Common Problems and Resolutions


This section deals with some of the problems commonly encountered with Common Services and their resolutions. For additional FAQ, refer to the following link:

http://www.cisco.com/univercd/cc/td/doc/product/rtrmgmt/cw2000/cw2000_d/comser22/usrguide/cmsrvall/diagnos.htm#wp1014270

1

What is the Positioning with the VMS Basic License?

Answer:

A VMS Basic kit is bundled with selected Cisco Security Devices. The VMS 2.2 Basic License offers the same functionality as the VMS 2.2 Restricted licensed software. The VMS Basic kit includes functionality to manage firewalls, routers VPNs, NIDS, and CSA.

However, the VMS Basic kit differs from the VMS restricted license in the following areas:

- The basic license does not provide the use of RME and VPN Monitor components.

- The basic license is limited to the management of five devices. Note however, that the customer may manage an unlimited number of Cisco Security Agents that are licensed and purchased separately.

- There is no registration required for VMS Basic. The license keys for Common Services, the Management Center for CSA, and the three CSA server agents to protect VMS are on the CD. Look in the license directory on the VMS Basic CD for two license files. Follow the previous instructions to add the licenses. Registration will be required if the customer has purchased additional CSA agents.

If you need support for 6 to 20 devices, the VMS restricted license is recommended. If you need to support more than 20 devices, or need to install on Solaris, the VMS Unrestricted License is recommended. Further information is available at www.cisco.com/go/vms.

2

Can I Extend the 90-day Evaluation License?

Answer:

No, you cannot extend use of the evaluation license without re-installing the software. The purpose of providing the evaluation license is to evaluate the product in a lab environment (not in production) and get enough time to purchase and register the production license. You will need a license key that has been purchased to be installed on the CiscoWorks Server to continue using the software without re-installation.

3

How are the devices counted for VMS Basic and VMS Restricted Licenses?

Answer:

The VMS Restricted License provides management for 20 devices (firewalls, IDSs, and routers) in total. For example, 5 PIX firewalls, 7 Cisco IOS routers, and 8 IDS sensors, or any other combination totaling 20 can be supported with this license. For VMS Basic, the total number of devices supported is five. Note, however, that you can manage an unlimited number of Cisco Security Agents, as Agents are licensed and purchased separately.

4

Where is the 90-day Evaluation License located?

A4:

When you install Common services v2.2, you are prompted for the license key, and the directory should automatically point to the default location. If you click on the Browse button and look in that directory, you will find a file that ends in .lic. Just select that file. If you have already performed the installation without adding the license, you can find it in the <home>/CSCOpx/MDC/etc directory.

5

I have lost my password for CiscoWorks Common Services. How can I recover my password?

Answer:

All the CiscoWorks Common Services local user names and encrypted passwords including admin and guest are stored in cwpass file under the following directory:

C:\program files\CSCOpx\lib\classpath\com\cisco\nm\cmf\servlet

The original password file which contains admin/admin can be found at cwpass file under the following directory:

C:\program files\CSCOpx\lib\classpath\com\cisco\nm\cmf\servlet\orig directory.

If you want to reset both admin and guest user passwords, replace the whole cwpass file from "C:\program files\CSCOpx\lib\classpath\com\cisco\nm\cmf\servlet\orig" directory to "C:\program files\CSCOpx\lib\classpath\com\cisco\nm\cmf\servlet\"

If you merely want to change the admin password, then you can replace the line in cwpass beginning with admin with admin:0DPiKuNIrrVmD8IUCuw1hQxNqZc=::::F::.

Then stop and start the Daemon Manager Service.

6

During installation, which passwords are for the CiscoWorks Common Services user accounts and which are for Windows NT/2000 accounts?

Answer:

The administrator account at the beginning of installation is the Windows NT/2000 administrator account for your CiscoWorks Common Service server.

causer account is an NT/2000 account to run the desktop services by CiscoWorks Common Services.

guest and admin accounts are both CiscoWorks Common Services accounts.

All database password accounts are database accounts that are used only by CiscoWorks Common services internally.

7

Can I back up CiscoWorks Common services information only excluding the MCs?

Answer:

Yes, you can. Go to backup utility under Server Configuration > Administration > under Database Management to perform this task. This will back up CiscoWorks Common Service user data and Cisco Works-specific data and will not back up MC data.

8

Does CiscoWorks Common Services work in multi-homed server?

Answer:

A multi-homed machine is a machine that has multiple NIC cards, each configured with different IP addresses. To run CiscoWorks Common Services on a multi-homed machine, there are two requirements.

- First, all IP addresses must be configured in DNS.

- Second, because of restrictions with Common Object Request Broker Architecture (CORBA), only one IP address can be used by the client/browser to access the server. You must select one IP address as the external address, with which the client will log in to the CiscoWorks server.

To select an IP address, modify the gatekeeper file located in NMSROOT\lib\vbroker\gatekeeper.cfg. Replace every instance of external-IP-address with the external IP address you choose, and remove the number character ( # ) character, from the following:

- #vbroker.gatekeeper.backcompat.callback.host=external-IP-address

- #vbroker.se.exterior.host=external-IP-address

- #vbroker.se.iiop_tp.host=external-IP-address

- #vbroker.se.interior.host=external-IP-address

After modifying the gatekeeper file, restart the Daemon Manager by entering:

net stop crmdmgtd

net start crmdmgtd

9

Are there any interoperability issues with CiscoWorks Common Services web server when another web server is installed on the same server where CiscoWorks Common Services is installed?

Answer:

If the web sever uses port 80, then there should be no issues. However, as the sensor pulls the signature or service pack upgrades from IDS MC using SSL (TCP/443), this causes port conflicts with a different web server if it is running SSL. Hence, the author recommends not installing any other web server on the server on which CiscoWorks Common Services is installed.

10

How can I turn on SSL?

Answer:

You can turn on SSL either via the Web or via CLI.

In the CiscoWorks desktop, select Server Configuration > Administration > Security Management > Enable/Disable SSL.

The Configure SSL window appears in the right frame. Click the Enable button.

You can turn SSL using CLI as well. Navigate to the directory NMSROOT\lib\web. Enter <NMSROOT>\bin\perl ConfigSSL.pl enable. Then press Enter.

Then stop and start the services with the following two commands:

net stop crmdmgtd

net start crmdmgtd

11

Where is the Compact Database log?

Answer:

There should be logging information in: $NMSROOT\MDC\tomcat\vms\maas

12

Where can I find the debug information when I switch to TACACS+ with Debug set to True?

Answer:

Debugging information is not shown in the Graphical User Interface (GUI), but can be found in the following locations:

- On Unix server, the debug information can be found in "$NMSROOT/objects/jrun/jsm-cw2000/logs/stdout.log"

- On Windows 2000, the debug can be found in "%NMSROOT%\lib\jrun\jsm-cw2000\logs\stdout.log"

13

Can I install Cisco Secure ACS and CiscoWorks Common Services in the same server?

Answer:

This is not a supported configuration.

14

How do I replace a corrupted license?

Answer:

Go to the CMF Desktop, and click on VPN/Security ManagementSolution > Administration > Licensing Information. Then choose the new license file and click Update.

Licenses are rarely corrupted; however, if it happens, send e-mail to licensing@cisco.com.

15

Can two different versions of Java Runtime Environment (JRE) exist on the same server?

Answer:

Yes, two different version of JRE (for example JRE 1.4.1 and 1.3.1) can be installed on the same client PC. Sometimes, this is required for running two different applications or the same application with two different versions.

For all the applications to be accessed properly, do the following: In Internet Explorer (IE), go to Tools > Internet Options > Advanced > Under Java (Sun), and uncheck the box marked Use Java 2 v1.4.1_03 <applet>.



Cisco Network Security Troubleshooting Handbook
Cisco Network Security Troubleshooting Handbook
ISBN: 1587051893
EAN: 2147483647
Year: 2006
Pages: 190
Authors: Mynul Hoda

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net