Table Of Contents
Security Manager Client
FAQs About the Security Manager Client
Resetting the Client Password
Using HTTP to Communicate with Server
Display Problems in Dual-Screen Setup
Unable to Reinstall Client
Removing Another User's Locks in Non-Workflow Mode
Loading the Online Help
Preserving Search Results in Online Help
Unable to Display Activity Report
Installation, Uninstallation, or Reinstallation
Security Manager Client
This chapter contains the following topics:
•
FAQs About the Security Manager Client
•Resetting the Client Password
•Using HTTP to Communicate with Server
•Display Problems in Dual-Screen Setup
•Unable to Reinstall Client
•Removing Another User's Locks in Non-Workflow Mode
•Loading the Online Help
•Preserving Search Results in Online Help
•Installation, Uninstallation, or Reinstallation
•Unable to Display Activity Report
FAQs About the Security Manager Client
This section answers the following questions about the Security Manager client:
•Can I install the Security Manager client on the same machine as the Security Manager server?
•How can I clean up the server list from the Server Name field in the Login window?
•What do I do if I forget to enter the server name during installation?
•The Security Manager client GUI did not load because of a version mismatch. What does this mean?
•Where are the client log files located?
•How do I know if Security Manager is running in HTTPS mode?
Q. Can I install the Security Manager client on the same machine as the Security Manager server?
A. We recommend that you do not install both the Security Manager server software and Cisco Security Manager client on the same system.
Q. How can I clean up the server list from the Server Name field in the Login window?
A. Delete csmserver.txt from the directory in which you installed the Security Manager client. The default location is C:\Program Files\Cisco Systems\Cisco Security Manager Client.
Q. What do I do if I forget to enter the server name during installation?
A. In the Server Name field in the Login window, enter the server name. Names of servers that you successfully logged in to are remembered and appear in the list the next time you login.
Q. The Security Manager client GUI did not load because of a version mismatch. What does this mean?
A. The Security Manager server version does not match the client version. To fix this, download and install the most recent client installer from the server. Do not edit the version fields in the client.info file manually.
Q. Where are the client log files located?
A. The client log files are located in C:\Program Files\Cisco Systems\Cisco Security Manager Client\ \logs. Each GUI session has its own log file.
Q. How do I know if Security Manager is running in HTTPS mode?
A. Do one of the following:
•Look at the HTTPS check box in the Login window. If it is selected, Security Manager is running in HTTPS mode.
•After you log in, look at the URL in the address field. If the URL starts with https, Security Manager is running in HTTPS mode.
•Go to Common Services > Server > Security > Single Server Management > Browser-Server Security Mode Setup. If you see Current Setting: Enabled, Security Manager is running in HTTPS mode.
Resetting the Client Password
Problem You cannot remember the password to the Security Manager client that was entered during installation.
Solution Reset the password by having an administrator do the following:
Step 1 On the Security Manager server, shut down the Cisco Security Manager Daemon Manager service.
Step 2 Navigate to \CSCOpx\bin.
Step 3 Open a command line and enter the command: resetpasswd [username].
Step 4 At the prompt, enter and confirm new password. Passwords can range from 5 to 256 characters in length and can include any printable character.
Step 5 Restart the Daemon Manager.
Caution This procedure does not require knowledge of the old password; therefore, it is important to keep the Security Manager server physically secure from unauthorized users.
Using HTTP to Communicate with Server
Problem You want the Security Manager client to use HTTP to communicate with the Security Manager server, instead of HTTPS.
Solution Do the following:
Step 1 In a web browser, enter http://[Security_Manager_server]:1741. This launches the web interface for the Security Manager server.
Step 2 Log in as an administrator, then click the CiscoWorks link in the upper-right corner.
Step 3 Under Common Services, select Server > Security > Single-Server Management > Browser-Server Security Mode Setup.
Step 4 Change the setting from Enable to Disable.
Step 5 Click Apply.
Step 6 Restart the Security Manager server.
Step 7 When you start the Security Manager client, be sure to deselect the HTTPS check box on the login screen.
Note For security reasons, we recommend that you use HTTPS instead of HTTP.
Display Problems in Dual-Screen Setup
Problem When working with a dual-screen setup, certain windows and popup messages always appear on the primary screen even when the Security Manager client is running on the secondary screen. For example, with the client running on the secondary screen, windows such as the Policy Object Manager always open in the primary screen.
Solution This is a known issue with the way dual-screen support is implemented in certain operating systems. We recommend running the Security Manager client on the primary screen. You should launch the client after configuring the dual-screen setup.
Tip If a window opens on the other screen, you can move it by pressing Alt+spacebar, followed by M; you can then use the arrow keys to move the window.
Unable to Reinstall Client
Problem When you attempt to install the the Security Manager client (or perform a reinstall, for example, after upgrading the operating system), you receive an error message indicating that the client is already installed and needs to be removed, even though the application does not appear in the list of installed programs.
Solution Do the following:
Step 1 At the command line, type regedit, then press Enter to open the Registry Editor.
Step 2 Remove the following registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\f427e21299b0dd254754c0d2778feec4-837992615
Step 3 Delete the previous installation directory.
Step 4 Rename the following folder:
C:\Program Files\Common Files\InstallShield\Universal\common\Gen1
Step 5 Select Start > Control Panel > Add or Remove Programs. If the Cisco Security Manager Client is still listed, click Remove. If you receive the message, "Program already removed; do you want to remove it from the list?", click Yes.
Note If you are still unable to reinstall the Security Manager client, rename the C:\Program Files\Common Files\InstallShield directory, then try again.
Removing Another User's Locks in Non-Workflow Mode
Problem When working in non-workflow mode, you discover that certain devices and policies that you need to configure are locked by another user. The locks remain in place until the other user submits or discards the configuration changes.
Solution If you have administrative permissions, you can remove the locks placed by another user by taking over that user's session. Select Tools > Security Manager Administration > Take Over User Session, then select the session. You can then submit or discard the user's changes to remove the locks.
Loading the Online Help
Problem You cannot load the online help.
Solution
When using Internet Explorer as your default browser, try the following:
•Windows Server 2003—Select Tools > Internet Options > Advanced > Security > Allow active content to run in files on My Computer.
•Windows XP—Select Tools > Internet Options > Advanced > Security > Allow active content to run in files on My Computer.
•Windows 2000—Enable Javascript and disable your popup blockers.
When using Mozilla as your default browser, try the following:
•Add the following line to default/prefs/browser-prefs.js:
pref("dom.allow_scripts_to_close_windows",true);
•Enable Javascript.
If you use Google Toolbar or any other popup-blocking utility that enables you to allow popups from particular servers, you must configure that utility to allow popups from the \Local Settings\Temp\ subdirectory that Windows associates with your Windows username on the client system. The path to that subdirectory might be, for example, D:\Documents and Settings\<USERNAME>\Local Settings\Temp.
If your popup blocker is not configured in this way, you must temporarily enable all popups. Otherwise, no window opens.
Preserving Search Results in Online Help
Problem When you click the link for one of the topics displayed in the online help search results, clicking the Search tab again (for example, to try a different topic listed in the search results) erases the results.
Solution Use the Back button in the browser instead of clicking the Search tab. The results of the previous search will still be displayed.
Unable to Display Activity Report
Problem If you are using Internet Explorer as your default browser, Activity Change Report in PDF does not appear when you click View Changes from the Tools menu (nonWorkflow mode), or Activity Manager (Workflow mode).
Solution This problem occurs because of inaccuracies with the location of some of the dll files or invalid registry key values associated with Internet Explorer. For information on how to work around this problem, refer to the Microsoft Knwoledge Base article 281679, which is available at this URL: http://support.microsoft.com/kb/281679/EN-US.
Installation, Uninstallation, or Reinstallation
See "Troubleshooting" in Installation Guide for Cisco Security Manager 3.0 on Cisco.com for information about troubleshooting problems that are related to the installation, uninstallation, or reinstallation of:
•Security Manager (including Common Services) software on a server.
•Security Manager Client.
•The standalone version of Cisco Security Agent that is installed on most Security Manager servers.
