Table Of Contents
Diagnosing Problems With CiscoWorks Server
Verifying Server Status
Testing Device Connectivity
Troubleshooting the CiscoWorks Server
Frequently Asked Questions
Common Services General
Security
Software Center
Device Management
Device Center
CiscoWorks Home Page
Event Distribution Services and Event System Services
Backup and Restore
Database
Apache and Tomcat
Troubleshooting Suggestions
Diagnosing Problems With CiscoWorks Server
Use these tools and suggestions to diagnose problems with the CiscoWorks server:
•
Verifying Server Status
•Testing Device Connectivity
•Troubleshooting the CiscoWorks Server
Verifying Server Status
There are several tools that enable you to gather and analyze information about your CiscoWorks Server. See Table 10-1 and Table 10-2.
Table 10-1 Server Status
Task
|
Purpose
|
Action
|
Administrative Tasks
|
Perform self test.
|
Runs self-tests and generates a report with the results.
|
Select Server > Admin > Self Test.
|
All Users
|
Check process status.
|
Checks whether back-end processes are in an interim state.
|
Select Server > Admin > Processes.
|
Collect server information.
|
Provides system information, environment, configuration, logs, and web server information.
|
Select Server > Admin > Collect Server Information
Or
Enter the following command:
•NMSROOT\bin\perl NMSROOT\bin\collect.info (on Windows)
•NMSROOT/bin/perl NMSROOT/bin/collect.info (on Solaris)
where NMSROOT is the directory where you installed CiscoWorks.
|
MDC Support
|
The MDC Support utility collects:
•Log files
•Configuration settings
•Memory information
•Complete system related information
•Process status
•Host environment information
It also collects any other relevant data, into a deliverable tar (compressed form) file to support the MDCs installed.
The MDC Support utility also queries CCR for any other support utilities registered, and run them.
Other MDCs need to register their own support utilities that will collect their relevant data.
|
For Windows go to,
NMSROOT\MDC\bin and run the command:
MDCSupport.exe
The utility creates a tar file in NMSROOT\MDC\etc directory.
If \etc directory is full, or if you want to preserve the data collected previously by not over writing the tar file, you may create another directory by running the following command:
MDCSupport.exe Directory
For Solaris,
1. Set the LD_LIBRARY_PATH environment variable to /opt/CSCOpx/MDC/lib: /opt/CSCOpx/lib:
2. Go to /opt/CSCOpx/MDC/bin and run the command:./mdcsupport
The utility creates a tar file in CSCOpx/MDC/etc directory.
If \etc directory is full, or if you want to preserve the data collected previously by not over writing the tar file, create another directory by running the following command:
./mdcsupport Directory
Before you close the command window, ensure that the MDC Support utility has completed its action.
If you close the window prematurely, the subsequent instances of MDCSupport Utility will not function properly.
If you happen to close the window, delete the mdcsupporttemp directory from NMSROOT\MDC\etc directory, for subsequent instances to work properly.
|
|
Testing Device Connectivity
The connectivity tools enable you to test device connectivity and reachability and troubleshoot nonresponsive devices. Some connectivity tools require system administrative-level privileges (see Connectivity Tools Tasks Table 10-2).
Table 10-2 Connectivity Tools Tasks
Task
|
Purpose
|
Action
|
Traceroute
|
Detects routing errors between the network management station and a target device.
|
Select
Device Center > Tools > Traceroute.
See Using Traceroute for details.
|
Use Ping to test a device
|
Tests device reachability using an ICMP echo message and its reply.
|
Select
Device Center > Tools > Ping
See Using Ping for details.
|
Check Management Station to Device
|
Checks the connectivity between the CiscoWorks Server and a device.
|
Select
Device Center > Tools > Management Station to Device
See Using Management Station to Device Tool for details.
|
Packet Capture
|
Captures live data from the CiscoWorks machine to help troubleshooting.
|
Select
Device Center > Tools > Packet Capture
See Using Packet Capture for details.
|
To set an SNMP object on a device.
|
Sets an SNMP object on a device to control the device.
|
Select
Device Center > Tools > SNMP Set
See Using SNMP Set for details.
|
To walk the MIB tree of a device
|
Walks the MIB tree of a device starting from a given OID for troubleshooting, or gathering information about a device.
|
Select
Device Center > Tools > SNMP Walk
See Using SNMP Walk for details.
|
Use Telnet to connect to a device
|
Connects to a device to using Telnet.
|
Select Device Center > Tools > Telnet
See Using Management Station to Device Tool for details.
|
Troubleshooting the CiscoWorks Server
This section provides the following information:
•Frequently Asked Questions
•Troubleshooting Suggestions
If the suggestions do not resolve the error, check the relevant Release Notes for possible workarounds, or contact the Cisco TAC or your customer support.
Frequently Asked Questions
The following sections lists the Frequently Asked Questions (FAQs) of CiscoWorks Common Services application.
•Common Services General
•Security
•Device Center
•Device Management
•Device Center
•CiscoWorks Home Page
•Event Distribution Services and Event System Services
•Backup and Restore
•Database
•Apache and Tomcat
Common Services General
The section lists you the frequently asked questions about Common Services
•Which version of the Java Plug-in should I use for CiscoWorks to function properly?
•Why cannot I start my CiscoWorks application?
•I am locked out of the CiscoWorks Server. Why did this happen, and how do I regain access?
•Do I need to change the CiscoWorks configuration after changing the IP address?
•How do I change the hostname of the CiscoWorks Server after installing it, or after running it for a while?
•What does cmf stand for?
•How do I change the port for osagent in Windows?
•How do I change port for osagent in Solaris?
•How do I ensure that jrm is running fine?
•How do I change the casuser password in Windows?
•How do I change the CiscoWorks user password?
•How do I enable debugging for Session Management Services?
•What does a diskWatcher process do?
•CiscoWorks Time is not synchronized with System time. What should I do?
•How can I increase the timeout value of CiscoWorks Common Services user interface?
•How should I change the syslog port of CiscoWorks from 514 to another number?
Q. Which version of the Java Plug-in should I use for CiscoWorks to function properly?
A. CiscoWorks supports Java Plug-in 1.5.0_13 in all the supported clients and operating systems. We recommend that you do not install any other plug-ins other than this one, for CiscoWorks to function properly.
Q. Why cannot I start my CiscoWorks application?
A. If you cannot start your CiscoWorks application and see error messages, it may be because the web server may not be running. This may occur although pdshow indicates that those processes are running. You need to check how your machine resolves its server name and IP address.
The CiscoWorks CORBA applications require name resolution to work properly. Domain Name Service (DNS) is mandatory for CiscoWorks CORBA applications to work properly.
Configure the name resolution mechanism and restart the CiscoWorks Server to access the application correctly.
Q. I am locked out of the CiscoWorks Server. Why did this happen, and how do I regain access?
A. There are several reasons why you are locked out. It is probably caused by the changes made using the Select Login Module option. You must replace the incorrect login module with a default configuration, log into CiscoWorks, and return to the login module to correct one or more of the following:
–Session Time out
–Change from SSL mode to non-SSL mode
–Change from non-SSL mode to SSL mode
–Log out from any other CiscoWorks application
–Visit other sites and then return to CiscoWorks
Do not alter the existing technologies in the default configuration file.
If all of the parameters listed are correct, see Troubleshooting Suggestions.
Q. Do I need to change the CiscoWorks configuration after changing the IP address?
A. You need not change the CiscoWorks configuration whenever you change the IP address. CiscoWorks uses hostname for most of the communication. Only devices need to point to the new IP address. However, after changing the IP address, you must reboot the system on a Solaris server and restart the Daemon Manager on a Windows server. This is to make the changes effective.
Q. How do I change the hostname of the CiscoWorks Server after installing it, or after running it for a while?
A. To change the hostname of the CiscoWorks Server, you need to update several files and windows registry entries.
You can use the hostnamechange.pl CLI utility to update the new host name information in files and windows registry entries.
See Using CiscoWorks Server Hostname Change Scripts for more information.
Q. What does cmf stand for?
A. The cmf acronym stands for Common Management Foundation. This phrase describes the set of management services provided by the CiscoWorks Server. cmf is synonymous with Common Services.
Q. How do I change the port for osagent in Windows?
A. Before you change the port for osagent in Windows:
–Ensure that the daemons are not running.
Enter the following command to stop the Daemon Manager:
net stop crmdmgtd
–Backup your Windows registry.
To change the port for osagent in Windows, run the following script at the command prompt:
NMSROOT\bin\perl NMSROOT\bin\ChangeOSAGENTPort.pl Port_Number
where, Port_Number refers to any unused port number between 1025 to 65535.
The script completes the following:
•Updates the value of the following registry entries with the new port numbers.
–HKEY_LOCAL_MACHINE > SOFTWARE > Cisco > Resource Manager > Current Version > Daemon > RmeOrb
–HKEY_LOCAL_MACHINE > SOFTWARE > Cisco > Resource Manager > Current Version > Daemon > RmeGatekeeper
–HKEY_LOCAL_MACHINE > SOFTWARE > Cisco > Resource Manager > Current Version > Environment
•Changes the value of the port number to new port number in RmeOrb and RmeGatekeeper processes.
•Changes the value of OSAGENT_PORT and PX_OSA_PORT port numbers in the md.properties file with the new port numbers.
Reboot the server and start the Daemon Manager after you have completed running the script.
Q. How do I change port for osagent in Solaris?
A. Before you change the port for osagent in Solaris:
–Ensure that the daemons are not running.
Enter the following command to stop the Daemon Manager:
/etc/init.d/dmgtd stop
–Make sure that no CSCO processes are running.
–Back up NMSROOT/objects/dmgt/dmgtd.conf file.
To change the port for osagent in Windows, run the following script at the command prompt:
NMSROOT/bin/perl NMSROOT/bin/ChangeOSAGENTPort.pl Port_Number
where, Port_Number refers to any unused port number between 1025 to 65535.
The script completes the following:
•Changes the value of the port number to new port number in RmeOrb and RmeGatekeeper processes.
•Changes the value of OSAGENT_PORT and PX_OSA_PORT port numbers in the md.properties file with the new port numbers.
•Updates the new port number in /etc/services file.
•Updates the entry in /var/sadm/pkg/CSCOmd/pkginfo file.
Reboot the server and start the Daemon Manager after you have completed running the scripts.
Q. How do I ensure that jrm is running fine?
A. To check whether jrm is working on Windows, at the command prompt enter:
cwjava -cw NMSROOT com.cisco.nm.cmf.jrm.jobcli
To check whether jrm is working on Solaris, at the command prompt enter:
cwjava -cw NMSROOT com.cisco.nm.cmf.jrm.jobcli
–If you get a message Established connection with JRM, then EDS, EDS-GCF and jrm are running.
–If you do not get the above message, contact the technical assistance center with the error message.
–If your jrm in down or inaccessible, you'll get a message while accessing the UIs.
Q. How do I change the casuser password in Windows?
A. You can change the casuser password using resetCasuser.exe. It can be run only by an administrator or casuser. To change the casuser password:
Step 1 Enter NMSROOT\setup\support resetCasuser.exe at the command prompt
You can:
1. Randomly generate the password
2. Enter the password
3. Exit.
Step 2 Enter 2, and press Enter.
It prompts you to enter the password.
Step 3 Confirm the password.
Note You must know the password policy. If the password entered does not match the password policy, it exits.
Q. How do I change the CiscoWorks user password?
A. You can change the CiscoWorks user password using the CiscoWorks user password recovery utility.
To change the user password on Solaris:
Step 1 Enter /etc/init.d/dmgtd stop to stop the Daemon Manager.
Step 2 Enter NMSROOT\bin resetpasswd username at the command prompt.
A message appears:
Enter new password for username:
Step 3 Enter the new password.
Step 4 Enter /etc/init.d/dmgtd start to start the Daemon Manager.
To change the user password on Windows:
Step 1 Enter net stop crmdmgtd to stop the Daemon Manager.
Step 2 Enter NMSROOT\bin\resetpasswd username at the command prompt.
A message appears:
Enter new password for username:
Step 3 Enter the new password.
Enter net start crmdmgtd to start the Daemon Manager.
Q. How do I enable debugging for Session Management Services?
A. To enable debugging for Session Management Services:
Step 1 Go to NMSROOT/MDC/tomcat/webapps/classic/WEB-INF/web.xml.
You should edit the following section of the file:
<context-param>
<param-name>DEBUG</param-name>
<param-value>false</param-value>
<description>mice debug enabling</description>
</context-param>
Step 2 Change <param-value>false</param-value> to <param-value>true</param-value>.
Q. What does a diskWatcher process do?
A. The diskWatcher process monitors disk space availability on the CiscoWorks Server.
This process calculates the disk space information of a drive (in Windows machine) or a file system (in Solaris machine) at regular intervals and stores them in diskwatcher.log file.
See Configuring Disk Space Threshold Limit for more information.
Q. CiscoWorks Time is not synchronized with System time. What should I do?
A. You should complete the following:
a. Edit the TIMEZONE file using the vi /etc/TIMEZONE command on a Solaris machine.
b. Set the TZ=standard_timezone. For example, you can specify TZ=MET.
c. Save the TIMEZONE file.
d. Reboot the machine.
Now the system displays the modified time zone information. If you need to change the time zone to daylight, you change only the time and date but not the TIMEZONE.
See Common Services 3.1 Release Notes for more information.
Q. How can I increase the timeout value of CiscoWorks Common Services user interface?
A. You can configure the timeout value in the following file.
NMSROOT/MDC/tomcat/webapps/classic/WEB-INF/web.xml
where NMSROOT is your CiscoWorks Installation directory.
You should change the value of an XML tag by name session-timeout. You should specify the value in minutes. The default timeout value is set to 2 hours.
You cannot disable this option as this may increase the load in the server.
Q. How should I change the syslog port of CiscoWorks from 514 to another number?
A. You can change the syslog port by modifying the value of CrmLogPort registry key located under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\crmlog\Parameters.
After you have changed the syslog port, you need to restart the syslog service.
Q. What should I do when Daemon Manager and multiple processes are not started on a Windows machine?
A. Sometimes, Windows may prevent to run some processes for security reasons.
You should do the following on a Windows 2003 Operating system:
Step 1 Right-click the My Computer icon on your desktop and click Properties to open the System Properties dialog box.
Step 2 Click the Advanced tab.
Step 3 Click Settings from the Performance panel to open the Performance Options dialog box.
Step 4 Click the Data Execution Prevention tab.
Step 5 Check whether the java.exe and cwjava.exe are available in the list of blocked programs. If so, remove the programs from the blocked list.
Step 6 Click OK to close the Performance Options dialog box.
Step 7 Click OK to close the System Properties dialog box.
Step 8 Reboot the server.
Security
The following are the FAQs on Common Services Security:
•When I invoke CiscoWorks in the secure mode (HTTPS), there are too many dialog boxes. This makes the process tedious. Is there a way to reduce the number of dialog boxes and steps?
•When I invoke CiscoWorks, I am unable to get to the login page directly. Instead, I am facing a security alert related to the site's security certificate. It asks for my input to proceed further. Why?
•My server certificate for CiscoWorks has expired. What should I do?
•I have configured the Active Directory Login Module but it does not work. How can I analyze the problem?
•Is it possible to have both CiscoWorks and ACS on the same machine?
•How do I enable or disable ACS Communication on HTTPS from CLI?
•Why is task-to-role mapping not synchronized between the ACS Server and the CiscoWorks Server, sometimes?
•Why the devices are not appearing in DCR after a successful ACS registration and daemons restart?
•Why are some of my screen buttons grayed out?
•I had problems with registering my CiscoWorks Server in ACS, even after I added my CiscoWorks Server as a AAA client?
•What are the minimum and maximum length of user account names? How do I control them?
•How do I reset the password for the CiscoWorks login users?
•How do I unregister an application from the ACS Server?
•How do I change the AAA mode setup from ACS to CiscoWorks Local using CLI?
•Is it possible to integrate more than one CiscoWorks Server to a single ACS Server?
•What are the rules to enter a valid username and password?
•Where is the SSL log present?
•Why am I getting a 403 forbidden error while trying to access CiscoWorks pages?
Q. When I invoke CiscoWorks in the secure mode (HTTPS), there are too many dialog boxes. This makes the process tedious. Is there a way to reduce the number of dialog boxes and steps?
A. Yes. You have the following options:
–If you are using Self-signed certificates in Internet Explorer, install the certificate in the browser's trusted certificate stores, if you are confident about the identity of the server.
–Use a server certificate issued by a prominent third party certificate authority (CA).
–Configure the hostname in your server certificate properly, and use the same hostname to invoke CiscoWorks.
Q. When I invoke CiscoWorks, I am unable to get to the login page directly. Instead, I am facing a security alert related to the site's security certificate. It asks for my input to proceed further. Why?
A. CiscoWorks does not have any control over this behavior. This is an expected browser behavior (Microsoft Internet Explorer or Mozilla Firefox), to ensure proper security.
This appears if any of the following conditions is not satisfied:
–The certificate of the server (CiscoWorks Server in this case) must be issued by trusted Certificate Authority.
–The date of the certificate must be valid. (Each certificate is assigned a validity period. It can range from 21 days to 5 years).
–The name of the certificate and name of the page (or the name typed in the address bar of the browser) are the same.
To view the certificate information:
–Click View Certificate, in the alert box for Internet Explorer.
–Click Examine Certificate in the alert box for Mozilla Firefox.
The server should be invoked with the name same as the Issued to' field of the certificate.
To install the certificate in Internet Explorer:
Step 1 Click View Certificate in the alert box.
The Certificate dialog box displays the Certificate information.
Step 2 Click Install Certificate.
Q. My server certificate for CiscoWorks has expired. What should I do?
A. If you are using a self-signed certificate, you can create a new certificate using the Create Self Signed Certificate option. For more information, see Creating Self Signed Certificates.
If you are using a third party issued certificate, you must contact the certificate authority (CA) and renew the certificate. You can use a self-signed certificate till you get the certificate renewed by the CA.
Note Before you perform any certificate management operations—creating or modifying certificates, back up the certificate files, the server private key in particular, and keep them in a safe location.
Q. I have configured the Active Directory Login Module but it does not work. How can I analyze the problem?
A. To analyze the problem, enable the Debug mode for the Active Directory Login module. To do this:
Step 1 Login as Admin.
Step 2 Go to the CiscoWorks home page and click Server > Security > AAA Mode Setup.
The Select Login Module dialog box appears.
Step 3 Select a login module from the Available Login Modules list box and Click on Edit Options.
The Login Module Options dialog box appears.
Step 4 Select the radio button True and click Finish.
This enables the Debug option. Enabling debug mode allows the login module to add the detailed progress and failure information to log files. The log files are located at:
NMSROOT/MDC/Tomcatlogs/stdout.log
For all failed login attempts, the log files contain LDAP error messages, which specify the reason for the failure.
For example, if the Usersroot configuration is incorrect, then the login module cannot match the complete DN string with any entries in the Active Directory database.
It indicates which portion of the DN matched and which portion did not match. You can verify your Active Directory setup and the entries for the Usersroot.
In some cases, the log file contains error messages with NameError. This indicates that either you entered a wrong user ID or there is some spelling error in the Usersroot configuration.
Q. Is it possible to have both CiscoWorks and ACS on the same machine?
A. No. This is because ACS mandates CiscoWorks to be configured as an AAA client in it for CiscoWorks to avail AAA service. At the same time, ACS does not allow itself to be configured as an AAA client, which is required when ACS and CiscoWorks coexist. Hence the configuration required for ACS integration will fail.
Q. How do I enable or disable ACS Communication on HTTPS from CLI?
A. To enable/disable ACS communication on HTTPS:
Step 1 Enter NMSROOT/bin/perl NMSROOT/bin/camssl.pl
The following message is displayed:
Usage:camssl.pl -enable | -disable
•To enable ACS communication on HTTPS:
Enter NMSROOT/bin/perl NMSROOT/bin/camssl.pl -enable
•To disable ACS communication on HTTPS:
Enter NMSROOT/bin/perl NMSROOT/bin/camssl.pl -disable
Step 2 Restart the Daemon Manager:
On Windows:
Enter net stop crmdmgtd
Enter net start crmdmgtd
On Solaris:
Enter /etc/init.d/dmgtd stop
Enter /etc/init.d/dmgtd start
Q. Why is task-to-role mapping not synchronized between the ACS Server and the CiscoWorks Server, sometimes?
A. The Session Management services provides user cache. This cache is not for each session, and may become stale when User privileges changes on the ACS server. The user should explicitly logout from the browser session, when the privileges changes.
If the browser window is closed without logging out properly, the user cache may not be cleared and the task-to-role mapping may not be synchronized between the ACS server and the CiscoWorks server.
Q. Why the devices are not appearing in DCR after a successful ACS registration and daemons restart?
A. This could be because the DCR Server could not get all the Network Device Groups (NDGs) and devices from ACS. The probable causes for this task failure are:
–ACS Server is not reachable
–Protocol mismatch between ACS Server and Common Services Server.
Q. Why are some of my screen buttons grayed out?
A. This could be because the appropriate privileges are not assigned to user logged into CiscoWorks.
If the login module is set to CiscoWorks local, ensure that the users logged into CiscoWorks Server have enough privileges.
If the login module is set to ACS, check whether:
–The ACS Server is up and running.
–Appropriate user privileges are assigned in ACS Server.
Q. I had problems with registering my CiscoWorks Server in ACS, even after I added my CiscoWorks Server as a AAA client?
A. If your CiscoWorks Server is a multi-homed machine with multiple network interface cards, you should add all the IP addresses of your CiscoWorks Server in ACS for the same hostname.
See Integrating CiscoWorks Server With ACS Server for detailed steps.
Q. What are the minimum and maximum length of user account names? How do I control them?
A. The minimum length of a user account name is 5 characters. The maximum length of a user account name is 255 characters.
You cannot control the length of user account names. However you can remove this limitation.
Q. How do I reset the password for the CiscoWorks login users?
A. You can use the resetpasswd utility to reset the password of CiscoWorks login users. This utility is available under NMSROOT/bin, where NMSROOT is your CiscoWorks Installation directory.
To run this utility:
Step 1 Stop the Daemon Manager.
Step 2 Enter NMSROOT/bin/resetpasswd at the command prompt.
Step 3 Start the Daemon Manager.
Q. How do I unregister an application from the ACS Server?
A. Common Services does not have any UI interface to unregister CS applications from ACS Server. You can use the ACSRegCli.pl CLI utility to register or unregister the applications.
See Unregistering Applications From ACS Through CLI for steps to run the script.
Q. How do I change the AAA mode setup from ACS to CiscoWorks Local using CLI?
A. You can use the ResetLoginModule.pl utility to reset the login module from ACS to CiscoWorks local.
See Resetting Login Module for more information.
Q. Is it possible to integrate more than one CiscoWorks Server to a single ACS Server?
A. You can integrate more than one CiscoWorks Server to a single ACS Server.
However, the CiscoWorks applications in all the servers that are to be integrated with ACS should be of same versions.
Q. What are the rules to enter a valid username and password?
A. The username can contain the alphabets in lower and upper cases, numerals, hyphens (-), underscores (_), and periods (.). The username should start with alphabets and underscore characters.
The password can contain the alphabets, numerals, leading and trailing spaces, and any special characters.
The length of username and password can span from 5 to 255 characters.
Q. Where is the SSL log present?
A. The SSL log is present in the NMSROOT directory, where NMSROOT is your CiscoWorks Installation directory.
Q. Why am I getting a 403 forbidden error while trying to access CiscoWorks pages?
A. You should check whether the casuser is assigned with the required local security policies.
To check whether the casuser is assigned with the required policies:
Step 1 Click Start > Settings > Control Panel> Administrative Tools.
Step 2 Click the Local Security Policy shortcut from the Administrative Tools folder.
The Local Security Policy window opens.
Step 3 Click Local policies > User Rights Assignment in the Local Security Policy window.
Step 4 Check whether the casuser is assigned with the following privileges:
•Access this computer from the network
•Log on as a batch job
If the casuser is not assigned with the required privileges, you should run the resetCasuser utility again. Enter the following commands to run the resetCasuser utility:
•NMSROOT/CSCOpx/setup/support/resetCasuser (On Solaris)
•NMSROOT\CSCOpx\setup\support\resetCasuser.exe (On Windows)
where NMSROOT refers to the CiscoWorks Installation directory.
The other possible solutions are:
•Remove or disable the anti-virus software
•Restart Daemon Manager
•Uninstall or disable IIS
•Log on as a batch job
•Disable Cisco Security Agent
•Stop the Daemon Manager and check if there are any Apache or Tomcat processes running. If so, kill the stray processes from the Task Manager or stop them from the Services panel.
•Ensure that the casuser or administrator has the read permission for the CSCOpx, CSCOpx/MDC/tomcat/webapps/cwhp directories, and their inner directories.
Software Center
The following are the FAQs on Common Services Software Center:
•How do I find out which devices are supported by a particular application?
•What are the prerequisites for downloading Software Updates from Cisco.com?
•Does the Software Center list only the software updates that are not installed in this machine?
•What should I do if an application registered with CiscoWorks home page is not shown in Software Center?
Q. How do I find out which devices are supported by a particular application?
A. Select Common Services > Software Center > Software Updates. Under Applications Installed, click the application name to see a list of the supported devices.
See Selecting Software Updates for more information.
Q. What are the prerequisites for downloading Software Updates from Cisco.com?
A. You should check for the following:
–Valid Cisco.com credentials are configured during Server administration
–Valid proxy details are configured and CiscoWorks support basic authentication of proxy server.
See Downloading Software Updates for more information.
Q. Does the Software Center list only the software updates that are not installed in this machine?
A. The Software Center module lists all software updates including those that are installed. However, it performs the filtering for device updates.
Q. What should I do if an application registered with CiscoWorks home page is not shown in Software Center?
A. This may be because the PROD_INFO tag entry is missing in APP.info file under NMSROOT/Setup directory, where APP refers to the short name of the applications.
For example, the following entry should be available in rme.info file. Only then RME will appear in Software Center.
Device Management
The following are the FAQs on Device Management in Common Services:
•Why does the Device selector not appear in the Device administration page?
•Why are the devices added into DCR not appearing in the Device Management screen?
•What is the maximum number of devices that can be imported to the DCR?
•How to import devices whose sysObjectIds are not known before the Import operation?
•Sometimes, when the data is restored on Master machine the Slave does not receive any events. What should I do?
•Where can I find the DCR log files?
•Why am I getting an Access Denied error while performing Import from Remote NMS?
•Why does the Devices that are not configured in ACS report shows some devices although they are already configured in ACS?
•How do I include a special character such as comma as part of SNMP Read-Only string in a CSV file?
Q. Why does the Device selector not appear in the Device administration page?
A. Ensure that CMFOGSServer process is running correctly. If you had invoked the browser soon after starting the Daemon Manager, try closing the browser and invoking CiscoWorks again.
If the browser window is closed without logging out properly, the user cache may not be cleared and the task-to-role mapping may not be synchronized between the ACS server and the CiscoWorks server.
Q. Why are the devices added into DCR not appearing in the Device Management screen?
A. Ensure that Add operation was successful at the first attempt without any errors.
In ACS mode, DCR will show only the devices that are configured in ACS. If you do not have any devices (NDGs) in ACS, you cannot see the devices that are not configured in ACS although they are available in DCR. If Common Services is in ACS mode, you should configure all the devices in ACS as well.
Sometimes, the device list shown in this report may not be accurate:
–If the ACS Admin Name / ACS Admin Password entered in the AAA setup page is not correct
–If there is a HTTP protocol mis-match between the ACS configuration in the CiscoWorks server and the actual ACS settings.
In these cases you may need to correct any ACS configuration mismatches in the AAA setup screen.
Q. What is the maximum number of devices that can be imported to the DCR?
A. You can add up to 50,000 devices in DCR. However each application can manage only limited devices. For example, Campus Manager can manage only 5000 devices and Resource Manager Essentials can manage upto 10,000 devices.
Q. How to import devices whose sysObjectIds are not known before the Import operation?
A. SysObjectIDs are not mandated for Bulk Import operation. You can leave the field empty or specify sysObjectID as UNKNOWN, and then perform Import. See Importing Devices and Credentials for more information.
Q. Sometimes, when the data is restored on Master machine the Slave does not receive any events. What should I do?
A. You can try changing the DCR mode of the Slave machine to Standalone and wait for few minutes. Then you can change the mode back to Slave. Ensure that the Auto-sync option is enabled in the applications.
Q. Where can I find the DCR log files?
A. You can find the DCR logs at the following location:
–NMSROOT\log\DCRServer.log (On Windows)
–/var/adm/CSCOpx/log/daemons.log (On Solaris)
When DEBUG is enabled, the following logs contain the additional information:
–NMSROOT\log\dcr.log (On Windows)
–NMSROOT\log\dcrclient.log (On Windows)
–/var/adm/CSCOpx/log/dcr.log (On Solaris)
–/var/adm/CSCOpx/log/dcrclient.log (On Solaris)
See also Maintaining Log Files for more information.
Q. Why am I getting an Access Denied error while performing Import from Remote NMS?
A. Import from Remote NMS fails if the username and hostname pair is not present in the .rhosts file in the remote server. This is to allow trusted access to the remote system without the need for a password.
Enter the username and host pair in the /.rhosts file in the remote server. To allow all users and hosts, enter in the 1st line of .rhosts file.
Q. Why does the Devices that are not configured in ACS report shows some devices although they are already configured in ACS?
A. The device list shown in the report may not be accurate if there is any configuration mismatch on the ACS Server.
You should check the following:
–ACS Server is reachable
–ACS Admin Name / ACS Admin Password given in the AAA setup page is correct
–There is no protocol mismatch between the ACS Configuration in the CiscoWorks Server and the actual ACS settings.
Q. How do I include a special character such as comma as part of SNMP Read-Only string in a CSV file?
A. You can specify a string value with a special character by putting quotes around it.
For example, to specify test,test as a SNMP Read-Only string, you should enter "test,test" in the input CSV file.
Device Center
The following are the FAQs on Device Center in Common Services:
•How do I verify if SSH is enabled or disabled on my device using CiscoWorks Server?
•Why is the Edit Device Credentials link not shown for all devices in Device Center?
Q. How do I verify if SSH is enabled or disabled on my device using CiscoWorks Server?
A. To verify whether SSH is enabled or disabled using the CiscoWorks Server:
Step 1 Go to the CiscoWorks home page and select Device Diagnostic Tools > Device Center.
The Device Center page appears with the Device Selector in the left pane and Device Center overview information in the right pane.
Step 2 Enter the IP address or device name of the device and click Go.
Or
Select a device from the list-tree, in the Device Selector field.
The Device Summary, and Functions Available panes appear.
Step 3 Click Management Station to Device in the Functions Available pane.
The Management Station to Device dialog box appears.
Step 4 Select the SSH check box and select the SSH version as SSHv1 or SSHv2.
Step 5 Click OK.
Depending upon your protocol selected, if SSHv1 or SSHv2 enabled on the device, you will see:
if SSHv1 or SSHv2 is not enabled on the device, you will see:
Q. Why is the Edit Device Credentials link not shown for all devices in Device Center?
A. The Edit Device Credentials feature provides you the ability to edit the device credential. The Edit Device Credentials link is visible to any user in Device Center only when the device is present in DCR Administration. Otherwise, this link will not be displayed in Device Center. See Editing Device Credentials in Device Center for more information.
CiscoWorks Home Page
The following are the FAQs on CiscoWorks home page:
•Why do some CiscoWorks applications not appear in the product?
•How do I change the IP address of the CiscoWorks Server after installing it, or after running it for a while?
•Why do I get the Java Script Not Enabled error after logging into CiscoWorks?
•What are the specific ports required for Internet HTTP features?
•Why is the display name not available in the home page after importing?
•How do you ensure to register using a template and launch the links properly?
Q. Why do some CiscoWorks applications not appear in the product?
A. The CiscoWorks Server represents a common set of management services that are shared by multiple network management applications. These services are enabled when a suite is installed and an application that relies on a particular service enables it.
If a particular suite of applications does not use a particular service, the service might not appear on the CiscoWorks home page. Applications and application suites may not use these features at all, or not to the fullest extent.
See the User Guide for your application suite to determine the extent to which these features are used.
Q. How do I change the IP address of the CiscoWorks Server after installing it, or after running it for a while?
A. You can change the IP address on the server, and then access it using the new IP address.
To change the IP address on Windows:
Step 1 Click Start > Settings > Network and Dial-up Connections > Local Area Connection.
The Local Area Connection Status dialog box appears.
Step 2 Click Properties.
The Local Area Connection Properties dialog box appears.
Step 3 Select Internet Protocol (TCP/IP) and click Properties.
The Internet Protocol (TCP/IP) Properties dialog box appears.
Step 4 Select the radio button Use the following IP address.
Step 5 Change the IP address as required, in the IP address field.
For the subnet mask and default gateway values, enter the ipconfig command at the command prompt.
The subnet mask and default gateway values appear.
Step 6 Enter these values in the Subnet mask and Default gateway fields.
Step 7 Click OK to go back to Local Area Connection Status dialog box.
Step 8 Click OK.
Step 9 Restart the server.
To change the IP address on Solaris, use the command ifconfig at the command prompt to change the IP address of the required interface.
For example, at the command prompt, you can enter:
ifconfig interfacename inet ipv4address
where the variable interfacename represents the name of the interface and ipv4address represents the new IP address.
Q. Why do I get the Java Script Not Enabled error after logging into CiscoWorks?
A. This could be because Java Script is disabled in Internet Explorer. You should enable it in IE.
To do so:
Step 1 Launch Internet Explorer and click Tools > Internet Options.
Step 2 Click the Security tab and select Trusted Sites.
Step 3 Add the CiscoWorks Server to the trusted zone.
Step 4 Clear the selection in Require server verification for all sites in this zone.
Step 5 Click OK to return to the Security tab.
Step 6 Click the Custom level button from the Security level for this zone panel.
Step 7 Select the Enable option for scripting of Java applets.
Step 8 Click OK to return to the Security tab.
Step 9 Click Apply.
Q. What are the specific ports required for Internet HTTP features?
A. Only port number 80 is required for all HTTP interactions between CiscoWorks Server and Cisco.com, including the Software Center interactions.
Q. Why is the display name not available in the home page after importing?
A. The probable causes for this problem could be:
–There is a mismatch between the hostname in the template imported and the hostname specified in the UI during importing.
–The application imported from a remote server does not belong to the server from which it is imported.
Q. How do you ensure to register using a template and launch the links properly?
A. Before you register through a template, you should ensure that:
–The host is reachable.
–Port information specified is correct and reflects the current port of the bundle.
–The application is available and can be launched by entering the application URL in the browser.
Event Distribution Services and Event System Services
The following are the FAQs on Event Distribution Services and Event System Services:
•How do I change the ESS port in Solaris?
•How do I change ESS port in Windows?
•Why do the EDS process is not starting?
•How should I configure EDS in a multi-homed machine?
Q. How do I change the ESS port in Solaris?
A. There are 4 ports related to ESS:
–ESS Service Port: 42350/udp
–ESS listening port: 42351/tcp
–ESS HTTP Port: 42352/tcp
–ESS Routing Port: 42353/tcp
The ports mentioned above are default ports. The alternative ports defined for these in CiscoWorks are 44350, 44351, 44352, 44353 respectively.
To change the ports:
Step 1 Open the file NMSROOT/objects/ess/conf/essproperties.conf in a plain text editor, such as vi.
Step 2 Change the port numbers as required.
Step 3 Reboot the system.
Q. How do I change ESS port in Windows?
A. To do this:
Step 1 Back up your Windows registry.
Step 2 In the Registry Editor, navigate to HKEY_LOCAL_MACHINE >SOFTWARE > Cisco > Resource Manager > Current Version > Daemon > ESS
Step 3 Change the value of Args from
-store NMSROOT\objects\ess\conf\rvrd.conf -logfile NMSROOT\log\ess.log -listen 42351 -no-http
to
-store NMSROOT\objects\ess\conf\rvrd.conf -logfile NMSROOT\log\ess.log -listen 42351 -no-http
Step 4 Change the corresponding entry in NMSROOT\objects\ess\conf\essproperties.conf.
Step 5 Reboot the server.
Q. Why do the EDS process is not starting?
A. You should check:
–If the hostname is correct and is not changed recently.
–If the osagent is in use in port 42342.
If the osagent is not in use, you should:
Step 1 Stop the Daemon Manager.
Step 2 Run the ChangeOSAGENTPort.pl script to change the port number. Enter the following command:
NMSROOT/bin/perl NMSROOT/bin/ChangeOSAGENTPort.pl Port_number
where,
NMSROOT — CiscoWorks Installation directory
Port_number— Osagent port
Step 3 Restart the Daemon Manager.
Q. How should I configure EDS in a multi-homed machine?
A. To run CiscoWorks Common Services and configure EDS on a multi-homed machine, there are two requirements.
–All IP addresses must be configured in DNS.
–Owing to restrictions in CORBA, only one IP address can be used by the client or browser to access the server. You must select one IP address as the external address, with which the client will login to the CiscoWorks server. You should modify the gatekeeper.cfg file to enter this external IP address.
Backup and Restore
The following are the FAQs on Common Services Backup and Restore:
•What kind of directory structure does CiscoWorks use when backing up data?
•What should I do when backup fails and displays a Backup.LOCK file exists error message?
•Do I need to stop the Daemon Manager before running backup.pl and restorebackup.pl scripts?
Q. What kind of directory structure does CiscoWorks use when backing up data?
A. CiscoWorks uses a standard database structure for backing up all suites and applications. See Table 10-3 for a sample directory structure on CiscoWorks Server.
Table 10-3 Sample Backup Directory
Directory Path
|
Description
|
Usage Notes
|
/tmp/1
|
Number of backups
|
1, 2, 3...
|
/tmp/2/cmf
|
Application or suite
|
Backs up CiscoWorks Server applications.
|
/tmp/1/cmf/filebackup.tar
|
CiscoWorks Server application tar files
|
Application data is stored in the datafiles.txt which are compiled into the tar file.
|
/tmp/1/cmf/database
|
CiscoWorks Server database directory
|
Includes the following files for each database:
•xxx_DbVersion.txt
•xxx.db (database files)
•xxx.log (database log files)
•xxx.txt (database backup manifest file)
where xxx is the name of the database.
|
Q. What should I do when backup fails and displays a Backup.LOCK file exists error message?
A. You should try removing the Backup.LOCK file from the CiscoWorks installation directory and start backup again. You can use the CLI program to back up the data. See Backing up Using CLI for more information.
Q. Do I need to stop the Daemon Manager before running backup.pl and restorebackup.pl scripts?
A. Daemons should be stopped only before you run restorebackup.pl scripts. You need not stop the Daemon Manager to run the backup.pl scripts.
See Backing up Using CLI and Restoring Data for more information.
Database
The following are the FAQs on Common Services Database:
•How can I find the version of a Sybase Database?
•What if the database is inaccessible?
Q. How can I find the version of a Sybase Database?
A. Run the following command:
opt/CSCOpx/objects/db/bin/dbsrv9 -v
Q. What if the database is inaccessible?
A. If the server is not able to connect to the database, the database might be corrupt or inaccessible. This can occur if processes are not running. Try the following:
Step 1 Log in to CiscoWorks as admin.
Step 2 Select Server > Admin > Processes.
A list of CiscoWorks back-end processes appears.
You can check if there are any failed process appear in the list.
Step 3 Select Server > Admin > Self Test.
•Click Create to create a report.
•Click Display to display the report.
Step 4 Select Server > Admin > Collect Server Information.
Step 5 Click Product Database Status to get detailed database status.
Step 6 Contact the Cisco TAC or your customer support to get the information you need to access the database and find out details about the problem.
After you have the required information, perform the following tasks for detecting and fixing database errors.
Depending upon the degree of corruption, the database engine may or may not start. For certain corruptions, such as bad indexes, the database can function normally until the corrupt index is accessed.
Database corruptions, such as index corruptions, can be detected by the dbvalid utility, which requires the database engine to be running.
To detect database corruption:
Step 1 Log on as root (on Solaris) or with administrator privileges (on Windows).
Step 2 Stop the Daemon manager if it is already running:
•/etc/init.d/dmgtd stop (on Solaris)
•net stop crmdmgtd (on Windows)
Step 3 Make sure no database processes are running and there is no database log file.
For example, if the database file is /opt/CSCOpx/databases/rme/rme.db, the database log file is /opt/CSCOpx/databases/rme/rme.log. This file is not present if the database process shuts down cleanly.
Step 4 Check if the database files and the transaction log file (*.log) are owned by user casuser if you use Solaris machines. If not, change the ownership of these files to user casuser and group casusers.
Step 5 Run the commands on the command prompt:
cd NMSROOT/objects/db/conf
NMSROOT/bin/perl configureDb.pl action=validate dsn=cmf
The dbvalid command displays a list of tables being validated. The Validation utility scans the entire table, and looks up each record in every index and key, defined on the table. If there are errors, the utility displays a message such as:
run time SQL error -- Foreign key parent_is has invalid or duplicate index
If the above command reports any error, you may try:
•Restoring from a previous good backup
or
•Reinitializing database
Caution All the current data will be lost.
To do this, you have to run the following command:
NMSROOT\bin\perl NMSROOT\bin\dbRestoreOrig.pl dsn=dsn dmprefix=dmprefix
For Common Services, dsn is cmf and dmprefix is Cmf.
Apache and Tomcat
The following are the FAQs on Apache and Tomcat:
•How do I avoid the SSL port conflict between HPOV and Common Services servers and run them both on the same system?
•Why does the Apache process not come up after installation or why does the process go down suddenly?
•How do I change web server port numbers?
•How should I enable or disable web server SSL mode from the command line?
•How do I increase Tomcat heap size?
•How do I modify a certificate which is not self-signed?
•What is the maximum number of connections allowed by CiscoWorks to access the web interface?
•What version of Tomcat is installed on my server?
Q. How do I avoid the SSL port conflict between HPOV and Common Services servers and run them both on the same system?
A. The new installer detects IIS web server running on the machine and prompts you to enter a different port number for CiscoWorks Server to avoid the conflict.
Q. Why does the Apache process not come up after installation or why does the process go down suddenly?
A. This could be a problem with the Apache configuration syntax or the validity of the server certificate. You should first check the Apache configuration syntax.
To do this:
On Windows:
Go to NMSROOT\MDC\Apache and run the command Apache.exe -t -d .
Note Do not omit the .
On Solaris:
Go to NMSROOT/MDC/Apache/bin and run the command ./web_server -t
If the Apache configuration syntax is correct, a message appears:
If the Apache configuration syntax is fine, check the validity of the Server Certificate using the SSL Utility Script.
Q. How do I change web server port numbers?
A. To change the web server port numbers, you must run separate commands for both Windows and Solaris.
On Solaris:
You can change the web server port numbers for the webservers. You can also change both the HTTP and HTTPS port numbers. To change the port numbers you must login as CiscoWorks Server administrator, and run the following command at the prompt:
NMSROOT/MDC/Apache/bin/changeport
If you run this command without any command line parameter, CiscoWorks displays:
*** CiscoWorks Webserver port change utility ***
Usage: changeport <port number> [-s] [-f]
where
port number—The new port number that should be used
-s—Changes the SSL port instead of the default HTTP port
-f—Forces port change even if Daemon Manager detection FAILS.
Note Do not use this option by default. Use it only when CiscoWorks instructs you to.
For example, you can enter:
changeport 1744—Changes the CiscoWorks web server HTTP port to use 1744.
Or,
changeport port number -s—Changes the CiscoWorks web server HTTPS port to use the specified port number.
If you change the port after installation, CiscoWorks will not launch from Start menu
(Start > Programs > CiscoWorks > CiscoWorks).
You have to manually invoke the browser, and specify the URL, with the changed port number.
The restrictions that apply to the specified port number are:
•Port numbers less than 1026 are not allowed. However, you can use 443 as the HTTPS port number.
•The specified port should not be used by any other service or daemon. The utility checks for active listening ports, and ports listed in /etc/services. If there is any conflict, it rejects the specified port.
•The port number must be a numeric value in the range 1026 - 65535. Values outside this range, and non-numeric values are not allowed.
•If port 443 is specified for any of the web servers, that web server process is started as root. This is because ports lower than 1026 are allowed to be used only by root in Solaris.
However, according to Apache behavior, only the main web server process run as root, and all the child processes run as casuser:casusers. Only the child processes serve the external requests.
The main process that runs as root monitors the child processes. It does not accept any HTTP requests. Owing to this, Apache ensures that a root process is not exposed to the external world, and thus ensures security.
•If you do not want CiscoWorks processes to run as root, do not use the port 443.
When you run the utility with the appropriate options, it displays messages on the tasks it performs.
This utility lists all the files that are being updated. Before updating, the utility will back up all affected files in /opt/CSCOpx/conf/backup and creates appropriate unique sub-directories.
It also creates a new file called index.txt. This text file contains information about the changed port, a list of all the files that are backed up, and their actual location in the CiscoWorks directory.
•If you do not want CiscoWorks processes to run as root, do not use the ports 80 and 443.
When you run the utility with the appropriate options, it displays messages on the tasks it performs.
This utility lists out all the files that are being updated. Before updating, the utility will back up all affected files in /opt/CSCOpx/conf/backup and creates appropriate unique sub-directories.
It also creates a new file index.txt. This text file contains information about the changed port and a list of all files that are backed up and their actual location in the CiscoWorks directory.
A sample backup maybe similar to:
|--README.txt (Note the purpose of this directory as it is initially empty)
`--/AAAtpaG03_Ciscobak (Autogenerated unique backup directory).
|--index.txt (The backup file list)
|--httpd.conf (Webserver config file)
|--md.properties (CiscoWorks config elements)
|--mdc_web.xml (Common Services application config file)
|--regdaemon.key (Common Services config registry key file)
|--regdaemon.xml (Common Services config registry data file)
|--rootapps.conf (CiscoWorks daemons using privileged ports)
|--services (The system /etc/services file)
`--ssl.properties (CiscoWorks config elements for SSL mode)
Note All of the above files and the unique directories are stored with read only permission to casuser:casusers. To ensure the security of the backup files, only the CiscoWorks Server administrator has write permissions.
The change port utility displays messages to the console during execution. These messages contain information about the directory where the backup files are being stored. These messages are also logged to a file, changeport.log.
This file is saved to the directory:
/var/adm/CSCOpx/log/changeport.log
This file contains the date and time stamps to indicate when the log entries were created.
On Windows:
You can change the web server port numbers for the Common Services Webserver. You can also change both the HTTP and HTTPS port numbers.
To change the port numbers you must have administrative privileges. Run the following command at the prompt:
NMSROOT\MDC\Apache\changeport.exe
If you run this utility without any command line parameter, CiscoWorks displays the following usage text:
*** Common Services Webserver port change utility ***
Usage: changeport <port number> [-s] [-f]
where:
port number—The new port number that should be used
-s—Change the SSL port instead of the default HTTP port
-f—Force port change even if Daemon Manager detection fails.
Note Do not use this option by default. Use it only when CiscoWorks instructs you to.
For example, you can enter:
changeport 1744—To change the CiscoWorks web server HTTP port to use 1744.
Or,
changeport port number -s—Changes the CiscoWorks web server HTTPS port to use the specified port number.
If you change the port after installation, CiscoWorks will not launch from Start menu (Start > Programs > CiscoWorks > CiscoWorks). You have to manually invoke the browser and specify the URL, with the changed port number.
The restrictions that apply to the specified port number are:
•Port numbers less than 1026 are not allowed. However, you can use 443 as the HTTPS port number.
•The specified port should not be used by any other service or daemon. The utility checks for active listening ports, and if any conflict is found, the utility rejects the specified port.
There is no reliable way to determine whether any other service or application is using a specified port. If the service or application is running and actively listening on a port, it can be easily detected.
However, if the service is currently stopped, there is no way that the utility can determine what port it uses. This is because on Windows there is no common port registry equivalent to /etc/services as in Solaris.
•The port number must be a numeric value in the range 1026 - 65535. Values outside this range, and non-numeric values are not allowed.
When you run the utility with the appropriate options, it displays messages on the actions it is performing.
It lists out all the files that are being updated. Before updating, the utility backs up all the affected files in CSCOpx\conf\backup, and creates, appropriate, unique, sub-directories.
It also creates a new file called index.txt. This text file contains information about the changed port, a list of all the files that are backed up, and their actual location in the CiscoWorks directory.
A sample backup may be similar to:
|--README.txt (Notes the purpose of this dir as it is initially empty)
`--\skc03._Ciscobak (Autogenerated unique backup directory).
|--index.txt (The backup file list)
|--httpd.conf (Webserver config file)
|--md.properties (CiscoWorks config elements)
|--mdc_web.xml (Common Services application config file)
|--regdaemon.key (Common Services config registry key file)
|--regdaemon.xml (Common Services config registry data file)
`--ssl.properties (CiscoWorks config elements for SSL mode)
Note All the above files and the unique directories are stored with read only permissions. Only the administrator and casuser have write permissions, to ensure the security of the backup files.
The change port utility displays messages to the console during execution. These messages contain information about the directory where the backup files are being stored. These messages are also logged to a file, changeport.log.
This file is saved to the directory:
NMSROOT\log\changeport.log
This log file contains the date and time stamps to indicate when the log entries were created.
Q. How should I enable or disable web server SSL mode from the command line?
A. To enable or disable the web server SSL mode:
Step 1 Stop the Daemon Manager.
Step 2 Run the ConfigSSL.pl script. Enter the commands:
•NMSROOT/bin/perl ConfigSSL.pl -enable (to enable the web server SSL mode from the command line)
•NMSROOT/bin/perl ConfigSSL.pl -disable (to disable the web server SSL mode from the command line)
Step 3 Start the Daemon Manager.
Q. How do I increase Tomcat heap size?
A. To increase Tomcat heap size:
Step 1 Stop the Daemon Manager.
•On Solaris:
Run /etc/init.d/dmgtd stop
•On Windows:
Run net stop crmdmgtd
Step 2 Run NMSROOT/bin/perl NMSROOT/bin/ModifyTomcatHeap.pl max heap in MB
Step 3 Start the Daemon Manager.
•On Solaris:
Run /etc/init.d/dmgtd stop
•On Windows:
Run net start crmdmgtd
If Tomcat is already configured for higher memory than what you specify when you run the command:
Step 1 Navigate to the directory where the SSL Utility Script is located.
On Windows:
a. Go to NMSROOT\MDC\Apache
b. Enter NMSROOT\bin\perl SSLUtil.pl
On Solaris:
a. Go to NMSROOT/MDC/Apache/bin
b. Enter NMSROOT/bin/perl SSLUtil.pl
After you have entered this command, the system displays a set of options.
Step 2 Select the fourth option Verify the input Certificate/Certificate Chain by entering 4.
Step 3 Enter the location of the server certificate NMSROOT/MDC/Apache/conf/ssl/server.crt
The script verifies if the server certificate is valid. If the script reports errors during validation and verification, you have to regenerate the certificate by running SignTool.pl from the above directory.
Step 4 Enter NMSROOT/bin/perl SignTool.pl [-SSL=true | -SSL=false]
Note NMSROOT is the directory where CiscoWorks is installed.
Q. How do I modify a certificate which is not self-signed?
A. Common Services does not allow modifying certificates other than the self-signed certificates.
Q. What is the maximum number of connections allowed by CiscoWorks to access the web interface?
A. Tomcat, the servlet engine, shipped with CiscoWorks handles a maximum of 500 connections or http requests.
Q. What version of Tomcat is installed on my server?
A. To find out the version of Tomcat installed on your server, you should:
Step 1 Navigate to the NMSROOT/MDC/tomcat/server/lib directory.
Step 2 Unzip the catalina.jar file available in this directory.
Step 3 Navigate to the location where you have extracted this jar file.
Step 4 Open the Serverinfo.properties file under the orgapachecatalinautil directory.
This file displays the version of Tomcat installed on the CiscoWorks Server.
Troubleshooting Suggestions
Use the suggestions in Table 10-4 to resolve errors or other problems with the CiscoWorks Server.
Table 10-4 Troubleshooting Suggestions
Symptom
|
Probable Cause
|
Possible Solutions
|
Authorization required. Please log in with your username and password.
|
Incompatible browser causing cookie failure (unable to retrieve cookie).
|
Verify that you have Accept all cookies enabled. Refer to the installation documentation for supported Internet Explorer and Mozilla Firefox software and setup procedures.
|
Daemon Manager could not start. The port is in use.
|
The operating system has not yet reallocated the port.
|
Make sure all CiscoWorks processes are terminated (/usr/ucb/ps -auxww | grep CSCO). Wait five to ten minutes, then try to restart the Daemon Manager.
|
User has forgotten his password.
|
Common Services cannot recover forgotten passwords.
|
A system administrator-level user must either change the password or delete the user account and add it again.
|
You are logged out of the CiscoWorks Server.
|
Changes in the login module configuration file might not be correct.
Authentication server might be down and there were no fallback logins set.
|
1. Log into CiscoWorks Server.
2. Enter the following commands:
–NMSROOT\bin\perl NMSROOT\bin\ResetLoginModule.pl
(on Windows)
–NMSROOT/bin/perl NMSROOT/bin/ResetLoginModule.pl
(on Solaris)
3. Restart Daemon Manager.
|
The Log File Status window displays files that exceed their limit.
|
Files need to be backed up so that file size will be reset to zero.
|
1. Stop all processes.
2. Enter the log file maintenance commands:
–NMSROOT\cgi-bin\admin\ (on Windows)
–NMSROOT/cgi-bin/admin/ (on Solaris)
3. Restart all processes.
|
Error message in the logfile: Connection Refused. Check the Device is SSH supported or not.
|
Device is not SSH enabled or the server is not authorized to initiate SSH connection.
|
1. Check whether the device is up or not.
2. Try connecting to the device with a commercial SSH client.
If you are able to connect, go to step 3.
If you are not able to connect, check whether the device is running SSH enabled (K2 or K9) image.
•If it is not the correct image, download the appropriate image to the device.
•If you have the correct image, check whether you have created RSA key pairs in the device. Creating RSA keys will enable SSH in the device.
3. Check whether your server or network is authorized to initiate SSH connections to device.
|
While launching the Device Management page, the following error message is displayed:
Error in communicating with DCR Server.
DCR Server may be down. Please start the DCR Server and then refresh the page.
|
The Device and Credentials Administration server may be down.
|
Start the Device and Credentials Administration server from the Common Services user interface or from the CLI.
To start the server from the user interface:
1. Go to Common Services Home and click Server > Security > Admin > Processes.
The Process Management Dialog Box appears.
2. Check the DCRServer check box in the Process Management dialog box
3. Click Start.
To start the server from the CLI, enter:
NMSROOT/bin/pdexec DCRServer
where NMSROOT is the CiscoWorks Installation directory.
|
Error message while deleting the devices:
Cannot get the list of
device(s) managed by
application(s) from the
server - ServerName.
Server is not running.
Do you want to continue
the delete operation of
selected devices?
|
The peer server in the DCR management domain may not be running.
|
Check the connectivity of the DCR Slave server from the DCR Master server. Only then the Master server can check the details of the devices managed by applications running in the Slave server before deleting the devices.
|
While launching the Group Administration page, the following error message is displayed:
Error in communicating with Group Administration Server.
|
The Group Administration server is either not running or yet to be up.
|
Start the Group Administration server from the Common Services user interface or from the CLI.
To start the server from the user interface:
1. Go to Common Services Home and click Server > Security > Admin > Processes.
The Process Management Dialog Box appears.
2. Check the CMFOGSServer check box in the Process Management dialog box
3. Click Start.
To start the server from the CLI, enter:
NMSROOT/bin/pdexec CMFOGSServer
where NMSROOT is the CiscoWorks Installation directory.
|
See Installing and Getting Started with LAN Management Solution 3.0 for troubleshooting tips on CiscoWorks installation.
