to the jboss_wrapper.conf file located in <NCM_Install_Dir>/server/ext/wrapper/conf:

wrapper.java.additional.#=-XX:-UseBiasedLocking

Where # is the next number in sequential order of all parameters. For example, if the jboss_wrapper.conf file has the following arguments, the workaround VM argument would be number 6.

wrapper.java.additional.1=-DTCMgmtEngine=1 wrapper.java.additional.2=-Duser.dir=C:\NA\server\ext\jboss\bin wrapper.java.additional.3=-Xmn170m

wrapper.java.additional.4=-Djava.awt.headless=true wrapper.java.additional.5=-Dfile.encoding=UTF8 wrapper.java.additional.6=-XX:-UseBiasedLocking

Viewing VLAN Information for a Port/Interface

Bug ID: QCCR1D98139

The VLAN field is not populated on the MAC Address Details page.

Workaround: To display VLAN information for a port or interface, click the Port Name link for that port on the MAC Address Details page. The Interface Details page will appear. Scroll down to the Member VLANs field to view the VLAN information.

Using Active Directory

Bug ID: QCCR199633

If you are using Active Directory, you must modify the corresponding options in the appserver.rcx file to include the correct attributes in the search mapping session. To do this:


Step 1 Locate <!-- Attribute mapping for Generic LDAP server--> session in the appserver.rcx file.

Step 2 Make sure that:

groupOfName is included in the group_search

uid is included in the username_search

member is included in the member_search

Step 3 Save the changes to the appserver.rcx file.

Step 4 Restart the CiscoWorks NCM server.


Using ActiveState ActivePerl on Windows

Bug ID: QCCR1D92850

Due to limitations of ActiveState ActivePerl on Windows, if you use this environment you will not be able to use SSH connections with the CiscoWorks NCM Perl API.

Workaround: Install the CiscoWorks NCM client on a supported Linux or Solaris system and run the CiscoWorks NCM Perl API from that system.

Including URLs in Policies

Bug ID: QCCR1D98621

When you create a policy and include a vendor solution URL or a vendor advisory URL, the URL must start with http:// prefix. Otherwise, the link might not be correctly interpreted by the browser.

Java Plug-in Version

Bug ID: QCCR1D88659

If the Connect function fails and the CiscoWorks NCM server hangs, check the Java version that you are currently running on your Windows system. This might be an issue with the Java Plug-in of your Web browser.

To check the Java version that you are currently running on your system:

1. Choose Start > Control Panel.

2. Double-click Java.

3. In the General tab, click the About button.

If you have Version 6 Update 11 or later, you must install an older JRE on your Windows system. Version 6 Update 10 and earlier are known to work.

Using the Device Group Selector

Bug ID: QCCR1D98865

Some of the Chinese characters are not displayed in the Device Group Selector.

Workarounds:

Remove the device from CiscoWorks NCM, add the device to NNMi, and then run the Import task to import the device into CiscoWorks NCM.

Or

Choose Administrative Settings > Server > Device Import page and set the Overwrite Existing Devices option to "yes" and then run the NNMi Import task to import the device into NCM.

Creating advanced Perl scripts

Bug ID: QCCR1D97574

When creating an advanced Perl script, keep in mind that CiscoWorks NCM treats $some_text$ as reserved variables. If you use '$' pairs in the script that are not CiscoWorks NCM variables, ensure you separate them with a space.

For example:

Incorrect: my($host,$port,$user,$pass) = ('localhost','$tc_proxy_telnet_port$', '$tc_user_username$','$tc_user_password$');

Correct: my($host, $port, $user, $pass) = ('localhost','$tc_proxy_telnet_port$', '$tc_user_username$','$tc_user_password$');

Error When Viewing Results for Diagnostics with Single Quotes in their Name

Bug ID: QCCR1D95437

The diagnostic results are not displayed, if the diagnostic has single quotes in its name (for example, `Ana's Diagnostic').

Do not use single quotes in diagnostic names.

Diagnostic Name Limit

Bug ID: QCCR1D96090

CiscoWorks NCM allows you to enter up to 100 characters while naming a diagnostic. However, CiscoWorks NCM allows only 50 characters for the diagnostic name, while running the diagnostics.

Workaround: Limit diagnostic names to 50 or less characters.

Using SCP with Devices in Remote Realms

Bug ID: QCCR1D87003

Devices in remote Realms cannot use the Secure Copy (SCP) Transfer Protocol, because the remote Gateway Satellite Agent cannot use the SSH/SCP port 22 (the Gateway OS uses the SSH/SCP port 22).

Workaround: Disable SCP for devices in remote Realms.

MySQL Install and Upgrade

Bug ID: QCCR1D87961

If you are using a MySQL database and MySQL is installed or upgraded on a CiscoWorks NCM build prior to February 5, 2009, do the following:


Step 1 Stop CiscoWorks NCM services.

Step 2 On Windows, open the my.ini file (under the MySQL Install folder).

On Solaris or Linux, open the /etc/my.cnf file.

Step 3 Search for max_allowed_packet.

If not found, append max_allowed_packet=16776192 to the bottom of the file. If found, change its value to 16776192.

Step 4 Restart MySQL.

Step 5 Restart CiscoWorks NCM services.


Solaris and SecurID

Bug ID: QCCR1D86370

Configuring CiscoWorks NCM to use SecurID as the authentication method can cause the management service to crash. The SecurID libraries provided by RSA cause this problem. Currently, this problem occurs on Solaris 10 with a version string, SunOS 5.10 Generic_118833-22. However, SunOS 5.10 Generic_120011-14 version works fine.

Workaround: Update your OS to SunOS 5.10 Generic_120011-14 version, if you are experiencing problems with SecurID on Solaris.

Using SCP on Linux and Solaris

Bug ID: QCCR1D82379

If you are using SCP on a Linux platform, you need to modify your system's SSH daemon (SSHD) to run on an alternate port and restart the SSHD service. Port 8022 is recommended.

After reconfiguring the system's SSHD, restart CiscoWorks NCM to bind it to Port 22. Use the following command to login via the system's SSHD:

ssh -p 8022 username@host


Note Use ssh username@host for a direct connection to the CiscoWorks NCM proxy.


After logging into CiscoWorks NCM, navigate to the Device Access page. Enter the SSH Username and SSH Password in the SSH Device Access field. The device driver will use this information while copying the files to the CiscoWorks NCM server.

The device specific settings must be configured to enable SCP and SSH to function properly. See the User Guide for CiscoWorks Network Compliance Manager 1.7 for detailed information.

Using SCP

Bug ID: QCCR1D80180

The SSH protocol runs on port 22. By default, Linux and Solaris installs run on port 8022. Windows installs run on port 22.

For Windows installs, if the port is switched to 8022, there could be connectivity issues. This issue is uncommon because most devices do not allow for the specification of an alternate port.

SCP will not work if the device is in a remote Realm and access to the device is managed via a CiscoWorks NCM Satellite. You must run the CiscoWorks NCM SSHD proxy on port 22.

If you use port 8022 on any platform, SCP copies from a device to CiscoWorks NCM will not work. See the Satellite User Guide for CiscoWorks Network Compliance Manager for information on configuring CiscoWorks NCM Satellites.

Using a Non-English Operating System

Bug ID: QCCR1D86705

While running CiscoWorks NCM on a non-English operating system, if you select a Partition from the drop-down menu, unreadable text will be displayed in the Password Information section of the Edit Device page.

Proxy Interface

Bug ID: QCCR1D86391

If you login to CiscoWorks NCM as a limited access user and attempt to connect to a device via the proxy interface, your session will be disconnected.

Searching for Diagnostics

Bug ID: QCCR1D79575

CiscoWorks NCM Topology Data Gathering diagnostic has two options:

CiscoWorks NCM Topology Data Gathering

Topology

Selecting either of these options will only search for the CiscoWorks NCM Topology Data Gathering diagnostic.

SNMP Timeouts

Bug ID: QCCR1D75228

Using SNMP device discovery over networks with latency can cause SNMP timeouts. To resolve this issue:


Step 1 Login to CiscoWorks NCM.

Step 2 Choose Admin > Administrative Settings > Device Access.

The Device Access page appears.

Step 3 Scroll down to the Detect Network Devices Task Settings section and set the SNMP Timeout to a higher value (for example, 2500 milliseconds).


-sync Option

Bug ID: QCCR1D79600

When Workflow is enabled, attempting to run a CLI or API task with the -sync option will fail with a "No such directory" error.

Database Passwords

Bug ID: QCCR1D61595

CiscoWorks NCM does not accept multiple dollar signs ($$). If the password that you use to connect to the database contains multiple dollar signs, you must modify the password before installing CiscoWorks NCM.

Installation Address

Bug ID: QCCR1D78975

The IPv4 address range 169.254.0.0/16 is reserved for link-local usage (referred to as Automatic Private Internet Protocol Addressing [APIPA] by Microsoft) and is not an applicable address range for CiscoWorks NCM. For more information, refer to http://www.ietf.org/ (rfc3330 and rfc3927).

Custom Data Setup

Bug ID: QCCR1D77153

The Custom data field in the Custom Data Setup page accepts alphanumerics and underscores. Though you can use dashes, custom data field names with dashes cannot be used for the tc_device_custom device variables in custom scripts.

Advanced ACL Scripts

Bug ID: QCCR1D74295

If you click the Update Script button while specifying an advanced ACL script, the values are locked. As a result, running (or re-running) the script could result in variables not being updated properly.

Workaround: Avoid using the Update Script button with advanced ACL scripts.

Use of Dollar Signs ($) in Scripts

Bug ID: QCCR1D69342

The script generated from a Telnet/SSH session log will fail or perform in unexpected ways, if the session contains dollar signs ($) in the executed commands.

OS Analysis Task

Bug ID: QCCR1D67566

When CiscoWorks NCM is used in an environment with overlapping IP addresses, the OS Analysis task is not supported for devices behind the remote Realm gateways.

OS Analysis tasks run on the devices that are located in the locally reachable network. This could result in an image recommendation being incorrect for devices behind the gateway.

CiscoWorks NCM will report OS recommendations for a device in the default Realm instead of a remote Realm if they share an IP address.

Device Tasks Ignores the User-defined enforce_save Device Variable

Bug ID: QCCR1D64674

Device tasks that modify a device's configuration, such as the Deploy Password or Deploy Configuration tasks, ignore the enforce_save device access setting.

Workaround: The DeviceInteraction/EnforceConfigurationSave/ConfiguringModels configuration option in appserver.rcx file can be set to false.

Email Report Task

Bug ID: QCCR1D69342

While scheduling an Email Report task, if you select a report other than Summary Reports in the Reports To Run field, the task is reported as failed. However, the report is successfully emailed to the recipient. You can ignore the error message.

Template Scripts

Bug ID: QCCR1D70552

When using template scripts (i.e., Batch insert line into ACL by handle), selecting the Run Again option will rerun the same script. Attempting to change fields will not change the script that is run.

CiscoWorks NCM Core Gateways

Bug ID: QCCR1D68751

You cannot configure redundant NCM Core Gateways in the same Realm as a single NCM Core.

Workaround: Edit the adjustable_options.rcx file and add the IP addresses of other NCM Core Gateways.

Example:

<array name="rpc/allowed_ips">

<value>10.255.54.10</value>

</array>

Potential for Task Failure while Using Reserved CiscoWorks NCM Characters in Device Prompts

Bug ID: QCCR1D70102

There are 11 characters that have special meaning in CiscoWorks NCM:

Opening square bracket ( [ )

Opening round bracket and the closing round bracket ( ( ) )

Backslash ( \ )

Caret ( ^ )

Dollar sign ( $ )

Period or dot ( . )

Vertical bar or pipe symbol ( | )

Question mark ( ? )

Asterisk or star ( * )

Plus sign ( + )

If you use these characters in a device prompt, null pointer exception errors could occur during task execution. As a result, the task will fail.

Workaround: Avoid using these characters while naming devices that interact with CiscoWorks NCM.

Oracle Database Errors Cause Failed Tasks and Other Issues

Bug ID: QCCR1D69094

Oracle database errors cause failed tasks and other issues due to a bug in the JDBC Oracle driver. You could get the following error message:

OALL8 is in an inconsistent state.

Workaround: Update your version of Oracle Database Server.

ACLs with the Same Name, But Different Case in CiscoWorks NCM, Is Not Recommended

Bug ID: QCCR1D61744

CiscoWorks NCM supports case-sensitivity in ACL names. Therefore, you can have two ACLs with the same name, but different case.

If you delete one of those ACLs, all ACLs with the same name are deleted, regardless of the case. It is recommended that you do not use multiple ACLs with same name, but with differing case in CiscoWorks NCM.

Use of Dollar Sign ($) in Perl Code

Bug ID: QCCR1D61867

If you convert a Telnet/SSH Proxy session that contains a dollar sign ($) to Perl, CiscoWorks NCM will not interpret the dollar sign properly in the generated Perl code.

Workaround: Edit the script and add a backslash (\) in front of the dollar sign.

Downloading Software Images from Cisco.com

Bug ID: QCCR1D66891

You can download software images from Cisco.com for devices that are not currently in your CiscoWorks NCM system. However, you may need to modify the driver or model information or both to successfully deploy the software image.

To successfully deploy the software image:


Step 1 Choose Devices > Device Tools > Software Images.

The Software Images page opens.

Step 2 In the Action column, click Edit next to the software image that you want to modify.

The Edit Software Image page opens.

Step 3 In the Image Set Requirements field, modify the driver and/or model information to be compatible with the device in CiscoWorks NCM.

Step 4 Click Save Software.


High Availability Distributed System: Importing Devices

Bug ID: QCCR1D59742

If you import two devices with identical IP addresses into two separate CiscoWorks NCM Cores at the same time, you cannot detect if there is a duplicated device.

Workaround: Manually run the Deduplication task after importing the devices. One device will be automatically de-duplicated and set to Inactive state. (See Chapter 7 in the User Guide for CiscoWorks Network Compliance Manager 1.7 for information on running the Deduplication task.)

High Availability Distributed System External Authentication

Bug ID: QCCR1D53815

If you are using external authentication in a High Availability Distributed System environment, the External Authentication Type, for example, TACACS+ or Active Directory, is global (shared between all CiscoWorks NCM Cores). Authentication server information is NCM Core specific.

Workaround: Set the External Authentication Type to None in the User Authentication page. Configure each CiscoWorks NCM Core individually with the authentication server information or Active Directory setup. After configuring all CiscoWorks NCM Cores, you can set the External Authentication Type on one of the CiscoWorks NCM Cores. The External Authentication Type setting is replicated on all CiscoWorks NCM Cores.

RADIUS External Authentication

Bug ID: QCCR1D9099

CiscoWorks NCM authenticates a user against the CiscoWorks NCM local password, if the RADIUS server does not respond to the authentication request of the user. This happens even if you configure CiscoWorks NCM to not to fail-over on external authentication.

Diagramming

CiscoWorks NCM applies an absolute value for the "text height" attribute for interface and port labels shown in Visio diagrams. When the Visio VDX file is loaded, Visio assigns an incorrect formula to the "text height" attribute. As a result, when you have more than two lines of annotated text (i.e. a label) for an interface or port and you attempt to copy & paste, the label of the new interface or port is displayed improperly and could hide the interface or port icon.

Workaround:

Click the "Text Tool" option on the Visio tool bar and move the label to expose the interface or port icon.

Distributed System Performance

When running a Distributed System, if you are deleting many objects simultaneously, the system may take a while to push transactions for large delete operations.

Scripts: Output Results in HTML Format

Bug ID: QCCR1D21216

When executing an advanced script or a Run External Application task, any text that the advanced script or external application writes to 'stdout' is stored in CiscoWorks NCM as the task result. Typically, this output is treated and displayed as plaintext. As a result, before CiscoWorks NCM displays the task results, it will escape any characters that would affect the HTML rendering (for example, converting < to &lt;).

However, you may want to create an advanced script that outputs its results in HTML format. In this case, none of the output characters would be escaped, so the results displayed would include any applicable HTML formatting. To indicate to CiscoWorks NCM that your script outputs HTML results, the first item that your script writes to 'stdout' must be <html>. If your script output begins with anything other than <html>, the script results will be treated as plaintext.

SecurID Software Token Software, Version 3.x

Bug ID: QCCR1D18988

If CiscoWorks NCM server is installed with 3.x SecurID token software, turn off copy protection while exporting SecurID software token keys on the RSA server. Otherwise, CiscoWorks NCM will report an error while accessing SecurID software tokens.

Nmap Scanning

Bug ID: QCCR1D19036

Some network topologies can result in very long scans. It is recommended that you do not scan Internet addresses. If you think your Nmap scan will take more than a few minutes, you can use the following Nmap options to limit the scanning time:

max_scan_delay milliseconds

where milliseconds is a value between 1 and 1000.

Nmap settings can be changed by using the Administrative Settings option. See the Nmap documentation at www.insecure.org for detailed Nmap information.

Canceling or Deleting Tasks

Bug ID: QCCR1D16257

Some of the CiscoWorks NCM tasks will spawn external processes to run PERL or Expect scripts, or to run user-provided executables or shell scripts. Sometimes, CiscoWorks NCM may not be able to terminate these external processes when the spawning task is cancelled or deleted.

Workaround: Manually stop the external process on the CiscoWorks NCM server.

Tasks: A Task Scheduled for the 31st Might Run on the 1st

Bug ID: QCCR1D11142

If you schedule a monthly recurring task for the 31st of every month, CiscoWorks NCM may run the task on the 1st, 2nd, or 3rd day of the next month depending on the number of days in the previous month. For example, if you schedule a task in February (with 28 days) for the 30th of every month, the task will actually run on March 2nd. If you want to run the task on the last day of the month, you must set the date correctly.

Inventory: Data from Device Overwrites Manually Entered Values

Bug ID: QCCR1D11942

Some of the data on the Device Details page is auto-populated. If you manually change the data, CiscoWorks NCM overwrites the values during the next snapshot.

The automatically populated data includes:

Domain Name

Host Name

Model

Serial Number

Location

Vendor

Console Server: SSH Access is not Supported

Bug ID: QCCR1D11402

CiscoWorks NCM does not support console server access via SSH. If you use a console server to access a device, you must use the Telnet connectivity.

If you select the Use To Access Device option in the New Device page or Edit Device page, you should also select the Telnet option in the Connection Information section.

Sending Reports to External Email Addresses

Bug ID: QCCR1D15982

Even though you may have properly configured CiscoWorks NCM to contact your SMTP server, for network security reasons your SMTP server could have been configured to reject messages from the NCM server address. In this case, you would see the following error message, and any CiscoWorks NCM messages would not be delivered.

Error occurred when sending email. Please check the email address and/or your SMTP server settings.

If this occurs, you will need to configure the SMTP server to enable the NCM server to relay email messages through it.

Accessing the CiscoWorks NCM Documentation Set

All or any part of the CiscoWorks NCM documentation set, including this document, might be upgraded over time. Therefore, we recommend that you access the CiscoWorks NCM documentation set using the following URL: http://www.cisco.com/en/US/products/ps6923/tsd_products_support_series_home.html


Tip To cut and paste a two-line URL into the address field of your browser, you must cut and paste each line separately to get the entire URL without a break.


Obtaining Documentation and Submitting a Service Request

For information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly What's New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at:

http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html

Subscribe to the What's New in Cisco Product Documentation as a Really Simple Syndication (RSS) feed and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free service and Cisco currently supports RSS Version 2.0.

Open a service request online at:

http://tools.cisco.com/ServiceRequestTool/create/launch.do