Cisco AAA/Identity/Nac :: ACS 5.2 - Runtime Process Not Monitored
Dec 6, 2011
(same both devices)
hostname/admin# show app ver acs
Cisco ACS VERSION INFORMATION-----------------------------Version : 5.2.0.26.8Internal Build ID : B.3417Patches :5-2-0-26-15-2-0-26-25-2-0-26-35-2-0-26-45-2-0-26-55-2-0-26-65-2-0-26-75-2-0-26-8
hostname/admin# show app status acs
ACS role: PRIMARY
[code]....
I am working on implementing ACS appliances. All working ok, until I try to add an attribute to the Shell profile (priv-lvl = 15). When I do this, the runtime process shutsdown (on both primary and secondary devices) and no further device authentications can be made. I can reinitialise the database without issue at the moment, but I'd like to know what causes this and how to prevent from happening in the future - when the database will becoem much more critical.Do I need to raise a TAC case?
After an upgrade from ACS 5.1 to 5.3 the view-logprocessor are not running any more. I also installed the newest patch 5.3.0.40.1. The installations are success but the view-logprocessor steal are not working.
I have two questions about ISE Profiling features .
•1) Does Authentication Process done after completing profiling ?
•2) Can profiling feature overcome mac spoofing issue (printer mac is used with static IP to access the network where user and printer are in same vlan ,user with 802.1x and printers with MAB auth) and deny windows user with spoofed printer mac and IP add?
I have two core switches - 4506E, and i noticed there are frequent cpu spikes on both of the cores switches. As its spikes intermitendly i couldnt able to anlyze the issue. I need inputs on the following,
1) Is there any Free CPU process monitoring tools to identify which process is spiking ?
2) Troubleshooting techniques to identify the issue.
On our CiscoWorks 2000 installation, running on Solaris with LMS3.2 and RME4.3.1, we noticed a few weeks ago, that the job "Inventory Collection" needs more and more time to finish. At the moment the job execution time is as high as 8 hours, compared to 3 hours before. When we look at the network traffic during job execution, we see after the collection phase (~3h) several hours with no traffic together with a very high CPU load. I mean to remember that this job used to complete around 15 minutes after data collection phase. Restarting the application and rebooting the system didn't work.When we look in to the IC_Server.log, we find devices with a completion time of over 20'000 seconds. Increasing from day to day. [code]
Affected devices are Cisco Nexus 5548P. We tried to delete/add these devices. That works for a few days, then the runtime starts to increase again.
Are we hitting a bug? And is it possible, as a workaround, to exclude devices from only the Inventory Collection?
I have (2) 942-L, and (1) 5222-L on one network. port forwarding set on router; (942) 192.168.1.3:1024, (942) 192.168.1.4:1025, and (5222) 192.168.1.8:80. no matter if all 3 are connected to dViewCam, only two will work at a time. Disconnect any third, and they work fine. reconnect 3rd, and one disconnects intermittently. On a side note, if I run a different program on another computer (iMac); i.e. IP Camera Viewer, they all work fine. I know, I know, but I like DViewCam, because it's the only thing running the PC computer.
I cannot access the internet from my computer. The message says: runtime error program:c/windows/networkdiagnostic/xpnetdiag.exe I did two things today:
1. instal avast anti-virus (which I have since uninstalled)
2. connected my iphone 4 to my computer (perhaps for the first time)
There is no problem with the actual internet connection and there are no other problems with my computer.
I am having some question around Prime Infrastructure..Does a general document exists regarding the licensing count of monitored devices ? Indeed I am wondering about the specific points. Is it true that :
- A 3750 stack unit count as one (for example a 4 units stack consumes 4 license) ? - A WLC (except 5500) does not consume a license but only the Lightweight APs. - An autonomous AP does not consumes a Lifecycle licence ?
recently i bought a x1000 for my home network. I use the x1000 as router an wireless accessPoint between my WAN internet uplink an my home network...yesterday the router hang up completely. internet stoppp working. so i tried to access to x1000 to check if PPPoE connection was still active. But it did not load the webinterface. I tried to connect over WLAN and LAN. Both not working!
I have a WRT160N that I used just once after purchase (my ISP gave me a wireless router). I could not remember the PW, so I reset. (The computer saw the old router name but I had no PW)When I run the software (CD that came with the product says 150N), it get to "configuring computer" and stops there.I tried downloading the software, but when I try to run it says "Application requested runtime to terminate in an usual way."When I go to the 192. URl and try to login using a bank user name and 'admin," it jsut keep bringing up the password box.
We have an lms 3.2 server it shows the EPMServer process as down and i can't find what is causing this problem. I included the output of the pdshow command.
We're having problems with one LMS 3.2 installation. A couple of months after installing and configuring all the LMS features (HUM included) we started to have problems accessing the GUI because of tomcat.exe process that is consuming almost 100% of CPU all the time.
I'm posting the [URL], files as well as the output of the [URL], requested in the other discussion. Our LMS 3.2 is installed on a Windows Server 2008 Enterprise machine with 2CPUs, 4GB RAM and 8GB Swap.
how would u link(or in other word route) different OSPF process ID? i have OSPF 1 and OSPF 2 and i want them to see each others networks...how can i accomplish this ?
I have one WLC AIR-WLC4402-50-K9 which is hitting some bug. So I done RMA for that devices and now i got the new WLC.Now i want to install that RMA WLC in network. So can any one tell me what is the process for installtion of WLC. I already have the old WLC in working now. Which file backup i need to take from old WLC.
I have problems with the RV042 router. Currently I have two Internet service is the first DSL service and the other is through cable. The problem is because the router is not doing the redundancy process. For example if DSL service fails, the cable internet service does not come automatically. You have to disconnect and connect manually to maintain the connection to the Internet. Should not the router do this automatically without intervention?
I have issue with the ANI Server process, which fails to start. The LMS version is 3.2. It's recently installed, with just one device added to the database so far. I've read some similar cases in the forum, but I'm starting a new thread since it could be a different issue which causes the problem.Please, find attached ani.log, ANIServer.log, the output of the pdshow command and ANIServer.properties files. I doubt that the last one might be corrupted for some reason.
I purchased a Cisco 851 Router for the reliablity, but the process to manage the router to port forward a IP address for a internet camera ... I'm lost. I will try the forums, versus paying a $400 dollar fee for support.
What is the process to have an internal IP address for my outdoor network camera visiable for WWW? How do I port forward 10.10.10.40 How do I assign a static IP to this outdoor network camera?
We have LMS 3.2 Bundle that installed on Windows server 2003 OS. I was found that CTMJrmServer service doesn’t coming up. After searching on forum and trying some solved issues my problem still exist. Hostname of server was changed before with hostnamechange.pl script and it was integrated with ACS before but now it’s on Local login mode. Here is my Bundle Version:
In Cisco 7206 VXR (NPE-G2) router , the CPU utilization is at an 80-90% always , but none of the process is consuming not more than 1%. In the show stacks output we are observing network interface interrupt is called very frequently. so what does network interface interrupt is about. Logs for the reference: show process CPU sorted
CPU utilization for five seconds: 88%/88%; one minute: 89%; five minutes: 89% PID Runtime(uS) Invoked u Secs 5Sec 1Min 5Min TTY Process 1 0 72 0 0.00% 0.00% 0.00% 0 Chunk Manager 2 20020000 17159 1166 0.00% 0.02% 0.01% 0 Load Meter [Code]...
I'm having an issue with LMS 4.1 soft appliance. After weeks of use the following error is displayed on inventory/monitor dashboard:
User Tracking Summary Unable to connect to Data base. Probable Cause: ANIDbEngine process may be down
I have verified status of processes and is the following:
ANIDbEngine Program started - No mgt msgs received
I'm able to run UT acquisition manually, also generate UT report for example. The only error I'm able to find but not sure if it connected with described syptom is when I run self-test:
network.pl FAIL nslookup failed
I have manually checked nslookup from console and shell, server gets correct responses. Also things that are normally very sensitive to correct domain name setting (Topology plugin for example) work without any issues. Is there a way to find out more about ANIDbEngine status? I would also like to understand what is preventing network.pl test from succeeding.
We have a Cisco 886 configured with two WAN's (ATM0 connected to a DSL line and Fa3 connected to a CMTS modem).We're running DMVPN over the Cable network and GetVPN over the DSL line. When the DSL line is down we see a lot of CPU peaks up to 90%.The CPU peaks are caused by the process "DSL state machine". As soon as the DSL line has sync and the ATM0 interface goes UP the CPU peaks disappear. What we'd like to know is if this constant extra CPU load will have an impact on other resources like normal routing & switching or more specific IPSEC handling. Is it for example possible that establishing an IPSEC tunnel will fail because of the CPU peaks?
I have installed VM ware v Sphere Enterprise Plus 5.0.0 and created a VM using an OVA file with LMS 4.1 running in Linux. It was working good since 3 weeks ago and I was adding snmp server configuration in all my devices (routers/switches) and suddenly one day DCR Server process stop working. I was trying the following actions:
1.- dmgtd stop -> to stop daemons 2.- dmgtd start -> to start again the daemons
And the DCR Server does n´t start up automatic.
Then I try this:
1.- pdexe DCR Server
And show this message:
[CPLMSCOL01/root-ade ~]# pd exec DCR Server ERROR:Get reply from server failed:
I have in my router 2801, one link with 20 MB WAN Connection, and it is presenting high cpu utilization with 97% Interrupt Errors when start one download.
I exchanged it to another router the 2811 and it presented the same results. I read the cisco document about Router Performance.
And it speaks about the 2801 supports 46 Mbps using CEF/Fast Switching and 1.5Mbps using only Process Switching, and 2811 supports 61.44 CEF and 1.5Mbps Process Switching.
I need to know if the NAT Process is process switching or CEF Switching. Because if it was process switching the router is working in the max capacity and i will need to exchange the hardware to a better hardware.
I have been working on this for a week now and I ended up with ForceBindIP and ProxyCap but I still cant get things work the way I want them to. I'm also aware of the ROUTE command but I'm not absolutely sure how it works, I have tried it but I didnt manage to change the packet routes properly. I want to be able to bind certain processes/programs to certain Network Interface Cards/Adapters. I have 2 and both are connected to different networks.
The problems with those 2 programs are following ForceBindIP: doesnt work on stuff that launches 2 or more processes, or the process I want to route to the said NIC is launched after the main(bound) process. ProxyCap: No option to route processes to local networking interface. I need something median of these two, a way to bind several processes to NIC.
Why do I want/have to do this? - I'm streaming online games, and I cant stream good quality with just one connection as both are only OK for one thing. How to bind process afterwards with forcebindIP, use proxycap to route packets to local network interface
I have an issue with 7600 router where CPU goes up to 60-70% and memory is also high. Both due to BGP Router process. URL We are seeing this issue since ISP has upgraded their router 20 days ago. Router also seen following error.I have not reset the BGP session with ISP yet. Is there any way I can supress BGP updates coming from ISP and see if CPU and memory USAGE reduces. IOS version 12.2(33)SRD and RSP720 with PFC 3cXL
I need to be able to run more than one BGP routing process on my lab router. I have over connected BGP routers connected to my live production network and I need to emulate the production network with GNS3. However, BGP rules only allow a single BGP routing process on a single router. how to overcome this limitation for my lab?
I foolishly put this 1262 into Bridge mode. The AP didn't accept that.
It had been joined to a 5508 running 7.2.110.0 and was running fine.
I've loaded on ap3g1-rcvk9w8-tar.124-23c.JA5.tar using the archive download-sw /overwrite /force-reload tftp://10.192.175.119//ap3g1-rcvk9w8-tar.124-23c.JA5.tar command.
When the AP reboots it has retained it's hostname from its CAPWAP days and indicates it is in DISCOVERY: %CAPWAP-5-CHANGED: CAPWAP changed state to DISCOVERY.
It gets a DHCP IP but never tries to find a controller. DNS on the subnet resolves CISCO-CAPWAP-CONTROLLER (& lwapp) to the 5508 mentioned above. I use this port for priming all my APs.
Are there other residual files in nvram: or flash: I need to remove? Is this thing now just a fancy paperweight?
I have an issue with 7600 router where CPU goes up to 60-70% and memory is also high. Both due to BGP Router process. [URL] According to our baseline it should not be more than 40% at any given time. We see high CPU uptp 70% consistently.
CPU utilization for five seconds: 99%/0%; one minute: 57%; five minutes: 55% PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process 442 66173704 90234125 733 96.86% 46.09% 46.30% 0 BGP Router 7 509291060 26330202 19342 1.17% 3.90% 2.99% 0 Check heaps
Router has 1 eBGP session with ISP from where it downloads whole IPv4 internet routing table and two IBGP session with other two rotuer. When I look at BGP summary table I see many updates received from ISP and sent out to IBGP neighbors. Also did debug BGP updates to confirm it.
We are seeing this issue since ISP has upgraded their router 20 days ago. Router also seen following error.
%BGP-6-BIGCHUNK: Big chunk pool request 628 for community. Replenishing with malloc
I have not reset the BGP session with ISP yet. Is there any way I can supress BGP updates coming from ISP and see if CPU and memory USAGE reduces. IOS version 12.2(33)SRD and RSP720 with PFC 3cXL
My 851W will not complete the boot up process, here is the output during bootup(c) of the Commercial Computer Software - RestrictedRights clause at FAR sec. 52.227-19 and subparagraph(c) (1) (ii) of the Rights in Technical Data and ComputerSoftware clause at DFARS sec. 252.227-7013. Cisco IOS Software, C850 Software (C850-ADVSECURITYK9-M), Version 12.4(15)T14, RELEASE SOFTWARE (fc2)Technical Support: [URL] Copyright (c) 1986-2010 by Cisco Systems, Inc.Compiled Wed 18-Aug-10 02:37 by prod_rel_teamImage text-base: 0x8002007C, data-base: 0x814ECE54This product contains cryptographic features and is subject to UnitedStates and local country laws governing import, export, transfer anduse. Delivery of Cisco cryptographic products does not imply third-party authority to import, export, distribute or use encryption.Importers, exporters, distributors and users are responsible for compliance with U.S. and local country laws. By using this product you agree to comply with applicable laws and regulations. If you are unable to comply with U.S. and local laws, return this product immediately.
