The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
Release Notes for Cisco Mobility Services Engine, Release 22.214.171.124
Cisco Mobility Services Engine and Services
Cisco MSE Compatibility Matrix for Release 126.96.36.199
Upgrading the Cisco MSE to 188.8.131.52 from 7.x or 8.x
Configuring History Pruning Parameters
Restoring an Old Cisco MSE Backup to Release 184.108.40.206
Updated Software Version Shown in the Cisco PI After Polling
Upgrading Cisco MSE High Availability
Licensing Information for Cisco MSE
Cisco MSE License Product Numbers and SKUs
Ordering Support for Physical and Virtual Appliance
Base Location Services Licenses
Cisco CMX Licenses (Previously Known as Advanced Location Services)
Base Location Services to Cisco CMX Upgrade License
wIPS Enhanced Local Mode License
wIPS Monitor Mode/Monitor Module License
Cisco MSE Virtual Appliance Product Specifications
Operational Notes for Cisco MSE High Availability
Cisco MSE High Availability Issue When Using Cisco WLC 220.127.116.11
Operational Notes for Cisco MSE
Resolution to NMSP/SHA2 Keyhash Mismatch Issue
Rebooting Cisco MSE After Fresh Installation or Upgrade
Automatic Installation Script for Initial Setup
Mapping Controller and Associated Cisco MSE Must be Mapped to the NTP and Cisco PI Server
Configuring the Cisco PI Communication Username and Password Using Cisco MSE setup.sh
Configuration Changes for Greater Location Accuracy
Wireless Security Module with 3600 APs
AeroScout Engine Module Changes
Ports to be Opened for High Availability Between Cisco MSEs
Synchronizing Floor Maps in Location Service
Operational Notes for Context-Aware Service
Synchronization Required When Upgrading to Release 18.104.22.168 or Importing CAD Floor Images
Floor Change or Minimum Distance for Location Transitions to Post to History Log
Non-Cisco Compatible Extensions Tags
Cisco Compatible Extensions Version
Tablets and Smartphones with Limited Probe Requests
Operational Notes for Cisco CMX Analytics
Operational Notes for Facebook Wi-Fi
Operational Notes for Cisco CMX Connect and Engage
Operational Notes for Mobile SDK
Enabling Root Access Control in HA Mode
Resynchronizing WLC to MSE After an Upgrade
Obtaining Documentation and Submitting a Service Request
First Published: September, 2015
These release notes describe what is new in the release 22.214.171.124 of Cisco Mobility Services Engine (MSE) and its services, instructions to upgrade to this release, open and resolved caveats and related information. Cisco MSE services include:
Note Before installing the Cisco MSE software, see the “Upgrading Cisco MSE” section for details on compatibility with the Cisco Wireless Controllers (WLC) and Cisco Prime Infrastructure (PI).
Note Licenses are required to run all services. For information about ordering, see the “Licensing Information for Cisco MSE” section.
Note Cisco MSE 3310 and Cisco MSE 3350 are not supported beyond Cisco MSE Release 7.3.
These release notes contain the following sections:
This section introduces Cisco MSE and the various services that it supports.
Cisco MSE supports various services within the overall Cisco Unified Wireless Network (CUWN):
Note From Cisco MSE Release 7.5 onwards, Cisco location engine is used to track clients and tags. If AeroScout engine is detected when you are upgrading from release 7.2 and later releases to release 7.5, then a warning message is displayed about removing the AeroScout license and engine. If you accept, the installer will remove all partner engine sub services. If you do not accept the removal of partner engine, then the installer will exit.
Note Starting from Cisco MSE release 7.4, the evaluation licenses for 100 clients, 100 tags, and 10 wIPS monitor mode access points are a standard on each Cisco MSE. The licenses are valid for a period of 120 days; from Release 6.0 till Release 7.3 the licenses were valid for a period of 60 days.
Note From Cisco MSE release 7.4 onwards, licensing is based on AP count and not on tracked device count.
Table 1 lists the Cisco MSE compatibility matrix for Cisco MSE 3355 on release 126.96.36.199.
Table 2 lists the Cisco MSE compatibility matrix for Cisco MSE 3365 on release 188.8.131.52.
Note This compatibility matrix lists only the compatibility information of Cisco MSE with other Cisco wireless products. This matrix does not reflect compatibility information between Cisco WLC and Cisco Prime Infrastructure or Cisco NCS. For compatibility information about Cisco Prime Infrastructure with Cisco WLC and other wireless products, see the Cisco Prime Infrastructure Release Notes.
Prime Infrastructure 3.0 is unable to sync maps to an MSE running 184.108.40.206.
* For FIPS compliance, Cisco MSE 8.0 works with Cisco PI 2.2, Cisco WLC 220.127.116.11, and Converged Access 3.6.0.
****The wIPS profile cannot be applied to Cisco WLC release 7.5 or prior using Cisco PI 2.2
***** If you are you are running Analytics and Context Aware Service (Location Service) on different machines and using Cisco PI 1.4 release, then additional setup is required. You can download the Setup script from this location: https://software.cisco.com/download/release.html?mdfid=283765380&flowid=24866&softwareid=282487503&release=18.104.22.168&relind=AVAILABLE&rellifecycle=ED&reltype=latest
Prime Infrastructure 3.0 is unable to sync maps to an MSE running 22.214.171.124.
* For FIPS compliance, Cisco MSE 8.0 works with Cisco PI 2.2, Wireless LAN Controller (WLC) 126.96.36.199, and Converged access 3.6.0.
***While using Cisco PI 2.1.1 and 2.1.2, the wIPS will have Cisco MSE 7.4 feature parity.
****wIPS profile cannot be applied to Cisco WLC release 7.5 or prior using Cisco PI 2.2
***** If you are you are running Analytics and Context Aware Service (Location Service) on different machines and using Cisco PI 1.4 Version, then additional setup is required. You can download the Setup script from this location: https://software.cisco.com/download/release.html?mdfid=283765380&flowid=24866&softwareid=282487503&release=188.8.131.52&relind=AVAILABLE&rellifecycle=ED&reltype=latest
Note AeroScout CLE is not bundled with Cisco MSE release 7.5 and later. However, AeroScout CLE is compatible with Cisco MSE Release 7.5 and later, which uses the API interface.
For more information on compatibility of Cisco MSE with other wireless products, see Cisco Wireless Solutions Software Compatibility Matrix.
For instructions on automatically downloading the Cisco MSE software using Cisco PI or for manually downloading the software using a local or remote connection, see the “Updating Mobility Services Engine Software” section in Chapter 2 of the Cisco Mobility Services Engine Getting Started Guide at.
This section contains the following topics:
The following scenarios are available to upgrade Cisco MSE to release 184.108.40.206 from 8.x and 7.x:
Note Do not uninstall the releases 7.4, 7.5, 7.6, or 8.x, instead stop the Cisco MSE and run the installer.
Note If you already have Cisco MSE Release 220.127.116.11 installed (either with or without the CSCuv55645.zip patch), you can upgrade to Cisco MSE 18.104.22.168 using the upgrade procedure here.
To upgrade from release 7.x or 8.x to 22.214.171.124, follow these steps:
Note Untar the Cisco MSE software image before placing it in the /opt/installers directory.
Step 1 Download the 126.96.36.199 software image from Cisco.com. The file to be downloaded is: CISCO-MSE-L-K9-8-0-120-7-64bit.bin.tar.gz.
Note If you are downloading the above file on a Windows system, remember that some browsers modify the downloaded filename. If the downloaded filename is not correct, you must update it to the correct filename before using Cisco PI to transfer the file, or directly copying the file to Cisco MSE. The correct filename is CISCO-MSE-L-K9-8-0-120-7-64bit.bin.tar.gz.
Step 2 We recommend that you back up the Cisco MSE using Cisco Prime Infrastructure.
Step 3 To download software to a Cisco MSE, choose Services > Mobility Services Engine from the Cisco PI UI.
Step 4 Click the name of the Cisco MSE to which you want to download software.
Step 5 Choose System > Maintenance > Download Software from the left menu.
Step 6 To download the software, perform one of the following tasks:
Step 7 Click Download to send the software to the /opt/installers folder on the Cisco MSE.
Step 8 When using Cisco PI to transfer the image to Cisco MSE, the file will be decompressed, and the.gz will be removed from the filename. Verify that the Cisco MSE image file (CISCO-MSE-L-K9-8-0-120-7-64bit.bin.tar) is in the Cisco MSE /opt/installers directory.
Note When copying the image file directly to the Cisco MSE, without using Cisco PI, the filename on Cisco MSE will remain unchanged as CISCO-MSE-L-K9-8-0-120-7-64bit.bin.tar.gz.
Step 9 Go to the to the /opt/installers directory using the cd /opt/installers command.
Step 10 To unpack the installation files, run the following command:
This unpack action yields the following files. These files must be in the same directory when running the installer. The installation process uses the MSE_PUB.pem and signhash.bin to validate the integrity of the Cisco MSE image.
Note If the Cisco MSE image file was transfered directly to the Cisco MSE and not downloaded using Cisco PI, then the following command should be used to decompress and unpack the installer files:
Note Do not untar or gunzip the database package.
Step 11 Change permissions of the files using the following commands:
Note A space must be provided between the filenames in the chown command above.
Step 12 Make sure that the CISCO-MSE-L-K9-8-0-120-7-64bit.bin file has execute permissions for the root user. If not, enter the following command:
Step 13 Manually stop the MSE service:
/etc/init.d/msed stop or service msed stop
Step 14 To install the new Cisco MSE image, enter the following command:
Note The installation process takes a minimum of 30 minutes. The actual installation time depends on the amount of data present in your system. After the installation, reboot the system before starting Cisco MSE.
Step 15 Start the new Cisco MSE software by entering the following command. If you attempt to start the Cisco MSE, a message is displayed that Cisco MSE should be rebooted.
Step 16 After exiting the installer, enter the reboot command to reboot Cisco MSE.
See “Upgrading Cisco MSE High Availability” section for details on upgrading Cisco MSE high availability.
The History Pruning parameters are configured from the Cisco Prime Infrastructure or Cisco MSE user interface. This interface is used to:
Starting in Cisco MSE Release 188.8.131.52, the Cisco Prime Infrastructure and Cisco MSE user interface is used to enable/disable History tracking for clients/tags/rogue APs/rogue clients/interferers. The pruning of History data takes place every hour automatically. This hourly pruning task computes the number of history records that must be deleted to bring the record count to the platform limit. After the computation, the pruning task deletes the oldest history records so that the record count matches the platform limit. The history pruning task does not perform anything if the history record count is below the platform limit. The Cisco MSE Administrator cannot change the pruning interval or the history retention duration.
The history record count for various MSE platforms is as follows:
To restore an old database, follow these steps:
Note The regular restore option on the Cisco PI cannot be used to restore a backup from an earlier Cisco MSE releases such as 6.0, 184.108.40.206, or 220.127.116.11 onto release 18.104.22.168.
Step 1 Stop the Cisco MSE service: /etc/init.d/msed stop
Step 2 Uninstall the software and select the option to delete the database.
Step 3 To restore backup data, you must first install the appropriate version of Cisco MSE software. Use the table below to determine the correct version of Cisco MSE to install.
Step 4 After you have installed the software, restore the desired database backup to the new Cisco MSE using the regular procedure from Cisco PI.
Step 5 To migrate data to 7.x.x.x, follow the steps provided in the “Upgrading the Cisco MSE to 22.214.171.124 from 7.x or 8.x” section.
If you download the Cisco MSE image *.gz file using the Cisco PI, the Cisco MSE automatically decompresses (unzips) it, and you can proceed with the installation as described in the “Upgrading the Cisco MSE to 126.96.36.199 from 7.x or 8.x” section.
If you manually download the compressed *.gz file using FTP, you must decompress the files before running the installer. These files are compressed under the Linux operating system and must be decompressed using the tar zxvf command. For more information, see the Manually Downloading Software section in the Cisco Connected Mobile Experiences Configuration Guide, Release 8.0.
To make the.bin file executable, use the chmod +x <filename.bin> command.
The Cisco MSE virtual appliance is distributed as follows:
For more information on deploying the Cisco MSE virtual appliance, see the Cisco MSE Virtual Appliance Configuration Guide, Release 8.0.
After a software update, the new Cisco MSE software version does not immediately appear in Cisco MSE queries on the Cisco PI. Up to 5 minutes are required for the new version to appear. By default, Cisco PI queries the Cisco MSE for status every 5 minutes.
To upgrade for Cisco MSE high availability, follow these steps:
Step 1 Ensure that the HA pair that needs to be upgraded is in normal mode and not in Failover mode. In normal mode, the Primary MSE is active and the Secondary is in standby mode. The output of the gethainfo command on primary MSE will show PRIMARY_ACTIVE and the secondary MSE will show SECONDARY_ACTIVE.
Step 2 Log in to Cisco Prime Infrastructure and delete the MSE HA pair.
Step 3 Perform a full backup of the primary MSE.
Step 4 Stop the primary MSE and the secondary MSE using the service msed stop command.
Step 5 Perform the upgrade on the Primary and Secondary Cisco MSE servers by following the instructions described in Upgrading the Cisco MSE to 188.8.131.52 from 7.x or 8.x.
Step 6 Start both the primary and secondary MSE instances using the service msed start command.
Step 7 Recreate the MSE HA pair using Cisco Prime Infrastructure.
Cisco MSE provides a wide variety of location-based services. To enable these services, the following are required:
– Physical Appliance—An activation license is not required.
– Virtual Appliance—Requires a Cisco MSE Virtual Appliance Activation license (L-MSE-7.0-K9). It is not sufficient to simply have a service or feature license on an Cisco MSE Virtual Appliance.
Three types of Cisco MSE licenses are available:
Provides advanced spectrum capability, with the ability to detect, track, and trace rogue devices, Cisco CleanAir interferers, Wi-Fi clients, and RFID tags. The Base Location license also enables customers and partners to use standard Cisco MSE APIs.
Provides Base Location license capabilities and the Cisco CMX features:
Provides complete wireless threat detection and mitigation in the wireless network infrastructure:
Requires a separate Cisco MSE running the wIPS service.
There are 3 deployment options:
Client and wIPS licenses are installed from the Cisco PI UI (Administration > License Center). See, Chapter 2: “Adding and Deleting Mobility Services Engines and Licenses” in the Cisco Connected Mobile Experiences Configuration Guide, Release 8.0, Cisco Wireless Intrusion Prevention System, Release 8.0, and Cisco Location Analytics Configuration Guide, Release 8.0.
For complete details on ordering and downloading licenses, see the Cisco Mobility Services Engine Licensing and Ordering Guide at: http://www.cisco.com/en/US/prod/collateral/wireless/ps9733/ps9742/data_sheet_c07-473865.html
The Cisco CMX license, called Advanced Location license in release 7.4, supports new features, such as:
The CMX license includes the Base Location license features used for device tracking and the new additional features of Cisco CMX.
The part number format of this license is L-AD-LS-100AP. Here 'AD-LS' refers to Advanced Location services license and '100AP' gives the AP count supported.
All Cisco wIPS licenses come with the license name wIPS license
There are three deployment options:
Licensing is based on the number of access points in the environment. The licenses are additive.
The Cisco MSE Virtual Appliance activation license is required for every instance of a Cisco MSE Virtual Appliance. No separate license is required for high availability. To enable high availability, you need to deploy a primary Cisco MSE appliance with Cisco Connected Mobile Experiences and wIPS licenses, and a secondary Cisco MSE appliance without any Cisco CMX or wIPS license
Table 7 lists the ordering support for physical and virtual appliances.
Software support (only if ordering Cisco 3365 MSE appliance).
Software support (only if ordering Cisco 3365 MSE appliance).
Supports 1 AP1
Supports 100 APs2
Supports 1000 APs3
Cisco CMX licenses include the Base Location Service licenses. There is no need to purchase a separate Base Location Service license when purchasing a Cisco CMX license.
Cisco MSE High-End Virtual Appliance
Cisco MSE Standard Virtual Appliance
Cisco MSE Low-End Virtual Appliance
Base Location license: 200 access points
This section provides a brief description of what is new in Release 184.108.40.206. For more information about instructions on how to configure these features, see the Cisco Connected Mobile Experiences Configuration Guide, Cisco Wireless Intrusion Prevention System Configuration Guide, Cisco CMX Analytics Service Configuration Guide, Cisco CMX Connect and Engage Configuration Guide, and Cisco MSE Virtual Appliance Configuration Guide at:
This section describes the operational notes and navigation changes for Connected Mobile Experiences, wIPS, and the Cisco MSE for Release 220.127.116.11 and later releases.
Features and operational notes are summarized separately for the Cisco MSE, Connected Mobile Experiences, and wIPS.
This section contains the following topics:
When Cisco MSE is synchronized with a Cisco WLC using the Cisco Prime Infrastructure interface, the appropriate security authentication keys are sent to the Cisco WLC from Cisco PI. Cisco PI fetches the security authentication keys from Cisco MSE and then sends them to Cisco WLC. Subsequently, when the Cisco MSE tries to establish an NMSP (Network Mobility Services Protocol) connection with the Cisco WLC, the Cisco WLC validates the connection request against the security authentication keys it has already received from Cisco PI and accepts the connection. This scenario applies to all versions of Cisco MSE and Cisco WLC.
The security authentication key length was updated in Cisco WLC 18.104.22.168 to increase security and Cisco MSE and Cisco PI implementation was also done to handle the longer (SHA2 – Secure Hash Algorithm) keys. In a non-HA (High Availability) setup of Cisco MSE, the communication works correctly regardless of the version of the Cisco MSE and Cisco WLC.
However, in a Cisco MSE High Availability setup, the handling of the SHA2 keys between Cisco MSE and Cisco PI may not work correctly and this impacts NMSP connection between Cisco MSE and Cisco WLC 22.214.171.124 and later versions. When a Cisco MSE HA pair is setup, Cisco PI fetches security keys from both primary and secondary Cisco MSE servers and tries to send them to the Cisco WLC. However, the security keys fetched by Cisco PI from the secondary Cisco MSE are not SHA2 keys and therefore the Cisco WLC does not have the proper security keys for the secondary Cisco MSE. Consequently, after a failover, the secondary Cisco MSE (which is now active) is unable to establish an NMSP connection with the Cisco WLC. Therefore, after a failover, the secondary Cisco MSE is unable to track any clients.
This NMSP issue only impacts the Cisco MSE pair after a failover has occurred.
To ensure that the proper security authentication keys are sent to the Cisco WLC, the network administrator must manually collect the authentication keys from the Cisco MSE using the Cisco MSE command and then add those keys to the Cisco WLC using the controller’s command.
Run the following command on Cisco MSE:
Run the following command on Cisco WLC:
In general, adding the Cisco MSE authentication keys to the Cisco WLC always ensures that Cisco MSE and Cisco WLC are able to establish NMSP connection.
This section lists the operational notes for the Cisco MSE and contains the following topics:
By default, Cisco MSE 8.0 supports SHA-2 keyhash algorithm for peer authentication with Cisco WLC 8.0 during the SSL handshake. Cisco PI 1.4.2 and 2.1 supports only SHA-1 AP (or Cisco MSE) Authorization template when synchronizing Cisco WLC with the Cisco MSE. This causes keyhash mismatch issue because the Cisco PI and Cisco MSE uses different keyhash algorithm on Cisco WLC 8.0. An option is added to the Advanced Parameters page in the Cisco MSE user interface (UI) to allow the user to force Cisco MSE 8.0 to use SHA-1 keyhash algorithm.
Follow these instructions to configure SHA-1 Cipher:
1. Launch the Cisco MSE admin UI by typing https://mseip/mseui/app in a web browser.
3. Choose System > Advanced Parameters from the left menu.
4. Check the Enable Use of SHA-1 Ciphers check box (see Figure 1).
6. Unsynchronize Cisco WLC from Cisco MSE, and then resynchronize WLC with Cisco MSE from Cisco PI.
7. The NMSP status should change to active state.
Note If the FIPS mode (also known as Root Access Control) is enabled on the Cisco MSE, then this option will not be available to the users as FIPS mode requires all operations in SHS-2.
After a new installation or upgrade of the Cisco MSE software, you must reboot the Cisco MSE using the reboot command.
An automatic setup wizard is available to help you initially set up the Cisco MSE.
An example of the complete automatic setup script is provided in the Cisco Mobility Services Engine Getting Started Guide.
You can find these documents at:
Communication between the Cisco MSE, the Cisco PI, and the Cisco WLC are in Coordinated Universal Time (UTC). Configuring the Network Time Protocol (NTP) on each system provides devices with the UTC time. An NTP server is required to automatically synchronize time between the Cisco WLC, Cisco PI, and the Cisco MSE.
The Cisco MSE and its associated controllers must be mapped to the same NTP server and the same Cisco PI server.
Local time zones can be configured on a Cisco MSE to assist the network operations center personnel in locate events within logs.
Note You can configure NTP server settings while running the automatic installation script. See the Cisco Mobility Services Engine Getting Started Guide Started Guide for details on the automatic installation script at http://www.cisco.com/en/US/products/ps9742/prod_installation_guides_list.html
You must change the default root password of the Cisco MSE while running the automatic installation script to ensure optimum network security.
You can also change the password using the Linux passwd command.
Note During the initial login, even if you choose Skip (S), you will be prompted to enter the password. This is because it is mandatory to change the root password at the initial login.
You can configure the Cisco Prime Infrastructure communication password using the Cisco MSE setup.sh script file.
The scenarios which you might encounter while configuring the Cisco Prime Infrastructure password are as follows:
Note The Cisco Prime Infrastructure communication users are API users, and they do not have corresponding operating system users on the Cisco MSE appliance.
In some RF environments, where location accuracy is around 60 to 70 percentage or where incorrect client or tag floor location map placements occur, you might have to modify the moment RSSI thresholds in the Context Aware Service > Advanced > Location Parameters page on the Cisco PI.
The following RSSI parameters might require modification:
Contact Cisco TAC for assistance in modifying these parameters.
If you are attempting to deploy Wireless Security Module (WSM) with 3600 APs, then APs should be placed in monitor mode with both submode wIPS and advanced wIPS engine enabled on the Cisco PI.
Starting Release 7.5, the AeroScout engine module is removed from both the Cisco CMX setup and location code. During installation, if you are upgrading from Release 7.2 and later to Release 7.5, then you will be prompted to remove the AeroScout engine. If you agree to remove, the AeroScout engine is removed and by default, the Cisco Tag Engine is started as part of Cisco CMX. If you do not agree to remove the AeroScout engine, the installation will exit.
The following is the list of ports to be opened for High Availability between Cisco MSEs:
While synchronizing floor maps in location service, we recommend that you synchronize floor maps in batches of 1000 APs at a time.
This section lists the operational notes for a Cisco MSE and contains the following topics:
When upgrading to Release 126.96.36.199 from Release 7.x, you must synchronize after the software upgrade and when CAD-generated floor images are imported into the Cisco PI.
When history logging is enabled for any or all elements (client stations, asset tags, rogue clients, and access points), a location transition for an element is posted only if it changes floors, or the new location of the element is at least 30 feet (10 meters) from its original location.
Note The other conditions for history logging are as follows:
See Services > Mobility Services > Device Name > Context Aware Service > Administration > History Parameters.
Logs can be viewed at Services > Mobility Services > Device Name > Systems > Log.
The Cisco MSE does not support non-Cisco CX Wi-Fi tags. Additionally, these non-compliant tags are not used in location calculations or shown on the Cisco PI maps.
Only Cisco CX Version 1 or later tags can be used in location calculations and mapped in the Cisco PI.
In the Monitor > Clients page (when Location Debug field is enabled), you can view information on the last heard access point and its corresponding RSSI reading.
Calibration models always apply to wireless clients, interferers, rogue APs, and rogue clients.
See Chapter 7, “Context-Aware Planning and Verification” in the Cisco Connected Mobile Experiences Configuration Guide, Release 8.0 for more information about client calibration.
Settings for advanced location parameters related to RSSI, chokepoint usage, location smoothing, and assignment of outside walls on floors, are not applicable to tags.
See the “Editing Advanced Location Parameters” section in Chapter 7 of the Cisco Connected Mobile Experiences Configuration Guide, Release 8.0.
See Services > Mobility Services > Device Name > Context Aware Service > Advanced > Location Parameters.
The Cisco PI time stamp is based on the browser location and not on the Cisco MSE settings. Changing the time zone on the Cisco PI or on the Cisco MSE does not change the time stamp for the location history.
Many tablets, smartphones, and other Wi-Fi devices with power save mode do not continuously send out probe requests after an initial association to the CUWN. Therefore, calculating the location accuracy of such devices using RSSI readings is not always optimal.
In the relevant CAS API, the use of the parameter FLOORID is not guaranteed to return the same value on consecutive calls. It may get changed by such activities as resynchronizing the Cisco MSE. Instead, the parameter FLOORAESUID should be used. The API call getStationHistoryListByArgs can use both parameters in Cisco MSE Release 8.0.
wIPS profile cannot be pushed to Cisco Wireless Controller (WLC) 7.5 or earlier using the Cisco PI 1.4.x or 2.x with Cisco MSE 7.6.
While using the newer version of Firefox browser to connect to the Cisco MSE user interface or Cisco CMX Analytics user interface, an error message appears saying “Peer’s certificate has an invalid signature”. For more information on how to fix this, see the https://support.mozilla.org/en-US/questions/776144.
To fix this, follow these steps:
2. Enter about:config in the address bar.
3. Enter browser.xul in Filter field.
4. Verify if browser.xul.error_pages.expert_bad_cert property exists with a value of false.
5. Right-click browser.xul.error_pages.expert_bad_cert and select Toggle. The value will change to true.
7. Launch Firefox again and try the Cisco CMX Analytics user interface. You will be asked to add the exception.
The Cisco CMX Analytics in Release 8.0 the provides ability to view the analytic results in both 2D (Open Street Maps) and 3D Web Graphics Library (WebGL) environments. This provides improved understanding of results on multiple floor paths or when dwell times are calculated throughout a multistorey building. The 3D environment presents the same information as the 2D environment.
WebGL is an advanced feature that provides graphic capabilities. All browsers do not support WebGL on a particular hardware. Verify your browser compatibility in the Get WebGL website. If your browser supports WebGL, then you must see a spinning cube.
If your browser does not support WebGL, perform the following actions:
1. Download the latest build of Firefox browser and launch Firefox on your computer.
2. In the browser address bar, enter about:config.
3. In the Search text field, enter webgl to filter the settings.
4. Double-click webgl.enabled_for_all_sites.
5. Set webgl.enabled_for_all_sites=true.
1. Choose Safari > Preferences.
3. Check the Show Develop menu in menu bar check box.
4. Choose Enable WebGL from the Develop menu.
Note If your system does not support 3D, then the analytic results are displayed only in 2D Open Street Maps view.
Sometimes, the Cisco CMX Analytics service does not start up because of a stray JBoss process that runs as a root user. If Analytics engine does not start, and if you notice a stray JBoss process with root permissions running, perform the following actions:
1. Stop Cisco CMX Analytics service from the Cisco PI.
3. Run the chown -R nobody:nobody /opt/mse/analytics command.
When you try to pair a location with the Facebook page, it may fail with no notification in Connect and Engage user interface. One of the reasons could be due to Facebook site outage. You can check Facebook API health at the following URL
While upgrading the Cisco PI server, the map IDs and the information also get updated. This results in new identifiers for maps. The new identifiers are not automatically synchronized with the Cisco CMX Connect and Engage. This causes the location updates to use the new identifiers, but the Cisco CMX Connect and Engage will not be aware of the new identifiers and cause the location updates to get ignored. To resolve this issue, you must update maps in the Cisco CMX Connect and Engage user interface. To update maps, log in to the Cisco CMX Connect and Engage user interface and choose Maps from the left sidebar menu and click Update Maps from Cisco PI.
Two different venues with the same Cisco MSEs receiving location updates result in the device location bouncing from one venue to another venue. The Mobile Application Server (MAS) receives updates and changes the location to the most recent update received. The client location then changes from the most recent location update, which can be from either venue.
To enable Root Access Control (RAC) in HA mode, you need to enable RAC on both the primary and secondary Cisco MSEs. The RAC configuration is not synchronized across the primary and secondary servers. Therefore, you should enable it on both servers. This will enable the RAC configuration to work on the active server in case of a failover or failback.
After upgrading Cisco Prime Infrastructure or Cisco MSE, in some cases, the NMSP sync between the controllers and MSE may not work properly. Without performing the unsync and resync of the controllers to MSE, you may not able to push the wIPS profiles to WLC. We recommend that after you upgrade Cisco Prime Infrastructure or Cisco MSE, perform an unsync operation and then resync all the controllers with MSE.
The Bug Search Tool (BST), which is the online successor to the Bug Toolkit, is designed to improve the effectiveness in network risk management and device troubleshooting. The BST allows partners and customers to search for software bugs based on product, release, and keyword, and aggregates key data such as bug details, product, and version. The tool has a provision to filter bugs based on credentials to provide external and internal bug views for the search input.
To view the details of a caveat listed in this document:
1. Access the BST (use your Cisco user ID and password) at https://tools.cisco.com/bugsearch/.
Use the BST to view the details of a caveat listed in this section. For more information about the BST, see the “Cisco Bug Search Tool” section.
Active visitors table in summary page takes more than a minute to load.
Cisco MSE Connect & Engage administrator account gets inactive.
Cisco 3365 MSE HA secondary MSE goes into kernel panic state.
Cisco MSE setup script Java error when selecting Britain (UK) Timezone.
Unsync and Synchronize the Cisco WLC to Cisco MSE is required after upgrade.
Cisco MSE 188.8.131.52 on Cisco 3365 MSE platform does not support serial port connection.
Cisco MSE HA related traps/events from secondary Cisco MSE server are not reported on the Cisco PI.
After the second server is up from graceful shutdown, the server does not synchronize the database.
If both eth0 & eth1 interfaces are used, Cisco MSE sends traps to the incorrect IP address.
Use the BST to view the details of a caveat listed in this section. For more information about the BST, see the “Cisco Bug Search Tool” section.
Cisco MSE displays unknown error when importing AP from Prime Infrastructure
Cisco MSE version 184.108.40.206 crashed due to an OutOfMemory error.
Cisco MSE Client count and interferer count reaches the maximum and then never drops.
Cisco MSE does not show active clients when Cisco Aironet 1702 Access Points are added to map.
Thread lock observed when 25k clients were synced to Cisco MSE.
After full Linux reboot of secondary service HA sync-up does not complete.
CMX Connect: Client does not connect to right splash page between floor.
Eth connect and disconnect on primary does not resync HA at times.
HA sync status on setup failed even if the pairing goes well in back-end.
Cisco MSE failback fails from secondary to primary at times.
When the pkill java command is executed on the primary Cisco MSE server in the middle of replication, it breaks HA failback.
Primary Cisco MSE goes down in a day after the secondary Cisco MSE goes down.
Secondary Cisco MSE in HA unable to failback to primary at one instance.
Secondary stops communicating with primary when backup runs on primary.
Fragment the wIPS profile before passing on to CAPWAP process.
Database goes down with lots of dumps in the incident folder.
Analytics reports gives error session expired for 3 out of 6 options.
Cisco MSE 220.127.116.11 installation may fail with an error message.
Once the Cisco MSE 18.104.22.168 installer reaches 95%, it stops working.
User needs to be alerted when the archive log cleanup in HM fails.
Data in the location history is pruned before the expected limits are reached.
If you need information about a specific caveat that does not appear in these release notes, you can use the Cisco Bug Toolkit to find caveats of any severity. Click this URL to browse to the Bug Toolkit:
(If you request a defect that cannot be displayed, the defect number might not exist, the defect might not yet have a customer-visible description, or the defect might be marked Cisco Confidential.)
For the most up-to-date, detailed troubleshooting information, see the Cisco TAC website at:
The following documents are related to the Cisco MSE:
For information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly What’s New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at:
Subscribe to the What’s New in Cisco Product Documentation as a Really Simple Syndication (RSS) feed and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free service and Cisco currently supports RSS Version 2.0.