Table Of Contents
Release Notes for Cisco ACNS Software, Release 5.3.1
Eliminated Upgrade/Downgrade Paths
Media File System Issues When Downgrading to ACNS 5.0 Software
SmartFilter Issues When Upgrading or Downgrading to Another ACNS Software Release
Websense Issues When Downgrading to the ACNS 5.0 Software or ACNS 5.1 Software
Interoperability with ICAP Vendors
Matrix of Supported Caching, Filtering, and Authentication Methods
Open Caveats - ACNS 5.3.1 Software
Resolved Caveats—ACNS 5.3.1 Software
Acquisition and Distribution Resolved Caveats
Proxy and Caching Resolved Caveats
Cisco Product Security Overview
Reporting Security Problems in Cisco Products
Obtaining Technical Assistance
Cisco Technical Support Website
Definitions of Service Request Severity
Obtaining Additional Publications and Information
Release Notes for Cisco ACNS Software, Release 5.3.1
August 4, 2005
ACNS Build 5.3.1-b5
Note
The most current Cisco documentation for released products is available at Cisco.com at http://www.cisco.com. The online documents may contain updates and modifications made after the hardcopy documents were printed.
Contents
These release notes contain information about the Cisco Application and Content Networking System (ACNS) 5.31 software. These release notes describe the following topics:
•
•
•
Introduction
The ACNS software combines the technologies of demand-pull caching and pre-positioning for accelerated delivery of web applications, objects, files, and streaming media; the ACNS software runs on Cisco Content Engines, Content Distribution Manager, and Content Router hardware platforms.
These release notes are intended for administrators who will be configuring, monitoring, and managing devices that are running the ACNS 5.3.1 software. These release notes describe the new product features, the supported hardware, and the open and resolved caveats regarding the ACNS 5.3.1 software.
New and Changed Information
This section describes new and changed features in the ACNS 5.3.1 software release. It also lists the supported hardware.
New Features
Table 1 lists the new features in the ACNS 5.3.1 software release.
Table 1 New Features in the ACNS 5.3.1 Software
•
•
•
•
•
•
–
–
–
This new capability is supported by configuring and enabling two WCCP Version 2 media-caching services on the Content Engine and the WCCP routers: the new wmt-rtspu service (service 83) and the rtsps service (service 80). (See Table 3 for a list of the supported WCCP services.)
(Continued)•
The protocol for the live source can be MMST, HTTP, multicast, or RTSPT. The protocol for the stream output can be MMSU, MMST, HTTP, multicast, RTSPT, or RTSPU.
Note
•
•
All of the available authentication modes (Negotiate, NT LAN Manager [NTLM], Kerberos, and Digest) are supported.
•
–
–
Streams that are part of a server-side playlist are not cached. Stream controls (for example, bandwidth, bit rate, and the maximum number of concurrent streams) now apply to the WMT RTSP traffic and as to the MMS traffic.
•
•
•
Fast Cache and Fast Start are supported in the following circumstances:
–
–
Note
•
–
–
•
(Continued)•
All supported redirection methods are supported.
•
•
–
–
To support this feature, the wmt multicast station-configuration station-name failover global configuration command was added.
•
To support this feature, the wmt multicast station-configuration station-name schedule-start now global configuration command was introduced. If you specify this new command for a specific multicast station, the multicast station is automatically started after the Content Engine is reloaded.
Note
The new no wmt multicast station-configuration station-name schedule-start now global configuration command works exactly like the wmt multicast-station stop station-name EXEC command. You can use either command to stop a specific WMT multicast station.
•
The Content Distribution Manager GUI and the application program interfaces (APIs) now support RTSP URLs for WMT RTSP scheduled rebroadcasts.
•
•
•
(Continued)•
–
–
–
–
–
•
–
–
•
•
•
The ability to configure to configure IP subnet-based bandwidth control for WMT requests allows you to specify the maximum bandwidth consumption for specific client IP subnets (the aggregate bandwidth for the subnet).
This bandwidth control feature is supported for WMT streaming through the following protocols:
–
–
–
•
•
•
(Continued)•
Note
•
•
–
–
–
•
•
For example, there are new CLI commands for displaying the following type of information:
–
–
•
Enhancements•
–
–
–
For example, the show ftp proxy EXEC command was replaced with the show ftp-over-http and show ftp-native EXEC commands in the ACNS 5.3.1 software release.
–
Enhancements
(Continued)•
–
–
–
–
–
Note
For detailed information about configuring the Websense software, go to the following URL on the Websense website:
http://ww2.websense.com/docs/support/documentation/setup/v52/WSPreinstall_CiscoCE_ACNS_53.pdf
•
In the ACNS 5.2.x software and earlier, you could accept a license for an entire device group, and you had to accept the license again if a new device is added.
In the ACNS 5.3.1 software release, you can read and accept each type of license agreement once for all of your Content Engines.
•
–
–
Note
These new format tokens provide support for Squid-like logging format from within the W3C customizable token set.
(Continued)•
–
–
–
–
–
–
–
Note
In the ACNS 5.3.1 software release, the NTLM window was modified to allow you to configure all of the options that are available from the ntlm server, ntlm server ad-group-search, ntlm server connection-timeout, and the ntlm server connection-retry global configuration CLI commands.•
–
–
–
All three of these banners are effective on a console, Telnet, or a Secure Shell (SSH) Version 2 session. When you run an SSH Version 1 client and log in to the Content Engine, the motd and login banners are not displayed.
(Continued)•
This feature is supported for the following interfaces: Fast Ethernet, Gigabit Ethernet, Fibre Channel, Port Channel, and Standby. It is not currently supported for the Small Computer Systems Interface (SCSI) or the Integrated Drive Electronics (IDE) interfaces. The maximum length of the description text is 240 characters.
•
•
You can configure one or more interfaces to act as a backup interface (a standby interface) for another interface on a Content Engine. This feature is called standby interface support. Standby groups, which are logical groups of interfaces, are used to implement this feature.
When an active network interface fails (because of cable trouble, Layer 2 switch failure, high error count, or other failures) and that interface is part of a standby group, a standby interface can become active and take the load off the failed interface.
The following are supported:
–
–
–
–
–
•
•
•
Enhancements
(Continued)•
–
–
–
–
Note
•
–
–
–
Facilitation•
–
–
–
•
•
•
Enhancements•
The Content Distribution Manager GUI was enhanced to allow you to configure a grace period before the root Content Engine failover and fallback may occur.
•
•
•
•
•
•
•
Enhancements•
•
Note
•
The ACNS system has several predefined standard time zones. Some of these time zones have built-in daylight saving time information while others do not. The system includes about 1500 standard time zone names. In the ACNS 5.3.1 software release, you can now display a list of all the standard time zones.
In the ACNS 5.2.x software and earlier, there was no restriction on these reserved standard time zone names. You could overload these standard names in various ways. In the ACNS 5.3.1 software release, strict checking was added. For example, the clock summertime command is now disabled when a standard time zone is configured. Consequently, you can now only configure daylight saving time if the time zone is not a standard time zone (if the time zone is a customized zone).
•
–
–
–
SMART provides you with hard drive diagnostic information and information about impending disk failures. In the ACNS 5.3.1 software release, the output from the show tech-support EXEC command was modified to include SMART information.
–
Note
–
–
By migrating to the ext3 file system, the amount of time required to perform a file system check of the CDNFS, MEDIAFS, and SYSFS partitions is decreased, which increases the availability of the Content Engine. If you are upgrading from an earlier release of the ACNS software, the ext2 file system is automatically converted to the ext3 file system when you upgrade to the ACNS 5.3.1 software and later releases.
EnhancementsFor a list of other enhancements (additional Severity 6 enhancements) that are part of the ACNS 5.3.1 software release, see Table 2.
Table 2 lists the Severity 6 (Sev 6) enhancements that are part of the ACNS 5.3.1 software release.
Hardware Supported
The ACNS 5.3.1 software supports the following hardware platforms. All of the listed platforms also support the ACNS 5.2.x software release except for the CE-7326. The CE-7326, which is a new platform that is supported in the ACNS 5.3.1 software release, does not support ACNS 5.2.x, 5.1.x, or 5.0.x software.
Important Notes
This section emphasizes important information regarding the ACNS 5.3.1 software and includes the following sections:
•
•
•
•
•
Eliminated Upgrade/Downgrade Paths
In the ACNS 5.3.1 software release, the following upgrade and downgrade paths were eliminated:
•
•
Media File System Issues When Downgrading to ACNS 5.0 Software
If you have configured the media file system (mediafs) with the ACNS 5.1 software and later releases, and then downgrade to the ACNS 5.0 software, the mediafs disk space assignment is lost and reverts to ACNS network file system (cdnfs) disk space. (The mediafs is used for on-demand content that is fetched through the two streaming protocols [RTSP and WMT]. The cdnfs is used for pre-positioned content in the ACNS network.)
This situation occurs because of a design change that was implemented in the ACNS 5.1 software. Because the ACNS 5.0 software is not compatible with this change, the disk space becomes assigned to cdnfs instead of mediafs. To work around this problem, follow these steps:
1.
Use the Content Distribution Manager GUI for Content Engines that are registered with a Content Distribution Manager. Use the Content Engine GUI for standalone Content Engines (Content Engines that are not registered with a Content Distribution Manager and are being managed through the Content Engine GUI or CLI).
2.
SmartFilter Issues When Upgrading or Downgrading to Another ACNS Software Release
When you upgrade or downgrade the Content Engine to a different release of the ACNS software, if there is a difference in the SmartFilter plug-in version, the SmartFilter database and configuration files are deleted and default configurations are loaded. This change occurs because the configuration details might be changed with each new version of SmartFilter software. After each upgrade or downgrade of the SmartFilter plug-in, a fresh database has to be downloaded from the SmartFilter Administration Console to the Content Engine.
Websense Issues When Downgrading to the ACNS 5.0 Software or ACNS 5.1 Software
If the local (internal) Websense server is enabled on the Content Engine and you downgrade from the ACNS 5.2.x software to either ACNS 5.0 software or ACNS 5.1 software, the WebsenseEnterprise directory is removed from the Content Engine and the local Websense server stops working. The ACNS 5.2.x software does not generate an error message indicating that the WebsenseEnterprise directory has been removed. However, in the ACNS 5.3.1 software and later releases, the following error message is displayed to notify you about this Websense downgrade issue:
WARNING:Websense does not support downgradeHence removing /local/local1/WebsenseEnterpriseWebsense will stop working after copy ftp installTo avoid this problem when downgrading from the ACNS 5.3.x or ACNS 5.2.x software to either ACNS 5.1.x software or ACNS 5.0.x software, follow these steps:
Step 1
Step 2
Step 3
Interoperability with ICAP Vendors
The Internet Content Adaptation Protocol (ICAP) is an open standards protocol for content adaptation, typically at the network edge. Content adaptation includes virus scanning, content translation, content filtering, content insertion, and other ways of improving the value of content to end users. ICAP specifies how a Content Engine, acting as an HTTP proxy server, can communicate with an external device that is acting as an ICAP server, which filters and adapts the requested content.
ICAP provides two content-processing modes for HTTP services. These modes define the transactions that can occur between a Content Engine acting as an ICAP client and an ICAP server. The two modes are as follows:
•
•
The following is a complete list of the ICAP vendors that have been certified to interoperate with the Content Engine:
•
•
ICAP Performance
With the respmod vectoring point, which is used by virus-scanning Internet Content Adaptation Protocol (ICAP) vendors, the performance of the Content Engine model CE-7305 will be 300 transactions per second.
With the reqmod-precache vectoring point, which is used by URL filtering ICAP vendors, the performance of the Content Engine model CE-7305 will drop 20 percent from the rated performance.
Note
Changes to WCCP Support
In the ACNS 5.2.1 software release, up to 25 active WCCP Version 2 services are supported. In the ACNS 5.2 software release, there are 17 WCCP Version 2 services that can be configured.
In the ACNS 5.3.1 software release, there are now 18 WCCP Version 2 services that can be configured. In the ACNS 5.3.1 software release, service 83 was added. Table 3 lists the supported WCCP services.
Matrix of Supported Caching, Filtering, and Authentication Methods
Table 4 lists the caching, filtering, and authentication methods supported by Content Engines that are running the ACNS 5.3.x software. An asterisk (*) indicates a feature is supported for that particular protocol.
Caveats
This section lists and describes the open and resolved Severity 1, 2, and 3 caveats in the ACNS 5.3.1 software. Caveats describe unexpected behavior in the ACNS 5.3.1 software. Severity 1 caveats are the most serious; Severity 2 caveats are less serious. Severity 3 caveats are moderate caveats.
Open Caveats - ACNS 5.3.1 Software
This section lists caveats that have not been resolved in the ACNS 5.3.1 software release.
•
Symptom: Content cannot be acquired using strong authentication from secure origin servers that use certificates from nonstandard certificate authorities (CAs). If strong authentication was chosen for content acquisitions from such a site, the acquirer error statistics will contain a 401 (Unauthorized) error code, and the acquirer error log contains the following error message:
Strong Cert Authentication rejects certificate due to error: ssl error codeCondition: This problem occurs if the origin server uses a certificate that is not known as a standard certificate to the ACNS software acquirer. For content acquisition from secure sites over HTTPS using strong authentication, only sites with certificates from standard certificate authorities are supported.
Note
Workaround: Use one of these workarounds:
–
–
•
Symptom: When a Content Engine model CE-565 is attached to a Storage Array SA-7 device, if too large a cache file system (cfs) partition is configured, and a combined streaming and caching workload is used, then a lower HTTP performance is observed.
Condition: This problem occurs when the CE-565 has Windows Media Technologies (WMT) enabled, a combined streaming and caching workload is used, and the Content Engine is attached to an SA-7 device.
Note
Workaround: Allocate less space to the cfs if a Storage Array is attached to the Content Engine.
•
Symptom: Windows Media Technologies (WMT) is enabled with no media file system (mediafs) after you downgrade from the ACNS 5.1b300 software to the ACNS 5.0.7b8 software.
Condition: This problem occurs if you upgrade from the ACNS 5.0.7b8 to the ACNS 5.1bx software, configure the disk, and then downgrade to the ACNS 5.0.7b4 software.
Workaround: Reconfigure the disk with a mediafs partition and reload the software.
•
Symptom: Using FTP inside the .meta file to have the Content Engine obtain the .bin file for a Content Distribution Manager GUI-initiated upgrade is unsuccessful if the user's home directory differs from the FTP root.
Condition: Either you receive an error in the Content Distribution Manager GUI when you are creating the definition for the upgrade (when the .bin file does not exist in the user's home directory), or the Content Engine displays an error message on the upgrade (when the .bin file does not exist in the FTP root directory).
Workaround: Copy the .bin file to both the FTP root and the user's home directory, or use a user whose home directory is the FTP root.
•
Symptom: A constant stream of bandwidth error messages (one about every 2 seconds) is reported in the syslog. As the following sample messages indicate, these messages are not very useful.
Feb 11 13:24:26 webcache01 bandwd: %CE-BANDWD-3-115002: BANDWD: Trying again in two secondsFeb 11 13:24:28 webcache01 bandwd: %CE-BANDWD-3-115003: BANDWD: verification registration failed, err=30Condition: None.
Workaround: There is no known workaround.
•
Symptom: The Content Distribution Manager only checks if coverage zone files refer to invalid Content Engines after there is a fresh import. When there is a configuration change that can cause already imported coverage zone files to refer to invalid Content Engines, the Content Distribution Manager does not check or display the correct error message until the next fresh import.
Condition: This problem occurs if there is a coverage zone configuration change that causes already-imported coverage zone files to refer to invalid Content Engines.
Workaround: There is no known workaround.
•
Symptom: The Content Engine stops spoofing the client IP address and uses its own IP address to fetch content from the origin server.
Condition: The http l4-switch spoof-client-ip enable global configuration command turns on IP spoofing on a Content Engine that is functioning as a caching engine. When a rule action use-server global configuration command is used, the Content Engine stops spoofing the client IP address and instead uses its own IP address to fetch the content.
Workaround: Remove the rule configurations.
•
Symptom: The network management system (NMS) host does not know where SNMP traps are coming from.
Condition: This problem occurs if there are two interfaces and you configure interface redundancy using both interfaces. You must use a dummy address for the physical addresses. You then configure a real address that floats between the two interfaces. If you then configure SNMP traps, the traps are being sourced from the dummy address and not the routable address. Therefore, the NMS host does not know where the trap is coming from.
Workaround: Configure the Content Engine to generate SNMP version 2c type trap messages. Because the SNMP version 2c trap message does not contain the IP address of the SNMP agent, the NMS software will use the source IP address of the UDP message to identify the address of the SNMP agent.
•
Symptom: The cdnfs files are turned into directories (which are visible if you enter the cdnfs browse EXEC command on the Content Engine).
Conditions: This problem is rare and occurs only when the file system corruption has caused a directory entry to be a subdirectory when it should have been a file. This problem occurs only if multiple cdnfs entries are being updated and the Content Engine crashes (for example, the Content Engine crashes because of a power failure).
Workaround: Enter the cdnfs cleanup start EXEC command on the Content Engine.
•
Symptom: Even though you entered the url-filter wmt bad-sites-deny global configuration command on the Content Engine, the Content Engine is not filtering requests for content that is pre-positioned in its wmt_vod directory.
Condition: This problem occurs in the following situation:
a.
b.
c.
Workaround: Configure the bad site list using mmst://127.0.0.1/wmt_vod/file.asf instead of mmst://Content Engine IP address/wmt_vod/file.asf.
•
Symptom: A WMT live stream in a managed live event environment is accessible for a period longer than the scheduled duration.
Condition: This problem occurs only with WMT live programs that have unicast access enabled. In this situation, streams can be accessible for up to 24 hours after the last playtime of the event if "Auto Delete" is set to true or can be accessible indefinitely if "Auto Delete" is set to false.
Workaround: Control the live-stream source through the schedule for the event. Typically, this process involves starting and stopping the WMT encoder.
•
Symptom: Syslog messages contain the following text:
uns-server: %CE-CDNFS-0-480000: uns_read_meta: WOW! url mismatch:wanted 'URL>', swaw '^C'Condition: This problem occurs because of file system corruption; the cdnfs metadata files have the wrong content (the content is internally consistent but is in the incorrect file). This problem occurs infrequently. For example, it can occur if the cdnfs content is being updated and a crash occurred because of a kernel panic (which occurs infrequently).
Workaround: Although there is no known workaround to stop the syslog messages shown above, lookups for the target URL (listed in the syslog message) may succeed if the ACNS software has created a new cdnfs entry for the target URL.
You can enter the cdnfs lookup url EXEC command to see if the URL is found. If the URL is not found, a way to force it to be replicated is to modify the file on the origin server (for example, by entering the touch command on a UNIX-based origin server).
Alternatively, you can enter the acquisition-distribution database-cleanup start command on the affected Content Engine to query the cdnfs for all the objects that are supposed to be on the Content Engine. Missing objects should be detected and replicated.
•
Symptom: The content replication status can show an incorrect manifest item count.
Condition: This problem can occur if too many channels share the same content (for example, if over 100 channels share the same 30 files in each channel). Even though all 100 channels should show the 30 files that were acquired and distributed, it takes an extended period (days) before the correct manifest item count is displayed.
Workaround: Reduce the number of channels that share the same contents.
•
Symptom: The CPU usage on the Content Engine hits a peak of 100 percent.
Condition: This problem can occur if the internal (local) Websense server is enabled on the NM-CE-BP models.
Workaround: There is no known workaround.
•
Symptom: If you specify foo as a folder URL in the manifest file, and there is a single item redirection from foo to foo/ by the web server, the ACNS acquirer fails to process such redirections and generates a 716 error message. If you are using the quick crawl tool in the Channel Content window, some of the files also report 716 error messages.
Condition: This problem occurs if you are using the quick crawl tool and there is a single item redirect from foo to foo/. However, if foo is a link from a crawl job, single item redirections from foo to foo/ are allowed.
Workaround: Specify foo/ in the manifest file, or specify a crawl job instead of using the quick crawl tool.
•
Symptom: Microsoft NT LAN Manager (NTLM) authentication fails and the pop-up window is displayed again.
Condition: This problem occurs if NTLM authentication is being used and the specified domain name is longer than 50 characters.
Workaround: For NTLM authentication, use a domain controller (DC) that has a domain name shorter than 35 characters.
•
Symptom: Proxy requests to the Content Engine proceed to allow mode (if allow mode is enabled) or are blocked (if allow mode is disabled) when the Websense URL filtering mechanism is configured to use the local Websense server.
Because the connections from the Content Engine to the Websense server time out, all requests go to allow mode until all 40 connections are exhausted. (This situation makes it appear as if the Websense server is not responding.) After all 40 connections are attempted, the Content Engine successfully connects to the Websense server and works properly thereafter.
Condition: This problem can occur under the following conditions:
•
•
•
•
Workaround: Reconfigure Websense URL filtering on the Content Engine so that the Content Engine will attempt to establish new connections to the Websense server.
•
Symptom: Channel routing causes loops for several Content Engines.
Condition: This problem can occur if there are Content Engines that are running the ACNS 5.1.x software or earlier, and these Content Engines are registered with a Content Distribution Manager that is running the ACNS 5.2.x software.
Workaround: Upgrade the Content Engines to the ACNS 5.2.x software. Currently, a Content Distribution Manager that is running the ACNS 5.2.x software does not propagate some configuration changes to Content Engines that are running an ACNS software release earlier than the ACNS 5.2.x software. Therefore, Content Engines that are running the ACNS 5.1.x software or earlier, may not recognize that the root Content Engine was changed from one Content Engine to another. Consequently, routing loops can develop within the system.
•
Symptom: When a root Content Engine is downgraded from the ACNS 5.2.x software to the ACNS 5.1 software, some channels are disabled and some content fails to be acquired.
Condition: This problem occurs when the manifest file URL is a Server Message Block (SMB) URL with a uniform naming convention (UNC) path format (for example, \\host\share\file), or when an item or crawl task specified in either the src or start-url attribute has a UNC path format.
Because the ACNS 5.1 software does not support SMB file acquisition, the root Content Engine running the ACNS 5.1 software is not able to fetch the manifest file or acquire content from the SMB shares.
Workaround: Either before or after you downgrade the root Content Engine from the ACNS 5.2.x software to the ACNS 5.1 software, remove the SMB URL from the Manifest URL field in the Channel configuration window of the Content Distribution Manager GUI and use a URL with supported protocols (HTTP, FTP, or HTTPS).
Note
From an ACNS 5.2.x Content Distribution Manager GUI, choose Content > Channels > Edit Channel > Channel Content.Edit the manifest file by removing content items and crawl tasks that have UNC formatted paths.
Use the acquirer start-channel EXEC command to initiate channel acquisition and verify that the workaround is successful.
•
Symptom: The CMS service on the Content Distribution Manager cannot start and fails to create the CMS database backup file.
Condition: This problem can occur if the ACNS network configuration is very large (for example, with 2000 configured Content Engines) and the sysfs partition is 2 GB or less.
Workaround: Create a sysfs partition that is greater than 2 GB.
•
Symptom: Microsoft NT LAN Manager (NTLM) authentication occurs even though you disabled it on the Content Engine.
Condition: This problem occurs very rarely. In very rare situations, even though you entered the no ntlm server enable global configuration command to disable NTLM proxy authentication on the Content Engine, NTLM proxy authentication is still not turned off. In such cases, NTLM authentication can still occur, although the output of the show running EXEC command shows that the NTLM server is not enabled on the Content Engine.
Workaround: Enter the no ntlm server enable global configuration command again on the Content Engine.
•
Symptom: The ICAP service is enabled on the Content Engine, but the Content Engine is unable to retrieve the content.
Condition: This problem can occur if the Content Engine is running the ACNS 5.x software, and you configure two or more ICAP services to subscribe to the same vectoring point (the response modification [RESPMOD] vectoring point).
Workaround: There is no known workaround.
•
Symptom: A cleanup of the sysfs partition removes all pre-positioned RealMedia contents from the /local1/real_vod/ directory on the Content Engine.
Condition: This problem occurs if the sysfs partition is saturated because of the population of content in the real_vod directory.
Workaround: There is no known workaround.
•
Symptom: The WCCP cache farm (a cluster of Content Engines that are running WCCP) is formed using the assignment method even though you specified the mask-assignment assign-method- strict option when configuring the WCCP service.
Condition: This problem occurs if the WCCP cache farm is associated with Cisco routers instead of switches.
Workaround: There is no known workaround. Mask assignment was only designed for Catalyst 6500 series switches and is not supported by Cisco routers.
•
Symptom: The stream scheduler in the edge Content Engine retrieves stale Session Description Protocol (SDP) information from its forwarder and stores it in its local1/cse_live/ucast folder if the encoding is modified through IP/TV Program Manager. All further RTSP requests are served with this stale SDP content.
Condition: This problem occurs if the stream scheduler retrieves stale SDP information from its forwarder because the program has been edited and the encoding changed for a program. This situation occurs if the Content Distribution Manager notification at the edge Content Engine triggers the stream scheduler before the same occurs at the root Content Engine. Consequently, the edge Content Engine obtains the SDP content from its forwarder, which is valid content at that moment.
Workaround: Reload the Content Engine.
•
The Content Engine becomes unresponsive, and it takes a long time for commands to be executed.
Condition: This problem occurs when the load that is running on the Content Engine is almost as high as the maximum permissible load for a Content Engine, and you then enable ICAP (especially with request modification [REQMOD] transactions). This situation causes the Content Engine to go into an overload state and not recover easily.
Workaround: The load on the Content Engine with ICAP enabled (for the response modification [respmod] transactions) should be kept to 50 percent of the load that it can handle without ICAP.
•
Symptom: A URL in the Synchronized Multimedia Integration Language (SMIL) file that has the "repeatCount" value set, may not be requested as many times as specified by the "repeatCount" setting.
Condition: This problem occurs only when RealPlayer Version 10 is used. The player exhibits the same behavior whether or not there is a Content Engine between the client and the origin server.
Workaround: Use RealOne player instead of RealPlayer Version 10, or request the SMIL file again. The URL will be played at least once in the player.
•
Symptom: An HTTP 1.0 request that is received by the Content Engine from a client web browser is sent as an HTTP 1.1 request by the Content Engine to the origin server.
Condition: This problem occurs only when the ICAP service is enabled on the Content Engine.
Workaround: There is no known workaround.
•
Symptom: The cache process on the Content Engine restarts.
Condition: This problem occurs if a large volume of HTTPS and FTP traffic is being directed to the Content Engine, which is operating in transparent mode.
Workaround: There is no known workaround.
•
Symptom: Even though you entered a write memory command, after an immediate reload, a prompt appears that the configuration has been changed.
Conditions: This problem occurs if the following conditions are met:
–
–
–
–
Workaround: Note that ACNS functionality is not affected if this problem occurs. However, if a prompt appears stating that the configuration has been changed, enter yes to save the configuration.
•
Symptom: Unicast access to a live program does not work.
Condition: This problem occurs only when you use special characters ("?" and "#") in the unicast reference URL.
Workaround: To publish a live event, use URLs that do not contain special characters.
•
Symptom: The Content Engine reboots suddenly when you are performing database maintenance.
Condition: The problem can occur because of a platform issue in the power supply of the device.
Workaround: Properly trim the power supply of the Content Engine.
•
Symptom: You are not able to download the control list or apply a policy (for example, the policies that control when the SmartFilter subscription or control list expire) to the SmartFilter 3.x plug-in.
Condition: This problem occurs if you use the SmartFilter 4.0 Administrator Console to define the SmartFilter 3.x plug-ins as part of a plug-in group.
Workaround: Use the SmartFilter 4.0 Administrator Console to define the SmartFilter 3.x plug-ins as individual plug-ins.
•
Symptom: The proxy autoconfiguration file is missing from the Content Engine after you switch from group settings to device settings, and then switch back to group settings.
Condition: This problem can occur in the following condition:
a.
b.
c.
The autoconfiguration file is not found but the proxy autoconfiguration feature is shown as enabled.
Workaround: Return to the device window in the Content Distribution Manager GUI, delete the values from the proxy autoconfiguration fields in the device window, and then select device group from the drop-down menu.
•
Symptom: When using the quick start tool in the Content Distribution Manager GUI, if you repeatedly click the Add-Router to List button before the window completely loads in your browser, the following message appears in your browser:
The system had trouble processing your last request.This situation can occur under the following circumstances:
–
–
–
Condition: This problem occurs only when there is a slow connection between the Content Distribution Manager and your browser and you perform any of the unsupported actions described above.
Workaround: Return to the Content Distribution Manager GUI and wait until the window is completely loaded in your browser before you click the Add-Router to List button.
•
Symptom: HTTP VOD file statistics are not being updated correctly.
Condition: This problem can occur if you enter the show statistics wmt requests EXEC command while you are using the HTTP protocol to play a stream. The command output shows the total unicast requests field as 2 but shows the other types of requests (for example, the number of served streaming requests) as only 1.
Workaround: Wait until the stream ends before you enter the show statistics wmt requests EXEC command.
•
Symptom: The Websense EIM server that is running on the Content Engine generates a core file.
Condition: This problem can occur when the Websense server is enabled on the Content Engine.
Workaround: No user intervention is required. If this problem occurs, the Websense server functionality is not affected. After generating a core file, the Websense server will be automatically restarted and the functionality is restored.
•
Symptom: When WCCP transparent redirection is being used to redirect RTSP client requests transparently to WCCP routers, the client receives an error stating that it is unable to locate the server when it attempts to retrieve the RTSP URL. This problem can occur because the URL presented to the client is a modified "bad" URL. This modified URL is the original URL with the Content Engine's RTSP gateway IP address prepended before the domain name. For example, if the original RTSP URL is "rtsp://website.com.domain:554/url-path-info," then the following modified "bad" URL is returned to the client:
rtsp://ciscoRTSPG.ipaddress-of-rtsp-gateway.website.com.domain:554/url-path-info
The reason that the client is unable to resolve the DNS is because the Content Engine is using the modified URL.
Condition: The problem can occur when the WCCP router list (wccp router-list x.x.x.x CLI command) on the Content Engine is configured with a router IP address that the router does not use in its WCCP "I See You" messages.
Workaround: Configure the WCCP router list to use the IP address that the WCCP router is using on its "I See You" messages.
•
Symptom: The Windows Media player goes into a buffering state for RTSPU-based file streaming.
Condition: This problem can occur under the following circumstances:
–
–
Workaround: Use RTSPT-based file streaming instead of RTSPU-based file streaming.
•
Symptom: Multiple connections are seen between the root Content Engine and the Windows Media server/encoder.
Condition: This problem can occur if the root Content Engine is under a heavy load and multiple Content Engine children or clients connect to the root Content Engine to access a unicast stream. Because of timing issues, the root Content Engine can create multiple connections to the encoder/server. This problem does not adversely impact the clients that are watching the stream; however, one side effect is that more bandwidth will be used between the root Content Engine and the encoder/server.
Workaround: There is no known workaround.
•
Symptom: RealPlayer crashes when the streams are switched over from the first stream to the second stream.
Condition: This problem can occur if you have set the reconnect as automatic for broadcast redundancy.
Workaround: Set the reconnect as manual instead as automatic.
•
Symptom: After changing the DNS configuration, WMT fails and the WMT error logs show that there is a problem with resolving URLs.
Condition: This problem occurs because WMT is not recognizing that a DNS change has occurred and is trying to use the old DNS configuration that may point to a server that is down or is inaccessible.
Workaround: After you change the DNS configuration, reload the Content Engine to ensure that all of the processes will obtain the current DNS configuration when they start up.
•
Symptom: CPU usage on the Content Engine reaches 99 percent.
Condition: This high CPU usage can occur if the Content Engine is serving numerous live-streaming requests and it is running the ACNS 5.1.11 software and later releases.
Workaround: If you are not expecting a very high load on the Content Engine, you can turn off kernel optimization by entering the no wmt accelerate live-split enable global configuration command.
•
Symptom: The internal Websense server on the Content Engine is not responding to a block page message.
Condition: This problem can occur if certain clients do not behave properly and fail to send the requested data back to the Websense block page server. The block page server is not timing out these requests, reaches a limit, and then stops responding.
Workaround: Restart the internal Websense server or reboot the Content Engine to clear the connections.
•
Symptom: SNMP management is not able to learn the standby interface in order to test the standby interface for accessibility.
Condition: This problem can occur if the Content Engine is configured with a standby interface and the SNMP management station uses an MIB query for ipAdEntAddr. The SNMP management system learns the addresses of the individual interfaces but not the address of the standby group.
Workaround: Configure real addresses for the interfaces on the Content Engine so that the SNMP management station can at least test that the interfaces on the Content Engine are active.
•
Symptom: After you configure a live event through the ACNS 5.2 Content Distribution Manager GUI, the URL link generated by the Content Distribution Manager cannot be played.
Condition: This problem only occurs if the media filename or program name includes a blank space.
Workaround: Do not use a blank space in either the media filename or the program name when using the Content Distribution Manager to configure a live event. For example, use "-" or "_" instead of a blank space.
•
Symptom: Internet Explorer does not display the RealServer License Monitor window correctly. (This window is displayed by logging in to the RealServer administrative interface and then selecting Logging & Monitoring and License Monitor.)
Condition: This problem only occurs with Internet Explorer.
Workaround: Use the Firefox or Netscape browsers, which display the License Monitor window correctly.
•
Symptom: Both Internet Explorer and Firefox browsers do not correctly display changed settings for the broadcast transmitter and receivers.
Condition: This problem occurs if the Content Engine is running the ACNS 5.2.x software and later releases, and is using RealServer as a back-end RTSP server.
Workaround: There is no known workaround.
•
Symptom: The Internet Explorer client retrieves a partial (incomplete) customized error page and displays it along with some partial HTML code.
Condition: This problem occurs if a customized error page is configured on the Content Engine and an Internet Explorer client requests a nonexistent HTTPS URL, which causes the customized error page to be returned.
Workaround: There is no known workaround.
•
Symptom: NTLM authentication for a valid user may take a longer period than usual (approximately two minutes) if the client sends the request when the Content Engine has been idle for a long period of time.
Condition: This problem can occur in the following condition:
a.
b.
c.
GET http://somehostname/Zone-UVWXYZ/config.cfg HTTP/1.0\r\nRequest Method: GETAccept: */*\r\nUser-Agent: Tioga\r\nHost: somehostname\r\nPragma: no-cache\r\nwhere somehostname is a hostname.
The user will be authenticated after waiting approximately two minutes. After reporting a failure to the browser, the Content Engine uses the same credential and retrieves the group information for that user from its HTTP authentication cache.
Workaround: On the Content Engine, configure a rule to either reject requests from the user agent named Tioga, or configure the no-auth rule to bypass authentication for this user agent.
•
Symptom: The ICAP daemon that is running on the Content Engine generates a core file.
Condition: This problem can occur when there is a heavy load of HTTPS proxy traffic that is being processed by the Content Engine.
Workaround: There is no known workaround.
•
Symptom: In a Content Router environment, users are not able to choose RTSPU(UDP) or RTPST(TCP) by requesting with rtspu:// or rtspt:// from their Windows Media players. Another symptom is that an RTSPT stream is returned when an RTSPU stream is requested. A third symptom is that even though you specified the wmt disallowed-client-protocols rtspu global configuration command, it is not preventing clients from being served for a request rtspu://crfqdn/file.asf, this returns an RTSP stream instead of an error.
Condition: This problem can occur if a Content Router is being used for RTSP redirection.
Workaround: There is no known workaround.
•
Symptom: When viewing a rich media stream, the video display may be black for a couple of minutes. After the video starts to play, if you click the progress bar in the Windows Media player to advance the video, the video display may go black again as though the video were starting over again.
Condition: This problem can occur if you are using a Windows Media 9 client to view a rich media stream.
Workaround: There is no known workaround.
•
Symptom: Even though TACACS AAA accounting is enabled on the Content Engine, no command information is being received under the standard Cisco Access Control Server (ACS) TACACS headers.
Condition: This problem can occur if TACACS accounting is enabled on the Content Engine and it is reporting to a Cisco ACS 3.1 TACACS server.
Workaround: There is no known workaround.
•
Symptom: In case of WMT live and content routing, the HTTP failover URL does not work.
Condition: In case of a WMT live using content routing, after the initial communication between the client and the Content Router, the client is redirected to the Content Engine. When the Content Engine receives this request, it sends back an .asx file with two URLs in it. One is an MMS URL and the other is an HTTP URL. In the case of WMT live, this HTTP URL is not valid. If the client fails over to this URL if the MMS fails, the stream will not be served by the Content Engine. This problem occurs on systems that are running the ACNS 5.1.x, 5.2.x and 5.3.1 software.
Workaround: There is no known workaround.
•
Symptom: A live channel may fail to be played from the clients. The replication fails as indicated by the output from the show programs EXEC command.
Condition: This problem can occur in the following condition:
a.
b.
c.
Workaround: Because uppercase letters are sometimes rejected, avoid using capital letters when specifying the program name in the Content Distribution Manager GUI.
•
Symptom: The client receives an unexpected 400 bad request HTTP response from the origin server when the request is going through a Content Engine.
Condition: This problem can occur if the client sends an unnecessary carriage-return and line feed (\r\n) in between the end of one request and the beginning of another request. These extra characters have been seen using the following version of the browser:
Internet Explorer
Version: 6.0.2800.1106.xpsp2.040919-1003
Cipher Strength: 128-bit
Update Versions:; SP1; Q832894; Q837009; Q831167; Q823353; Q871260;
Workaround: Disable persistent connections on the client side by entering one of the following configuration mode commands:
–
–
•
Symptom: Even though you have the transaction log sanitize feature enabled on the Content Engine, the RealProxy or RealServer access logs still display the client IP address even though it should be hidden.
Condition: This problem is caused because the transaction-logs sanitize CLI command is not working properly for the RealProxy and RealServer. Even though you have entered the transaction-logs sanitize global configuration command, the RealProxy or RealServer access logs still display the client IP address even though it should be hidden.
Workaround: There is no known workaround.
•
Symptom: Windows Media player files are not being downloaded properly.
Condition: This problem can occur if you have entered the wmt disallowed-client-protocols http global configuration command on the Content Engine and the Content Engine is rebooted.
Workaround: When the Content Engine is rebooted, reenter the wmt disallowed-client-protocols http command on the Content Engine.
•
Symptom: The table of contents and the index of the ACNS Content Distribution Manager online help are not functioning. When you open the online help window, the left pane, which contains the table of contents and index, appears blank.
Condition: This problem is caused by the Windows Security Update MS05-001. This security patch prevents the creation of an instance of the HTML Help ActiveX control that is served in HTML content from outside the Local Machine zone.
Workaround: Because the ACNS Content Distribution Manager is part of your internal network, you may modify the Windows registry to allow execution of ActiveX controls that are served from within the Intranet zone. For more information on modifying the registry to workaround this issue, refer to Microsoft Knowledge Base article 892675, which is available at this URL: http://support.microsoft.com/kb/892675.
•
Symptom: When you perform a software upgrade or downgrade between the ACNS 5.3 software release and the ACNS 5.0 software release, the TCP Explicit Congestion Notification (ECN) configuration is not retained.
Condition: This problem can occur if you enter the tcp ecn enable global configuration command when the device is running the ACNS 5.0 software release, and then upgrade the device to the ACNS 5.3 software release.
Workaround: After upgrading the device to the ACNS 5.3 software release, reenter the tcp ecn enable command.
•
Symptom: A core file is generated by the web server.
Condition: This problem can occur under the following condition:
a.
b.
c.
Workaround: Do not leave the action value field in the Rules windows blank.
•
Symptom: The cache process generates a core file.
Condition: This problem can occur under the following condition:
a.
b.
c.
d.
Workaround: There is no known workaround.
•
Symptom: When connected to an external ICAP server, the Content Engine may stop forwarding data. After the ICAP server timeout occurs, an error is reported to the HTTP client.
Condition: This problem can occur because of the timing of server responses.
Workaround: There is no known workaround.
•
Symptom: The no proxy rule action does not work for transparently redirected proxy style requests.
Condition: This problem occurs if there is a pattern configured for a domain name such as abccorp.com and a request is given to a source that is not a FQDN (for example, http://www).
Workaround: Give the request itself as a FQDN (for example, http://wwwin.abccorp.com).
•
When the WMT player is being proxied to the Content Engine, the player stops and starts buffering several times when it is playing a media file.
Condition: This problem can occur under the following condition:
a.
b.
Workaround: Enter the http ignore-resp-len-conn-hdr-check global configuration command, which is a hidden CLI command, on the Content Engine.
•
Symptom: The Content Engine does not export the transaction logs when the transaction log export feature is enabled.
Condition: This problem only occurs if there are Cisco Streaming Engine logs files in the /local1/logs/cisco-streaming-engine directory.
Workaround: To work around this problem, follow these steps:
a.
ContentEngine(config)# no rtsp server cisco-streaming-engine enableb.
c.
ContentEngine# cd /local1/logs/cisco-streaming-engineContentEngine# delfile cseaccess*ContentEngine# delfile ftp_export.statusd.
ContentEngine(config)# no transaction-logs export enableContentEngine(config)# transaction-logs export enableOn the next schedule export, any file that has been archived but not yet exported will be exported. To perform an export prior to the next scheduled export time (to force an export that is referred to as an on-demand export), enter the transaction-logs force export EXEC command.
•
Symptom: When you are trying to install the ACNS software on a Content Engine, DMA errors are displayed.
Condition: This problem only occurs under the following condition:
a.
b.
Installer Main Menu:1. Configure Network2. Manufacture flash3. Install flash cookie4. Install flash image from network5. Install flash image from cdrom6. Install flash image from disk7. Wipe out disks and install .bin image8. Exit (and reboot)Choice [0]: 7Workaround: The DMA errors are displayed four to five times in sequence and then the normal operation of the Content Engine continues without any user intervention.
•
Symptom: A file not found error message is generated for a pre-positioned IP/TV VOD file.
Condition: The problem can occur with a pre-positioned file that is moved from its origin server to another server, and then restored back to its original server location.
Workaround: Delete the on-demand program in the Program Manager GUI and define a new program to generate a fresh entry in the Manifest file.
•
Symptom: The Windows Media player is not able to stream content for more than one hour in the case of a cache hit.
Condition: This problem can occur when the Limit Player Timeout Inactivity value in the origin Windows Media server is set to the default value of 3600 seconds
Workaround: Increase the Limit Player Timeout Inactivity value in the origin Windows Media server.
•
Symptom: When the source of a WMT alias is changed to another source URL, the clients do not reflect the changes. The client is still connected to the old source stream even though the changes have been made. The user is watching a completely different stream than the one that is being sourced to the originating Content Engine. When using Windows Media streams in a cascaded hierarchy (one Content Engine that is pulling a stream from another and so on), if a client is pulling a stream from an alias and the alias it is pointing to is changed to a different source, the client stream is not updated.
Condition: This problem occurs with the ACNS 5.1.13, 5.2 and 5.3 software.
Workaround: Delete and re-create the publishing point. In the case that the source is an Encoder, if Encoder1 is given as the source to the broadcast alias, and when the source is changed to Encoder2 while the client is playing the content, Closing Encoder1 will force the client to give a new Request, in the new request the client will be able to obtain the stream from Encoder2.
•
Symptom: The status of a Cisco Streaming Engine program continuously switches between playing and failed.
Condition: The problem can occur with a normal Cisco Streaming Engine program if a failing rebroadcast program already exists because the file had a filename or folder name that contained special characters.
Workaround: Delete the rebroadcast program that is failing because of the presence of special characters.
•
Symptom: When you click links from the table of contents or the index of the ACNS Content Distribution Manager online help, the links open in the same pane, that is, the left pane, which contains the table of contents and the index, instead of opening in the right pane, which contains the help topics.
Condition: This problem occurs after you install Microsoft security update MS05-026. This security patch disables cross-frame navigation features that are based on HTML Help ActiveX control (HHCTRL).
Workaround: To reenable cross-frame navigation features that are based on HHCTRL, modify your Windows registry as explained in Microsoft Knowledge Base article 896905, which is available at this URL:
http://support.microsoft.com/kb/896905/
•
Symptom: Websense Manager cannot connect to the local Websense server (the Websense server runs as a separate process on the Content Engine instead of running on a separate system).
Condition: This problem occurs if an external IP address is used from Websense Manager to connect to the local Websense server that is running on the Content Engine.
Workaround: There is no known workaround.
•
Symptom: An FTP client application stops receiving data for a data transfer operation such as a directory listing (ls) or file transfer (GET). The same symptom can occur for FTP-over-HTTP data transfers from the FTP server to the Content Engine.
Condition: For FTP client applications, the Content Engine must be using the FTP proxy through WCCP redirection, configured for following the FTP client's mode for establishing a data connection. The FTP client application must have also been set to use active mode to the FTP server.
ContentEngine(config)# wccp ftp router-list-num numberContentEngine(config)# wccp version 2ContentEngine(config)# ftp proxy active-mode enableFor FTP-over-HTTP data transfers, the Content Engine must be configured for an FTP incoming proxy and configured to use active mode to the FTP server. The client browser must be configured to use the Content Engine FTP proxy for FTP URLs.
ContentEngine(config)# ftp proxy incoming portContentEngine(config)# ftp proxy active-mode enableThe symptoms can occur with the configurations described above and when the FTP server starts sending data packets that are received out of order by the Content Engine before the Content Engine sends the TCP connection establishment SYN-ACK packet to the FTP server.
Workaround: Remove the Content Engine active mode configuration by entering the following global configuration command:
ContentEngine(config)# no ftp proxy active-mode enableWhen this symptom occurs on an FTP client application, press Ctrl-C simultaneously to stop the partial data transfer operation.
When this symptom occurs on a browser configured for FTP-over-HTTP, click the STOP button to stop the partial data transfer operation.
•
Symptom: When a rule with the redirect action is configured with a URL of 0 and with a matching pattern (no replacing pattern), the cache process crashes if the request matches the pattern.
Condition: This problem occurs when you configure a numeric value of 0 for the redirected URL (for example, if www.yahoo.com is redirected to 0). If you want the Content Engine to redirect URL x to URL y, then you can configure the rule redirect action. While doing so, you must configure URL x and URL y.
Workaround: There is no known workaround.
•
Symptom: The manifest validator fails to fetch the XML file if the source is authenticated.
Condition: This problem occurs only if the file is located at an authenticated location.
Workaround: Put a copy of the manifest file in a nonauthenticated location to use the manifest validator.
Resolved Caveats—ACNS 5.3.1 Software
This section lists the caveats that have been resolved in the ACNS 5.3.1 software release. The resolved caveats are grouped into the following categories:
•
•
Acquisition and Distribution Resolved Caveats
•
If you enter the show distribution remote sender-IP address unicast-sender EXEC command, unicast distribution is triggered. (Entering this EXEC command should not trigger unicast distribution from the sender Content Engine.)
•
When MPEG-2 is specified as the preferred format in a channel, the programs cannot be created in that channel. This problem occurs only if MPEG-2 is the preferred format.
ICAP Resolved Caveats
•
If ICAP is enabled on the Content Engine, the IP Type-of-Service (ToS) settings for the match client and match server do not work.
Management Resolved Caveats
•
If you specify a value with a decimal point instead of a numeric value in the File System window of the Content Distribution Manager GUI, the value is rejected and you receive an error message indicating that you must enter a numeric value.
•
If you are using the Content Distribution Manager GUI to configure NFS as the protocol for the network attached storage (NAS), you must include a forward slash (/) when specifying the remote directory pathname; otherwise, you will receive an error message. (If you specify the remote directory pathname through the CLI instead of the Content Distribution Manager GUI, you do not receive an error message if you do not include the forward slash in the pathname.)
•
The number of alarms that is reported in the status bar of the Content Distribution Manager GUI is greater than the actual number of alarms that exist. This problem can occur if a device has been deactivated, downgraded, or is offline.
•
In the Content Distribution Manager GUI, the Process content changes icon in the Channel Content window does not work as expected; when you click the icon, it does not trigger immediate notification to relevant Content Engines. However, the changes will be sent to the Content Engines when the next configuration update occurs.
•
When you use the Content Distribution Manager GUI to import a coverage zone file or a proxy autoconfiguration (PAC) file, it might taken longer than expected for the import process to be completed.
•
Duplicate key error messages are reported for certain operations that you perform through the Content Distribution Manager GUI as follows:
Dec 6 22:39:04 ODI-MGMT-CE-510 java: %CE-CMS-4-700001: ce(Dispatcher-1): Duplicate key: System.ftpcache.proxyEnableDec 6 22:39:04 ODI-MGMT-CE-510 java: %CE-CMS-4-700001: ce(Dispatcher-1): Duplicate key: System.https.tcpRWTimeOutEnableDec 6 22:39:04 ODI-MGMT-CE-510 java: %CE-CMS-4-700001: ce(Dispatcher-1): Duplicate key: System.ftpcache.proxyEnable•
When you configure a sequence of CLI commands on a centrally managed Content Engine, and you set and unset or modify the same values multiple times in the same sequence, the CLI might display the earlier values that you specified through the CLI commands if these same values can also be specified through the Content Distribution Manager GUI.
•
The SNMP host processing on the Content Engine does not properly handle the default values for the no authorization setting, which causes a local-central management (LCM) difference to occur (the SNMP settings are overridden when a hostname is used for a device group's SNMP host).
•
In the WCCP Bypass List window of the Content Distribution Manager GUI, duplicate bypass list entries are shown if you have specified "any" as the client or server address for a device group.
•
A Content Engine with a failed downgrade remains in that state if you deregister it from the Content Distribution Manager and then reregister it without first resolving the downgrade issue. This problem only occurs if the following unusual sequence of operations occurs. You use the Content Distribution Manager GUI to initiate a software upgrade on a Content Engine, the upgrade fails, and before you fix the upgrade problem (by running the upgrade manually through the CLI), you deregister and then reregister the Content Engine.
•
If you enter a double space (you enter two consecutive space characters) in the Device Group window of the Content Distribution Manager GUI, the Device windows for the Content Engines show that the Content Engines are using the device settings instead of the group settings. The Device windows for the Content Engines also show a single space where the Device Group window had a double space.
Proxy and Caching Resolved Caveats
•
Some syslog.txt messages are not categorized.
•
File transfers of large files fail and connection reset error messages are generated. This problem occurs with HTTP, native FTP, and FTP-over-HTTP proxies (Content Engines) that are running the ACNS 5.2.x and 5.1.x software. This problem was fixed in the ACNS 5.3.1 software release.
•
In rare situations, if you enter the show running-config EXEC command, the command fails to execute properly and a core file and the following errors are generated:
cfg/gl/device_mode: Item Not Found. (Error 4)cfg/gl/device_mode_configured: Item Not Found. (Error 4)cfg/gl/device_mode: Item Not Found. (Error 4)•
The /local/local1/WebsenseEnterprise/ directory does not exist on the Content Engine.
•
When WCCP FTP is being used, an FTP GET operation to certain FTP servers fails because the remote FTP server is not properly handling the Content Engine request.
•
If a website resolves to IP addresses and one of the IP address servers is down, the Content Engine can experience problems if it goes to the server that is down first and then fails over to the second IP address server. When the DNS resolution is not properly failing over, the Content Engine does not return certain web pages.
•
Every two seconds, syslog messages such as the following, are being continuously generated:
Jan 16 01:37:02 CE7325-CE1 bandwd: %CE-BANDWD-3-115003: BANDWD: verification registration failed, err=30Jan 16 01:37:02 CE7325-CE1 bandwd: %CE-BANDWD-3-115002: BANDWD: Trying again in two seconds•
When the Content Engine is handling chunked HTTP responses, the HTTP GET responses may fail and the connection is terminated. No user intervention is required because the cache process is automatically restarted.
•
Preloading of content on a Content Engine does not work under the following condition:
a.
b.
c.
•
For TACACS accounting on the Content Engine, the Content Distribution Manager user is being logged as unknown.
•
When TACACS accounting has been enabled on the Content Engine, the caller identification information is only being logged for certain events for the TACACS accounting.
•
The entire group information is not retrieved when the referred LDAP server goes down while processing the request and another request comes for a user who is in the same domain as the NTLM server.
•
A client might hang when it is waiting to receive a close to the connection from a Content Engine that has received a 304 response from the origin server.
•
Not all of the syslog.txt messages have a message code associated with them. This is causing the syslog error log to fill up because the syslog machines, which expect a message code, are writing error messages to the syslog error log.
•
The Content Engine cannot smoothly play a media file from a Windows Media Series 9.1 server. When the WMT media player plays a media file from a Windows Media Series 9.1 server through the Content Engine, one of the following problems can occur:
–
–
•
The ip domain name domain name global configuration command does not allow the domain name to start with a number. The command requires that the domain names begin with a letter and then only contain numbers and letters. For example:
ContentEngine(config)# ip domain name 123abc.mydomain.comIllegal domainname 123abc.mydomain.com.Valid domainname can contain only alphanumerics, hyphen and dot.In the ACNS 5.3.1 software release, the ip domain name domain name global configuration command was modified to allow domain names that begin with a number.
•
A core file is generated and you are unable to log in to the Content Engine. This problem can occur under the following circumstances:
–
–
–
The core files are found in the /local1/core_dir directory for the login and sshd processes.
Rules Resolved Caveats
•
It is not possible to access a piece of a pre-positioned file from a rewritten URL. The only workaround is to use the URL preload feature instead of the pre-positioning feature.
•
The use proxy rules configuration does not work if the use proxy failover rules configuration is also configured with same pattern list number. For example, if a configuration such as the following exists and pattern list 1 is used, then the use-proxy failover action (shown in "a" of this example) takes precedence over the use-proxy action (shown in "b" of this example) and the second CLI is never executed (it becomes a dummy rule):
a.
failover pattern-list 1b.
pattern-list 1•
After you specify the allow rule action, the rule actions that are configured on the Content Engine are not retained.
Other Resolved Caveats
•
If you edit a file-based scheduled program and the Quality of Service (QoS) feature is configured, the revised program retains the QoS configuration even if you disable the QoS feature. This problem occurs only with file-based scheduled programs; it does not occur with live programs.
•
After you reload a parent Content Engine in a live split-tree type environment, its children Content Engines lose their RTSP connections to this parent and do not attempt to reestablish these RTSP connections after the parent comes back up. This problem occurs only if the Cisco Streaming Engine is restarted on the parent Content Engine (for example, the Content Engine is reloaded, or you enter a clear statistics EXEC command on the Cisco Streaming Engine).
•
The output of the show tech-support EXEC command displays the following warning message in the "system log info" section (the kernel log):
Warning - running *really* short on DMA buffersThis problem can occur under situations such as the following:
–
–
Note that the above message does not indicate that the ACNS software is not functioning properly.
Related Documentation
Your product shipped with a minimal set of printed documentation. The printed documentation provides enough information for you to install and initially configure your product.
Product Documentation Set
In addition to these release notes, the product documentation set includes:
•
•
Refer to the Documentation Guide and License and Warranty for Cisco ACNS Software, Release 5.3 for a complete documentation roadmap and URL documentation links for this product.
Hardware Documentation
•
•
•
•
•
•
•
•
Software Documentation
•
•
•
•
•
•
Online Help
•
•
Note
The Content Distribution Manager GUI and the Content Engine GUI both have context-sensitive online help that can be accessed by clicking the HELP button.
Obtaining Documentation
Cisco documentation and additional literature are available on Cisco.com. Cisco also provides several ways to obtain technical assistance and other technical resources. These sections explain how to obtain technical information from Cisco Systems.
Cisco.com
You can access the most current Cisco documentation at this URL:
http://www.cisco.com/univercd/home/home.htm
You can access the Cisco website at this URL:
You can access international Cisco websites at this URL:
http://www.cisco.com/public/countries_languages.shtml
Documentation DVD
Cisco documentation and additional literature are available in a Documentation DVD package, which may have shipped with your product. The Documentation DVD is updated regularly and may be more current than printed documentation. The Documentation DVD package is available as a single unit.
Registered Cisco.com users (Cisco direct customers) can order a Cisco Documentation DVD (product number DOC-DOCDVD=) from the Ordering tool or Cisco Marketplace.
Cisco Ordering tool:
http://www.cisco.com/en/US/partner/ordering/
Cisco Marketplace:
http://www.cisco.com/go/marketplace/
Ordering Documentation
You can find instructions for ordering documentation at this URL:
http://www.cisco.com/univercd/cc/td/doc/es_inpck/pdi.htm
You can order Cisco documentation in these ways:
•
http://www.cisco.com/en/US/partner/ordering/
•
Documentation Feedback
You can send comments about technical documentation to bug-doc@cisco.com.
You can submit comments by using the response card (if present) behind the front cover of your document or by writing to the following address:
Cisco Systems
Attn: Customer Document Ordering
170 West Tasman Drive
San Jose, CA 95134-9883We appreciate your comments.
Cisco Product Security Overview
Cisco provides a free online Security Vulnerability Policy portal at this URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
From this site, you can perform these tasks:
•
•
•
A current list of security advisories and notices for Cisco products is available at this URL:
If you prefer to see advisories and notices as they are updated in real time, you can access a Product Security Incident Response Team Really Simple Syndication (PSIRT RSS) feed from this URL:
http://www.cisco.com/en/US/products/products_psirt_rss_feed.html
Reporting Security Problems in Cisco Products
Cisco is committed to delivering secure products. We test our products internally before we release them, and we strive to correct all vulnerabilities quickly. If you think that you might have identified a vulnerability in a Cisco product, contact PSIRT:
•
•
Tip
Never use a revoked or an expired encryption key. The correct public key to use in your correspondence with PSIRT is the one that has the most recent creation date in this public key server list:
http://pgp.mit.edu:11371/pks/lookup?search=psirt%40cisco.com&op=index&exact=on
In an emergency, you can also reach PSIRT by telephone:
•
•
Obtaining Technical Assistance
For all customers, partners, resellers, and distributors who hold valid Cisco service contracts, Cisco Technical Support provides 24-hour-a-day, award-winning technical assistance. The Cisco Technical Support Website on Cisco.com features extensive online support resources. In addition, Cisco Technical Assistance Center (TAC) engineers provide telephone support. If you do not hold a valid Cisco service contract, contact your reseller.
Cisco Technical Support Website
The Cisco Technical Support Website provides online documents and tools for troubleshooting and resolving technical issues with Cisco products and technologies. The website is available 24 hours a day, 365 days a year, at this URL:
http://www.cisco.com/techsupport
Access to all tools on the Cisco Technical Support Website requires a Cisco.com user ID and password. If you have a valid service contract but do not have a user ID or password, you can register at this URL:
http://tools.cisco.com/RPF/register/register.do
Note
Submitting a Service Request
Using the online TAC Service Request Tool is the fastest way to open S3 and S4 service requests. (S3 and S4 service requests are those in which your network is minimally impaired or for which you require product information.) After you describe your situation, the TAC Service Request Tool provides recommended solutions. If your issue is not resolved using the recommended resources, your service request is assigned to a Cisco TAC engineer. The TAC Service Request Tool is located at this URL:
http://www.cisco.com/techsupport/servicerequest
For S1 or S2 service requests or if you do not have Internet access, contact the Cisco TAC by telephone. (S1 or S2 service requests are those in which your production network is down or severely degraded.) Cisco TAC engineers are assigned immediately to S1 and S2 service requests to help keep your business operations running smoothly.
To open a service request by telephone, use one of the following numbers:
Asia-Pacific: +61 2 8446 7411 (Australia: 1 800 805 227)
EMEA: +32 2 704 55 55
USA: 1 800 553-2447For a complete list of Cisco TAC contacts, go to this URL:
http://www.cisco.com/techsupport/contacts
Definitions of Service Request Severity
To ensure that all service requests are reported in a standard format, Cisco has established severity definitions.
Severity 1 (S1)—Your network is "down," or there is a critical impact to your business operations. You and Cisco will commit all necessary resources around the clock to resolve the situation.
Severity 2 (S2)—Operation of an existing network is severely degraded, or significant aspects of your business operation are negatively affected by inadequate performance of Cisco products. You and Cisco will commit full-time resources during normal business hours to resolve the situation.
Severity 3 (S3)—Operational performance of your network is impaired, but most business operations remain functional. You and Cisco will commit resources during normal business hours to restore service to satisfactory levels.
Severity 4 (S4)—You require information or assistance with Cisco product capabilities, installation, or configuration. There is little or no effect on your business operations.
Obtaining Additional Publications and Information
Information about Cisco products, technologies, and network solutions is available from various online and printed sources.
•
http://www.cisco.com/go/marketplace/
•
•
•
http://www.cisco.com/go/iqmagazine
•
•
http://www.cisco.com/en/US/learning/index.html
This document is to be used in conjunction with the documents listed in the "Related Documentation" section.
CCSP, CCVP, the Cisco Square Bridge logo, Follow Me Browsing, and StackWise are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn, and iQuick Study are service marks of Cisco Systems, Inc.; and Access Registrar, Aironet, ASIST, BPX, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Empowering the Internet Generation, Enterprise/Solver, EtherChannel, EtherFast, EtherSwitch, Fast Step, FormShare, GigaDrive, GigaStack, HomeLink, Internet Quotient, IOS, IP/TV, iQ Expertise, the iQ logo, iQ Net Readiness Scorecard, LightStream, Linksys, MeetingPlace, MGX, the Networkers logo, Networking Academy, Network Registrar, Packet, PIX, Post-Routing, Pre-Routing, ProConnect, RateMUX, ScriptShare, SlideCast, SMARTnet, StrataView Plus, TeleRouter, The Fastest Way to Increase Your Internet Quotient, and TransPath are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
All other trademarks mentioned in this document or Website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0502R)
Copyright © 2005 Cisco Systems, Inc. All rights reserved.
Guest
