Cisco :: Re-initialize The DFM Database For CWLMS 2.6
Jan 29, 2012
We are using CWLMS 2.6 on a UNIX machine. And recently we changed the SNMP String to our network devices. One of L2 switches keeps logging the following message:
%SNMP-3-AUTHFAIL: Authentication failure for SNMP req from host 10.x.x.1
Where 10.x.x.1 is ciscoworks LMS server. I found a solution on many sites that suggest resetting DFM database. I stopped first the daemon manager and tried to apply the perl script:
Can't locate CRM.pm in @INC (@INC contains: /usr/perl5/5.6.1/lib/sun4-solaris-64int /usr/perl5/5.6.1/lib /usr/perl5/site_perl/5.6.1/sun4-solaris-64int /usr/perl5/site_perl/5.6.1 /usr/perl5/site_perl /usr/perl5/vendor_perl/5.6.1/sun4-solaris-64int /usr/perl5/vendor_perl/5.6.1 /usr/perl5/vendor_perl .) at dbRestoreOrig.pl line 31.
BEGIN failed--compilation aborted at dbRestoreOrig.pl line 31.
CRM.pm already exists in the path ENV{NMSROOT}/lib/perl/db
At line 31 of dbRestoreOrig.pl – the error – I found the following:
push(@INC, "$ENV{NMSROOT}/cgi-bin/dbadmin/pdbadmin");
use lib "$ENV{NMSROOT}/lib/perl/db";
I gave the system the path of NMSROOT and run the script again but it gives me the same error “Can't locate CRM.pm”
before i have problem, i installed CWLMS3.2 and ACS 4.2 and everything is ok, but after upgrade, ACS 4.2 to ACS 5.2, CWLMS can't authenticate to devices and get their configuration. i checked everything include creadential, and i debuged aaa authentication and tacacs on devices. it seems devices can not get username from CWLMS. also i run putty on CWLMS server and try to telnet to devices with ACS username nad password, and the result, there is no problem, and i can telnet to device with ACS username and password without any problem.
the below text is the output of debug on devices when CWLMS try to archive configuration:
R# Aug 27 05:10:11.571: AAA/BIND(00000064): Bind i/f Aug 27 05:10:11.571: AAA/AUTHEN/LOGIN (00000064): Pick method list 'CACS' Aug 27 05:10:11.575: TPLUS: Queuing AAA Authentication request 100 for processing Aug 27 05:10:11.575: TPLUS: processing authentication start request id 100 Aug 27 05:10:11.575: TPLUS: Authentication start packet created for 100()
I'm looking for Cisco works 4.1, but has the following problem:
i bought the product CWLMS-3.2-300-K9, this was related to my account in Cisco, i mean, it was registered correctly. now, the thing is that i need to download the version 4.1 in order to install it, but don't have access.
is correct the steps i followed?, what else i must do??
I am getting following error during installation of LMS 4.0. ( "CWLMS-4.0-100-K9").I have installed SP1 for the Windows 2008 Standard R2, still getting same error. Since Cisco's minimum requirement is Windows 2008 Standard and Enterprise with Service Pack 1 and Service Pack 2 (32 and 64 bit).
About 1-5 times per week I will find the jrm process showing as "Administrator has shut down this server". I have written a script that 2/day checks the status of the jrm process and if it is down, restarts it (pdexec jrm). About 25% of the time the jrm process will then show a status of "waiting to initialize". The only way I have found to recover it to shut down CiscoWorks and restart it (takes about 25 minutes). Why it would shutdown or how to get it restarted after the initializing state?
1. net start crmdmgtd did start correctly, so we use resetcasuser.exe and it works some minutes then this issue came back again. I ask the customer to put the casuser in the local administrator group, then customer was able to execute net start crmdmgtd.
2. but some process doesn't start see pdshow.txt.When trying to launch ciscoview, we have this error :Error in communicating with DCRServer. DCR Server may be down. Please start the DCRServer and then refresh the page.At RME home page, I have a error message about jrm, but I don't remerber it.
In the pdshow, we can see that DCRServer is in Waiting to initialize state.We have installed the fix for CSCte49301 bug, but the issue still exist you will find dcrserver.log and dcrclient.log.
IPv6 -> Tunneling.The 6to4 tunnel did not initialize after a reboot. The automatic tunneling had to be disabled and enabled again.It was used for a 6in4 tunnel to tunnelbroker and the Remote End Point IPv4.Address was enabled and specified.
my machine is set up to dual boot Windows XP Professional Edition and Windows 7 Home edition. I had Windows XP installed on this machine first because it is 10 years old and I wasn't sure how well it would work with Windows 7. I decided to test out Windows 7 a few months after using Windows XP on here and noticed the wireless network was started right when Windows 7 loaded, where as in Windows XP it can take anywhere from 1-3 minutes for the wireless network to load. In this 1-3 minute time frame on Windows XP any browser or attempted connection to the internet 'hangs' and does not display a time out, it just continues to try and connect until the wireless icon finally shows in the taskbar
I replaced an ACS certificate that had been installed as follows:
1. Generate CSR file and private key file, then send CSR to GeoTrust (Key length: 2048 and Digest to sign with SHA1)
2. GeoTrust send me a certificate. Issued by "GeoTrust SSL CA".
3. Install the certificate on the ACS. Restart ACS service.
4. ACS Certification authority setup. Issued by "VeriSign Class 2 Public Primary Certification Authority - G3"
5. Edit certificate trust list and select "VeriSign Class 2 Public Primary Certification Authority - G3" as trusted.
6. Enable EAP-TLS, then restarted the ACS service. The problem is when i try to enable EAP i get the error msg:Failed to initialize PEAP or EAP-TLS authentication protocol because CA certificate is not installed. Install the CA certificate using "ACS Certification Authority Setup" page.I searched on cisco and it said to disable the CSA, but in fact there is no CSA installed on this server.
I need to generate an ODBC connection to the upm Datasource on LMS 4.1 running on Win2K8. I have successfully built connections to cmf, ipm and rmeng, however UPM keeps failing saying that the Database is not found.
Here are my settings.
Driver = CiscoWorks Embedded Database ODBC Tab - Data source name = upm ODBC Tab - Description = Device Performance Login Tab - Supply user ID and Password is selcted Login Tab - User ID = lmsdatafeed (i have tried DBA as well) Login Tab - Password = set using the password I estabplished with the dbaccess.pl and dbpasswd.pl scripts Database.Server name = upmEng Network.TCP/IP = HOST=<lms server ip>;DOBROADCAST=NO;ServerPort= 43800
I validated the server port using netstat -a -b -o and matching up the PID with the UPMDBEngine process shown in the LMS Manage Processes window.Windows firewalls on the remote machine and the LMS server are off.
we are desperately trying to set a custom password of our WCS database in order to use it for direct SQL queries (Cumbersome over Web surface). To my knowledge there is a way to reset it however this password would be randomly generated and not available in plain text.
Until version 6 there was a feature to directly set a password via the dbadmin command.
I have done a WCS 7.0.220.0 to NCS migration prior to moving to Prime 1.2. I followed the instructions to export the WCS database via the export.bat all command and exported the database. However, when I import this zip fileto NCS there do not seem to be any of the original WCS templates. All the maps and AP details have migrated but no templates.
I have tried the export again and ploughed through the resultant zip file looking for anything that looks like template files but there is nothing immediately apparent that looks like templates.
I tried to change my password for rmeng using the following command: ./dbpasswd.pl dsn=rmeng encryption=yes npwd=NEWPASSWORD
Here is the output from the dbpwdChange.log INFO: Start changing password for database 'rmeng'... Thu Sep 29 14:51:18 GMT 2011> INFO: New userinfo updated into database
Recently I installed LMS 4.1 accidentally on the c-drive, which, as a result, fills itself with a growing database and associated logfiles. How can I move both items to another drive safely? I allready managed to move configs and downloaded software.
I have a 4402 being used as a dmz anchor and we use WCS to allow our Helpdesk to create lobby ambassador accounts. Recently they have been getting error messages when attempting to create accounts. I am seeing the database maxxed out at 2048. The docs state database entries are made up of mac filters(don't use)..ap mic/ssc(don't use)..Dynamic interfaces(minimal) management users(2) local netusers (100 approx)..and excluded clients(none). So the numbers don't add up.I am on 4.2.61.0 code.. I will say also that WCS shows alot more netuser accounts than my anchor does but no where the numbers to max out the database. Is there some other criteria that hits against the datasbase number?? And what can I do on the WCS to insure it si synch'd up against the dmz anchor other than a audit..
I have question about the basics of a high performance application and database server connection to each other. I have two servers, one application and one database server. Both of them are Windows 2008 R2 servers. I would like to connect them. What is the best configuration for quicker communication between them. Is it better to connect them through a network switch? Or directly connect them? Do I need to dedicate one of the ethernet ports on each server to separate their traffic to each other, from the internet connection traffic?
i configured pix 525 for easy vpn. About 100 to 200 people will use this service. i dont have much knowledge about radius and tacacas servers. Is local data base enough for extended authentication or should i configure the server for it ?
an attacker have configured his PC with an static IP address but there is no such entry configured statically in switch, neither in DHCP snooping database.now when he want to generate traffic will switch block him? because there is no entry of his PC in the switch database.
Firstly the ACS 4.2.1 for Windows database replication does any one have and documentation on the processes required?Secondly I have a single system installed which is providing TACACS authentication for management access to a Cisco 5508 WLC, the controller prompts with a login box on connection to the web interface. When you put in the username and password pair the box comes back as if the authentication has failed. On the ACS I was unable to see any failed authentications so enabled passed authentication reporting and can see the user passing the process. The WLC is running software version 6.0.199.4. On the ACS I have added the extra two options within the TACACS interface configuration and have a ‘role1=all’ against both the user and the group the user is part of so I am confused as to why the user is still denied access.
When I try to add new MAC entrys to the WLC I get the following message unable to add mac entry to database, reached max size the problem is when I look at the stats there is only 386 MAC entry and the databse size was set to 1024 entry..The work around was to increase the size of the database to 2048.Is there any why to clean up the database?
Just installed ACS 5.0.0.21. Monitoring and reports database was working, but now is not. When trying to open, I get "Monitoring and reports database currently unavailable. Trying reconnect in 5 minutes." From CLI "sho application status acs" gives me the following:
I have the following message in my CiscoPrime LMS 4.2.2 home portal: Discrepancies: Unable to connect to Data base. Probable Cause: ANIDbEngine process may be down.
