Table Of Contents
Release Notes for Cisco ACNS Software, Release 5.1.5
Filtering Support for HTTPS Requests with SmartFilter
Manually Downloading the SmartFilter Control List
Fetching the Preload File over HTTPS
Media File System Issues When Downgrading to ACNS 5.0 Software
Websense Issues When Downgrading to ACNS 5.0 Software or ACNS 5.1 Software
Scheduling Live Events for Multiple Content Engines
Multicast Sender Nonretroactive Scheduling Rule
Open Caveats - ACNS Software, Release 5.1.5
Open ACNS-IP/TV Software, Release 5.1.5 Integration Caveats
Other Open ACNS Software, Release 5.1.5 Caveats
Resolved Caveats - ACNS Software, Release 5.1.5
Resolved ACNS-IP/TV Software, Release 5.1.5 Integration Caveats
Other Resolved ACNS Software, Release 5.1.5 Caveats
TACACS+ Enable Password Attribute
Configuration Requirements for Managed Live Events
Multicast Sender Interoperability
Restrictions Regarding Native FTP Caching in ACNS 5.1 and 5.1.x Software
FTP Caching Support in the Cisco ACNS Caching and Streaming Configuration Guide, Release 5.1
FTP Caching Support in the Cisco ACNS Software Command Reference, Release 5.1 Publication
Group-Type Patterns in Rule Pattern Lists
SmartFilter Software and the rule action no-auth Command Rule Interaction
Bandwidth Configuration for Interfaces and Content Services
Default Port of the Content Engine GUI
Playing Nonhinted IP/TV On-Demand Programs over an ACNS Network
Restriction on IP/TV Program Manager Configuration
Cisco Product Security Overview
Reporting Security Problems in Cisco Products
Obtaining Technical Assistance
Cisco Technical Support & Documentation Website
Definitions of Service Request Severity
Obtaining Additional Publications and Information
Release Notes for Cisco ACNS Software, Release 5.1.5
August 4, 2005
ACNS Build 5.1.5b2
Note
The most current Cisco documentation for released products is available at Cisco.com at http://www.cisco.com. The online documents may contain updates and modifications made after the hardcopy documents were printed.
Contents
These release notes contain information about the Cisco Application and Content Networking System (ACNS) software, Release 5.1.5. These release notes describe the following topics:
•
•
•
Introduction
ACNS software combines the technologies of demand-pull caching and pre-positioning for accelerated delivery of web applications, objects, files, and streaming media; ACNS software runs on Cisco Content Engines, Content Distribution Manager, and Content Router hardware platforms.
Note
These release notes are intended for administrators who will be configuring, monitoring, and managing devices that are running ACNS 5.1.5 software. These release notes describe the open and resolved caveats regarding ACNS software, Release 5.1.5.
System Requirements
This section describes the hardware supported by ACNS software, Release 5.1.5.
Hardware Supported
ACNS software, Release 5.1.5 supports the same hardware platforms that were supported in the ACNS 5.1 and 5.1.3 releases. The following hardware platforms are supported:
New or Changed Information
This section describes new or changed information for the ACNS 5.1.5 release. It covers the following topics:
•
•
•
Note
New Manifest File Attribute
In ACNS software, Release 5.1.5 there is a new manifest file attribute, ignoreOriginPort. The ignoreOriginPort attribute controls content playback and allows the use of nonstandard ports to play back pre-positioned content. In previous releases of ACNS software, playback of pre-positioned content using nonstandard ports was not supported (see the "Pre-Positioned Content" section).
The ignoreOriginPort attribute is supported under the following tags:
•
•
•
•
The ignoreOriginPort attribute is optional. Valid values for the ignoreOriginPort attribute are true or false. The default is false. In the following example, the ignoreOriginPort attribute is specified in the <item> tag and is set to true.
<item scr="<http//10.77.155.211/abc.html>http//10.77.155.211/abc.html"ignoreOriginPort="true" />If an item is acquired with the attribute set to true (ignoreOriginPort=true), then the content is played back even if the incoming URL that was used to request the content contains a nonstandard port. For example, if content is acquired as:
<http//www.foo.com/abcd.xml>http//www.foo.com/abcd.xmlthen the content can be played back as:
<http//www.foo.comXXXX/abcd.xml>http//www.foo.comXXXX/abcd.xmlwhere XXXX is the port number.
For more information about using a manifest file to acquire and distribute content in an ACNS 5.1 network, refer to Chapter 7, "Creating Manifest Files," in the Cisco ACNS Software Deployment and Configuration Guide, Release 5.1.
Filtering Support for HTTPS Requests with SmartFilter
In ACNS 5.1.5 software, HTTPS WCCP intercepted requests can be filtered with SmartFilter.
Manually Downloading the SmartFilter Control List
The intent of the SmartFilter Control List is not to categorize every available URL on the Internet. Instead, it focuses on categorizing those Internet sites that are considered unproductive or inappropriate for typical business or educational environments. The 30 predefined SmartFilter Control List categories encompass a wide variety of material. Some categories are focused on reducing legal liability of a company. These 30 categories are set to "Deny" in the default SmartFilter software policy. Some categories contain such sites as MP3 sites (sites that content that consumes excessive bandwidth). The remainder of these 30 categories are considered unproductive or inappropriate for business or educational environments.
SmartFilter software also provides ten user-defined categories that allow you to further tailor access by defining and filtering sites that are not included in the SmartFilter Control List. Additionally, you can exempt any site that you would like specific groups or individuals to access quickly and easily.
Secure Computing uses automated tools to search the Internet continuously for new sites and pages that meet the content criteria for the 30 predefined Control List categories. Candidate sites are presented to Secure Computing Control List technicians for personal review. As a rule, sites are not added to the SmartFilter Control List without first being viewed and approved by Secure Computing Control List technicians.
Note
You can use the SmartFilter Administration Console to define a SmartFilter Control List download schedule. The Download Setup window tracks the download site, your username, and your password. If you do not download an updated SmartFilter Control List at least monthly, the SmartFilter software considers the Control List "expired," and invokes the action that you specified in the SmartFilter License window.
If the SmartFilter Control List (sfcontrol file) was not properly downloaded from the Secure Computing FTP site and you used FTP to transfer this sfcontrol file from one Content Engine to another, this can cause the cache process to restart.
To stop SmartFilter from restarting the cache process, complete the following tasks, which include manually downloading the SmartFilter control list to the Content Engine:
1.
For example, enter the no url-filter http smartfilter enable global configuration command to disable this feature through the Content Engine CLI.
2.
3.
For example, enter the url-filter http smartfilter enable global configuration command to disable this feature through the Content Engine CLI.
4.
a.
b.
c.
d.
e.
f.
Note
Fetching the Preload File over HTTPS
When configuring a preload file in the Content Engine CLI, the pre-load global configuration command only had the HTTP or FTP option in ACNS 5.1.x software earlier than Release 5.1.5. There was no mechanism in place to fetch the preload file securely. In ACNS software, Release 5.1.5 the ability to fetch the preload file over HTTPS was added.
Important Notes
This section emphasizes important information regarding ACNS 5.1.x software.
•
•
•
•
Media File System Issues When Downgrading to ACNS 5.0 Software
If you have configured the media file system (mediafs) with ACNS 5.1 software or later, and then downgrade to ACNS 5.0 software, the mediafs disk space assignment is lost and it reverts to ACNS network file system (cdnfs) disk space. (The mediafs is used for on-demand content that is fetched through the two streaming protocols [RTSP and WMT]. The cdnfs is used for pre-positioned content in the ACNS network.)
This situation occurs because of a design change that was implemented in ACNS 5.1 software. Because ACNS 5.0 software is not compatible with this change, the disk space becomes assigned to cdnfs instead of mediafs. To work around this problem, follow these steps:
1.
Use the Content Distribution Manager GUI for Content Engines that are registered with a Content Distribution Manager. Use the Content Engine GUI for standalone Content Engines (that is, Content Engines that are not registered with a Content Distribution Manager and are being managed through the Content Engine GUI or CLI).
2.
Websense Issues When Downgrading to ACNS 5.0 Software or ACNS 5.1 Software
If the local (internal) Websense server is enabled on the Content Engine and you downgrade from the ACNS 5.2.x software to ACNS 5.0 software or ACNS 5.1 software, the WebsenseEnterprise directory is removed from the Content Engine and the local Websense server stops working. Note that the ACNS 5.2.x software does not generate an error message indicating that the WebsenseEnterprise directory has been removed.
To avoid this problem when downgrading from ACNS 5.2.x software to ACNS software 5.1 or ACNS 5.0 software, follow these steps:
1.
2.
3.
Scheduling Live Events for Multiple Content Engines
When you schedule a program for a live event, we strongly recommend that you use Greenwich Mean Time (GMT) instead of the local time of the Content Engine that is delivering the program. If you are transmitting the live event across multiple Content Engines that span different time zones, and you schedule local time on each Content Engine instead of GMT, the live transmission is likely to fail.
Multicast Sender Nonretroactive Scheduling Rule
In ACNS 5.1 software, a primary multicast sender automatically schedules the first carousel pass, which sends multicast content to receiver Content Engines. However, ACNS software enforces a nonretroactive scheduling rule, which states that a multicast sender cannot send any files that arrived 10 minutes before it became a multicast sender. Thus, in ACNS software, Release 5.1, when a Content Engine becomes the active primary sender, it does not automatically schedule the first carousel pass to include content that is over 10 minutes old. If you want the old content sent, you must use the distribution multicast resend EXEC command without the on-demand-only option specified. (The on-demand-only option triggers a resend only when a negative acknowledgement [NACK] is issued. In this instance, you want to trigger the resend without a NACK from the receiver.)
After the first multicast carousel pass is complete (whether you manually triggered the resend using the distribution multicast resend command or whether the primary sender completed the pass automatically), the primary sender then determines whether the next carousel pass for content will follow a fixed schedule or whether it will be triggered by NACKs from receiver Content Engines.
In ACNS 5.1 software, you can configure the primary sender to disregard NACKs from receiver Content Engines and send content based on a fixed schedule of carousel passes. To enable this behavior, use the multicast fixed-carousel enable global configuration command. In contrast, a backup multicast sender cannot be enabled for fixed carousel passes; on backup senders, carousel passes must always be triggered by NACKs from receiver Content Engines.
Note
The multicast fixed-carousel enable command is only available for the ACNS 5.1 software primary multicast sender. The default is no fixed carousel; the first carousel pass is automatic and future carousel passes are ondemand only, that is, they are triggered by NACKs.
Caveats
This section lists and describes the open and resolved caveats in ACNS software, Release 5.1.5. Caveats describe unexpected behavior in ACNS 5.1.5 software. Severity 1 caveats are the most serious; severity 2 caveats are less serious. Severity 3 caveats are moderate caveats.
Open Caveats - ACNS Software, Release 5.1.5
This section lists caveats that have not been resolved in ACNS software, Release 5.1.5. The open caveats are grouped into two categories:
•
•
Note
Open ACNS-IP/TV Software, Release 5.1.5 Integration Caveats
This section lists and describes caveats that are open in ACNS software, Release 5.1.5 and IP/TV software, Release 5.1.5, and are related to ACNS-IP/TV software integration.
•
Symptom: Requests for on-demand programs from clients in an ACNS network are sent to IP/TV Program Manager. IP/TV Program Manager treats these requests as standalone IP/TV on-demand program requests and directs them to the IP/TV Broadcast Server that can serve the request. This causes bandwidth issues and affects the functioning of IP/TV Server.
Condition: This problem occurs when IP/TV has been integrated in an ACNS network. It occurs when requests for on-demand programs that are exported to the ACNS network reach IP/TV Program Manager instead of being routed to the Content Engine that has the programs. This problem is related to routing failure or a routing error.
Workaround: Configure routing correctly in ACNS networks so that on-demand requests are directed to the nearest Content Engine that is capable of serving the program. Alternatively, you can change the proximity settings in IP/TV Program Manager so that it does not redirect the on-demand program requests to IP/TV Broadcast Servers. However, the second approach can also affect the serving of standalone on-demand programs.
•
Symptom: Content Engines in an ACNS network delete the acquired on-demand content when IP/TV Broadcast Server, which is configured to serve the program, does not have the media file available in its IP/TV media root directory.
Condition: This occurs when the associated media file is not available in the IP/TV Server media root directory. This can occur in any of the following cases:
–
–
–
–
Workaround: Make sure that a media file, which is associated with an on-demand program that is exported to an ACNS network, is not removed or renamed after the program has been created.
•
Symptom: The audio stream sounds discontinuous when you listen to a rebroadcast or video-on-demand (VOD) of a recorded MP4 file.
Condition: The symptom occurs with IP/TV-generated MP4 files that are streamed from a Cisco Streaming Engine. The problem only occurs with MP4 files that contain an MP3 audio track sampled at 8000 Hz. Streaming the file directly from IP/TV Server does not result in this problem.
Workaround: Use a sampling frequency of 11025 Hz or 22050 Hz while creating a live program with MP3 audio if the recorded file is to be deployed in an ACNS network. Alternatively, use the AAC codec instead of MP3.
•
Symptom: For ACNS-based IP/TV scheduled programs that use live-split-only content delivery mode, IP/TV Program Manager allocates multicast addresses to individual streams that are never used along the content delivery path.
Condition: The problem is observed with live-split-only programs.
Workaround: There is no known workaround.
Other Open ACNS Software, Release 5.1.5 Caveats
This section lists and describes caveats that are open in ACNS software, Release 5.1.5 and are not related to ACNS-IP/TV software integration.
•
Symptom: Content cannot be acquired using strong authentication from secure origin servers that use certificates from nonstandard certificate authorities (CAs). If strong authentication was chosen for content acquisitions from such a site, the acquirer error statistics will contain a 401 (Unauthorized) error code, and the acquirer error log contains the following error message:
Strong Cert Authentication rejects certificate due to error: ssl error codeCondition: This problem occurs if the origin server uses a certificate that is not known as a standard certificate to the ACNS software acquirer. For content acquisition from secure sites over HTTPS using strong authentication, only sites with certificates from standard certificate authorities are supported.
Note
Workaround: Use one of these workarounds:
–
–
•
Symptom: The Content Engine model CE-565 shows lower HTTP performance when it is attached to a Storage Array SA-7 device.
Condition: This problem occurs when the CE-565 has Windows Media Technologies (WMT) enabled and is attached to an SA-7 device.
Note
Workaround: Allocate less space to the cfs if a Storage Array is attached to the Content Engine.
•
Condition 1: The ACNS network is set up for multicast distribution with Content Engines subscribed to multicast-enabled channels. Multicast sender and receiver Content Engines are running mixed versions of ACNS software. All Content Engines have been successfully enabled for multicasting. The Content Distribution Manager is running ACNS 5.1.x software.
Symptom:
–
–
Note
Case 1: The primary sender is using an ACNS software release earlier than ACNS 5.1.x. The backup sender is using ACNS 5.1.x software, as is the receiver.
–
–
–
Case 2: Both the primary sender and the backup sender are using ACNS 5.1.x software. The receiver is using an ACNS software release earlier than ACNS Release 5.1.x.
–
–
Case 3: Both the primary sender and the receiver are using an ACNS software release earlier than ACNS Release 5.1.x. The backup sender is using ACNS 5.1 software.
–
–
–
Condition 2: Although you may have received a warning message from the Content Distribution Manager, you can still configure a Content Engine as a backup sender if the Content Engine is registered with a Content Distribution Manager running ACNS 5.1.x software and the Content Engine is running ACNS software earlier than ACNS Release 5.1.x. Cases 4 through 6 discuss the backup sender operating under these conditions.
Symptom: The Content Distribution Manager does not send related configuration information and configuration changes to the Content Engine running the earlier software version. This results in the the Content Engine not being able to identify itself as the multicast backup sender. This scenario might also occur if a backup sender using ACNS 5.1.x software is downgraded to an earlier software version through the Content Engine CLI.
Case 4: Both the primary sender and the backup sender are using an ACNS software release earlier than ACNS Release 5.1.x. The receiver is running ACNS 5.1 software.
–
–
Case 5: The primary sender and the receiver are using ACNS 5.1 software. The backup sender is using an ACNS software release earlier than ACNS Release 5.1.x.
–
–
Case 6: The primary sender is using ACNS 5.1.x software. Both the backup sender and the receiver are using an ACNS software release earlier than ACNS Release 5.1.x.
–
–
Condition 3: The Content Distribution Manager is using an ACNS software release earlier than ACNS Release 5.1.x. In software releases earlier than ACNS Release 5.1.x, only one sender is configurable for each multicast cloud.
Case 7: The sender is using ACNS 5.1.x software. The receiver is using a software release earlier than ACNS Release 5.1.x.
The sender behaves like a primary sender running ACNS 5.1.x software. That is, it sends the first round of content without requiring a NACK to trigger the carousel pass. However, the sender is unable to continue making carousel passes because the receiver is unable to send NACKs.
Case 8: Both the sender and the receiver are using ACNS 5.1.x software.
The sender is able to perform carousel passes and the receiver is able to send NACKs for missing content; however, there is no support for a backup sender or for configuring the NACK interval multiplier.
Case 9: The sender is using an ACNS software release earlier than ACNS Release 5.1.x. The receiver is using ACNS 5.1.x software.
–
–
Workaround for Cases 1 through 9: Upgrade both senders and receivers to ACNS 5.1.x software. Upgrade the sender first, and then upgrade the receivers.
Workarounds for Case 7 only:
–
–
•
Symptom: When IP address changes are made on a WCCP-enabled Content Engine, existing connections break, and new connections are not accepted for 30 seconds.
Condition: This problem occurs when you change IP addresses on a Content Engine that has WCCP enabled.
Workaround: Disable WCCP on the Content Engine before changing IP addresses on the Content Engine.
•
Symptom: The Content Engine displays the following error message:
KERNEL: assertion (atomic_read(&sk->wmem_alloc) == 0) failedCondition: The Content Engine displays this error message during normal operation.
Workaround: Ignore the error message.
•
Symptom: Users do not receive the requested page, or the requested page loads very slowly.
Condition: This problem occurs when the origin server sends back a response with "Connection: close," but does not close the connection. The Content Engine waits for the server to close the connection, until the Content Engine times out. Subsequent requests are affected and are not processed until the previous request is completed, thus causing the delay.
Workaround: Configure the Content Engine with a static bypass entry for the server.
•
Symptom: The HTTP proxy cache hit response time increases dramatically over time.
Condition: The Content Engine is overloaded (200 requests per disk spindle is the maximum for the CE-7305 and CE-7325).
Workaround: Reduce the load.
•
Symptom: When you use Windows XP with Windows Media Player Version 9.0.0.3008 installed, embedded Microsoft media files (for example, .asf files) cannot be retrieved over HTTP from a Content Engine that has the media files pre-positioned.
Condition: When the Content Engine has media files pre-positioned, and the Content Engine is not configured for either WMT or HTTP proxy services, media files must be retrieved over HTTP from a pre-positioned store on the Content Engine.
Workaround: Choose one of these workarounds:
–
–
•
Symptom: The CE-7325 does not respond to a console or Telnet session.
Condition: This situation can occur if the CE-7325 is experiencing a heavy WMT proxy load (approximately 3000 concurrent sessions of 300-kbps media requests) and the majority of the requests are cache misses. Even after the heavy load no longer exists, the CE-7325 does not respond to a console or Telnet session for another few minutes.
Workaround: Reboot the device.
•
Symptom: The CLI shell (in EXEC or configuration mode) exits unexpectedly in ACNS software.
Condition: This is very rare. When it occurs, there is a core.XXXX file in the /local1/core_dir directory, where XXXX is a number.
Workaround: Log in to the CLI shell again.
•
Symptom: Windows Media Technologies (WMT) is enabled with no media file system (mediafs) after you downgrade from ACNS 5.1b300 software to ACNS 5.0.7b8 software.
Condition: This occurs if you upgrade from ACNS 5.0.7b8 to ACNS 5.1bx software, configure the disk, and then downgrade to ACNS 5.0.7b4 software.
Workaround: Reconfigure the disk with a mediafs partition and reload the software.
•
Symptom: You cannot configure the Content Engine TACACS+ client to authenticate administrative users if the TACACS+ encryption key is not defined.
Condition: This problem is reported for a TACACS+ server configuration in conjunction with a Rivest, Sharmir, Adelman (RSA) token server. The problem occurs when the TACACS+ encryption key is not defined and the TACACS+ authentication server configuration involves an RSA server. There are no problems if the encryption key is configured. There are no authentication problems if the encryption key is not defined and the RSA token server is not involved in the configuration.
Workaround: Configure the TACACS+ encryption key for secure authentication.
•
Symptom: Rarely, core dumps from the login program may occur.
Condition: This problem appears to occur only very rarely when you try to use Telnet to access the Content Engine.
Workaround: There is no known workaround.
•
Symptom: The Content Engines fill up the / file system, and components then start to fail.
Condition: This problem may be related to SmartFilter configurations.
Workaround: There is no known workaroud.
•
Symptom: In rare circumstances the bypass counters may be incorrect.
Condition: This problem is likely to be seen under the following conditions:
–
–
Workaround: If the first condition is true, change the IP address assignments on the router so that the IP address assigned to the router interface from which packets are redirected to the Content Engine becomes the WCCP router ID. If the second condition is true, there is no known workaround.
•
Symptom: The MPEG-4 Microsoft codec has a pixilation problem. Irrespective of the resolution and bit rate, pixilation is seen.
Condition: This problem occurs when the MPEG-4 Microsoft codec and the Video for Windows codec are used at higher resolutions.
Workaround: Use the MPEG-4 ISO codec instead of the MPEG-4 Microsoft codec.
•
Symptom: The Content Engine WMT server sends WMT streaming packets at a faster rate than it should.
The problem occurs only if the stream file is generated by the Windows Media Player Version 9 encoder. The higher the bit rate, the more serious the problem. For a 1500-kbps stream, the Content Engine sends it at 1600 kbps; for a 2100-kbps stream, the Content Engine sends it at 3100 kbps.
Condition: This problem causes both Windows Media Player Version 8 and Windows Media Player Version 9 to exhaust the receive buffer and to start dropping packets, which will cause inferior audio and video quality. Windows Media Player Version 7 experiences the same problem when using MMSU. However, Windows Media Player Version 7 operates better when using MMST or HTTP instead because it stops receiving packets instead of dropping them, which triggers the TCP flow control on the Content Engine side to pause sending.
Workaround: Use either of the following workarounds:
–
–
•
Symptom: Pre-positioned content is proxied to the origin server.
Condition: When content is acquired, the manifest file has an item AuthFlag=True. For content to be authenticated, the request is proxied to the origin server.
Workaround: Do not set the AuthFlag to true. If you need to authenticate content, then there is no known workaround for users of ACNS 5.1.x software.
•
Symptom: The Content Engine pauses indefinitely in all processing tasks. The kdb (kernel debugger) prompt appears.
Condition: This problem occurs when Windows Media Technologies (WMT) live splitting is used with WMT video-on-demand (VOD) on a Content Engine.
Workaround: Use the no wmt fast-live-split enable global configuration command to disable the high-performance live splitting feature on the Content Engine. This should bypass some kernel work. However, this workaround is not recommended if the highest WMT live-split performance is required from this Content Engine.
•
Symptom: The Centralized Management System (CMS) becomes unresponsive on a Content Distribution Manager or reports a timeout error.
Condition: This problem occurs if the CMS locks up on the Content Distribution Manager because of massive device registration and activation within a short time.
Workaround: Restart the CMS on the Content Distribution Manager.
•
Symptom: The DNS cache setting on the Content Engine does not affect the DNS behavior of the HTTP proxy.
Condition: This occurs if both the DNS cache and an HTTP proxy are being used.
Workaround: There is no known workaround.
•
Symptom: Websense filtering stops working if you configure Websense to use custom filters. For example, the LDAP user attribute is changed from uid to employeenumber in the Websense advanced directory settings. This allows users to use their employee number for authentication; however, LDAP expression filtering will stop working.
Condition: This problem occurs when custom filtering is used. This problem does not occur if the Websense default LDAP expression filter is used.
Workaround: There is no known workaround.
•
Symptom: When you attempt to edit the list of locations through the Content Distribution Manager GUI, a processing error for the request occurs.
Condition: This problem can occur when there are a large number of locations and you try to edit the list of locations before the entire list is populated in the Content Distribution Manager GUI.
Workaround: Wait until the list of locations is fully populated in the Content Distribution Manager window before you make any changes to the list.
•
Symptom: TV-out playback fails with media files that are larger than 2 GB.
Condition: This problem can occur when the Content Engine with TV-out capabilities attempts to play back media files that are larger than 2 GB.
Workaround: There is no known workaround.
•
Symptom: Non-HTTP requests are blocked by the Content Engine.
Condition: This problem can occur if the client sends a non-HTTP request to the Content Engine.
Workaround: There is no known workaround.
•
Symptom: The Content Engine's error log file under /local1/errorlog/errlog-cache* contains many of the following error messages
Thu Dec 18 14:41:59 2003: 257: dir(0x91c5440) val 5937736 link list length 13where the link list length is greater than 5.
Note
Condition: This problem occurs when there are duplicate cache disk file system object entries for the same object. When a record is inserted into the hash table, there can be slower performance for a long list of duplicates because the entire list is searched.
Workaround: There is no known workaround.
•
Symptom: If you edit a file-based scheduled program and the Quality of Service (QoS) feature is configured, the revised program retains the QoS configuration even if you disable the QoS feature.
Condition: This problem occurs only with file-based scheduled programs; it does not occur with live programs.
Workaround: The only known workaround is re-creation. To remove the QoS configuration, delete the program and then re-create the program without configuring the QoS feature.
•
Symptom: An SNMP request that is sent to a physical interface address is returned to the SNMP manager with the IP address of the virtual (standby) group.
Condition: This occurs when you are running ACNS software with a standby IP group and the default gateway is on the subnet that belongs to the virtual IP address, without a closer matching "ip route" statement. Because no other route is configured, the network layer of the Content Engine uses the default gateway and the virtual IP address.
Workaround: Use the ip route dest_addrs net_addrs gateway_addrs global configuration command to add a more specific IP route to the Content Engine. Configure this more specific IP route so that the returned request uses the intended physical interface and the intended Content Engine IP address instead of the default gateway and the virtual IP address.
•
Symptom: The following error messages occur after you enter the write memory EXEC command:
CE# write memoryopen cli lock tmp_uids: Permission deniedexec_copy: Copy adm_b_db to SS failed. status = (1,12).Ignore if you didn't change RealServer config.After these errors occur, the configuration for the system's nonadministrative users, who have a privilege level of 15, is lost after the reload.
Condition: This problem occurs if the following conditions exist:
–
–
Workaround: Log in to the Content Engine as a user who is configured with a privilege level of 15 before you issue the write memory command.
•
Symptom: The Content Engine is not able to use Microsoft Network Messenger when port 1863 is blocked and WCCP transparent redirection is enabled.
Condition: This problem occurs when the http persistent-connections server-only global configuration command is used.
Workaround: Disable the http persistent-connections server-only command.
•
Symptom: Users must reenter their username and password information in the login popup window in order to be authenticated.
Condition: This problem occurs when the authentication realm is changed on the Content Engine and the users have been authenticated with the old realm and have checked the Save username and password check box in the popup window then the users must reenter their username and password information.
Workaround: There is no known workaround.
•
Symptom: A Content Engine reports the following type of error messages:
Jan 15 16:41:08 webserver PAM adding faulty module: /lib/security/pam_unix.soJan 15 16:41:12 webserver PAM unable to dlopen(/lib/security/pam_unix.so)Jan 15 16:41:12 webserver PAM [dlerror: libnsl.so.1: failed to map segmentfrom shared object:Cannot allocate memory]Condition: This problem can occur with Content Engines that are running ACNS 5.1.5 software.
Workaround: There is no known workaround.
•
Symptom: A Content Engine that is running ACNS 5.1.x hangs after a few hours.
Condition: This problem can occur after the following command is entered on the Content Engine:
rule pattern-list 11 src-ip x.x.x.x 255.255.255.255where x.x.x.x is a customer public address. All requests through that reverse proxy are denied or rejected.
Workaround: To restore service, remove the command.
•
Symptom: The client makes a request for some Windows Media content using a simplified hybrid routing (SHR)-style URL (http://FQDN/path/file.asf.asx) and receives a 404 error message.
Condition: This problem occurs when the client is using as its proxy a Content Engine that has the requested content pre-positioned on it. The client sends the SHR-style request directly through that Content Engine. That Content Engine knows it can serve the content itself, and returns an Active Stream Redirector (ASX) file for the Microsoft Media Server (MMS) stream. However, the Content Engine does not change the server portion of the URL, so the URL still points to the Content Router's fully qualified domain name (FQDN). The client therefore attempts to establish an MMS connection to the Content Router. The Content Router is not listening for MMS requests and immediately closes the connection. The client may eventually retry HTTP, which does go through the Content Engine but is then in a form that the Content Engine does not understand (that is, it includes "uns_uns/FQDN"). Consequently, the Content Engine returns a 404 error message to the client.
Workaround: For the Content Router FQDN, set up a bypass list entry in your PAC file or in the browser configuration so that any requests to the Content Router go directly to the Content Router and not through the proxy. If WCCP is used, you may need to set up static bypass for the Content Router on the Content Engine.
•
Symptom: The Content Engine shows slower HTTP caching performance when it is attached to a Storage Array SA-14 device, and its syslog contains log messages such as the following:
%CE-SYS-5-900000: __alloc_pages: 0-order allocation failed%CE-SYS-5-900000: Out of socket memoryCondition: This problem can occur on Content Engines (for example, the CE-7325) that have a large cache file system (cfs) because they are attached to a Storage Array SA-14 device.
This problem can also occur because of to resource exhaustion due to frequent requests from the virus protection software on the client desktops to www.microsoft.com:80. (This situation is visible in transaction logging.)
Workaround: If you are using WCCP, add static bypass entries for IP addresses that are associated with www.microsoft.com. If you are not using WCCP, there is no known workaround.
•
Symptom: A constant stream of bandwidth error messages (one about every 2 seconds) is reported in the syslog. As the following sample messages indicate, these messages are not very useful.
Feb 11 13:24:26 webcache01 bandwd: %CE-BANDWD-3-115002: BANDWD:Trying again in two secondsFeb 11 13:24:28 webcache01 bandwd: %CE-BANDWD-3-115003: BANDWD:verification registration failed, err=30Workaround: There is no known workaround.
•
Symptom: DNS caching is enabled on the Content Engine, but DNS caching does not occur.
Condition: This problem occurs when the DNS caching service is enabled but does not start.
Workaround: In some cases, you can force the DNS caching service to be enabled and start by adding the following lines:
dns use-expired enabledns min-ttl 5dns max-ttl 86400 (this is the default value and will not show up in config)•
Symptom: An intermittent slow response occurs in a Content Engine that is functioning as an HTTP proxy server. Users experience timeouts of 5 to 10 seconds once or twice a day when accessing the Internet.
Condition: This problem can occur after you upgrade to ACNS 5.1.x software.
Workaround: There is no known workaround.
•
Symptom: With ACNS software, you can specify cdn-url as an optional attribute of distributed content. This option only works when the media is pre-positioned on the Content Engine and the origin server does not have to be contacted for any reason to fulfill the request.
Condition: You cannot use the cdn-url attribute if the origin server needs to be contacted to fulfill the request, for example, in such situations as the following:
–
–
–
Workaround: Do not use the cdn-url attribute in the affected situations.
•
Symptom: A request for a large pre-positioned file over HTTP results in packets that appear to be fragmented.
Condition: This problem occurs if the IP fragmentation bit is not set but the packet seems to be fragmented (for example, adding the total packet size of the larger packet to the data portion of the second packet equals 1,514 total bytes).
Workaround: There is no known workaround.
•
Symptom: When you enter the URL to a software upgrade meta file in the Content Distribution Manager software upgrade registration page, you receive an error message such as the following:
Transaction Not CompletedURL http://examplehost/test space/ACNS-5.1.3.15-K9.meta.txt is unreachable.Condition: This problem occurs if you include a space when specifying the URL to a software upgrade meta file. Meta files to upgrade ACNS software do not accept spaces within URLs.
Workaround: Do not include any spaces when specifying the URL to a software upgrade meta file.
•
Symptom: The cache application exits because of an intentional error checking in the code that fails, which causes a brief interruption in caching services while the application restarts. Output from the show tech-support EXEC command shows a crash trace with "eip=0x2599bd51" for ACNS build 5.1.3.b14 software as shown below:
Begin stack trace:signal(6), bin size(1717100), version (5.1.3.b14),built by (jsmith) at Feb 2 2004 18:27:42,crash time(Thu Feb 19 14:47:19 2004)Working Thread 1: Process 13116 stack(esp=0xbffff2dc, ebp=0xbffff308, eip=0x2599bd51)Condition: The Content Engine is configured with the following command to cache HTTP responses that contain the response header "Vary: User-Agent"
Content Engine (config)# http cache-vary-user-agent enableWorkaround: Remove the configuration for caching responses with the "Vary: User-Agent" response header by using the following global configuration command.
ContentEngine(config)# no http cache-vary-user-agent enable•
Symptom: The Content Engine stops spoofing the client IP address, and uses its own IP address to fetch content from the origin server.
Condition: The http l4-switch spoof-client-ip enable global configuration command turns on IP spoofing on the Content Engine that is functioning as a caching engine. When a rule action user-server global configuration command is used, the Content Engine stops spoofing the client IP address and instead uses its own IP address to fetch the content.
Workaround: There is no known workaround.
•
Symptom: The network management system (NMS) host does not know where the SNMP traps are coming from.
Condition: This problem occurs if there are two interfaces and you configure interface redundancy using both interfaces. You must use a dummy address for the physical addresses. You then configure a real address that floats between the two interfaces. If you then configure SNMP traps, the traps are being sourced from the dummy address and not the routable address. Therefore the NMS host does not know where the trap is coming from.
Workaround: There is no known workaround.
•
Symptom: A Content Engine stops forwarding traffic (requesting pages from the origin server) after you change a rule on the Content Engine.
Condition: This problem can occur on Content Engines that are upgraded from ACNS 5.1.x software to another version of ACNS 5.1 software and have rules added or modified.
Workaround: To restore the functionality, reboot the Content Engine without saving the running configuration. Delete all newly added group-type AND patterns.
•
Symptom: Although you configured the Content Engine to use nonpersistent connections (by issuing the rule no-persistent-connection global configuration command), the Content Engine ignores this rule and uses persistent connections to connect to clients and servers.
Condition: After you upgrade from ACNS 5.1 or 5.1.3 software to ACNS 5.1.5 software, the rule no-persistent-connection command fails; persistent connections are used.
Workaround: There is no known workaround.
•
Symptom: The transaction log records the wrong server name.
Condition: This problem can occur when certain requests are redirected to different servers because of the defined rules.
Workaround: There is no known workaround.
•
Symptom: Users receive a "400 Bad Request" error message from a website.
Condition: This problem can occur with POST requests because the Content Engine splits the HTTP header into two packets. The server then responds with a "400 Bad Request" error message.
Workaround: There is no known workaround.
•
Symptom: A core file from the ICAP service is seen in the core directory.
Condition: This problem only occurs with some websites.
Workaround: There is no known workaround. The ICAP service is immediately restarted by the system.
•
Symptom: Users experience problems when they access FTP servers that require a username and password.
Condition: When using FTP-over-HTTP to access an FTP server, users are not prompted under the following situations:
–
–
Workaround: There is no known workaround.
•
Symptom: DNS lookup is performed in transparent mode even if no object validation is required.
Condition: Even if no http object url-validation enable global configuration command is used, the statistics on the Content Engine indicate that DNS lookup has occurred and the traces on the VLAN caches indicate DNS requests, as shown in the following example.
ce7325# show statistics dns-cacheMax cache size: 10000----- DNS Cache Statistics -----Total DNS lookups: 2Workaround: There is no known workaround.
•
Symptom: Requests for pre-positioned content that are larger than 256 kilobytes return an error message indicating that the bandwidth has been exceeded. Similar error messages are reported in /local1/logs/apache/error_log.
Condition: This problem occurs with Content Engines that are running ACNS 5.1.3 software.
Workaround: Reboot the Content Engine.
•
Symptom: When you click links from the table of contents or the index of the ACNS Content Distribution Manager online help, the links open in the same pane, that is, the left pane, which contains the table of contents and the index, instead of opening in the right pane, which contains the help topics.
Condition: This problem occurs after you install Microsoft security update MS05-026. This security patch disables cross-frame navigation features that are based on HTML Help ActiveX control (HHCTRL).
Workaround: To reenable cross-frame navigation features that are based on HHCTRL, modify your Windows registry as explained in Microsoft Knowledge Base article 896905, which is available at this URL:
http://support.microsoft.com/kb/896905/
•
Symptom: Websense Manager cannot connect to the local Websense server (the Websense server runs as a separate process on the Content Engine instead of running on a separate system).
Condition: This problem occurs if use an external IP address from Websense Manager to connect to the local Websense server (Version 5.0.1) that is running on the Content Engine.
Workaround: There is no known workaround.
•
Symptom: A pre-positioned content object is lost after you configure a disk and reload the Content Engine.
Condition: If the amount of cdnfs content approaches the amount of disk space allocated to the cdnfs, then cdnfs content is removed to ensure that the cdnfs file system can be resized properly to hold the saved content. In ACNS 5.0.x software, the content is moved out of the file system (if other file systems that can hold the content are detected) or is deleted (if other file systems that can hold the content are not detected) when a disk configuration is performed and 90 percent or more of the cdnfs file system is used.
Workaround: Choose one of the following workarounds:
–
–
–
•
Symptom: The Websense policy server and user server generate core files.
Condition: This problem occurs when the Websense server is running on ACNS 5.1.x software with a version of the Websense Manager that is earlier than Version 5.0.1 build 20030722. This problem does not exist when the Websense server is running on ACNS 5.0.3 software.
Workaround: Download Websense Manager Version 5.0.1 build 20030722.
•
Symptom: If there is a WCCP transparent proxy between the ACNS network root Content Engine and the content origin server, and the proxy requires NTLM authentication, then the ACNS network acquirer may fail to acquire content in the following scenario:
1.
2.
3.
Condition: This occurs with ACNS 5.1.x software.
Workaround: Restart the acquirer through the acquisition-distribution stop and acquisition-distribution start commands.
•
Symptom: In ACNS 4.2 software, rules are configured only for HTTP and not for streaming protocols. If a Content Engine that is configured with rules and is running ACNS 4.2 software is upgraded to ACNS 5.1.x software, then these rules are configured with the protocol type "all."
Condition: This occurs when the software is upgraded to ACNS Release 5.1.x from ACNS Release 4.2.
Workaround: If you do not want the rule to be applied for some of the rule actions, you can change the rule configuration as required.
•
Symptoms: In HTTPS acquisition with directory indexing crawling, when the starting URL lacks a forward slash (/) at the end, the acquirer fails with a 700 error message.
Condition: In HTTPS acquisition with directory indexing crawling, when the starting URL lacks a forward slash at the end, the server returns a 302 Redirect message and redirects the request to the starting URL with a forward slash at the end. However, some servers may return some data in addition to the headers in the HEAD request. In such scenarios, the acquirer fails with a 700 error message.
Workaround: Add a forward slash to the starting URL in the manifest file.
•
Symptom: An FTP client application stops receiving data for a data transfer operation such as a directory listing (ls) or file transfer (GET). The same symptom can occur for FTP-over-HTTP data transfers from the FTP server to the Content Engine.
Condition: For FTP client applications, the Content Engine must be using the FTP proxy through WCCP redirection, configured for following the FTP client's mode for establishing a data connection. The FTP client application must have also been set to use active mode to the FTP server.
ContentEngine(config)# wccp ftp router-list-num numberContentEngine(config)# wccp version 2ContentEngine(config)# ftp proxy active-mode enableFor FTP-over-HTTP data transfers, the Content Engine must be configured for an FTP incoming proxy and configured to use active mode to the FTP server. The client browser must be configured to use the Content Engine FTP proxy for FTP URLs.
ContentEngine(config)# ftp proxy incoming portContentEngine(config)# ftp proxy active-mode enableThe symptoms can occur with the configurations described above and when the FTP server starts sending data packets that are received out of order by the Content Engine before the Content Engine sends the TCP connection establishment SYN-ACK packet to the FTP server.
Workaround: Remove the Content Engine active mode configuration by issuing the following configuration command:
ContentEngine(config)# no ftp proxy active-mode enableWhen this symptom occurs on an FTP client application, press Ctrl-C simultaneously to stop the partial data transfer operation.
When this symptom occurs on a browser configured for FTP-over-HTTP, click the STOP button to stop the partial data transfer operation.
•
Symptom: When you have numerous pattern lists configured (ORed together) and you downgrade from ACNS 5.1.x software to ACNS 5.0 software, then the first pattern list configuration is used. All other pattern lists are lost.
Condition: This problem occurs when you downgrade from ACNS 5.1.x software to ACNS 5.0 software and you have multiple pattern lists configured (ORed together). If you upgrade from ACNS 5.0 software to ACNS 5.1.x software, then the rules are converted properly. If you then downgrade to ACNS 5.0 software (without changing the rules; for example, not using ACNS 5.1.x software-specific syntax such as ORing) then there is no problem; all rules are converted properly.
Workaround: There is no known workaround.
•
Symptom: When you have numerous pattern lists configured (ORed together) and you downgrade from ACNS 5.1.x software to ACNS 4.2 software, then the first pattern list configuration is used. All other pattern lists are lost.
Condition: This occurs when you downgrade from ACNS 5.1.x software to ACNS 4.2 software and you have multiple pattern lists configured (ORed together). If you upgrade from ACNS 4.2 software to ACNS 5.1.x software, then the rules are converted properly. If you then downgrade to ACNS 4.2 software (without changing the rules, for example, not using ACNS 5.1.x software-specific syntax such as ORing) then there is no problem; all rules are converted properly.
Workaround: There is no known workaround.
•
Symptom: The cache process crashes while passing
Guest
