Worldwide [change] |Account |Register |About Cisco
Guest

Hierarchical Navigation

Cisco Security Manager

CSM Troubleshooting

Downloads

Document ID: 108091


Contents

Introduction
Prerequisites
      Requirements
      Components Used
      Conventions
Problem
      Solution
Problem
      Solution
NetPro Discussion Forums - Featured Conversations
Related Information

Introduction

This document describes how to resolve the error message that appears in the Cisco Security Manager (CSM).

Prerequisites

Requirements

There are no specific requirements for this document.

Components Used

The information in this document is based on the CSM 3.1.0 version.

The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.

Conventions

Refer to Cisco Technical Tips Conventions for more information on document conventions.

Problem

This error message appears when you attempt to remove or delete the devices associated with CSM in order to free up the CSM license:

Policy or Assignment Locked

Solution

Complete these steps in order to resolve this problem:

  1. Make sure all users have either submitted or discarded their current activities and have logged out.

  2. Login as a system admin and navigate to Tools > Security Manager Administration > Workflow in order to change the CSM to workflow mode.

  3. Use Tools/Activity Manager to find any activities that are not in the Approved or Discarded state. In Activity Manager, you can click column head to sort the state column.

    1. For activities in Edit or Edit Open state, open it and then discard.

    2. For activities in Submitted state, reject it and then discard.

  4. Change the CSM back to non-workflow mode.

  5. Try to delete the devices again.

Problem

Commands are removed from the PIX when CSM pushes additional changes.

Solution

This is the expected behavior for CSM. CSM will remove any out of band changes the next time it attempts to push changes to that device. It will query for the current configuration. However, you should only see this behavior in the transcript logs if you enable advanced debugging.

You can do this under Tools--> Security Manager Administration --> Deployment --> Enable Advanced Debugging. Remember, if you make any out of band changes for testing, you need to go back and make them in CSM as well. Otherwise, at the time of the next deployment, the changes will be lost.

NetPro Discussion Forums - Featured Conversations

Networking Professionals Connection is a forum for networking professionals to share questions, suggestions, and information about networking solutions, products, and technologies. The featured links are some of the most recent conversations available in this technology.
NetPro Discussion Forums - Featured Conversations for Security
Security: Intrusion Detection [Systems]
Security: AAA
Security: General
Security: Firewalling

Related Information

Updated: Oct 16, 2008Document ID: 108091