Table Of Contents
Release Notes for Cisco ACNS Software, Release 5.1.13
Changes Related to the TV-Output Feature
CLI Enhancements for URL-Based Monitoring
Media File System Issues When Downgrading to ACNS 5.0 Software
Websense Issues When Downgrading to ACNS 5.0 Software or ACNS 5.1 Software
Open Caveats - ACNS 5.1.13 Software
Open ACNS-IP/TV 5.1.13 Software Integration Caveats
Other Open ACNS 5.1.13 Software Caveats
Resolved Caveats - ACNS 5.1.13 Software
Acquisition and Distribution Resolved Caveats
Media and Streaming Resolved Caveats
Proxy and Caching Resolved Caveats
Configuring URL-Based Monitoring
TACACS+ Enable Password Attribute
Configuration Requirements for Managed Live Events
Multicast Sender Interoperability
Restrictions Regarding Native FTP Caching in ACNS 5.1 and 5.1.x Software
FTP Caching Support in the Cisco ACNS Caching and Streaming Configuration Guide, Release 5.1
FTP Caching Support in the Cisco ACNS Software Command Reference, Release 5.1 Publication
Group-Type Patterns in Rule Pattern Lists
SmartFilter Software and the rule action no-auth Command Rule Interaction
Bandwidth Configuration for Interfaces and Content Services
Default Port of the Content Engine GUI
Playing Nonhinted IP/TV On-Demand Programs over an ACNS Network
Restriction on IP/TV Program Manager Configuration
Cisco Product Security Overview
Reporting Security Problems in Cisco Products
Obtaining Technical Assistance
Cisco Technical Support & Documentation Website
Definitions of Service Request Severity
Obtaining Additional Publications and Information
Release Notes for Cisco ACNS Software, Release 5.1.13
August 4, 2005
ACNS Build 5.1.13b7
Note
The most current Cisco documentation for released products is available at Cisco.com at http://www.cisco.com. The online documents may contain updates and modifications made after the hardcopy documents were printed.
Contents
These release notes contain information about Cisco Application and Content Networking System (ACNS) 5.1.13 software. These release notes describe the following topics:
•
•
•
Introduction
ACNS software combines the technologies of demand-pull caching and pre-positioning for accelerated delivery of web applications, objects, files, and streaming media; ACNS software runs on Cisco Content Engines, Content Distribution Manager, and Content Router hardware platforms.
Note
These release notes are intended for administrators who will be configuring, monitoring, and managing devices that are running ACNS 5.1.13 software. These release notes describe the open and resolved caveats regarding ACNS 5.1.13 software.
New and Changed Information
This section describes new and changed features in the ACNS 5.1.13 software. It also lists the supported hardware:
•
•
Changes Related to the TV-Output Feature
The TV-output service supports the local playback of pre-positioned MPEG content through a hardware decoder. The hardware decoder converts the digital information into an analog TV signal. The TV-out service is only functional if the Content Engine is equipped with a supported MPEG hardware decoder. The tvout enable global configuration command is used to enable the TV-output service on a Content Engine that is registered with a Content Distribution Manager.
Note
The changes that are related to the TV-output service are as follows:
•
•
•
ContentEngine# show hardware...Total 1 CPU.1024 Mbytes of Physical memory.1 CD ROM drive (CD-224E)1 AV card (Vela II)2 GigabitEthernet interfaces1 Console interface2 USB interfaces [Not supported in this version of software]The following PCI cards were found:PCI-Slot-1 MPEG-Decoder-AV [1105:8476 (Sigma Designs, Inc.) (rev 3)]PCI-Slot-2 SCSIManufactured As: Pre-FCS 565 [867383Z]...
Note
•
ContentEngine# show hardware.CPU 0 is GenuineIntel Intel(R) Celeron(R) CPU 1.70GHz (rev 1) running at 1699MHz.Total 1 CPU.1024 Mbytes of Physical memory.1 CD ROM drive (CD-224E)1 AV card (Vela II) [***Revision not supported in this version of software***]2 GigabitEthernet interfaces1 Console interface2 USB interfaces [Not supported in this version of software]The following PCI cards were found:...•
ContentEngine# show tvout...TV-out model: ce565-002 (sigma)[***Hardware revision level not supported in this version of software***]TV-out service is not enabledTV-out signal: ntscTV-out service is not running...CLI Enhancements for URL-Based Monitoring
In ACNS 5.1.13 software, the ability to configure a Content Engine to monitor the performance of specific URLs was added. To support this new feature, the following CLI changes were made:
•
ContentEngine(config)# http monitor url ?WORD URL for monitoringThe http monitor url url command has two command options, the acceptable-delay and interval options. As the following sample output indicates, the acceptable-delay option is used to specify the acceptable delay in seconds (the maximum number of seconds that the specified monitored URL should be retrieved within). The default acceptable delay is 60 seconds.
Content Engine(config)# http monitor url http://www.abc.com/ ?acceptable-delay Threshold time in seconds before which the URL should be retrieved.(default is 60 seconds)interval Interval in seconds for monitoring the URL.(default is 60 seconds)<cr>As the following sample command output indicates, the acceptable-delay option is used to specify the acceptable delay, which is the maximum number of seconds that the specified URL should be retrieved within:
Content Engine(config)# http monitor url http://www.abc.com/ acceptable-delay ?<1-3600> Acceptable delay in seconds
Note
As the following sample command output indicates, the interval option specifies the monitoring interval (that is, how frequently the Content Engine should monitor requests for a specific URL). The monitoring interval is specified in seconds. The default monitoring interval is 60 seconds.
ContentEngine(config)# http monitor url http://www.abc.com/ acceptable-delay 100 interval ?<1-3600> Monitor interval in secondsIn the following example, the Content Engine is configured to monitor the URL named "http://www.abc.com/" using the default values (an interval of 60 seconds and an acceptable delay of 60 seconds):
http monitor url http://www.abc.com/In the following example, the Content Engine is configured to monitor the URL named "http://www.abc.com/." The Content Engine is configured to wait up to 100 seconds for the URL to be retrieved and to monitor requests for this URL every 100 seconds.
ContentEngine(config)# http monitor url http://www.abc.com/ acceptable-delay 100 interval 100If it takes more than 100 seconds for the URL to be retrieved, the specified acceptable delay is exceeded. The Content Engine tracks the response time (minimum and maximum delay time) as well as the number of times that the acceptable delay is exceeded for a particular URL. These statistics are shown in the output from the new show statistics http monitor EXEC command. (An example of the output from the show statistics http monitor EXEC command is provided below.)
•
ContentEngine# show statistics http monitorHTTP Monitor URL statistics---------------------------Monitor URL = http://www.abc.com/Total requests = 118Failed requests = 30Requests above acceptable delay = 37Minimum response time = 8.183 secondsMaximum response time = 210.021 secondsMonitor URL = http://www.abccorp.com/Total requests = 275Failed requests = 44Requests above acceptable delay = 26Minimum response time = 0.071 secondsMaximum response time = 164.061 seconds"Failed requests" are requests that did not succeed (for example, the request failed to resolve the domain name of that URL).
"Requests above acceptable delay" are the requests that took longer than the specified acceptable delay (the maximum number of seconds specified by the acceptable-delay setting).
•
ContentEngine# show running-configuration! ACNS version 5.1.13!!hostname sust-7320-ce1!http persistent-connections timeout 300http proxy incoming 8080http proxy outgoing preserve-407http tcp-keepalive enablehttp monitor url http://www.abc.com/ interval 100 acceptable-delay 100http monitor url http://www.abccorp.com/!ftp proxy incoming 8080!clock timezone US/Eastern -5 0!!...Only the non-default values are displayed in the output from the show running-configuration command. Consequently, because the Content Engine was configured to use the default values to monitor the URL "http://www.abccorp.com," the above sample output does not display these values for that URL.
•
ContentEngine# show http monitorMonitor URL: http://www.abc.com/Monitor Interval: 100Acceptable Delay: 100Monitor URL: http://www.abccorp.com/Monitor Interval: 60Acceptable Delay: 60Hardware Supported
ACNS 5.1.13 software supports the same hardware platforms that were supported in the ACNS 5.1, 5.1.3, 5.1.5, 5.1.7, 5.1.9, and 5.1.11 software. The following hardware platforms are supported:
Important Notes
This section emphasizes important information regarding ACNS 5.1.13 software:
•
•
Media File System Issues When Downgrading to ACNS 5.0 Software
If you have configured the media file system (mediafs) with ACNS 5.1 software or later, and then downgrade to ACNS 5.0 software, the mediafs disk space assignment is lost and it reverts to ACNS network file system (cdnfs) disk space. (The mediafs is used for on-demand content that is fetched through the two streaming protocols [RTSP and WMT]. The cdnfs is used for pre-positioned content in the ACNS network.)
This situation occurs because of a design change that was implemented in ACNS 5.1 software. Because ACNS 5.0 software is not compatible with this change, the disk space becomes assigned to cdnfs instead of mediafs. To work around this problem, follow these steps:
1.
Use the Content Distribution Manager GUI for Content Engines that are registered with a Content Distribution Manager. Use the Content Engine GUI for standalone Content Engines (that is, Content Engines that are not registered with a Content Distribution Manager and are being managed through the Content Engine GUI or CLI).
2.
Websense Issues When Downgrading to ACNS 5.0 Software or ACNS 5.1 Software
If the local (internal) Websense server is enabled on the Content Engine and you downgrade from the ACNS 5.2.x software to either ACNS 5.0 software or ACNS 5.1 software, the WebsenseEnterprise directory is removed from the Content Engine and the local Websense server stops working. Note that the ACNS 5.2.x software does not generate an error message indicating that the WebsenseEnterprise directory has been removed.
To avoid this problem when downgrading from ACNS 5.2.x software to either ACNS 5.1 software or ACNS 5.0 software, follow these steps:
1.
2.
3.
Caveats
This section lists and describes the open and resolved caveats in ACNS 5.1.13 software. Caveats describe unexpected behavior in ACNS 5.1.13 software. Severity 1 caveats are the most serious; Severity 2 caveats are less serious. Severity 3 caveats are moderate caveats.
Open Caveats - ACNS 5.1.13 Software
This section lists caveats that have not been resolved in ACNS 5.1.13 software. The open caveats are grouped into two categories:
•
•
Open ACNS-IP/TV 5.1.13 Software Integration Caveats
This section lists and describes caveats that are open in ACNS 5.1.13 software and are related to ACNS-IP/TV software integration:
•
Symptom: Requests for on-demand programs from clients in an ACNS network are sent to IP/TV Program Manager. IP/TV Program Manager treats these requests as standalone IP/TV on-demand program requests and directs them to the IP/TV Broadcast Server that can serve the request. This situation causes bandwidth issues and affects the functioning of IP/TV Server.
Condition: This problem occurs when IP/TV has been integrated in an ACNS network. It occurs when requests for on-demand programs that are exported to the ACNS network reach IP/TV Program Manager instead of being routed to the Content Engine that has the programs. This problem is related to a routing failure or a routing error.
Workaround: Configure routing correctly in ACNS networks so that on-demand requests are directed to the nearest Content Engine that is capable of serving the program. Alternatively, you can change the proximity settings in IP/TV Program Manager so that it does not redirect the on-demand program requests to IP/TV Broadcast Servers. However, the second approach can also affect the serving of standalone on-demand programs.
•
Symptom: The audio stream sounds discontinuous when you listen to a rebroadcast or video on demand (VOD) of a recorded MP4 file.
Condition: The symptom occurs with IP/TV-generated MP4 files that are streamed from a Cisco Streaming Engine. The problem only occurs with MP4 files that contain an MP3 audio track sampled at 8000 Hz. Streaming the file directly from IP/TV Server does not result in this problem.
Workaround: Use a sampling frequency of 11025 Hz or 22050 Hz while creating a live program with MP3 audio if the recorded file is to be deployed in an ACNS network. Alternatively, use the AAC codec instead of MP3.
•
Symptom: When you are upgrading IP/TV Version 3.5 to Version 5.1, the functionality of the IP/TV Archive Server is replaced by Content Engines in the ACNS network. The Content Engines need to have the content present on a broadcast server but broadcast servers often have limited disk space.
Condition: This problem is only applicable if you are planning to upgrade from IP/TV Version 3.5 to Version 5.1 software, which will require that you use broadcast servers that have limited disk space.
Workaround: Import this data into your ACNS network by moving the media to a web server (origin server), and then creating a manifest file and an associated channel.
•
Symptom: For ACNS-based IP/TV scheduled programs that use live-split-only content delivery mode, IP/TV Program Manager allocates multicast addresses to individual streams that are never used along the content delivery path.
Condition: The problem is observed with live-split-only programs.
Workaround: There is no known workaround.
Other Open ACNS 5.1.13 Software Caveats
This section lists and describes caveats that are open in ACNS 5.1.13 software and are not related to ACNS-IP/TV software integration:
•
Symptom: Content cannot be acquired using strong authentication from secure origin servers that use certificates from nonstandard certificate authorities (CAs). If strong authentication was chosen for content acquisitions from such a site, the acquirer error statistics will contain a 401 (Unauthorized) error code, and the acquirer error log contains the following error message:
Strong Cert Authentication rejects certificate due to error: ssl error codeCondition: This problem occurs if the origin server uses a certificate that is not known as a standard certificate to the ACNS software acquirer. For content acquisition from secure sites over HTTPS using strong authentication, only sites with certificates from standard certificate authorities are supported.
Note
Workaround: Use one of these workarounds:
–
–
•
Symptom: When a Content Engine model CE-565 is attached to a Storage Array SA-7 device, if too large a cache file system (cfs) partition is configured, and a combined streaming and caching workload is used, then a lower HTTP performance is observed.
Condition: This problem occurs when the CE-565 has Windows Media Technologies (WMT) enabled; a combined streaming and caching workload is used, and the Content Engine is attached to an SA-7 device.
Note
Workaround: Allocate less space to the cfs if a Storage Array is attached to the Content Engine.
•
Symptom: Windows Media Technologies (WMT) is enabled with no media file system (mediafs) after you downgrade from ACNS 5.1b300 software to ACNS 5.0.7b8 software.
Condition: This problem occurs if you upgrade from ACNS 5.0.7b8 to ACNS 5.1bx software, configure the disk, and then downgrade to ACNS 5.0.7b4 software.
Workaround: Reconfigure the disk with a mediafs partition and reload the software.
•
Symptom: Using FTP inside the .meta file to have the Content Engine obtain the .bin file for a Content Distribution Manager GUI-initiated upgrade is unsuccessful if the user's home directory differs from the FTP root.
Condition: This problem occurs in either of the following situations:
–
–
Workaround: Copy the .bin file to both the FTP root and the user's home directory, or use a user whose home directory is the FTP root.
•
Symptom: The following error is reported when the ceApiServlet is called:
type Exception reportmessagedescription The server encountered an internal error () that prevented it fromfulfilling this request.exceptionjava.lang.NullPointerExceptionCondition: This problem occurs if the Content Engine does not have an explicit management IP address configured.
Workaround: Configure a management IP address for the Content Engine's Activation page.
•
Symptom: If you edit a file-based scheduled program and the Quality of Service (QoS) feature is configured, the revised program retains the QoS configuration even if you disable the QoS feature.
Condition: This problem occurs only with file-based scheduled programs; it does not occur with live programs.
Workaround: The only known workaround is re-creation. To remove the QoS configuration, delete the program and then re-create the program without configuring the QoS feature.
•
Symptom: The API program is created with multicast settings, with no multicast address ports specified within the program file. The program address pool is configured, including the pool TTL.
Condition: This problem occurs if the program multicast TTL is set to 255 instead of the address pool TTL value.
Workaround: Set the required TTL value within the program file.
•
Symptom: A constant stream of bandwidth error messages (one about every 2 seconds) is reported in the syslog. As the following sample messages indicate, these messages are not very useful.
Feb 11 13:24:26 webcache01 bandwd: %CE-BANDWD-3-115002: BANDWD: Trying again in two secondsFeb 11 13:24:28 webcache01 bandwd: %CE-BANDWD-3-115003: BANDWD: verification registration failed, err=30Condition: None.
Workaround: There is no known workaround.
•
Symptom: The Content Engine stops spoofing the client IP address and uses its own IP address to fetch content from the origin server.
Condition: The http l4-switch spoof-client-ip enable global configuration command turns on IP spoofing on a Content Engine that is functioning as a caching engine. When a rule action user-server global configuration command is used, the Content Engine stops spoofing the client IP address and instead uses its own IP address to fetch the content.
Workaround: There is no known workaround.
•
Symptom: The network management system (NMS) host does not know where SNMP traps are coming from.
Condition: This problem occurs if there are two interfaces and you configure interface redundancy using both interfaces. You must use a dummy address for the physical addresses. You then configure a real address that floats between the two interfaces. If you then configure SNMP traps, the traps are being sourced from the dummy address and not the routable address. Therefore, the NMS host does not know where the trap is coming from.
Workaround: There is no known workaround.
•
Symptom: You experience problems when trying to add rules that have the pipe character (|).
Condition: You cannot add rules that contain the pipe character (|).
Workaround: To achieve the OR functionality, add multiple rules that do not contain the pipe character (|).
•
Symptom: The cache process restarts when the ICAP feature is enabled.
Condition: The problem occurs if the ICAP functionality is in an unstable state.
Workaround: Reboot the Content Engine to restart the ICAP daemon and bring it back to its normal state.
•
Symptom: Syslog messages contain the following text:
uns-server: %CE-CDNFS-0-480000: uns_read_meta: WOW! url mismatch: wanted '<URL>', swaw '^C'Condition: This problem occurs because of an apparent file system corruption; the cdnfs metadata files have the wrong content (the content is internally consistent but in the wrong file). This problem happens infrequently. For example, in this case, cdnfs content was being updated and a crash occurred because of a kernel panic (which occurs infrequently).
Workaround: Although there is no known workaround to stop the syslog messages shown above, lookups for the target URL listed in the syslog message may succeed if the ACNS software has created a new cdnfs entry for the target URL.
A way to test this is to use the cdnfs lookup url EXEC command and see if the URL is found. If the URL is not found, a way to force it to be replicated is to modify the file on the origin server (for example, by using the touch command on a UNIX-based origin server).
Alternatively, you can enter the acquisition-distribution database-cleanup start command on the affected Content Engine to query the cdnfs for all the objects that are supposed to be on the Content Engine. Missing objects should be detected and replicated.
•
Symptom: Proxy requests to the Content Engine proceed to allow mode (if allow mode is enabled) or are blocked (if allow mode is disabled) when the Websense URL filtering mechanism is configured to use the local Websense server.
Because the connections from the Content Engine to the Websense server time out, all requests go to allow mode until all 40 connections are exhausted. (This situation makes it appear as if the Websense server is not responding.) After all 40 connections are attempted, the Content Engine successfully connects to the Websense server and works properly thereafter.
Conditions: This problem can occur under the following conditions:
•
•
•
•
Workaround: Reconfigure Websense URL filtering on the Content Engine so that the Content Engine will attempt to establish new connections to the Websense server.
•
Symptom: The current connection request to a URL remains up and the Content Engine tries to obtain the data until the server read/write timeout occurs. Subsequent requests to the same URL also remain up until the server read/write timeout for the first request occurs.
Conditions: This problem can occur if the primary outgoing HTTP proxy server fails and a request is issued to a URL that is serviced by this proxy server. Even though the show http proxy EXEC command shows the primary outgoing proxy as "failed," the Content Engine sends subsequent requests to the same URL instead of redirecting these requests to a standby outgoing HTTP proxy server.
Workaround: There is no known workaround.
•
Symptom: The local (internal) Websense server gets enabled on the Content Engine unexpectedly.
Condition: This problem occurs if the local Websense server is disabled and the IP address of the Content Engine is changed.
Workaround: Enter the no websense-server enable command to disable the local (internal) Websense server on the Content Engine.
•
Symptom: The Content Engine does not push the certificate to the client browser and an error is displayed indicating that the certificate has expired.
Conditions: This problem can occur in situations such as the following:
ContentEngine(config)# https server testcer certgroup chain verisignContentEngine(config)# https server testcer certgroup serverauth verisignContentEngine(config)# https server testcer key siebelContentEngine(config)# https server testcer host 209.165.201.128ContentEngine(config)# https server testcer enable/cfg/gl/cache/https/server/tsiebel/enable: Certgroup file used for serverauth is not valid (Error 1092)The problem is that the SSL standard states that the server will make the whole authentication chain available if the client has an expired root or intermediate certificate. This is not a problem as long as the browser has unexpired intermediate and root certificates for Verisign.
Workaround: Load an active intermediate certificate in the browser.
•
Symptom: FTP-over-HTTP fails for certain URLs.
Condition: This problem can occur when a CWD command (an FTP command) to a directory in the path component of that URL fails but the actual file can be retrieved using the RETR fullpathname command.
Workaround: There is no known workaround.
•
Symptom: The CPU utilization on the Content Engine is between 90-100 percent.
Condition: This problem can occur if a Content Engine model CE-7320 is running about 20 url-regex rules.
Workaround: There is no known workaround.
•
Symptom: It is not possible to access a portion of a pre-positioned file from a rewritten URL.
Condition: This problem occurs because the URL rewrite/redirect needs to be processed first.
Workaround: Use the URL preload feature instead of the Content Distribution Manager pre-positioning feature.
•
Symptom: A live stream does not recover after being interrupted.
Condition: This problem occurs if the live stream is a Cisco Streaming Engine live-split program and the program is interrupted after playback has been started.
Workaround: Restart the Cisco Streaming Engine on all of the Content Engines (starting with the root Content Engine and continuing down through the split hierarchy of Content Engines).
•
Symptom: A web application does not work through the Content Engine.
Condition: This problem can occur if authentication is enabled on the Content Engine that is returning an HTTP/1.0 response (the 407 Proxy Authentication Required message is sent as an HTTP/1.0 response). Because the web application will only accept HTTP/1.1 responses, it kills the session.
Workaround: There is no known workaround.
•
Symptom: When you click links from the table of contents or the index of the ACNS Content Distribution Manager online help, the links open in the same pane, that is, the left pane, which contains the table of contents and the index, instead of opening in the right pane, which contains the help topics.
Condition: This problem occurs after you install Microsoft security update MS05-026. This security patch disables cross-frame navigation features that are based on HTML Help ActiveX control (HHCTRL).
Workaround: To reenable cross-frame navigation features that are based on HHCTRL, modify your Windows registry as explained in Microsoft Knowledge Base article 896905, which is available at this URL:
http://support.microsoft.com/kb/896905/
•
Symptom: Websense Manager cannot connect to the local Websense server (the Websense server runs as a separate process on the Content Engine instead of running on a separate system).
Condition: This problem occurs if an external IP address is used from the Websense Manager to connect to the local Websense server (Version 5.0.1) that is running on the Content Engine.
Workaround: There is no known workaround.
•
Symptom: The Websense policy server and user server generate core files.
Condition: This problem occurs when the Websense server is running on ACNS 5.1.x software with a version of the Websense Manager that is earlier than Version 5.0.1 build 20030722. This problem does not exist when the Websense server is running on ACNS 5.0.3 software.
Workaround: Download Websense Manager Version 5.0.1 build 20030722.
•
Symptom: If there is a WCCP transparent proxy between the ACNS network root Content Engine and the content origin server, and the proxy requires Microsoft NT LAN Manager (NTLM) authentication, then the ACNS network acquirer may fail to acquire content in the following scenario:
1.
2.
3.
Condition: This problem occurs with ACNS 5.1.x software.
Workaround: Restart the acquirer through the acquisition-distribution stop and acquisition-distribution start commands.
•
Symptom: In ACNS 4.2 software, rules are configured only for HTTP and not for streaming protocols. If a Content Engine that is configured with rules and is running ACNS 4.2 software is upgraded to ACNS 5.1.x software, then these rules are configured with the protocol type "all."
Condition: This problem occurs when the software is upgraded to ACNS 5.1.x software from ACNS 4.2 software.
Workaround: If you do not want the rule to be applied for some of the rule actions, you can change the rule configuration as required.
•
Symptom: An FTP client application stops receiving data for a data transfer operation such as a directory listing (ls) or file transfer (GET). The same symptom can occur for FTP-over-HTTP data transfers from the FTP server to the Content Engine.
Condition: For FTP client applications, the Content Engine must be using the FTP proxy through WCCP redirection, configured for following the FTP client's mode for establishing a data connection. The FTP client application must have also been set to use active mode to the FTP server.
ContentEngine(config)# wccp ftp router-list-num numberContentEngine(config)# wccp version 2ContentEngine(config)# ftp proxy active-mode enableFor FTP-over-HTTP data transfers, the Content Engine must be configured for an FTP incoming proxy and configured to use active mode to the FTP server. The client browser must be configured to use the Content Engine FTP proxy for FTP URLs.
ContentEngine(config)# ftp proxy incoming portContentEngine(config)# ftp proxy active-mode enableThe symptoms can occur with the configurations described above and when the FTP server starts sending data packets that are received out of order by the Content Engine before the Content Engine sends the TCP connection establishment SYN-ACK packet to the FTP server.
Workaround: Remove the Content Engine active mode configuration by entering the following configuration command:
ContentEngine(config)# no ftp proxy active-mode enableWhen this symptom occurs on an FTP client application, press Ctrl-C simultaneously to stop the partial data transfer operation.
When this symptom occurs on a browser configured for FTP-over-HTTP, click the STOP button to stop the partial data transfer operation.
•
Symptom: In ACNS 5.0 software, only "AND" is allowed between the group of patterns with the same pattern list number. When you downgrade from ACNS 5.1 software to ACNS 5.0 software, the ORing of patterns configuration is not supported and is converted to ANDing of patterns as follows:
–
rule action block pattern-list 3 protocol httprule pattern-list 3 url-regex senrule pattern-list 3 domain ciscoIn ACNS 5.1 software, the default behavior is ORing of patterns.
–
rule action block pattern-list 3 protocol httprule pattern-list 3 url-regex senrule pattern-list 3 domain ciscoIn ACNS 5.0 software, the only behavior is ANDing of patterns.
Condition: The problem occurs when the configuration on the Content Engine has many pattern lists that are configured (ORed together) in ACNS 5.1 software and the Content Engine is downgraded to ACNS 5.0 software. Then only the first pattern-list configuration is used.
Workaround: There is no known workaround.
•
Symptom: After a Content Engine is downgraded from ACNS 5.1 software to ACNS 4.2 software, some patterns in the pattern list are lost as follows:
–
rule action block pattern-list 3 protocol httprule pattern-list 3 url-regex senrule pattern-list 3 domain cisco–
rule block url-regex senCondition: This problem occurs when the configuration on the Content Engine has many pattern lists that are configured (ORed together) in ACNS 5.1 software, and the Content Engine is downgraded to ACNS 4.2 software. Then only the first pattern-list configuration is used. All other pattern lists are lost.
Workaround: There is no known workaround.
•
Symptom: The cache process crashes while passing traffic for both the standard and the dynamic HTTPS service.
Condition: This problem can occur when heavy HTTPS traffic is passing through the Content Engine. Using standard and dynamic WCCP services and having the debug function enabled when HTTPS traffic is heavy may contribute to this problem.
Workaround: There is no known workaround. However, the cache process will restart and work normally after such a crash.
•
Symptom: When a rule with the redirect action is configured with a URL of 0 and with a matching pattern, the cache process crashes if the request matches the pattern.
Condition: This problem occurs when you configure a numeric value of 0 for the redirected URL (for example, if www.yahoo.com is redirected to 0). If you want the Content Engine to redirect URL x to URL y, then you can configure the rule redirect action. While doing so, you must configure URL x and URL y.
Workaround: There is no known workaround.
•
Symptom: When MPEG-2 is specified as the preferred format in a channel, the programs cannot be created in that channel.
Condition: This problem occurs only if MPEG-2 is the preferred format.
Workaround: When MPEG-2 is chosen as the preferred format for a channel-based program, the default bandwidth is set to 1150 (the default for non-MPEG-2 programs). The default bandwidth for MPEG-2-based programs should be 2000 for MPEG-2 half duplex, and 3000 for MPEG-2 full duplex. Manually set the bandwidth while creating the program as follows:
–
–
•
Symptom: If Quality of Service (QoS) for MP2T audio-only programs is set, QoS parameters are not included in the Session Description Protocol (SDP) information for the program. Consequently, the MP2T stream is streamed without the intended QoS characteristics.
Condition: The problem is observed with MP2T audio-only programs and when the audio QoS option is specified.
Workaround: There is no known workaround.
•
Symptom: The manifest validator fails to fetch the XML file if the source is authenticated.
Condition: This problem occurs only if the file is located at an authenticated location.
Workaround: Put a copy of the manifest file in a nonauthenticated location to use the manifest validator.
Resolved Caveats - ACNS 5.1.13 Software
This section lists the caveats that have been resolved in ACNS 5.1.13 software. The resolved caveats are grouped into the following categories:
•
•
•
Acquisition and Distribution Resolved Caveats
•
If an HTTP header has a time-sensitive Set-Cookie header and there is a specified Time To Live (TTL) value to re-check such content, the ACNS software acquisition and distribution processes replicate the incorrect Set-Cookie information to users and continue to replicate the meta data repeatedly.
DNS Resolved Caveats
•
If a LAN/MAN DOS PC protocol stack is being used, WCCP DNS cache redirection fails. This problem occurs if the DNS response contains eight or less resource records, which causes the ACNS software to pad the response packet to 554 bytes. The DOS client is unable to ping any website if both of the following conditions exist: (1) the DNS response is 554 bytes long, and (2) a WCCP-enabled router intercepts the DNS query and redirects it to a Content Engine that is running ACNS 5.1.x or 5.2.1 software. In the ACNS 5.1.13 software, this problem is fixed.
Management Resolved Caveats
•
In ACNS 5.1.11 software or earlier, before you could configure the deny and allow ports for the HTTPS proxy through the Content Distribution Manager GUI, the outgoing proxy feature has to be configured. In ACNS 5.1.13 software, the Content Distribution Manager GUI now allows you to configure these ports when you are only running an incoming HTTPS proxy.
•
You cannot log in to the Content Distribution Manager GUI, and the CMS service does not start. This problem occurs because the available disk space on the Content Distribution Manager is being consumed by the SysMessage table.
•
When you attempt to use the Content Distribution Manager GUI to update the filesystem settings for a Content Engine in a Device Group, the new settings are not propagated to the Content Engine. (When you enter the show disk configured EXEC command on the Content Engine, the new filesystem settings are not shown in the command output.)
•
The value shown in the CPU usage in the host-resource-mib is incorrect (the value shown was too high). In the ACNS 5.1.13 software release, this problem was fixed.
•
The CISCO-CDP-MIB is populating cache entries for the loopback interface instead of the Fast Ethernet interface, which is connected to the neighbor device.
Media and Streaming Resolved Caveats
•
The ACNS TV-output functionality does not work on newer properly equipped CE-510 and CE-565 models because a newer revision of the audio video (AV) hardware is used. This problem has been fixed. For more information, see the "Changes Related to the TV-Output Feature" section.
•
In ACNS 5.1.7 software and later, the WMT transaction logs contain a username field. You use the wmt transaction logs format extended command to specify the WMT extended format for transaction logs, which enables username logging in the WMT transaction log. Even though the CE-action, CE-bytes, and username fields should not be included in the WMT transaction log unless the WMT extended format is specified, the username is always included in the WMT log file. In ACNS 5.1.13 software, this problem was fixed. The username is now only included in the WMT transaction logs if the WMT extended format is specified.
•
The contents of a playlist could freeze on the user's TV monitor if you disable the TV-output feature (that is, you enter the no tvout enable global configuration command) while a playlist is being actively played. This problem was fixed in ACNS 5.1.13 software. In ACNS 5.1.13 software or later, when you enter the no tvout enable command during a video playback, the user's video screen is cleanly blanked.
•
In ACNS 5.1.11 software or earlier, the output from the show hardware EXEC command does not display the version of the TV-output hardware that the Content Engine is equipped with. In ACNS 5.1.13 software and later, this information is displayed in output from the show hardware EXEC command. For more information, see the "Changes Related to the TV-Output Feature" section.
•
RTSP requests are failing when the RTSP gateway, which is running on the Content Engine, is used. This problem occurs when a request is using non-standard RTSP ports, which are not allowed through the firewall (the RTSP gateway is not properly handling the switch from RTSP to RTSP-over-HTTP).
Proxy and Caching Resolved Caveats
•
A hot fix for the Websense server Version 5.0.1 is needed to replace libDirectoryService.so (a shared library). This hot fix library for the Websense server is included in the ACNS 5.1.13 software release.
•
When the sysfs partition reaches a certain capacity, the system starts to delete files to free up space on this partition. The syslog.txt file is one of the files that is deleted from the directory.
•
In ACNS 5.1.11 software or earlier, such messages as "cache: SmartFilter: sf_add_to_queue:too many jobs in pluggin thread pool queue (15204193). Maximum allowed is: 1000" are found in the syslog file, and URL filtering stops working.
•
Even though you have configured the rule to use the x-forwarded-for header, SmartFilter IP-based filtering does not work. This problem occurs if the clients (end users who are requesting the content) are behind the downstream proxy, and filtering is being performed at the upstream proxy.
•
Some syslog.txt messages do not have a message code associated with them. This problem was fixed in the ACNS 5.1.13 software release.
Rules Resolved Caveats
•
If you use the Content Distribution Manager GUI to enter rule actions or patterns for a device group and you include extra spaces or use shorthand in the Rule Parameters field, the CLI will appear slightly differently in running-config. Because of the local/central management feature of ACNS, this will cause two equivalent rules to be reflected in the Content Distribution Manager GUI for each device in the group. The first reflects the rule exactly as entered in the device group. As a device group rule, it is displayed as read-only in the Device window of the Content Distribution Manager GUI. The second reflects the rule as shown in running-config. As a device rule, it is displayed as read-write in the Device window. (If you see an edit icon next to the rule, it is read-write. If you see the eyeglasses icon next to the rule, it is read-only.)
Other Resolved Caveats
•
In rare circumstances, the Content Engine might run out of memory unexpectedly, which can result in one or more services eventually being killed by the kernel.
•
After you reboot the Content Engine CE-7325 model, it loses its duplex and bandwidth configuration settings on the Gigabit Ethernet network interface. This problem occurs if you have configured the EtherChannel by assigning both interfaces to a port-channel.
Documentation Updates
This section describes the following documentation updates:
•
•
•
•
•
•
•
•
•
•
•
•
ACNS 5.1.13 TV-Out Changes
This documentation update applies to the following two ACNS 5.1 software guides:
•
•
In ACNS 5.1.13 software or later, the output of the show hardware EXEC command notifies you if the Content Engine has TV-output hardware that is not supported by the ACNS software release that is running on the Content Engine.
In ACNS 5.1.13 software or later, the output of the show tvout EXEC command also notifies you if the Content Engine has TV-output hardware that is not supported by the ACNS software release that is currently running on the Content Engine.
In ACNS 5.1.13 software or later, the output of the show hardware EXEC command displays the version of the TV-output hardware that is contained in the Content Engine.
For more information, see the "Changes Related to the TV-Output Feature" section.
Configuring URL-Based Monitoring
This documentation update applies to the following three ACNS 5.1 software guides:
•
•
•
In ACNS 1.1.13 software, the ability to configure a Content Engine for URL monitoring was added. For more information, see the "CLI Enhancements for URL-Based Monitoring" section.
Downgrading ACNS 5.x Software
This documentation update applies to the following three ACNS 5.1 software guides:
•
•
•
If you have configured the mediafs with ACNS 5.1 software or later, and then downgrade to ACNS 5.0 software, the mediafs disk space assignment is lost and it reverts to cdnfs disk space. For more information, see the "Downgrading ACNS 5.x Software" section.
If the local (internal) Websense server is enabled on the Content Engine and you downgrade from the ACNS 5.2.x software to either ACNS 5.0 software or ACNS 5.1 software, the WebsenseEnterprise directory is removed from the Content Engine and the local Websense server stops working. For more information, see the "Websense Issues When Downgrading to ACNS 5.0 Software or ACNS 5.1 Software" section.
TACACS+ Enable Password Attribute
This documentation update applies to the following three ACNS 5.1 software guides:
•
•
•
The ACNS software CLI EXEC mode is used for setting, viewing, and testing system operations. It is divided into two access levels, user and privileged. To access privileged-level EXEC mode, enter the enable EXEC command at the user access level prompt and specify a privileged EXEC password (superuser or admin-equivalent password) when prompted for a password.
In TACACS+ there is an "enable password" feature that allows an administrator to define a different enable password for each user. If an ACNS user logs in to the Content Engine with a normal user account (privilege level of 0) instead of an admin or admin-equivalent user account (privilege level of 15), the user must enter the admin password in order to access privileged-level EXEC mode.
ContentEngine> enablePassword:
This caveat applies even if these ACNS users are using TACACS+ for login authentication.
Pre-Positioned Content
This documentation update applies to the Cisco ACNS Software Deployment and Configuration Guide, Release 5.1.
In ACNS 5.1.x software earlier than ACNS 5.1.5 software, pre-positioned content is served only on ports that are standard for the protocol. If the incoming URL contains a port number other than the standard port for that protocol (for example, HTTP uses port 80, RTSP uses port 554, and WMT uses port 1755), then the Content Engine does not attempt
Guest
