Table Of Contents
Release Notes for Cisco ACNS Software, Release 5.3.7
New Features in the ACNS 5.3.7 Software
New Rule Pattern to Filter Content Based on the X-forwarded-for IP Address
New CLI Commands and GUI Support for Managing Outgoing Proxy Monitoring
Eliminated Upgrade/Downgrade Paths
Media File System Issues When Downgrading to ACNS 5.0 Software
SmartFilter Issues When Upgrading or Downgrading to Another ACNS Software Release
Websense Issues When Downgrading to the ACNS 5.0 Software or ACNS 5.1 Software
Interoperability with ICAP Vendors
Matrix of Supported Caching, Filtering, and Authentication Methods
Open Caveats—ACNS 5.3.7 Software
Resolved Caveats—ACNS 5.3.7 Software
Acquisition and Distribution Resolved Caveats
Media and Streaming Resolved Caveats
Proxy and Caching Resolved Caveats
Software Upgrade and Downgrade Resolved Caveats
WAE Platform Support in the ACNS 5.3.3 Software and Later Release
Enhancements to the Envivio-Cisco Streaming Engine Interoperability
Retention of m4e File Extensions for Envivio-Based Programs
Support of Dynamic Content Routing Added in the ACNS 5.3.3 Software and Later Releases
Content Distribution Manager GUI-Related Changes in the ACNS 5.3.3 Software Release
Restoring Factory-Default Settings for Real Networks License Keys
Ability to Configure TCP Memory Limits
CLI-Related Changes in the ACNS 5.3.3 Software and Later Releases
Rule Command for Converting Hostnames to IP Addresses Was Added in the ACNS 5.3.3 Software Release
Output of the show programs EXEC Command Was Modified in the ACNS 5.3.3 Software Release
Cisco Product Security Overview
Reporting Security Problems in Cisco Products
Obtaining Technical Assistance
Cisco Technical Support & Documentation Website
Definitions of Service Request Severity
Obtaining Additional Publications and Information
Release Notes for Cisco ACNS Software, Release 5.3.7
April 26, 2006
ACNS Build 5.3.7-b8
Note
The most current Cisco documentation for released products is available at Cisco.com at http://www.cisco.com. The online documents may contain updates and modifications made after the hardcopy documents were printed.
Contents
These release notes contain information about the Cisco Application and Content Networking System (ACNS) 5.3.7 software. These release notes describe the following topics:
•
•
•
Introduction
The ACNS software combines the technologies of demand-pull caching and pre-positioning for accelerated delivery of web applications, objects, files, and streaming media; the ACNS software runs on Cisco Content Engines, Content Distribution Manager, and Content Router hardware platforms.
These release notes are intended for administrators who will be configuring, monitoring, and managing devices that are running the ACNS 5.3.7 software. These release notes describe the new product features, the supported hardware, and the open and resolved caveats regarding the ACNS 5.3.7 software release.
New and Changed Information
This section describes new and changed features in the ACNS 5.3.7 software release. It also lists the supported hardware.
New Features in the ACNS 5.3.7 Software
The ACNS 5.3.7 software introduces the following new features and enhancements:
•
•
Enhancements to ICAP Support
The Internet Content Adaptation Protocol (ICAP) is an open standards protocol for content adaptation, typically at the network edge. The ACNS 5.3.7 software supports the following enhancements for ICAP support:
•
•
•
•
ICAP Request Modification Support for HTTPS Requests
The ACNS 5.3.7 software supports an ICAP request modification (reqmod) for the HTTPS proxy-style requests. Support for ICAP reqmod processing allows proxy-style requests that use HTTPS protocol to be modified as they are sent from the Content Engine to the ICAP server on their way to the origin server. For more information on ICAP support, see the "Interoperability with ICAP Vendors" section.
Compatibility with the Data Trickling of WebWasher ICAP Server
The ACNS 5.3.7 software allows you to download large files over an ICAP-enabled network. Because of some compatibility issues with the data trickling feature of the WebWasher ICAP server, downloading large files over ICAP-enabled ACNS networks used to fail before the download was completed. However, starting with release 5.3.7, the ACNS software has become compatible with the data trickling feature of the WebWasher ICAP server.
Support for Accessing Blank Pages over ICAP-Enabled Networks
The ACNS 5.3.7 software allows you to access blank pages (null body pages, where there is no content) over an ICAP-enabled ACNS network. When you try to access blank pages, earlier versions of the ACNS software used to return error messages saying that the page could not be retrieved because the server was either unreachable or temporarily busy.
New CLI Command and GUI support for Configuring ICAP Connection Timeout
The ACNS 5.3.7 software allows you to configure a timeout value for ICAP connections. You can configure an ICAP connection timeout value using the following CLI command:
CE(config)#icap connection-timeout minutesYou can enter a number between 1 and 480 as the ICAP connection timeout interval in minutes to allow a longer timeout interval when you want to download large files from ICAP-protected sites.
Alternatively, you can configure the ICAP connection timeout from the Content Distribution Manager GUI.
To configure the ICAP connection timeout from the Content Distribution Manager GUI, follow these steps:
Step 1
Step 2
Step 3
Step 4
Step 5
New Rule Pattern to Filter Content Based on the X-forwarded-for IP Address
The ACNS 5.3.7 software allows you to use a new rule pattern to filter content based on the x-forwarded-for IP address in the HTTP header. The x-forwarded-for attribute contains the IP address of the device from where the request originated. Only the use-server rule action is supported for the x-forwarded-for rule pattern. The use-server action sends server-style HTTP requests from the Content Engine to the specified IP address and port on a cache miss.
You can configure the x-forwarded-for rule pattern using the following CLI command:
CE(config)#rule pattern-list 1 header-field x-forwarded-for ip-addressAlternatively, you can configure the x-forwarded-for rule pattern from the Content Distribution Manager GUI.
To configure the rule-pattern from the Content Distribution Manager GUI, follow these steps:
Step 1
Step 2
Step 3
Step 4
Step 5
a.
a.
b.
Step 6
a.
Note
b.
Step 7
For more information on creating rule patterns and configuring rule actions, see Chapter 16, "Configuring Request Processing Services" in the Cisco ACNS Software Configuration Guide for Centrally Managed Deployments, Release 5.3.
New CLI Commands and GUI Support for Managing Outgoing Proxy Monitoring
The Cisco ACNS 5.3.7 software allows you to enable and disable the monitoring of an outgoing proxy for HTTP, HTTPS, and FTP-over-HTTP services. Typically, in an ACNS network, the outgoing proxy is monitored at regular user-configured intervals and is marked dead if there is no response from the proxy in the given interval. When you have only one outgoing proxy configured on your device, you can disable the proxy monitoring because there is no alternative to route the traffic even when the outgoing proxy is marked dead. Similarly, when you have multiple outgoing proxies but do not want to use proxies other than the primary proxy, you can disable the monitoring and ensure that all requests are sent to the primary proxy, that is, the first outgoing proxy configured on that device.
The Cisco ACNS 5.3.7 software introduces the following global configuration commands for enabling and disabling the monitoring of outgoing proxy for HTTP, HTTPS, and FTP-over-HTTP services:
CE(config)# http proxy outgoing monitor enableCE(config)# no http proxy outgoing monitor enableCE(config)# https proxy outgoing monitor enableCE(config)# no https proxy outgoing monitor enableCE(config)# ftp-over-http proxy outgoing monitor enableCE(config)# no ftp-over-http proxy outgoing monitor enableBecause monitoring of the outgoing proxy is enabled by default, only the no form of these commands is displayed in the show running config file. When you disable the monitoring, the show {http | https | ftp-over-http} proxy command does not show any proxy as dead; instead, the command displays only the IP address and port number for the proxies.
In the Cisco ACNS 5.3.7 software, you can also enable or disable the monitoring of outgoing proxies from the Content Distribution Manager GUI.
To enable or disable the monitoring of outgoing proxies from the Content Distribution Manager GUI, follow these steps:
Step 1
Step 2
Step 3
Step 4
Step 5
Hardware Supported
The ACNS 5.3.7 software supports the following hardware platforms.
Note
Important Notes
This section emphasizes important information regarding the ACNS 5.3.x software. It includes the following sections:
•
•
•
•
•
•
Eliminated Upgrade/Downgrade Paths
In the ACNS 5.3.x software release, the following upgrade and downgrade paths were eliminated:
•
•
Media File System Issues When Downgrading to ACNS 5.0 Software
If you have configured the media file system (mediafs) with the ACNS 5.1 software and later releases, and then downgrade to the ACNS 5.0 software, the mediafs disk space assignment is lost and reverts to the ACNS network file system (cdnfs) disk space. (The mediafs is used for on-demand content that is fetched through the two streaming protocols [RTSP and WMT]. The cdnfs is used for pre-positioned content in the ACNS network.)
This situation occurs because of a design change that was implemented in the ACNS 5.1 software. Because the ACNS 5.0 software is not compatible with this change, the disk space becomes assigned to cdnfs instead of mediafs. To work around this problem, follow these steps:
1.
Use the Content Distribution Manager GUI for Content Engines that are registered with a Content Distribution Manager. Use the Content Engine GUI for standalone Content Engines (Content Engines that are not registered with a Content Distribution Manager and are being managed through the Content Engine GUI or CLI).
2.
SmartFilter Issues When Upgrading or Downgrading to Another ACNS Software Release
When you upgrade or downgrade the Content Engine to a different release of the ACNS software, if there is a difference in the SmartFilter plug-in version, the SmartFilter database and configuration files are deleted and default configurations are loaded. This change occurs because the configuration details might be changed with each new version of SmartFilter software. After each upgrade or downgrade of the SmartFilter plug-in, a fresh database has to be downloaded from the SmartFilter Administration Console to the Content Engine.
Websense Support
In the ACNS 5.3.x software, Websense server Version 5.2 is supported on all Cisco Content Engine platforms. With Websense 5.2.0 software, you can use a local or remote Websense Policy Server to activate the local EIM Server, the local RADIUS Agent, the local eDirectory Agent, the local Network Agent, and the local User Service individually on a Content Engine.
For detailed information about configuring the Websense software, go to the following URL on the Websense website:
http://ww2.websense.com/docs/support/documentation/setup/v52/WSPreinstall_CiscoCE_ACNS_53.pdf
Websense Issues When Downgrading to the ACNS 5.0 Software or ACNS 5.1 Software
If the local (internal) Websense server is enabled on the Content Engine and you downgrade from the ACNS 5.2.x software to either ACNS 5.0 software or ACNS 5.1 software, the WebsenseEnterprise directory is removed from the Content Engine and the local Websense server stops working. The ACNS 5.2.x software does not generate an error message indicating that the WebsenseEnterprise directory has been removed. However, in the ACNS 5.3.1 software and later releases, the following error message is displayed to notify you about this Websense downgrade issue:
WARNING:Websense does not support downgradeHence removing /local/local1/WebsenseEnterpriseWebsense will stop working after copy ftp installTo avoid this problem when downgrading from the ACNS 5.3.x or ACNS 5.2.x software to either ACNS 5.1.x software or ACNS 5.0.x software, follow these steps:
Step 1
Step 2
Step 3
Interoperability with ICAP Vendors
The Internet Content Adaptation Protocol (ICAP) is an open standards protocol for content adaptation, typically at the network edge. Content adaptation includes virus scanning, content translation, content filtering, content insertion, and other ways of improving the value of content to end users. ICAP specifies how a Content Engine, acting as an HTTP proxy server, can communicate with an external device that is acting as an ICAP server, which filters and adapts the requested content.
ICAP provides two content-processing modes for HTTP services and one for HTTPS proxy-style requests. These modes define the transactions that can occur between a Content Engine acting as an ICAP client and an ICAP server. The two modes are as follows:
•
•
The following is a complete list of the ICAP vendors that have been certified to interoperate with the Content Engine:
•
•
•
ICAP Performance
With the respmod vectoring point, which is used by virus-scanning Internet Content Adaptation Protocol (ICAP) vendors, the performance of the Content Engine model CE-7305 will be 300 transactions per second.
With the reqmod-precache vectoring point, which is used by URL filtering ICAP vendors, the performance of the Content Engine model CE-7305 will drop 20 percent from the rated performance.
Note
Matrix of Supported Caching, Filtering, and Authentication Methods
Table 1 lists the caching, filtering, and authentication methods supported by Content Engines that are running the ACNS 5.3.x software. An asterisk (*) indicates a feature is supported for that particular protocol.
Caveats
This section lists and describes the open and resolved Severity 1, 2, and 3 caveats in the ACNS 5.3.7 software. Caveats describe unexpected behavior in the ACNS 5.3.7 software. Severity 1 caveats are the most serious; Severity 2 caveats are less serious. Severity 3 caveats are moderate caveats.
•
•
Open Caveats—ACNS 5.3.7 Software
This section lists caveats that have not been resolved in the ACNS 5.3.7 software release.
•
Symptom: Content cannot be acquired using strong authentication from secure origin servers that use certificates from nonstandard certificate authorities (CAs). If strong authentication was chosen for content acquisitions from such a site, the acquirer error statistics will contain a 401 (Unauthorized) error code, and the acquirer error log contains the following error message:
Strong Cert Authentication rejects certificate due to error: ssl error codeCondition: This problem occurs if the origin server uses a certificate that is not known as a standard certificate to the ACNS software acquirer. For content acquisition from secure sites over HTTPS using strong authentication, only sites with certificates from standard certificate authorities are supported.
Note
Workaround: Use one of these workarounds:
–
–
•
Symptom: When a Content Engine model CE-565 is attached to a Storage Array SA-7 device, if too large a cache file system (cfs) partition is configured, and a combined streaming and caching workload is used, then a lower HTTP performance is observed.
Condition: This problem occurs when the CE-565 has Windows Media Technologies (WMT) enabled, a combined streaming and caching workload is used, and the Content Engine is attached to an SA-7 device.
Note
Workaround: Allocate less space to the cfs if a Storage Array is attached to the Content Engine.
•
Symptom: Windows Media Technologies (WMT) is enabled with no media file system (mediafs) after you downgrade from the ACNS 5.1b300 software to the ACNS 5.0.7b8 software.
Condition: This problem occurs if you upgrade from the ACNS 5.0.7b8 to the ACNS 5.1bx software, configure the disk, and then downgrade to the ACNS 5.0.7b4 software.
Workaround: Reconfigure the disk with a mediafs partition and reload the software.
•
Symptom: Using FTP inside the .meta file to have the Content Engine obtain the .bin file for a Content Distribution Manager GUI-initiated upgrade is unsuccessful if the user's home directory differs from the FTP root.
Condition: Either you receive an error in the Content Distribution Manager GUI when you are creating the definition for the upgrade (when the .bin file does not exist in the user's home directory), or the Content Engine displays an error message on the upgrade (when the .bin file does not exist in the FTP root directory).
Workaround: Copy the .bin file to both the FTP root and the user's home directory, or use a user whose home directory is the FTP root.
•
Symptom: The Content Distribution Manager only checks if coverage zone files refer to invalid Content Engines after there is a fresh import. When there is a configuration change that can cause already imported coverage zone files to refer to invalid Content Engines, the Content Distribution Manager does not check or display the correct error message until the next fresh import.
Condition: This problem occurs if there is a coverage zone configuration change that causes already-imported coverage zone files to refer to invalid Content Engines.
Workaround: There is no known workaround.
•
Symptom: The Content Engine stops spoofing the client IP address and uses its own IP address to fetch content from the origin server.
Condition: The http l4-switch spoof-client-ip enable global configuration command turns on IP spoofing on a Content Engine that is functioning as a caching engine. When a rule action use-server global configuration command is used, the Content Engine stops spoofing the client IP address and instead uses its own IP address to fetch the content.
Workaround: Remove the rule configurations.
•
Symptom: The network management system (NMS) host does not know where SNMP traps are coming from.
Condition: This problem occurs if there are two interfaces and you configure interface redundancy using both interfaces. You must use a dummy address for the physical addresses. You then configure a real address that floats between the two interfaces. If you then configure SNMP traps, the traps are being sourced from the dummy address and not the routable address. Therefore, the NMS host does not know where the trap is coming from.
Workaround: Configure the Content Engine to generate SNMP version 2c type trap messages. Because the SNMP version 2c trap message does not contain the IP address of the SNMP agent, the NMS software will use the source IP address of the UDP message to identify the address of the SNMP agent.
•
Symptom: The cdnfs files are turned into directories (which are visible if you enter the cdnfs browse EXEC command on the Content Engine).
Condition: This problem is rare and occurs only when the file system corruption has caused a directory entry to be a subdirectory when it should have been a file. This problem occurs only if multiple cdnfs entries are being updated and the Content Engine crashes (for example, the Content Engine crashes because of a power failure).
Workaround: Enter the cdnfs cleanup start EXEC command on the Content Engine.
•
Symptom: Even though you entered the url-filter wmt bad-sites-deny global configuration command on the Content Engine, the Content Engine is not filtering requests for content that is pre-positioned in its wmt_vod directory.
Condition: This problem occurs in the following situation:
a.
b.
c.
Workaround: Configure the bad site list using mmst://127.0.0.1/wmt_vod/file.asf instead of mmst://Content Engine IP address/wmt_vod/file.asf.
•
Symptom: A WMT live stream in a managed live event environment is accessible for a period longer than the scheduled duration.
Condition: This problem occurs only with WMT live programs that have unicast access enabled. In this situation, streams can be accessible for up to 24 hours after the last playtime of the event if "Auto Delete" is set to true or can be accessible indefinitely if "Auto Delete" is set to false.
Workaround: Control the live-stream source through the schedule for the event. Typically, this process involves starting and stopping the WMT encoder.
•
Symptom: Syslog messages contain the following text:
uns-server: %CE-CDNFS-0-480000: uns_read_meta: WOW! url mismatch:wanted 'URL>', swaw '^C'Condition: This problem occurs because of file system corruption; the cdnfs metadata files have the wrong content (the content is internally consistent but is in the incorrect file). This problem occurs infrequently. For example, it can occur if the cdnfs content is being updated and a crash occurred because of a kernel panic (which occurs infrequently).
Workaround: Although there is no known workaround to stop the syslog messages shown above, lookups for the target URL (listed in the syslog message) may succeed if the ACNS software has created a new cdnfs entry for the target URL.
You can enter the cdnfs lookup url EXEC command to see if the URL is found. If the URL is not found, a way to force it to be replicated is to modify the file on the origin server (for example, by entering the touch command on a UNIX-based origin server).
Alternatively, you can enter the acquisition-distribution database-cleanup start command on the affected Content Engine to query the cdnfs for all the objects that are supposed to be on the Content Engine. Missing objects should be detected and replicated.
•
Symptom: The content replication status can show an incorrect manifest item count.
Condition: This problem can occur if too many channels share the same content (for example, if over 100 channels share the same 30 files in each channel). Even though all 100 channels should show the 30 files that were acquired and distributed, it takes an extended period (days) before the correct manifest item count is displayed.
Workaround: Reduce the number of channels that share the same contents.
•
Symptom: The CPU usage on the Content Engine hits a peak of 100 percent.
Condition: This problem can occur if the internal (local) Websense server is enabled on the NM-CE-BP models.
Workaround: There is no known workaround.
•
Symptom: If you specify foo as a folder URL in the manifest file, and there is a single item redirection from foo to foo/ by the web server, the ACNS acquirer fails to process such redirections and generates a 716 error message. If you are using the quick crawl tool in the Channel Content window, some of the files also report 716 error messages.
Condition: This problem occurs if you are using the quick crawl tool and there is a single item redirect from foo to foo/. However, if foo is a link from a crawl job, single item redirections from foo to foo/ are allowed.
Workaround: Specify foo/ in the manifest file, or specify a crawl job instead of using the quick crawl tool.
•
Symptom: Microsoft NT LAN Manager (NTLM) authentication fails and the pop-up window is displayed again.
Condition: This problem occurs if NTLM authentication is being used and the specified domain name is longer than 50 characters.
Workaround: For NTLM authentication, use a domain controller (DC) that has a domain name shorter than 35 characters.
•
Symptom: Proxy requests to the Content Engine proceed to allow mode (if allow mode is enabled) or are blocked (if allow mode is disabled) when the Websense URL filtering mechanism is configured to use the local Websense server.
Because the connections from the Content Engine to the Websense server time out, all requests go to allow mode until all 40 connections are exhausted. (This situation makes it appear as if the Websense server is not responding.) After all 40 connections are attempted, the Content Engine successfully connects to the Websense server and works properly thereafter.
Condition: This problem can occur under the following conditions:
•
•
•
•
Workaround: Reconfigure Websense URL filtering on the Content Engine so that the Content Engine will attempt to establish new connections to the Websense server.
•
Symptom: Channel routing causes loops for several Content Engines.
Condition: This problem can occur if there are Content Engines that are running the ACNS 5.1.x software or earlier, and these Content Engines are registered with a Content Distribution Manager that is running the ACNS 5.2.x software.
Workaround: Upgrade the Content Engines to the ACNS 5.2.x software. Currently, a Content Distribution Manager that is running the ACNS 5.2.x software does not propagate some configuration changes to Content Engines that are running an ACNS software release earlier than the ACNS 5.2.x software. Therefore, Content Engines that are running the ACNS 5.1.x software or earlier, may not recognize that the root Content Engine was changed from one Content Engine to another. Consequently, routing loops can develop within the system.
•
Symptom: When a root Content Engine is downgraded from the ACNS 5.2.x software to the ACNS 5.1 software, some channels are disabled and some content fails to be acquired.
Condition: This problem occurs when the manifest file URL is a Server Message Block (SMB) URL with a uniform naming convention (UNC) path format (for example, \\host\share\file), or when an item or crawl task specified in either the src or start-url attribute has a UNC path format.
Because the ACNS 5.1 software does not support SMB file acquisition, the root Content Engine running the ACNS 5.1 software is not able to fetch the manifest file or acquire content from the SMB shares.
Workaround: Either before or after you downgrade the root Content Engine from the ACNS 5.2.x software to the ACNS 5.1 software, remove the SMB URL from the Manifest URL field in the Channel configuration window of the Content Distribution Manager GUI and use a URL with supported protocols (HTTP, FTP, or HTTPS).
Note
From an ACNS 5.2.x Content Distribution Manager GUI, choose Content > Channels > Edit Channel > Channel Content.Edit the manifest file by removing content items and crawl tasks that have UNC formatted paths.
Use the acquirer start-channel EXEC command to initiate channel acquisition and verify that the workaround is successful.
•
Symptom: The CMS service on the Content Distribution Manager cannot start and fails to create the CMS database backup file.
Condition: This problem can occur if the ACNS network configuration is very large (for example, with 2000 configured Content Engines) and the sysfs partition is 2 GB or less.
Workaround: Create a sysfs partition that is greater than 2 GB.
•
Symptom: Microsoft NT LAN Manager (NTLM) authentication occurs even though you disabled it on the Content Engine.
Condition: This problem occurs very rarely. In very rare situations, even though you entered the no ntlm server enable global configuration command to disable NTLM proxy authentication on the Content Engine, NTLM proxy authentication is still not turned off. In such cases, NTLM authentication can still occur, although the output of the show running EXEC command shows that the NTLM server is not enabled on the Content Engine.
Workaround: Enter the no ntlm server enable global configuration command again on the Content Engine.
•
Symptom: The ICAP service is enabled on the Content Engine, but the Content Engine is unable to retrieve the content.
Condition: This problem can occur if the Content Engine is running the ACNS 5.x software, and you configure two or more ICAP services to subscribe to the same vectoring point (the response modification [RESPMOD] vectoring point).
Workaround: There is no known workaround.
•
Symptom: A cleanup of the sysfs partition removes all pre-positioned RealMedia contents from the /local1/real_vod/ directory on the Content Engine.
Condition: This problem occurs if the sysfs partition is saturated because of the population of content in the real_vod directory.
Workaround: There is no known workaround.
•
Symptom: The WCCP cache farm (a cluster of Content Engines that are running WCCP) is formed using the assignment method even though you specified the mask-assignment assign-method- strict option when configuring the WCCP service.
Condition: This problem occurs if the WCCP cache farm is associated with Cisco routers instead of switches.
Workaround: There is no known workaround. Mask assignment was only designed for Catalyst 6500 series switches and is not supported by Cisco routers.
•
Symptom: The stream scheduler in the edge Content Engine retrieves stale Session Description Protocol (SDP) information from its forwarder and stores it in its local1/cse_live/ucast folder if the encoding is modified through IP/TV Program Manager. All further RTSP requests are served with this stale SDP content.
Condition: This problem occurs if the stream scheduler retrieves stale SDP information from its forwarder because the program has been edited and the encoding changed for a program. This situation occurs if the Content Distribution Manager notification at the edge Content Engine triggers the stream scheduler before the same occurs at the root Content Engine. Consequently, the edge Content Engine obtains the SDP content from its forwarder, which is valid content at that moment.
Workaround: Reload the Content Engine.
•
The Content Engine becomes unresponsive, and it takes a long time for commands to be executed.
Condition: This problem occurs when the load that is running on the Content Engine is almost as high as the maximum permissible load for a Content Engine, and you then enable ICAP (especially with request modification [REQMOD] transactions). This situation causes the Content Engine to go into an overload state and not recover easily.
Workaround: The load on the Content Engine with ICAP enabled (for the response modification [respmod] transactions) should be kept to 50 percent of the load that it can handle without ICAP.
•
Symptom: A URL in the Synchronized Multimedia Integration Language (SMIL) file that has the "repeatCount" value set, may not be requested as many times as specified by the "repeatCount" setting.
Condition: This problem occurs only when RealPlayer Version 10 is used. The player exhibits the same behavior whether or not there is a Content Engine between the client and the origin server.
Workaround: Use RealOne player instead of RealPlayer Version 10, or request the SMIL file again. The URL will be played at least once in the player.
•
Symptom: An HTTP 1.0 request that is received by the Content Engine from a client web browser is sent as an HTTP 1.1 request by the Content Engine to the origin server.
Condition: This problem occurs only when the ICAP service is enabled on the Content Engine.
Workaround: There is no known workaround.
•
Symptom: The cache process on the Content Engine restarts.
Condition: This problem occurs if a large volume of HTTPS and FTP traffic is being directed to the Content Engine, which is operating in transparent mode.
Workaround: There is no known workaround.
•
Symptom: Even though you entered a write memory command, after an immediate reload, a prompt appears that the configuration has been changed.
Conditions: This problem occurs if the following conditions are met:
–
–
–
–
Workaround: Note that ACNS functionality is not affected if this problem occurs. However, if a prompt appears stating that the configuration has been changed, enter yes to save the configuration.
•
Symptom: Unicast access to a live program does not work.
Condition: This problem occurs only when you use special characters ("?" and "#") in the unicast reference URL.
Workaround: To publish a live event, use URLs that do not contain special characters.
•
Symptom: The Content Engine reboots suddenly when you are performing database maintenance.
Condition: The problem can occur because of a platform issue in the power supply of the device.
Workaround: Properly trim the power supply of the Content Engine.
•
Symptom: You are not able to download the control list or apply a policy (for example, the policies that control when the SmartFilter subscription or control list expire) to the SmartFilter 3.x plug-in.
Condition: This problem occurs if you use the SmartFilter 4.0 Administrator Console to define the SmartFilter 3.x plug-ins as part of a plug-in group.
Workaround: Use the SmartFilter 4.0 Administrator Console to define the SmartFilter 3.x plug-ins as individual plug-ins.
•
Symptom: The proxy autoconfiguration file is missing from the Content Engine after you switch from group settings to device settings, and then switch back to group settings.
Condition: This problem can occur in the following condition:
a.
b.
c.
The autoconfiguration file is not found but the proxy autoconfiguration feature is shown as enabled.
Workaround: Return to the device window in the Content Distribution Manager GUI, delete the values from the proxy autoconfiguration fields in the device window, and then select device group from the drop-down menu.
•
Symptom: When using the quick start tool in the Content Distribution Manager GUI, if you repeatedly click the Add-Router to List button before the window completely loads in your browser, the following message appears in your browser:
The system had trouble processing your last request.This situation can occur under the following circumstances:
–
–
–
Condition: This problem occurs only when there is a slow connection between the Content Distribution Manager and your browser and you perform any of the unsupported actions described above.
Workaround: Return to the Content Distribution Manager GUI and wait until the window is completely loaded in your browser before you click the Add-Router to List button.
•
Symptom: HTTP VoD file statistics are not being updated correctly.
Condition: This problem can occur if you enter the show statistics wmt requests EXEC command while you are using the HTTP protocol to play a stream. The command output shows the total unicast requests field as 2 but shows the other types of requests (for example, the number of served streaming requests) as only 1.
Workaround: Wait until the stream ends before you enter the show statistics wmt requests EXEC command.
•
Symptom: The Websense EIM server that is running on the Content Engine generates a core file.
Condition: This problem can occur when the Websense server is enabled on the Content Engine.
Workaround: No user intervention is required. If this problem occurs, the Websense server functionality is not affected. After generating a core file, the Websense server will be automatically restarted and the functionality is restored.
•
Symptom: If you modify a Content Engine GUI page and reload the page without first clicking the Update button, the new (unsaved) values are displayed on the page instead of the old (saved) values.
Condition: This problem only occurs if you are using the latest versions of the Netscape browser (Version 7.0 or later) to access the Content Engine GUI.
Workaround: Go to another Content Engine GUI page, and then return to the same Content Engine GUI page instead of reloading the page. The redisplayed Content Engine GUI page will display the old (saved) values instead of the new (unsaved) values.
•
Symptom: When WCCP transparent redirection is being used to redirect RTSP client requests transparently to WCCP routers, the client receives an error stating that it is unable to locate the server when it attempts to retrieve the RTSP URL. This problem can occur because the URL presented to the client is a modified "bad" URL. This modified URL is the original URL with the Content Engine's RTSP gateway IP address prepended before the domain name. For example, if the original RTSP URL is "rtsp://website.com.domain:554/url-path-info," then the following modified "bad" URL is returned to the client:
rtsp://ciscoRTSPG.ipaddress-of-rtsp-gateway.website.com.domain:554/url-path-info
The reason that the client is unable to resolve the DNS is because the Content Engine is using the modified URL.
Condition: The problem can occur when the WCCP router list (wccp router-list x.x.x.x CLI command) on the Content Engine is configured with a router IP address that the router does not use in its WCCP "I See You" messages.
Workaround: Configure the WCCP router list to use the IP address that the WCCP router is using on its "I See You" messages.
•
Symptom: RealPlayer crashes when the streams are switched over from the first stream to the second stream.
Condition: This problem can occur if you have set the reconnect as automatic for broadcast redundancy.
Workaround: Set the reconnect as manual instead as automatic.
•
Symptom: CPU usage on the Content Engine reaches 99 percent.
Condition: This high CPU usage can occur if the Content Engine is serving numerous live-streaming requests and it is running the ACNS 5.1.11 software and later releases.
Workaround: If you are not expecting a very high load on the Content Engine, you can turn off kernel optimization by entering the no wmt accelerate live-split enable global configuration command.
•
Symptom: The local (internal) Websense server on the Content Engine is not responding to a block page message.
Condition: This problem can occur if certain clients do not behave properly and fail to send the requested data back to the Websense block page server. The block page server is not timing out these requests, reaches a limit, and then stops responding.
Workaround: Restart the internal Websense server or reboot the Content Engine to clear the connections.
•
Symptom: SNMP management is not able to learn the standby interface in order to test the standby interface for accessibility.
Condition: This problem can occur if the Content Engine is configured with a standby interface and the SNMP management station uses an MIB query for ipAdEntAddr. The SNMP management system learns the addresses of the individual interfaces but not the address of the standby group.
Workaround: Configure real addresses for the interfaces on the Content Engine so that the SNMP management station can at least test that the interfaces on the Content Engine are active.
•
Symptom: After you configure a live event through the ACNS 5.2 Content Distribution Manager GUI, the URL link generated by the Content Distribution Manager cannot be played.
Condition: This problem only occurs if the media filename or program name includes a blank space.
Workaround: Do not use a blank space in either the media filename or the program name when using the Content Distribution Manager to configure a live event. For example, use "-" or "_" instead of a blank space.
•
Symptom: Internet Explorer does not display the RealServer License Monitor window correctly. (This window is displayed by logging in to the RealServer administrative interface and then selecting Logging & Monitoring and License Monitor.)
Condition: This problem only occurs with Internet Explorer.
Workaround: Use the Firefox or Netscape browsers, which display the License Monitor window correctly.
•
Symptom: Both Internet Explorer and Firefox browsers do not correctly display changed settings for the broadcast transmitter and receivers.
Condition: This problem occurs if the Content Engine is running the ACNS 5.2.x software and later releases, and is using RealServer as a back-end RTSP server.
Workaround: There is no known workaround.
•
Symptom: The Internet Explorer client retrieves a partial (incomplete) customized error page and displays it along with some partial HTML code.
Condition: This problem occurs if a customized error page is configured on the Content Engine and an Internet Explorer client requests a nonexistent HTTPS URL, which causes the customized error page to be returned.
Workaround: There is no known workaround.
•
Symptom: NTLM authentication for a valid user may take a longer period than usual (approximately two minutes) if the client sends the request when the Content Engine has been idle for a long period of time.
Condition: This problem can occur in the following condition:
a.
b.
c.
GET http://somehostname/Zone-UVWXYZ/config.cfg HTTP/1.0\r\nRequest Method: GETAccept: */*\r\nUser-Agent: Tioga\r\nHost: somehostname\r\nPragma: no-cache\r\nwhere somehostname is a hostname.
The user will be authenticated after waiting approximately two minutes. After reporting a failure to the browser, the Content Engine uses the same credential and retrieves the group information for that user from its HTTP authentication cache.
Workaround: On the Content Engine, configure a rule to either reject requests from the user agent named Tioga, or configure the no-auth rule to bypass authentication for this user agent.
•
Symptom: In a Content Router environment, users are not able to choose RTSPU (UDP) or RTPST(TCP) by requesting with rtspu:// or rtspt:// from their Windows Media players. Another symptom is that an RTSPT stream is returned when an RTSPU stream is requested. A third symptom is that even though you specified the wmt disallowed-client-protocols rtspu global configuration command, it is not preventing clients from being served for a request rtspu://crfqdn/file.asf, which will return an RTSP stream instead of an error.
Condition: This problem can occur if a Content Router is being used for RTSP redirection.
Workaround: There is no known workaround.
•
Symptom: When viewing a rich media stream, the video display may be black for a couple of minutes. After the video starts to play, if you click the progress bar in the Windows Media player to advance the video, the video display may go black again as though the video were starting over again.
Condition: This problem can occur if you are using a Windows Media 9 client to view a rich media stream.
Workaround: There is no known workaround.
•
Symptom: Even though you have the transaction log sanitize feature enabled on the Content Engine, the RealProxy or RealServer access logs still display the client IP address even though it should be hidden.
Condition: This problem is caused because the transaction-logs sanitize CLI command is not working properly for the RealProxy and RealServer. Even though you have entered the transaction-logs sanitize global configuration command, the RealProxy or RealServer access logs still display the client IP address even though it should be hidden.
Workaround: There is no known workaround.
•
Symptom: The table of contents and the index of the ACNS Content Distribution Manager online help are not functioning. When you open the online help window, the left pane, which contains the table of contents and index, appears blank.
Condition: This problem is caused by the Windows Security Update MS05-001. This security patch prevents the creation of an instance of the HTML Help ActiveX control that is served in HTML content from outside the Local Machine zone.
Workaround: Because the ACNS Content Distribution Manager is part of your internal network, you may modify the Windows registry to allow execution of ActiveX controls that are served from within the intranet zone. For more information on modifying the registry to workaround this issue, refer to Microsoft Knowledge Base article 892675, which is available at this URL: http://support.microsoft.com/kb/892675.
•
Symptom: When you perform a software upgrade or downgrade between the ACNS 5.3 software release and the ACNS 5.0 software release, the TCP Explicit Congestion Notification (ECN) configuration is not retained.
Condition: This problem can occur if you enter the tcp ecn enable global configuration command when the device is running the ACNS 5.0 software release, and then upgrade the device to the ACNS 5.3 software release.
Workaround: After upgrading the device to the ACNS 5.3 software release, reenter the tcp ecn enable command.
•
Symptom: The cache process generates a core file.
Condition: This problem can occur under the following condition:
a.
b.
c.
d.
Workaround: There is no known workaround.
•
When the WMT player is being proxied to the Content Engine, the player stops and starts buffering several times when it is playing a media file.
Condition: This problem can occur under the following condition:
a.
b.
Workaround: Enter the http ignore-resp-len-conn-hdr-check global configuration command, which is a hidden CLI command, on the Content Engine.
•
Symptom: When you are trying to install the ACNS software on a Content Engine, DMA errors are displayed.
Condition: This problem only occurs under the following condition:
a.
b.
Installer Main Menu:1. Configure Network2. Manufacture flash3. Install flash cookie4. Install flash image from network5. Install flash image from cdrom6. Install flash image from disk7. Wipe out disks and install .bin image8. Exit (and reboot)Choice [0]: 7Workaround: The DMA errors are displayed four to five times in sequence and then the normal operation of the Content Engine continues without any user intervention.
•
Symptom: A file not found error message is generated for a pre-positioned IP/TV VoD file.
Condition: The problem can occur with a pre-positioned file that is moved from its origin server to another server, and then restored back to its original server location.
Workaround: Delete the on-demand program in the Program Manager GUI and define a new program to generate a fresh entry in the Manifest file.
•
Symptom: The Windows Media player is not able to stream content for more than one hour in the case of a cache hit.
Condition: This problem can occur when the Limit Player Timeout Inactivity value in the origin Windows Media server is set to the default value of 3600 seconds.
Workaround: Increase the Limit Player Timeout Inactivity value in the origin Windows Media server.
•
Symptom: When the source of a WMT alias is changed to another source URL, the clients do not reflect the changes. The client is still connected to the old source stream even though the changes have been made. The user is watching a completely different stream than the one that is being sourced to the originating Content Engine. When using Windows Media streams in a cascaded hierarchy (one Content Engine that is pulling a stream from another and so on), if a client is pulling a stream from an alias and the alias that it is pointing to is changed to a different source, the client stream is not updated.
Condition: This problem occurs with the ACNS 5.1.13, 5.2 and 5.3 software.
Workaround: Delete and re-create the publishing point. When the source is an Encoder, if Encoder1 is provided as the source to the broadcast alias and the source is changed to Encoder2 while the client is playing the content, close Encoder1 to force the client to send a new request. After the client sends the new request, the client can obtain the stream from Encoder2.
•
Symptom: The status of a Cisco Streaming Engine program continuously switches between playing and failed.
Condition: The problem can occur with a normal Cisco Streaming Engine program if a failing rebroadcast program already exists because the file had a filename or folder name that contained special characters.
Workaround: Delete the rebroadcast program that is failing because of the presence of special characters.
•
Symptom: The acquirer experiences a problem with a samba crawl. The acquirer is recrawling the same crawl job.
Condition: This problem can occur if both of the following conditions exist:
1.
2.
Workaround: There is no known workaround.
•
Symptom: The Websense Manager cannot connect to the local (internal) Websense server that is running on the Content Engine, and clients receive the following error: "Failed to connect, the server is not yet fully started. Please try again in a little while."
Condition: This problem can occur if a standby IP address is used on both the primary and secondary interfaces, which prevents the Websense Manager from connecting to the Content Engine.
Workaround: Disable the standby IP group and use a single IP address on the interface.
•
Symptom: The firewall shows that there is an excessive amount of traffic coming from the Content Engine over TCP port 8999.
Condition: This problem can occur if the Content Engine is on the outside of the firewall (connected to the internet gateway router). The Content Engine is constantly attempting to reset the connections to the inside with a source port of TCP 8999 going to the NAT address of the clients.
Because the port translation timer has expired on the Content Engine, the Content Engine uses port 8999 to return the message to the client. Because there is no NAT address configured on the firewall with the TCP port 8999, these messages/requests fail at the firewall.
Workaround: Configure the following global configuration CLI commands on the Content Engine:
ContentEngine(config)# http tcp-keepalive enableContentEngine(config)# tcp keepalive-timeout 60ContentEngine(config)# tcp keepalive-probe-interval 60•
Symptom: The Windows Media player is not able to play the URL.
Condition: This problem can occur if the Content Engine is in between the Windows Media player and an ISA proxy, and NTLM authentication is enabled on the ISA proxy.
Workaround: There is no known workaround.
•
Symptom: The system crashes and there are kernel core dumps.
Condition: This problem only occurs very rarely.
Workaround: No workaround is required because the Content Engine will reboot and the system will work normally after the reboot.
•
Symptom: When you click links from the table of contents or the index of the ACNS Content Distribution Manager online help, the links open in the same pane, that is, the left pane, which contains the table of contents and the index, instead of opening in the right pane, which contains the help topics.
Condition: This problem occurs after you install Microsoft security update MS05-026. This security patch disables cross-frame navigation features that are based on HTML Help ActiveX control (HHCTRL).
Workaround: To reenable cross-frame navigation features that are based on HHCTRL, modify your Windows registry as explained in Microsoft Knowledge Base article 896905, which is available at this URL:
http://support.microsoft.com/kb/896905/
•
Symptom: When users on an organization's internal network attempt to access certain web-based e-mail sites (for example, https://webmail.wi.rr.com/), they receive the following message: "Session timed out. Log in again."
Condition: This problem occurs if access to certain web-based e-mail sites (for example, https://webmail.wi.rr.com/) fails and the Content Engine is being used as a proxy.
Workaround: Change the browser settings so that the browser will bypass the Content Engine and will go directly out to the Internet.
•
Symptom: The order of the access control lists (ACLs) can appear out of order in the Content Distribution Manager GUI after a sequence moves in the order of the ACLs even though the configuration on the device is correct.
Condition: This problem occurs only rarely.
Workaround: There is no known workaround.
•
Symptom: Websense Manager cannot connect to the local Websense server (the Websense server runs as a separate process on the Content Engine instead of running on a separate system).
Condition: This problem occurs if an external IP address is used from Websense Manager to connect to the local Websense server that is running on the Content Engine.
Workaround: There is no known workaround.
•
Symptom: An FTP client application stops receiving data for a data transfer operation such as a directory listing (ls) or file transfer (GET). The same symptom can occur for FTP-over-HTTP data transfers from the FTP server to the Content Engine.
Condition: For FTP client applications, the Content Engine must be using the FTP proxy through WCCP redirection, configured for following the FTP client's mode for establishing a data connection. The FTP client application must have also been set to use active mode to the FTP server.
ContentEngine(config)# wccp ftp router-list-num numberContentEngine(config)# wccp version 2ContentEngine(config)# ftp-over-http proxy active-mode enableFor FTP-over-HTTP data transfers, the Content Engine must be configured for an FTP incoming proxy and configured to use active mode to the FTP server. The client browser must be configured to use the Content Engine FTP proxy for FTP URLs.
ContentEngine(config)# ftp-over-http proxy incoming portContentEngine(config)# ftp-over-http proxy active-mode enableThe symptoms can occur with the configurations described above and when the FTP server starts sending data packets that are received out of order by the Content Engine before the Content Engine sends the TCP connection establishment SYN-ACK packet to the FTP server.
Workaround: Remove the Content Engine active mode configuration by entering the following global configuration command:
ContentEngine(config)# no ftp-over-http proxy active-mode enableWhen this symptom occurs on an FTP client application, press Ctrl-C simultaneously to stop the partial data transfer operation.
When this symptom occurs on a browser configured for FTP-over-HTTP, click the STOP button to stop the partial data transfer operation.
•
Symptom: When a rule with the redirect action is configured with a URL of 0 and with a matching pattern (no replacing pattern), the cache process crashes if the request matches the pattern.
Condition: This problem occurs when you configure a numeric value of 0 for the redirected URL (for example, if www.yahoo.com is redirected to 0). If you want the Content Engine to redirect URL x to URL y, then you can configure the rule redirect action. While doing so, you must configure URL x and URL y.
Workaround: There is no known workaround.
•
Symptom: The manifest validator fails to fetch the XML file if the source is authenticated.
Condition: This problem occurs only if the file is located at an authenticated location.
Workaround: Put a copy of the manifest file in a nonauthenticated location to use the manifest validator.
•
Symptom: The Content Engine sends the redirect assign message before it receives the "I see you" message from the router.
Condition: Because the Content Engine sends the redirect assign message before it receives the "I See You" message, the redirect assign message will always have a bad rcv-id. This problem occurs because the rcv-id is incremented as part of the router processing the "Here I am" message. Consequently, the value in the redirect assign message will be behind by 1.
Workaround: No workaround is required because although the redirect assign message will have a bad rcv-id (that is, it will be behind by 1), the redirect assign message is resent by the Content Engine and is accepted by the router without affecting the WCCP service.
•
Symptom: The Cisco ACNS software installation fails when you install the software from the ACNS rescue CD.
Condition: This problem occurs in the following situations:
–
–
Workaround: Retry the installation using the option 7, that is, Wipe out disks and install .bin image, from the menu that you see when you boot the device after inserting the ACNS rescue CD in the CD-ROM drive.
•
Symptom: There is a local Network Agent core dump file on the Content Engine. (The local Network Agent is one of the services of the local Websense server that run on the Content Engine.)
Condition: This problem can occur when the local Network Agent is enabled on the Content Engine.
Workaround: There is no known workaround.
•
Symptom: Users do not have an option to configure Winix NTLM Settings (Windows NT Directory/Active Directory [Mixed Mode]) in the Websense GUI.
Condition: The problem can occur in the following situation:
–
–
Workaround: Reinstall the user service component of Websense on the Content Engine. For example, from the CLI prompt, enter the following two global configuration commands:
no websense-server service user activatewebsense-server service user activate•
Symptom: The Content Engine is returning a 200 OK response when it should be returning a 304 message.
Condition: This problem can occur when the content has been pre-positioned on the Content Engine.
Workaround: There is no known workaround.
•
Symptom: When a WMT stream is pre-positioned, the audio works but the playback of embedded slides in the pre-positioned WMT stream are not displayed.
Condition: This problem occurs if Microsoft presenter was used to create a WMT stream that has embedded slides. When this content is pre-positioned, WMT opens and the audio works but the slides never appear.
Workaround: When you are using Microsoft producer to publish the content, select publish to My Computer and when you choose the Choose publish settings for different audiences option do not check the Enable rich-media Streaming option. When the content is pre-positioned, all content that is created in publishing should be pre-positioned.
•
Symptom: When the primary Content Distribution Manager is upgraded to the ACNS 5.3.3 software or a later release, the WCCP service to all of the registered Content Engines is interrupted. Some of the Content Engines recover but others do not recover.
Condition: This problem can occur if all of the registered Content Engines are running the ACNS 5.3.3 software or a later release, and then you upgrade the Content Distribution Manager to the ACNS 5.3.3 software or a later release.
Workaround: There is no known workaround.
•
Symptom: The disk hangs.
Condition: This problem can occur in the following situation. The Content Engine is a model CE7305 or CE-7325, it is running a specific version of the SCSI firmware (that is, BIOS 9A or 10A), and there are one or more Storage Array SA-14 devices attached to the Content Engine.
Workaround: There is no known workaround.
•
Symptom: During ICAP REQMOD precache processing, a significant amount of server errors occur.
Condition: The server errors are being generated because the existing connections are being closed when the internal connection to the Content Engine receives an error.
Workaround: No workaround is required because even though the clients whose requests are going through the Content Engine will experience one failure to load a page, their attempt to reload a page will succeed.
•
Symptom: A coverage zone file import fails and the following warning appears in the syslog:
08/25/2005 05:51:53.721(Local) [W] cdm(FileManager): com.cisco.unicorn.util.SystemCommandTimeoutException: Timeout error: com.cisco.unicorn.util.SystemCommandTimeoutException: Timeout errorat com.cisco.unicorn.util.Utils.SystemExec(Utils.java:728)at com.cisco.unicorn.controller.ComplexUrlFile.get_(ComplexUrlFile.java:273)at com.cisco.unicorn.controller.ComplexUrlFile.fetch(ComplexUrlFile.java:135)at com.cisco.unicorn.controller.FileManager.checkIfModified(FileManager.java:456)at com.cisco.unicorn.controller.FileManager.runImpl(FileManager.java:289)at com.cisco.unicorn.server.AModule.run(AModule.java:177)Condition: The problem can occur if the download of the coverage zone file takes more than 60 seconds because of the size of the coverage zone file and the network bandwidth.
Workaround: Place the coverage zone file on a server that has better connectivity to the Content Distribution Manager.
•
Symptom: A disk is marked as bad when a disk error threshold is reached after a transient disk failure.
Condition: This problem occurs only rarely and can only occur if the Storage Array device is attached to a model CE-7325 that is running the ACNS 5.3.3.8 software or a later release.
Workaround: Once the disk is marked bad, you can enter the disk mark diskname good EXEC command on the Content Engine to mark the disk as good.
•
Symptom: HTTP POST requests that are received through HTTP1.0 can fail and a 400 Bad request error message is generated.
Condition: This problem can occur if the POST request contains an additional CRLF pair following the announced Content-Length. There are certain clients that are known to append this data to a request.
Workaround: Disable HTTP 1.0 at the client.
•
Symptom: Websense logs do not include usernames for queries made via LDAP/NTLM.
Condition: This problem occurs when you use Websense for URL filtering.
Workaround: There is no known workaround. However, downgrading your ACNS software to release 5.2.x or earlier helps.
•
Symptom: The configured rules for a device group are randomized when they are applied to a Content Engine that is newly added to the device group.
Condition: This problem occurs because the Content Distribution Manager GUI sorts the configured device group rules by the name of the rule. When you use the Content Distribution Manager GUI to configure rules for a device group, you cannot specify the precedence of a configured rule.
Workaround: There is no known workaround.
•
Symptom: At the Content Engine, the client is not allowed to access the RealProxy client. The Content Engine is also logging the following types of error messages:
Sep 2 11:50:30 prx03 wccp:%CE-WCCP-3-500001: RTSP Proxy may be down, keepaliveshalted!Sep 2 11:50:30 prx03 rtspt:%CE-WCCP-3-500057: wccp_liveness_update(): Could not sendalivemessage (tries 1). SuccessSep 2 11:50:38 prx03 MCM: Plugin MC_REAL_ERRORPLUGIN: 72: Error retrieving URL`broadcast/.../reflector:35134' (Invalid path)Sep 2 11:50:39 prx03 MCM: Plugin MC_REAL_ERRORPLUGIN: 74: Error retrievingURL`broadcast/.../reflector:35137' (Invalid path)Condition: This problem can occur if RealProxy is enabled on a Content Engine that is running the ACNS 5.x software.
Workaround: Reload the Content Engine.
•
Symptom: ACNS pre-positioned downloads are slower than downloads from the origin server. For example, if you download a pre-positioned file from a Content Engine, the maximum download speed is 3.5 Mbps. If you download the same file directly from the origin server, the maximum download speed is 10 Mbps.
Condition: This problem can occur in the following situation. Content Engine model CE-7305 is running the ACNS 5.3.5 software or a later release and the pre-positioned file is downloaded over a Gigabit Ethernet interface with the HTTP bit rate set to 0 (unrestricted).
Workaround: There is no known workaround.
•
Symptom: The default value for the wmt max-concurrent-sessions command does not show up in running config mode.
Condition: This problem occurs when the configured value for the wmt max clients is equal to that of the dynamic default value of the wmt max-concurrent-sessions command.
Workaround: Configure a different value for the wmt max-concurrent-sessions command.
•
Symptom: The Content Engine stops responding to HTTP requests. The Content Engine answers to its Layer 4 port but does not process any HTTP requests. The error log displays an anomaly in the timestamps. The Telnet access to the Content Engine may not work when this problem occurs.
Condition: This problem was reported on the Content Engine model, CE-507. However, no hardware or console errors were detected on the device.
Workaround: There is no known workaround.
•
Symptom: When you export log files from the archive to an external server using FTP, some of the log files are not exported.
Condition: Because filenames in /logs/real-subscriber-logs, /logs/real-proxy, and /logs/cisco-streaming-engine directories do not include an underscore and use a combination of the Content Engine IP address and year, the first 15 characters of the filenames are identical. The FTP export status file (ftp_export.status) saves the i-node of the archived log file and the first 15 characters of the filename. If a log file by the same name was deleted earlier by the user and if there is an entry for the deleted file in ftp_export.status, the log file does not get exported.
Workaround: Manually delete the file ftp_export.status in the log directory. All log files get exported during the next scheduled or forced attempt.
•
Symptom: The Content Engine shows a large number of stale connections between the proxy cache and the on-box Apache server for pre-positioned content. An increase in the number of stale connections might cause the Content Engine to exceed the limit of connections (16000) and to stop functioning.
Condition: Stale connections increase at about 1000 connections per week. At this rate, it might take a few weeks before you experience any problem with the Content Engine's functioning.
Workaround: Enter the service restart cache command once every 2 or 3 weeks to clean up the stale connections.
•
Symptom: When you change or modify a rule from the Content Distribution Manager GUI, you experience a considerable delay before the changes come into effect.
Condition: This problem occurs when you have a large number of rules already configured on the device.
Workaround: There is no known workaround.
•
Symptom: The ACNS software terminates the MMS server process and generates an MMS server core file without any external trigger. However, the MMS server restarts on its own.
Condition: This problem occurs when the Content Engine has RTSP proxy running on it.
Workaround: There is no known workaround.
•
Symptom: A kernel crash occurs on the Content Engine. Content Engine reboots after generating a kernel crash core file.
Condition: The crash in the kernel streaming module is caused by corrupt WMT packets.
Workaround: There is no known workaround.
•
Symptom: Sometimes, when you download a file using HTTP, and if the download takes more than 20 minutes, the Content Engine closes the TCP connection and fails to complete the download.
Condition: This problem occurs if your file download requires ICAP processing.
Workaround: There is no known workaround.
•
Symptom: The Content Engine stops authenticating NTLM users and stops responding and passing traffic. NTLM servers show up as dead when you enter the show statistic ntlm CLI command.
Condition: This problem occurs on Content Engines that run NTLM or some other authmode authentication services.
Workaround: Restart the authmod process by entering the service restart http_authmod CLI command.
•
Symptom: When you download a file that is larger than 2 GB, you lose connection with the origin server and the download fails.
Condition: This problem occurs when you are trying to download a file that is larger than 2 GB from a network that uses a Content Engine. The Content Engine cannot cache objects that are larger than 2 GB and severs the connection with the origin server after downloading 2 GB of content from the server.
Workaround: Bypass the Content Engine when you download files that are larger than 2 GB.
•
Symptom: When you access an HTTPS URL that is blocked on the ICAP server, the page containing the block message does not appear properly. The browser displays the block message only partially.
Condition: This problem occurs when you access an ICAP-blocked HTTPS URL using Microsoft Internet Explorer.
Workaround: There is no known workaround. However, this problem is limited to Microsoft Internet Explorer and does not appear when you use other browsers, such as Mozilla Firefox.
•
Symptom: The WCCP redirection for HTTPS requests does not work properly.
Condition: When you have configured the WCCP redirection to block access to an HTTPS site, the Content Engine returns different status messages for that site depending on whether you have given the port number in the URL or not. If you have not given the port number in the HTTPS URL, you get a "page not found" error, and you get a "site blocked" message for requests that have the port number, 443.
Workaround: There is no known workaround.
•
Symptom: A WCCP-redirected MMS-over-HTTP program fails to play if it is configured to use a port other than port 80.
Condition: This problem occurs when the proxy that intercepts the HTTP request is not the one that is configured on the browser.
Workaround: There is no known workaround.
•
Symptom: The Statistics for RealMedia show incorrect values.
Condition: This problem occurs for cache-hit instances of RealMedia content.
Workaround: There is no known workaround.
•
Symptom: The Content Engine does not send a translog to the Windows Media Server when playing a cache-hit content.
Condition: This problem occurs when you use RTSP.
Workaround: There is no known workaround.
•
Symptom: The Content Distribution Manager generates the following error message:
Cache service died kernel crash and or user core files detected.Condition: This problem occurs when you have upgraded the ACNS software to Release 5.4.1.
Workaround: There is no known workaround.
•
Symptom: The DNS pin of a host does not take effect on the Content Engine until you reload the DNS caching service on the Content Engine.
Condition: This problem occurs when the DNS pin configuration has been changed but the DNS queries do not reflect the configuration changes.
Workaround: Disable and enable the DNS cache on the Content Engine.
•
Symptom: The MMS server process generates a core file.
Condition: This problem occurs when the a media player sends an empty translog to the MMS server.
Workaround: There is no known workaround.
•
Symptom: The RTSP gateway stops functioning and generates a core file.
Condition: The exact conditions that cause this problem have not been identified yet.
Workaround: There is no known workaround.
•
Symptom: The ICAP daemon crashes when running stress test.
Condition: This problem occurs when stress testing the Content Engine with HTTP traffic.
Workaround: The ICAP process will restart and will be available for processing.
•
Symptom: The error log daemon on the Content Engine stops functioning and generates a core file. However the error log daemon immediately restarts on its own. The error messages generated during the brief interval between the stop and restart of the error log daemon do not get logged.
Condition: This problem occurs rarely. The exact conditions that cause this problem have not been identified yet.
Workaround: There is no known workaround.
•
Symptom: The MMS server creates a core file.
Condition: This problem occurs when parsing an RTSP play message.
Workaround: There is no known workaround.
•
Symptom: The Content Engine does not reflect a change in the IP address of the HTTPS server host.
Condition: This problem occurs when you have changed the IP address for the HTTPS server host FQDN in the DNS server after the HTTPS server host FQDN has been configured to resolve to an IP address on the Content Engine.
Workaround: Enter the https server host FQDN command on the Content Engine after you have modified the IP address corresponding to the HTTPS server host FQDN on the DNS server.
•
Symptom: The cache process restarts.
Condition: This problem occurs when there is HTTP traffic with a load of 100 TPS with ICAP and Websense enabled.
Workaround: The cache process will restart and will be available for processing.
•
Symptom: CPU usage stays at 50% even after the traffic is stopped.
Condition: This problem occurs when traffic with a load of 100 TPS is run for four days with ICAP enabled.
Workaround: The request will continue to be processed.
•
Symptom: You receive a bad request error (error 400) when you request an HTTP connection and the CPU usage by the ICAP daemon reaches a very high level.
Condition: This problem occurs when the HTTP traffic is very high and if the ICAP service is enabled on the Content Engine.
Workaround: There is no known workaround.
•
Symptom: The ICAP daemon does not exit the bypass mode even when the traffic is stopped.
Condition: This problem occurs when traffic close to 100 TPS is run on a CE in 507 hardware, when both reqmod and respmod processes are being run, and error handling return-error is turned on in the reqmod and respmod processing.
Workaround: Disable reqmod and respmod processing, or, turn on errorhandling bypass for reqmod and respmod processing.
Resolved Caveats—ACNS 5.3.7 Software
This section lists the caveats that have been resolved in the ACNS 5.3.7 software release. The resolved caveats are grouped into the following categories:
•
•
•
•
AAA Accounting
•
The Content Engine does not allow you to log in. The Content Engine generates messages about mingetty being killed by signal 25. This problem occurs if the debug authentication feature (you have entered the debug authentication user EXEC command) has been enabled and is not disabled.
•
The Content Engine stops responding and fails to authenticate NTLM users or pass-through traffic. The command output of the show statistics ntlm EXEC command shows the state of the NTLM servers as "DEAD." This problem occurs if the Content Engine is running NTLM or some other type of authmod authentication.
•
The Content Engine does not allow FTP access when a user uses root as a username for FTP.
•
When administrative users use the default password to log in to a device that is running the ACNS software, they should be warned to change the default administrative password.
•
The Content Engine tries to connect to a server using an NTLM session that was dropped by the server because of an HTTP 404 error. This problem occurs when the Content Engine receives a request for an object that is protected using NTLM from a client who had earlier requested another NTLM-protected object from the same server and received an HTTP 404. Even though the server had dropped the NTLM session, the Content Engine continues to use that session and attempts to connect to the server and fails.
•
All users are able to access the entire file system of the ACNS software when the sshd allow-non-admin-users command is enabled. Ideally, only admin users should have access to the entire file system.
Acquisition and Distribution Resolved Caveats
•
Altris RapiDeploy fails to download pre-positioned content from the Content Engine and contacts the origin web server for software downloads.
•
The Content Router-redirected requests for objects that are not pre-positioned fail if you have configured the IP address, instead of the hostname, of the origin server for the website in the Content Distribution Manager GUI.
•
Content is rescheduled for a multicast only if there is a metadata change and the acquirer only acquires and replicates the metadata.
•
All pre-positioned content is lost throughout the content distribution network. This problem occurs when the root Content Engine fails and the temporary root takes over. However, the temporary root either cannot access the manifest file or cannot access the origin server (or both). The temporary root deletes all of the content that it previously had pre-positioned from the root Content Engine. All of the other Content Engines also delete all of their content.
ICAP Resolved Caveats
•
The ICAP process does a core dump if you delete the ICAP service from the Content Engine. This problem occurs if the Content Engine is running the ACNS 5.3.1 software or a later release.
•
The ICAP daemon on the Content Engine crashes and generates a core file. However, the ICAP daemon restarts on its own. This problem occurs when the ICAP service is enabled on the Content Engine.
•
The cache process stops communicating with the ICAP daemon. The ICAP daemon does not receive any request for content when the ICAP reqmod service is enabled on the Content Engine.
•
The browser stops responding when you refresh a URL or repeat a URL request. This problem occurs when the ICAP respmod service for virus scanning is enabled on the Content Engine.
Management Resolved Caveats
•
The STATEFS fills up and causes the Content Distribution Manager to go offline. This problem can occur if the primary or standby Content Distribution Manager is part of a large network and the registered Content Engines are sending monitoring statistics, but the Content Distribution Manager is not cleaning up the database effectively. Those monitoring statistics overpopulate the database and fill up the STATEFS, which causes the Content Distribution Manager to go offline.
•
The Content Distribution Manager GUI shows a significant number of Content Engines that are offline. This problem can occur if there is a very large number of Content Engines deployed (over 1,400 Content Engines) and if the ACNS 5.2.3b9 software release is running on the Content Distribution Manager.
•
The Content Distribution Manager GUI does not respond. On rare circumstances, the internal system log processes will operate concurrently. This situation causes a deadlock, which causes the Content Distribution Manager GUI to become unresponsive.
•
The Content Distribution Manager that runs on a WAE-611 device fails to retrieve a manifest file that is fairly large (13 MB).
•
The Content Distribution Manager GUI does not restrict the number of static bypass entries. The number of static bypass entries are restricted to 50 when you are using the bypass static command to create the static bypass list. If you have created more than 50 static bypass entries using the Content Distribution Manager GUI, the system experiences problems because of the number mismatch.
•
The primary Content Distribution Manager of an ACNS network that has more than 1000 Content Engines shows many Content Engines offline after you add or replace a standby Content Distribution Manager in that ACNS network.
Media and Streaming Resolved Caveats
•
Some of the files that are part of an .asx playlist file get truncated when the .asx playlist is played using the HTTP protocol.
•
If MMS acquisition is used, the asfduration process generates a core file during the acquisition of Windows media files.
•
When a program is being streaming with the MMS protocol, the mms_server generates a core file if it receives an unusual port string (for example, a port string of "\\0.0.43008.3221225472\TCP\0" instead of "\\10.40.1.20\UDP\2488") from the client.
•
The Content Engine goes into kernel debugger mode when a user uses fast forward, rewind, or seek options for an on-demand program that is being streamed from the Content Engine.
Proxy and Caching Resolved Caveats
•
Websense configurations (for example, the downloaded database and license information) are lost. This problem occurs only if you use the Content Distribution Manager GUI to perform the Websense configuration.
•
The cache process on the Content Engine gets restarted when the Content Engine receives an invalid URL in proxy mode. This problem occurs if the Content Engine that received the invalid URL request is using SmartFilter as the URL filtering scheme.
•
The cache process does a core dump and then gets restarted. This problem is caused by certain pass-through NTLM requests.
•
The syslog on the Content Engine contains numerous occurrences of the following error messages when SmartFilter is enabled:
%CE-UNKNOWN-3-899999: Failed to get client name: error 18%CE-UNKNOWN-3-899999: Failed -tialize request info•
Some of the show stat http EXEC commands return error messages if the cache process has been restarted.
•
The cache process crashes when SmartFilter tries to obtain information on a user from an LDAP group to do a user-based filtering.
•
The cache process on the Content Engine crashes when the Content Engine makes a mem_hash_lookup() call.
•
The Network Agent component of the Websense server does not use usernames for user-based policy filtering.
•
The Content Engine does not allow you to configure port 21 for the FTP proxy service.
Note
•
A network router reports an error saying that the Content Engine is not responding to WCCP. The cache process on the Content Engine appears to have stopped. This problem occurs on Content Engines that run one of the following releases of the ACNS software: 5.2.7, 5.3.5, or 5.4.1.
•
A Cisco Streaming Engine RTSP pull program that is created using CLI command fails if you have used a hostname in the RTSP URL instead of the IP address.
•
When user authentication and rules are enabled on the Content Engine, the address space and memory consumption of the HTTP cache process increases. Based on the amount of traffic, the HTTP cache process may fail and restart from time to time.
Rules Resolved Caveats
•
When you copy and paste rules to the Content Distribution Manager GUI, Content Distribution Manager returns either of the following error messages:
CLI call failed, with "?" character where user expected a space.CLI call succeeds, but an unexpected "?" character appears.This problem occurs if the rule copied from another application was using a nonbreaking space instead of a normal space.
•
Although the rules dns-resolve each-request global configuration command is enabled on the Content Engine, the cache process on the Content Engine uses the initially resolved IP address (done at the time of the CLI configuration) to process the use-proxy rule action and the failover option in the use-proxy rule action. When the rules dns-resolve each-request CLI command is enabled, the caching process on the Content Engine must resolve the hostname each time that it processes the request and matches the pattern for the use-proxy rule action and the failover option in the use-proxy rule action.
Software Upgrade and Downgrade Resolved Caveats
•
A change in the error log syntax affects the monitoring functions because network management systems that parse the error log for monitoring fail to interpret the message. This problem is caused by upgrading the Apache server from version 1.3.27 to 1.3.33, which uses a different location for the thread ID in the error log.
Other Resolved Caveats
•
The core dump file is generated by the dispatcher process.
•
The Content Distribution Manager reports a manifest file syntax error for an IP/TV on-demand program created using the IP/TV Program Manager if the IP/TV on-demand program that is being added to the ACNS network has a filename that contains special characters such as "&".
•
The media file system (mediafs) takes more than its normal allocation of file space from the ACNS network file system (cdnfs) disk space. The mediafs and cdnfs statistics files indicate that the underlying file system (which is shared by cdnfs and mediafs) is 100 percent full. Even though mediafs should be allocated only approximately 20 GB, the output of the show statistics mediafs EXEC command shows that mediafs is consuming over 30 GB. This problem occurs when mediafs is configured to use the unused cdnfs disk space.
•
When users initially open their browsers, they experience more than a 60-second delay before they are able to browse. This problem occurs when the proxy autoconfiguration feature is enabled on the Content Engine and the browser, and the client points to a DNS name that resolves to multiple Content Engines. This situation can cause a loop between the Content Engines before the client receives the proxy.pac file.
•
When you try to access an HTTPS site that requires a login, the browser returns an error message that the requested URL could not be retrieved.
•
The SNMP client experiences counters and gauge values of zero if the Content Engine that is running the ACNS 5.2.7 software or a later release has not been rebooted for several weeks.
•
A coverage zone file import fails and the following warning appears in the syslog:
08/25/2005 05:51:53.721(Local) [W] cdm(FileManager): com.cisco.unicorn.util.SystemCommandTimeoutException: Timeout error: com.cisco.unicorn.util.SystemCommandTimeoutException: Timeout errorat com.cisco.unicorn.util.Utils.SystemExec(Utils.java:728)at com.cisco.unicorn.controller.ComplexUrlFile.get_(ComplexUrlFile.java:273)at com.cisco.unicorn.controller.ComplexUrlFile.fetch(ComplexUrlFile.java:135)at com.cisco.unicorn.controller.FileManager.checkIfModified(FileManager.java:456)at com.cisco.unicorn.controller.FileManager.runImpl(FileManager.java:289)at com.cisco.unicorn.server.AModule.run(AModule.java:177)This problem occurs if the download of the coverage zone file takes more than 60 seconds because of the size of the coverage zone file and the network bandwidth.
•
The client browser receives an Unsupported Request Method error message page because of an HTTP 400 bad request. This problem occurs when NTLM authentication and persistent connections are enabled on the Content Engine.
•
In rare situations, the CleanupAD process generates a core file.
•
Multicast distribution causes files to be retransmitted to Content Engines that have already replicated the files.
•
A mask is not assigned to a WCCP farm of Content Engines and the WCCP view continuously changes. This problem can occur if the WCCP farm changes before a mask is assigned to any of the Content Engines in the farm.
•
The Content Engine stops serving HTTP requests for content, and persistent connections fail to time out. This problem can occur if you are using a Content Router to redirect HTTP requests for content, and persistent connections are enabled on the Content Engine. This problem occurs only for byte-range requests when the bit-rate control is configured.
•
The multicast distribution balance of the priority-based queue versus the time-based queue is not in line with the configured multicast distribution priority weight. This problem can occur when files, which are larger than 1 GB, have been transmitted or are in the queue.
•
The multicast distribution priority weight balance may be skewed from day to day. This problem can occur when the scheduler is tracking the statistics for one day only. If large files are transferred over a low bandwidth, the scheduling could be skewed for the day.
•
The Content Engine neither raises an alarm nor creates an error log when it stops sending a negative acknowledgement (NACK) because of a disk full status or failures.
•
The Content Engine loses manually entered routes. This problem occurs when you have a large number of routes configured both manually and through device group settings on Content Distribution Manager on the Content Engine.
•
New files cannot be pre-positioned and older files cannot be deleted because UNS fills up. This problem occurs when the file system is full to the point that UNS cannot even rewrite the required journal files.
•
Under the ext2 file system, the cdnfs corruption causes a UNS directory to be assigned a regular filename, which takes up disk space that is not cleaned up by a cdnf cleanup. This problem can occur if the Content Engine is running the ACNS 5.2.x or an earlier release.
•
The Content Engine shows 100 percent CPU usage and logs "RAM disk full" error messages in the syslog. Users are not able to access the Content Engine during this state. This problem occurs on edge Content Engines that have Cisco Streaming Engine live programs (IP/TV programs or managed live programs created on Content Distribution Manager) configured on them.
•
You receive an HTTP 404 error when you execute the getDeviceStatus API as given in Chapter 4 of the Cisco ACNS Software API Guide, Release 5.3. The correct API call for getDeviceStatus is https://<cdmIpAddress>:8443/servlet/com.cisco.unicorn.ui.DeviceStatusApiServlet?action=getDeviceStatus [&name=<device_ID> | <deviceGroup_ID>].
•
The export of transaction logs fails if there is any log file that does not follow the naming convention of using an underscore ( _ ) in the filename.
•
The upload of binary files to the Content Engine fails. The Content Engine closes the connection before completing the file transfer if the ICAP service is enabled on the Content Engine.
•
The Content Engines at root and edge locations do not show any media files associated with IP/TV program channels after the IP/TV Program Manager has been taken offline and restored. This problem occurs if the manifest file for the ACNS Channel with which the IP/TV programs are associated checks for programs before the IP/TV Program Manager database is restored.
•
The log entry created on completion of a multicast transmission of a file carries a wrong time stamp. Instead of the end time of the multicast transmission, the log entry shows the start time of the multicast.
•
The client browser receives an HTTP 400 bad request error. This problem occurs when the Content Engine receives an HTTP 200 OK response with the TCP FIN flag set.
Documentation Updates
This section describes documentation updates:
•
•
•
•
•
WAE Platform Support in the ACNS 5.3.3 Software and Later Release
This documentation update applies to the Cisco ACNS Software Configuration Guide for Centrally Managed Deployments, Release 5.3.
In the ACNS 5.3.3 software release, support for three new WAE appliances, the WAE-511, the WAE-611 and WAE-7326 was added. The Wide-Area Application Engine (WAE) is an integrated hardware platform that provides a comprehensive set of services for the remote office. The WAE platform operates with either the ACNS or the Wide Area File Services (WAFS) software. When the ACNS software is installed, the WAE functions as a Content Engine or one of the other ACNS device modes, such as Content Router or Content Distribution Manager. When the WAFS software is installed, the WAE functions as a File Engine.
Note
In the ACNS 5.3.3 software and later releases, the Content Distribution Manager GUI supports Windows Media license keys and Real Networks Proxy and Subscriber license keys for the CE-511, the CE-611, and the CE-7326 in the following device group license settings windows:
•
•
•
Enhancements to the Envivio-Cisco Streaming Engine Interoperability
These documentation updates apply to the following two ACNS 5.3 software guides:
•
•
The Cisco Streaming Engine is a back-end RTSP server that can be enabled on a registered Content Engine. A Cisco Streaming Engine can be used to serve VoD files that are generated by Apple Computer's QuickTime VoD authoring tool. It can also relay live streams that are generated by QuickTime Live Broadcaster through RTP/RTSP.
The Envivio Broadcasting Studio creates contents that can be played back by the Cisco Streaming Engine and the Envivio Streaming Server. For the ACNS software, the Envivio Streaming Server implements a much larger set of the MPEG4 specifications in the industry than the QuickTime authoring tools and players.
The ACNS 5.3.3 software release and later releases, include the following enhancements that are related to Envivio-Cisco Streaming Engine interoperability:
•
Retention of m4e File Extensions for Envivio-Based Programs
The ACNS software supports Envivio-based programs and IP/TV programs as a stream source. For IP/TV-ACNS programs, the program description is generated as a Session Description Protocol (SDP) file by the IP/TV Program Manager. The ACNS software uses this SDP file to distribute the program specifications to the appropriate Content Engines.
Envivio generates the program description as an .m4e file. In the ACNS 5.3.3 software and later releases, m4e extensions in the reference URLs are retained. This new functionality allows you to use the Envivio TV plugin to render streams that are encoded by the Envivio encoder using specific codecs such as H.264. For CLI-based programs, you can now publish broadcast_id.m4e files if the source is an .m4e file.
Content Engine Support for Publishing of Multicast SDP Files for Cisco Streaming Engine Live Programs
In releases earlier than the ACNS 5.3.3 software release, multicast SDP files were not published for Cisco Streaming Engine programs that were created through the Content Distribution Manager or the Content Engine CLI. In previous releases, you could publish the SDP files from any HTTP/FTP server.
In the ACNS 5.3.3 software and later releases, support for multicast reference URLs (Announce URLs) for programs that are created through the Content Distribution Manager or the CLI is available. The multicast reference URL, which is in the form of http//Content Engine-IP address/ProgramID.sdp, is resolved by the Content Engines that are serving the live program.
Support of Dynamic Content Routing Added in the ACNS 5.3.3 Software and Later Releases
This documentation update applies to the Cisco ACNS Software Configuration Guide for Centrally Managed Deployments, Release 5.3.
In the ACNS 5.3.3 software and later releases, the Content Router can detect changes in Content Engine coverage zones and can dynamically adjust its routing tables.
In releases earlier than the ACNS 5.3.3 software release, Content Routers used a static coverage zone file to describe the preferred routing path between Content Engines and client end systems.
A coverage zone is a mapping of client end-system IP addresses to Content Engines. The Content Router uses the Content Engine IP addresses to create a static redirection table that maps end-system IP addresses to Content Engines and provides information on the proximity of end systems to Content Engines. When content is requested by a client, the Content Router checks the client IP address to find the coverage zone that contains that IP address. The Content Router then selects the Content Engine that is serving this coverage zone.
In some ACNS network environments, Content Engine IP addresses keep changing, and coverage zones are dynamic instead of static. In such cases, the Content Router cannot create a static routing table, and it cannot successfully route the content.
When the following conditions are present, the content cannot be routed successfully by using static coverage zone tables in the Content Router:
•
•
•
•
•
•
With multiple uplinks to the Internet, requests for content from clients and Content Engines that are in the same location can go out to the Content Router with different external IP addresses. The Content Router that is using static coverage zone files cannot accommodate sharing the same IP address pool among different locations.
In the ACNS 5.3.3 software and later releases, the Content Router can detect changes in Content Engine coverage zones and can dynamically adjust its routing tables.
Enabling Dynamic Content Routing
For each Content Router that you want to configure for dynamic content routing, you must indicate that dynamic content routing is to be used over static content routing.
To configure dynamic content routing, follow these steps:
Step 1
Step 2
Step 3
Step 4
Step 5
Changing the Content Engine Metric Value for Dynamic Content Routing in the Coverage Zone File
In the ACNS 5.3.3 software, a new tag has been defined in the coverage zone file that allows you to change the metric which assigns a preference to a particular Content Engine in the routing table. This optional tag is the dynamic> tag.
When a coverage zone file containing the <dynamic> tag and elements is assigned to a Content Router, the following applications are made:
•
•
The <dynamic> tag is a standalone tag; it is not defined as a subelement of the <coverageZone> tag. The subelements <CE> and <metric> must be defined within the <dynamic> tag. Table 2 describes the elements of the <dynamic> tag.
Table 2 Coverage Zone File Elements for Dynamic Content Routing
<dynamic>
<CE>1
Content Engine name
Specifies the Content Engine for which the metric value is to be applied. The <dynamic> tag can contain the names of multiple Content Engines.
<metric>1
Number
Value indicates the proximity of the Content Engine to the end user. The lower the value, the greater the preference given to the Content Engine.
If no metric is specified, the default value of 10 is applied.
1 This element is required.
The following example shows how the <dynamic> tag can be used in a coverage zone file:
<?xml version="1.0"?> <CDNNetwork> <revision>1.0</revision><dynamic> <CE>hostname_of_ce</CE>-----------> NOTE: The tag is <CE> and not <ce>. <metric>number</metric> </dynamic></CDNNetwork>The following example shows an invalid coverage zone file where the <dynamic> tag is written as a subelement of the <coverageZone> tag:
<?xml version="1.0"?> <CDNNetwork> <revision>1.0</revision><coverageZone> <dynamic> <CE>hostname_of_ce</CE> <metric>number</metric> </dynamic> </coverageZone></CDNNetwork>The following example shows that the <dynamic> tag and the <coverageZone> tag can exist together in a coverage zone file:
<?xml version="1.0"?> <CDNNetwork> <revision>1.0</revision><coverageZone> <network>a.b.c.d/mask</network> <CE>hostname_of CE</CE> <metric>0</metric> </coverageZone><dynamic> <CE>name_of_ce</CE> <metric>number</metric> </dynamic></CDNNetwork>The following example shows that the <dynamic> tag can appear multiple times in a coverage zone file:
<?xml version="1.0"?> <CDNNetwork><revision>1.0</revision><dynamic> <CE>hostname_of_ce1</CE> <metric>number</metric> </dynamic><dynamic> <CE>hostname_of_ce2</CE> <metric>number</metric> </dynamic></CDNNetwork>The following example shows that the <dynamic> tag can contain the names of multiple Content Engines:<?xml version="1.0"?> <CDNNetwork> <revision>1.0</revision><dynamic> <CE>hostname_of_ce1</CE> <CE>hostname_of_ce2</CE> <CE>hostname_of_ce3</CE> <metric>number</metric> </dynamic></CDNNetwork>You can use a coverage zone file with the <dynamic> tag, for example, when a preference order has to be given for a set of Content Engines that are serving the same client base. The following example shows that ce1 is preferred over ce2 because the metric value for ce1 is lower than that of ce2:
<?xml version="1.0"?> <CDNNetwork> <revision>1.0</revision><dynamic> <CE>hostname_of_ce1</CE> <metric>20</metric> </dynamic><dynamic> <CE>hostname_of_ce2</CE> <metric>30</metric> </dynamic></CDNNetwork>Content Distribution Manager GUI-Related Changes in the ACNS 5.3.3 Software Release
These documentation updates apply to the Cisco ACNS Software Configuration Guide for Centrally Managed Deployments, Release 5.3.
•
•
Restoring Factory-Default Settings for Real Networks License Keys
In the ACNS 5.3.3 software release, the ability to use the CLI or the Content Distribution Manager GUI to restore the Real Networks (RealProxy and RealSubscriber) license key settings to the factory defaults was added.
To restore the factory-default settings for RealProxy:
•
–
–
Figure 1 Restore Factory Defaults Icon in the Content Distribution Manager GUI
•
CONTENTENGINE# rtsp real-proxy restore ?factory-default Restore real proxy configuration file and databases to defaultTo restore the factory-default settings for RealSubscriber:
•
–
–
•
CONTENTENGINE# rtsp real-subscriber restore ?factory-default Restore real subscriber configuration file and databases to defaultIn the ACNS 5.3.3 software release, the rtsp real-proxy default-configuration and the rtsp real-subscriber default-configuration EXEC commands were replaced with the rtsp real-proxy restore factory-default and the rtsp real-subscriber restore factory-default EXEC commands. In the ACNS 5.3.1 software and earlier releases, when you entered the rtsp real-proxy default-configuration or the rtsp real-subscriber default-configuration EXEC command, only the RealProxy or RealSubscriber configuration files were restored to the default setting; the databases that contain the Real Networks license key settings were not restored to the factory defaults.
Ability to Configure TCP Memory Limits
In the ACNS 5.3.3 software release, the ability to use the CLI or the Content Distribution Manager GUI to configure TCP memory limits was added. The TCP memory limit settings allow you to control the amount of memory that can be used by the TCP subsystem's send and receive buffers.
Caution
To configure TCP memory limit settings from the Content Distribution Manager GUI, choose Devices > Devices (or Device Groups) > General Settings > Network > TCP. The TCP Settings window appears.
To configure the TCP memory limit settings from the CLI, use the tcp memory-limit global configuration command.
Table 3 lists the TCP configuration fields that have been added under the TCP Memory Limit Settings heading in the Content Distribution Manager GUI and the corresponding CLI commands that were added in the ACNS 5.3.3 software release.
Table 4 describes the default values for each command parameter, which are based on the total amount of memory for the device.
The following conditions must be satisfied whenever these default values are changed:
•
•
low-water-mark < high-water-mark-pressure < high-water-mark-absoluteCLI-Related Changes in the ACNS 5.3.3 Software and Later Releases
These documentation updates apply to the following two ACNS 5.3 software guides:
•
•
In the ACNS 5.3.5 software release, the SFTP server on the Content Engine was enhanced to allow nonadministrative users (that is, a user with a nonzero UID) to use Secure FTP (SFTP) to access the Content Engine. In the ACNS 5.3.5 software release, the sshd allow-non-admin-users and no sshd allow-non-admin-users global configuration commands were added to enable and disable this new feature.
In the ACNS 5.3.3 software release, the rtsp real-proxy default-configuration and the rtsp real-subscriber default-configuration EXEC commands were respectively replaced with the rtsp real-proxy restore factory-default and the rtsp real-subscriber restore factory-default EXEC commands. For more information, refer to the "Restoring Factory-Default Settings for Real Networks License Keys" section.
In the ACNS 5.3.3 software release, the ability to use the CLI to configure TCP memory limits was added. For more information, refer to the "Ability to Configure TCP Memory Limits" section.
In the ACNS 5.3.3 software release, the rule dns-resolve each-request global configuration command was added. For more information, refer to the "Rule Command for Converting Hostnames to IP Addresses Was Added in the ACNS 5.3.3 Software Release" section.
In the ACNS 5.3.3 software release, the output of the show programs EXEC command was modified. For more information, refer to the "Output of the show programs EXEC Command Was Modified in the ACNS 5.3.3 Software Release" section.
In the ACNS 5.3.7 software release, a new CLI command for configuring the ICAP server timeout was added. For more information on the new CLI command, refer to the "New CLI Command and GUI support for Configuring ICAP Connection Timeout" section.
In the ACNS 5.3.7 software release, new CLI commands for enabling and disabling the outgoing proxy monitor for HTTP, HTTPS, and FTP-over-HTTP were added. For more information on the new CLI commands, see the "New CLI Commands and GUI Support for Managing Outgoing Proxy Monitoring" section.
Rule Command for Converting Hostnames to IP Addresses Was Added in the ACNS 5.3.3 Software Release
In the ACNS 5.3.1 software and earlier releases, the use_proxy rule action and the failover option in the use-proxy rule action perform hostname to IP address translation at the time of the CLI configuration. If the IP address for the specified hostname were to change, the service rule would no longer function.
In the ACNS 5.3.3 software release, the rule dns-resolve each-request global configuration command was added. When this CLI command is enabled, the caching process on the Content Engine resolves the hostname each time that it processes the request and matches the pattern for the use-proxy rule action and the failover option in the use-proxy rule action.
For the ACNS 5.3.3 software and later releases, the caching process uses the initially resolved IP (done at the time of the CLI configuration) for processing the use-proxy rule action and the failover option in the use-proxy rule action when the rule dns-resolve each-request CLI command is disabled. For instance, the following is an example of the CLI command syntax for the yahoo and abc websites upon configuration with the ACNS 5.3.3 software:
ContentEngine(config)# rule action use-proxy www.yahoo.com 8080 failover pattern-list 10ContentEngine(config)# rule action use-proxy www.abc.com 8090 pattern-list 20In contrast, the following is an example of the CLI command syntax for the yahoo and abc websites upon configuration with the ACNS 5.3.1 software and earlier releases:
ContentEngine(config)# rule action use-proxy 66.94.230.42 8080 failover pattern-list 10ContentEngine(config)# rule action use-proxy 199.181.132.250 8090 pattern-list 20Output of the show programs EXEC Command Was Modified in the ACNS 5.3.3 Software Release
In the ACNS 5.3.1 software and earlier releases, the output of the show programs EXEC command does not include information about programs that were configured in local mode through the CLI. The command output only includes information about programs that were configured through the Content Distribution Manager GUI.
In the ACNS 5.3.3 software release, the command output for the show programs command was enhanced to include information about CLI-based programs (for example, information about CLI-based programs for both the Cisco Streaming Engine and WMT).
In the ACNS 5.3.3 software release, the output of the show programs EXEC command was also modified to add an "e-" for Envivio-based programs that have a reference URL that contains a m4e filename extension.
Related Documentation
Your product shipped with a minimal set of printed documentation. The printed documentation provides enough information for you to install and initially configure your product.
Product Documentation Set
In addition to these release notes, the product documentation set includes:
•
•
Refer to the Documentation Guide and License and Warranty for Cisco ACNS Software, Release 5.3.x for a complete documentation roadmap and URL documentation links for this product.
Hardware Documentation
•
•
•
•
•
•
•
•
•
•
Software Documentation
•
•
•
•
•
•
Online Help
•
•
Note
The Content Distribution Manager GUI and the Content Engine GUI both have context-sensitive online help that can be accessed by clicking the HELP button.
Obtaining Documentation
Cisco documentation and additional literature are available on Cisco.com. Cisco also provides several ways to obtain technical assistance and other technical resources. These sections explain how to obtain technical information from Cisco Systems.
Cisco.com
You can access the most current Cisco documentation at this URL:
http://www.cisco.com/techsupport
You can access the Cisco website at this URL:
You can access international Cisco websites at this URL:
http://www.cisco.com/public/countries_languages.shtml
Product Documentation DVD
The Product Documentation DVD is a comprehensive library of technical product documentation on a portable medium. The DVD enables you to access multiple versions of installation, configuration, and command guides for Cisco hardware and software products. With the DVD, you have access to the same HTML documentation that is found on the Cisco website without being connected to the Internet. Certain products also have .PDF versions of the documentation available.
The Product Documentation DVD is available as a single unit or as a subscription. Registered Cisco.com users (Cisco direct customers) can order a Product Documentation DVD (product number DOC-DOCDVD= or DOC-DOCDVD=SUB) from Cisco Marketplace at this URL:
http://www.cisco.com/go/marketplace/
Ordering Documentation
Registered Cisco.com users may order Cisco documentation at the Product Documentation Store in the Cisco Marketplace at this URL:
http://www.cisco.com/go/marketplace/
Nonregistered Cisco.com users can order technical documentation from 8:00 a.m. to 5:00 p.m. (0800 to 1700) PDT by calling 1 866 463-3487 in the United States and Canada, or elsewhere by calling 011 408 519-5055. You can also order documentation by e-mail at tech-doc-store-mkpl@external.cisco.com or by fax at 1 408 519-5001 in the United States and Canada, or elsewhere at 011 408 519-5001.
Documentation Feedback
You can rate and provide feedback about Cisco technical documents by completing the online feedback form that appears with the technical documents on Cisco.com.
You can submit comments about Cisco documentation by using the response card (if present) behind the front cover of your document or by writing to the following address:
Cisco Systems
Attn: Customer Document Ordering
170 West Tasman Drive
San Jose, CA 95134-9883We appreciate your comments.
Cisco Product Security Overview
Cisco provides a free online Security Vulnerability Policy portal at this URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
From this site, you will find information about how to:
•
•
•
A current list of security advisories, security notices, and security responses for Cisco products is available at this URL:
To see security advisories, security notices, and security responses as they are updated in real time, you can subscribe to the Product Security Incident Response Team Really Simple Syndication (PSIRT RSS) feed. Information about how to subscribe to the PSIRT RSS feed is found at this URL:
http://www.cisco.com/en/US/products/products_psirt_rss_feed.html
Reporting Security Problems in Cisco Products
Cisco is committed to delivering secure products. We test our products internally before we release them, and we strive to correct all vulnerabilities quickly. If you think that you have identified a vulnerability in a Cisco product, contact PSIRT:
•
An emergency is either a condition in which a system is under active attack or a condition for which a severe and urgent security vulnerability should be reported. All other conditions are considered nonemergencies.
•
In an emergency, you can also reach PSIRT by telephone:
•
•
Tip
Never use a revoked or an expired encryption key. The correct public key to use in your correspondence with PSIRT is the one linked in the Contact Summary section of the Security Vulnerability Policy page at this URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
The link on this page has the current PGP key ID in use.
If you do not have or use PGP, contact PSIRT at the aforementioned e-mail addresses or phone numbers before sending any sensitive material to find other means of encrypting the data.
Obtaining Technical Assistance
Cisco Technical Support provides 24-hour-a-day award-winning technical assistance. The Cisco Technical Support & Documentation website on Cisco.com features extensive online support resources. In addition, if you have a valid Cisco service contract, Cisco Technical Assistance Center (TAC) engineers provide telephone support. If you do not have a valid Cisco service contract, contact your reseller.
Cisco Technical Support & Documentation Website
The Cisco Technical Support & Documentation website provides online documents and tools for troubleshooting and resolving technical issues with Cisco products and technologies. The website is available 24 hours a day, at this URL:
http://www.cisco.com/techsupport
Access to all tools on the Cisco Technical Support & Documentation website requires a Cisco.com user ID and password. If you have a valid service contract but do not have a user ID or password, you can register at this URL:
http://tools.cisco.com/RPF/register/register.do
Note
Submitting a Service Request
Using the online TAC Service Request Tool is the fastest way to open S3 and S4 service requests. (S3 and S4 service requests are those in which your network is minimally impaired or for which you require product information.) After you describe your situation, the TAC Service Request Tool provides recommended solutions. If your issue is not resolved using the recommended resources, your service request is assigned to a Cisco engineer. The TAC Service Request Tool is located at this URL:
http://www.cisco.com/techsupport/servicerequest
For S1 or S2 service requests, or if you do not have Internet access, contact the Cisco TAC by telephone. (S1 or S2 service requests are those in which your production network is down or severely degraded.) Cisco engineers are assigned immediately to S1 and S2 service requests to help keep your business operations running smoothly.
To open a service request by telephone, use one of the following numbers:
Asia-Pacific: +61 2 8446 7411 (Australia: 1 800 805 227)
EMEA: +32 2 704 55 55
USA: 1 800 553-2447For a complete list of Cisco TAC contacts, go to this URL:
http://www.cisco.com/techsupport/contacts
Definitions of Service Request Severity
To ensure that all service requests are reported in a standard format, Cisco has established severity definitions.
Severity 1 (S1)—An existing network is down, or there is a critical impact to your business operations. You and Cisco will commit all necessary resources around the clock to resolve the situation.
Severity 2 (S2)—Operation of an existing network is severely degraded, or significant aspects of your business operations are negatively affected by inadequate performance of Cisco products. You and Cisco will commit full-time resources during normal business hours to resolve the situation.
Severity 3 (S3)—Operational performance of the network is impaired, while most business operations remain functional. You and Cisco will commit resources during normal business hours to restore service to satisfactory levels.
Severity 4 (S4)—You require information or assistance with Cisco product capabilities, installation, or configuration. There is little or no effect on your business operations.
Obtaining Additional Publications and Information
Information about Cisco products, technologies, and network solutions is available from various online and printed sources.
•
•
http://www.cisco.com/go/marketplace/
•
•
•
http://www.cisco.com/go/iqmagazine
or view the digital edition at this URL:
http://ciscoiq.texterity.com/ciscoiq/sample/
•
•
http://www.cisco.com/en/US/products/index.html
•
http://www.cisco.com/discuss/networking
•
http://www.cisco.com/en/US/learning/index.html
This document is to be used in conjunction with the documents listed in the "Related Documentation" section.
CCSP, CCVP, the Cisco Square Bridge logo, Follow Me Browsing, and StackWise are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn, and iQuick Study are service marks of Cisco Systems, Inc.; and Access Registrar, Aironet, BPX, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Enterprise/Solver, EtherChannel, EtherFast, EtherSwitch, Fast Step, FormShare, GigaDrive, GigaStack, HomeLink, Internet Quotient, IOS, IP/TV, iQ Expertise, the iQ logo, iQ Net Readiness Scorecard, LightStream, Linksys, MeetingPlace, MGX, the Networkers logo, Networking Academy, Network Registrar, Packet, PIX, Post-Routing, Pre-Routing, ProConnect, RateMUX, ScriptShare, SlideCast, SMARTnet, The Fastest Way to Increase Your Internet Quotient, and TransPath are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
All other trademarks mentioned in this document or Website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0601R)
Guest
