ACE 4710 - DM initialization failed

When trying to get to the device manager GUI on my ACE 4710 I get to the login screen. On entering credentials I am given an error
"DM initialization failed (Failed to import ACE configuration: Device discovery failed: unknown). Contact your technical support team."
I have tried "dm reload" but I am still getting the error.
Any help greatfully appreciated.

You are probably hitting CSCsv95366. This is fixed in A3(2.2).
You can get the details about this bug at
http://tools.cisco.com/Support/BugToolKit/action.do?hdnAction=searchBugs
HTH
Syed Iftekhar Ahmed

Similar Messages

  • ACE 4710 Appliance: init: failed to initialize modlock_init(): No such file or directo

    Hi,
    I have ACE 4710 Appliance, but it is failed and giving following error while login at console.....
    I am suspecting hardware issue..most probably with harddrive.... Please let me know if it can be recoverable of only replacement is the solution..
    switch login: init: failed to initialize modlock_init(): No such file or directo                                                                             ry
    eth2: ERROR while getting interface flags: No such device
    perform_sysmgr_offline: unable to move MTS to MTS_STATE_OFFLINE: Invalid argumen                                                                             t (error-id 0x801E0016).
    init: failed to initialize modlock_init(): No such file or directory
    eth2: ERROR while getting interface flags: No such device
    perform_sysmgr_offline: unable to move MTS to MTS_STATE_OFFLINE: Invalid argumen                                                                             t (error-id 0x801E0016).
    init: failed to initialize modlock_init(): No such file or directory
    eth2: ERROR while getting interface flags: No such device
    perform_sysmgr_offline: unable to move MTS to MTS_STATE_OFFLINE: Invalid argumen                                                                             t (error-id 0x801E0016).
    /isan/sbin/sysmgr: symbol lookup error: /isan/lib/libutils.so: undefined symbol:                                                                              tftp_callback_fn
    Regards
    Nadeem

    Hi,
    I RMAed the appliace, i think it was hardware failure which casue this issue.
    If some one face this issue please let me know...Thanks!
    Regards
    Nad

  • ACE 4710 boot fail

    I have an ACE 4710 that wont boot.
    When booting the Linux starts boot, and then it just start write this in the console:
    Waiting for lock /tmp/octeon-pci-lock
    Waiting for lock /tmp/octeon-pci-lock
    Waiting for lock /tmp/octeon-pci-lock
    Waiting for lock /tmp/octeon-pci-lock
    Waiting for lock /tmp/octeon-pci-lock
    google aint much help.
    Have any of you seen this before, and does any of you know what to do ??
    Best Regards 
    Morten

    Hi,
    It need additional testing but as per my understanding if you put the back up in this order then the last backup server will be choosen first.
    In your case it will be like " RSERVER1 >> backup sorry server >> backup web content
    As per the below example:
    I put test 2 as first backup server and test1 as second backup server but if you look at the first part it took rserver test1 as first backup.
    serverfarm host 1313-GIN-GWAP-SDC-80
      rserver RSERVER1
        backup-rserver test1
        inservice
      rserver test1
        inservice standby
      rserver test2
        inservice standby
    regards,
    Ajay Kumar

  • ACE 4710 - show stats connection questions

    Hi,
    I have three questions regarding the "show stats connection" command in the ACE 4710:
    1. What is the criteria for a connection to be added to the "Total Connections Failed" counter?
    2. What is the criteria for a connection to be added to the "Total Connections Timed-out" counter?
    3. Is there a command to get more information why the connection was failed or timed-out (e.g. to/from which IP, url accessed etc.)?
    Thanks in advance for your help!
    Best regards,
    Harry

    Harry,
    a connection failed if the server did not respond or resonded with a RST.
    As long as the connection gets establised, it is counted as a success.
    The connection timeout counter is incremented when the connection is idle for the configured timeout value or for L7 connections if it does not complete the 3-way handshale within the embryonic timeout interval.
    Since this is clear why those counters are incrementing, the only way to get more information is to capture a sniffer trace to verify if the conditions above are met.
    Gilles.

  • ACE 4710 HTTP Probes

    Using the ACE 4710 for loadbalancing a Sharepoint site.
    We currently have a HTTP probe setup to check the port 80 status of the rserver.
    Is there anyway to get the HTTP probe to check a DNS entry for each of the application sites? For instance http://info vs http://site are two different web sites running on the same IP. One site could have a problem but the actual port 80 for the IP may be still alive.
    Thanks for any information.

    Has anyone figure this out?  I am tring to get healthchecks/probes setup in this same fashion.  I have 2 servers with 1 IP but have many sites.  I want to probe each side and ensure I get a 200 code.  I also have to provide credentials to the site.  It seems that if i open IE I can log in just fine to the site with the credentials.  However there is an active x control box that is wanting to be installed.  When I set this up on my ACE it seems I am getting a http 401 unauthorized error.  I have done a wireshark capture while I was browsing and I see the 401 however it also reports a 200 code after that.  Do you think this is a problem because of the active x control wanting to be downloaded?  Or is this an issue with the first http code that is recieved by the probe, that being the 401 and then the 200? Below is my config (cleaned of course).
    probe http HTTP-80-OUR.DOMAIN.COM
      interval 15
      passdetect interval 60
      credentials
      request method get url http://our.domain.com/default.aspx
      expect status 200 200
      header Host header-value "our.domain.com"
      open 1
    rserver host SERVER-A
      ip address X.X.X.47
      inservice
    rserver host SERVER-B
      ip address X.X.X.48
      inservice
    serverfarm host FARM-AB
      predictor leastconns
      probe HTTP-80-OUR.DOMAIN.COM
      rserver SERVER-A
        inservice
      rserver SERVER-B
        inservice
    ACE4710# show probe HTTP-80-OUR.DOMAIN.COM detail
    probe       : HTTP-80-OUR.DOMAIN.COM
    type        : HTTP
    state       : ACTIVE
    description :
       port      : 80      address     : 0.0.0.0         addr type  : -
       interval  : 15      pass intvl  : 60              pass count : 3
       fail count: 3       recv timeout: 10
       http method      : GET
       http url         : http://our.domain.com
       conn termination : GRACEFUL
       expect offset    : 0         , open timeout     : 1
       expect regex     : -
       send data        : -
                    ------------------ probe results ------------------
       associations ip-address      port  porttype probes   failed   passed   health
       ------------ ---------------+-----+--------+--------+--------+--------+------
       serverfarm  : OUR.DOMAIN.COM-10.25.4.12-L3-FARM
         real      : SERVER-A[0]
                    X.X.X.47      80    DEFAULT  414      406      8        FAILED
       Socket state        : CLOSED
       No. Passed states   : 1         No. Failed states : 2
       No. Probes skipped  : 0         Last status code  : 401
       No. Out of Sockets  : 0         No. Internal error: 0
       Last disconnect err : Received invalid status code
       Last probe time     : Wed Jun  2 17:44:18 2010
       Last fail time      : Wed Jun  2 13:37:04 2010
       Last active time    : Wed Jun  2 13:34:19 2010
         real      : SERVER-B[0]
                    X.X.X.48      80    DEFAULT  414      406      8        FAILED
       Socket state        : CLOSED
       No. Passed states   : 1         No. Failed states : 2
       No. Probes skipped  : 0         Last status code  : 401
       No. Out of Sockets  : 0         No. Internal error: 0
       Last disconnect err : Received invalid status code
       Last probe time     : Wed Jun  2 17:44:20 2010
       Last fail time      : Wed Jun  2 13:37:06 2010
       Last active time    : Wed Jun  2 13:34:21 2010

  • ACE 4710 A3(2.0) and ACS - TACACS+

    Hi.
    I am having trouble getting my ACE 4710 (A3(2.0) Build 3.0) to cooperate with my Cisco Secure ACS-server. In the same environment I have it working on my ACE Module, with the same configuration.
    ACE 4710:
    tacacs-server host 10.7.50.20 key 7 "fewhg"
    aaa group server tacacs+ tacacs_server_group
        server 10.7.50.20
        deadtime 15
    aaa authentication login default group tacacs_server_group local none
    aaa accounting default group tacacs_server_group local
    aaa authentication login error-enable
    ACS is configured correctly too. I have tried with several users, both in groups, with and without attributes and so forth. The ACS installation works with other devices and with my ACE modules running A2(3.1). I have tried this on both ACS 4.2(0).124 and 4.2(1).15.
    The strange part is what I see when I set up Wireshark on my ACS-server to look at the traffic. From what I can see, the ACE only sends a request to the AAA-server if the user exists locally. But I do not get authenticated and Failed Attempts show a line with with Message-Type: "Unknown NAS".
    It seems like others have the same problem. The problem is that the link attacked in the topic beneath only leads me back to forum and not to a topic with solution.
    https://supportforums.cisco.com/thread/132445?decorator=print&displayFullThread=true#132445
    Any help is appreciated and thanks in advance!

    are you using telnet or ssh ?
    if ssh can you try telnet, allow telent on your management policy to do this. Then if it works via telnet , then try ssh again, if it now works then you have hit CSCsu36078
    http://tools.cisco.com/squish/03240

  • ACE 4710 bundle license backup

    Hello,
    Is it possible to backup ACE appliance licenses if product is bought as a bundle?
    ACE-4710-BAS-SK-K9
    Promo Bundle - ACE 4710 HW-1Gbps-1K SSL-100MbpsComp-5VC
    Following is mentioned in the ACE documentation:
    "If you need to replace the ACE, you can copy and install the license file for the license onto the replacement appliance."
    But, when we try to backup licenses, we get following results:
    ACE-1/Admin# sh license
    ACE-1/Admin# copy licenses disk0:mylicenses.tar
    Backing up license... failed: License file not found
    ACE-1/Admin# sh license status
    Licensed Feature Count
    Compression Performance in Mbps 100
    Web Optimization Concurrent Conns. 50
    SSL transactions per second 1000
    Virtualized contexts 5
    Module bandwidth in Gbps 1.0
    ACE-1/Admin# sh license usage
    License Ins Lic Status Expiry Date Comments
    Count
    ACE-AP-C-UP1 No - Unused -
    ACE-AP-C-UP2 No - Unused -
    ACE-AP-C-UP3 No - Unused -
    ACE-AP-01-LIC No - Unused -
    ACE-AP-01-UP1 No - Unused -
    ACE-AP-02-LIC No - Unused -
    ACE-AP-02-UP1 No - Unused -
    ACE-AP-04-LIC No - Unused -
    ACE-AP-04-UP1 No - Unused -
    ACE-AP-04-UP2 No - Unused -
    ACE-AP-VIRT-5 No - Unused -
    ACE-AP-500M-LIC No - Unused -
    ACE-AP-VIRT-020 No - Unused -
    ACE-AP-C-100-LIC No - Unused -
    ACE-AP-C-500-LIC No - Unused -
    ACE-AP-C-500-UP1 No - Unused -
    ACE-AP-OPT-50-K9 No - Unused -
    ACE-AP-C-1000-LIC No - Unused -
    ACE-AP-C-2000-LIC No - Unused -
    ACE-AP-OPT-LIC-K9 No - Unused -
    ACE-AP-OPT-UP1-K9 No - Unused -
    ACE-AP-SSL-05K-K9 No - Unused -
    ACE-AP-SSL-07K-K9 No - Unused -
    ACE-AP-SSL-100-K9 No - Unused -
    ACE-AP-SSL-UP1-K9 No - Unused -
    ACE-AP-SSLUP-5K-K9 No - Unused -
    ACE-AP-VIRT-020-UP No - Unused -
    I suppose licenses cannot be backuped because they are bundled and delivered with the bundle by default, and not installed...
    Does anyone know what would be the procedure for this bundled licenses in case of ACE HW replacement needed?
    Best regards,
    Jasmina

    Hi Jasmina,
    License file management is quite simple for ACE.  Two methods; save original license email or copy from disk0:.
    If you purchased and upgraded license, and followed procedure to generate it, you would have received your license via email.   We recommend per  documentation (License ordering section) that you:
    "Step 5 Save the license key e-mail in a safe place in case you need it in the future (for example, to transfer the license to another ACE). "
    Also,  to apply,  you copy the license file to disk0: on the ACE.  This *.lic file resides on disk0: thereafter.
    So if you did not happen to save the original email when you obtained the license, and the license has been installed, then you can simply copy the *.lic file off the ACE from disk0: to a safe place.  Example copying file from ACE to FTP server:
    Switch/Admin# copy disk0: ftp:
    Enter source filename]? 1ACE2009060306445454.lic
    Enter Address for the ftp server]? 10.2.3.4
    Enter the destination filename]? [1ACE2009060306445454.lic]
    Enter username]? anonymous
    Enter the file transfer mode[bin/ascii]: [bin]
    Enable Passive mode[Yes/No]: [Yes]
    Password:
    Passive mode on.
    Hash mark printing on (1024 bytes/hash mark).
    Switch/Admin#
    Administrator Guide - Licenses on ACE:
    http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA4_1_0/configuration/administration/guide/license.html#wp1010344
    Hope this helps.
    -pefrench

  • Can't install ACE 4710 license

    Hi,
    I've tried to installed the license, but is not successful, below are the steps which i've taken to installed the license, with error messages. pls. assist.
    CBJ6-LBDMZ2/Admin# copy tftp://10.2.18.66/ACE20090909090659371.lic disk0:
    Enter the destination filename[]? [ACE20090909090659371.lic]
    Trying to connect to tftp server......
    TFTP get operation was successful
    685 bytes copied
    CBJ6-LBDMZ2/Admin# license install disk0:ACE20090909090659371.lic
    Installing license... failed: Can't install this license with the current count

    CBJ6-LBDMZ2/Admin# show licen
    ACE20090727112500202.lic:
    SERVER this_host ANY
    VENDOR cisco
    INCREMENT ACE-AP-01-LIC cisco 1.0 permanent 1 \
            VENDOR_STRING=1 HOSTID=ANY \
            NOTICE="200907271125002021 \
            1211J5CB363" SIGN=F2E3AFA69526
    I think you have an HW appliance (code: ACE-4710-K9) with one a la carte license ( ACE-AP-01-LIC).
    You bought a Bundle upgrade license, and  this is not compatibly with you current license ( a la carte license).
    To use the  ACE-4710-BUN-UP2= ( 1G Bundle to 2G Bundle Upgrade License) you need to have a bundle product like the
    ACE-4710-1F-K9.
    Check this:
    Table 1     ACE Licensing Bundles
    License Model Description Upgrade Path
    ACE-4710-0.5F-K9
    This license bundle includes the following items:
    •ACE 4710 appliance
    •0.5-Gbps throughput license (ACE-AP-500M-LIC)
    •100-Mbps compression license (ACE-AP-C-100-LIC)
    •100 SSL transactions per second (TPS) license (ACE-AP-SSL-100-K9)
    •5 virtual contexts license (ACE-AP-VIRT-5)
    •Application acceleration license (50 connections) (ACE-AP-OPT-50-K9)
    You have the option to upgrade to the 1-Gbps, 2-Gbps, or 4-Gbps bundle.
    Start the upgrade with ACE-4710-BUN-UP1=.
    ACE-4710-1F-K9
    This license bundle includes the following items:
    •ACE 4710 appliance
    •1-Gbps throughput license (ACE-AP-01-LIC)
    •500-Mbps compression license (ACE-AP-C-500-LIC)
    •5000 SSL TPS license (ACE-AP-SSL-05K-K9)
    •5 virtual contexts license (ACE-AP-VIRT-5)
    •Application acceleration license (50 connections) (ACE-AP-OPT-50-K9)
    You have the option to upgrade to the 2-Gbps or 4-Gbps bundle.
    Start the upgrade with ACE-4710-BUN-UP2=.
    ACE-4710-BAS-2PAK
    This license bundle includes the following items:
    •Two ACE 4710 appliances
    •1-Gbps throughput license (ACE-AP-01-LIC)
    ACE-4710-BAS-2PAK also includes the following default options:
    •1000 SSL TPS
    •100-Mbps compression
    •5 virtual contexts
    •Application acceleration (50 connections)
    You have the option to upgrade to the 2-Gbps or 4-Gbps bundle.
    Start the upgrade with ACE-4710-BUN-UP2=. Two upgrade licenses are  required for upgrading two units of the ACE-4710-BAS-2PAK bundle.
    ACE-4710-2F-K9
    This license bundle includes the following items:
    •ACE 4710 appliance
    •2-Gbps throughput license (ACE-AP-02-LIC)
    •1-Gbps compression license (ACE-AP-C-1000-LIC)
    •7500 SSL TPS license (ACE-AP-SSL-07K-K9)
    •5 virtual contexts license (ACE-AP-VIRT-5)
    •Application acceleration license (50 connections) (ACE-AP-OPT-50-K9)
    You have the option to upgrade to the 4-Gbps bundle.
    Start the upgrade with ACE-4710-BUN-UP3=.
    ACE-4710-4F-K9
    This license bundle includes the following items:
    •ACE 4710 appliance
    •4-Gbps throughput license (ACE-AP-04-LIC)
    •2-Gbps compression license (ACE-AP-C-2000-LIC)
    •7500 SSL TPS license (ACE-AP-SSL-07K-K9)
    •5 virtual contexts license (ACE-AP-VIRT-5)
    •Application acceleration license (50 connections) (ACE-AP-OPT-50-K9)
    This is the highest value bundle.
    ACE-4710-BUN-UP1
    0.5 to 1-Gbps throughput bundle upgrade license
    See the Upgrade Path outlined above.
    ACE-4710-BUN-UP2
    1 to 2-Gbps throughput bundle upgrade license
    See the Upgrade Path outlined above.
    ACE-4710-BUN-UP3
    2 to 4-Gbps throughput bundle upgrade license
    See the Upgrade Path outlined above.
    Table 2     ACE Licensing Options
    Feature License Model Description
    Performance Throughput
    Default
    1-Gbps throughput.
    ACE-AP-500M-LIC
    0.5-Gbps throughput.
    ACE-AP-01-LIC
    1-Gbps throughput.
    ACE-AP-02-LIC
    2-Gbps throughput.
    ACE-AP-04-LIC
    4-Gbps throughput.
    ACE-AP-02-UP1
    Upgrade from 1-Gbps to 2-Gbps throughput.
    ACE-AP-04-UP1
    Upgrade from 1-Gbps to 4-Gbps throughput.
    ACE-AP-04-UP2
    Upgrade from 2-Gbps to 4-Gbps throughput.
    Virtualization
    Default
    1 admin/5 user contexts.
    ACE-AP-VIRT-020
    1 admin/20 user contexts.
    SSL
    Default
    100 TPS.
    ACE-AP-SSL-05K-K9
    5000 TPS.
    ACE-AP-SSL-07K-K9
    7500 TPS.
    ACE-AP-SSL-UP1-K9
    Upgrade from 5000 TPS to 7500 TPS.
    HTTP Compression
    Default
    100-Mbps.
    ACE-AP-C-500-LIC
    500-Mbps.
    ACE-AP-C-1000-LIC
    1-Gbps.
    ACE-AP-C-2000-LIC
    2-Gbps.
    ACE-AP-C-UP1
    Upgrade from 500-Mbps to 1 Gbps.
    ACE-AP-C-UP2
    Upgrade from 500-Mbps to 2 Gbps.
    ACE-AP-C-UP3
    Upgrade from 1 Gbps to 2 Gbps.
    Application Acceleration Feature Pack License
    ACE-AP-OPT-LIC-K9
    Application acceleration and optimization. By default, the ACE performs  up to 50 concurrent connections. With the application acceleration and  optimization software feature pack installed, the ACE can provide  greater than 50 concurrent connections.
    This license increases the operating capabilities of the following features:
    •Delta optimization
    •Adaptive dynamic caching
    •FlashForward
    •Dynamic Etag
    ACE-AP-02-LIC=
    Upgrade Performance License 2   Gbps Spare

  • ACE 4710 SAML Tokens

    I am using an ACE 4710 and am converting incoming WSS username tokens to SAML Tokens - authenicating against Tivoli directory.
    The receiving web service is attempting to validate the SAML token but fails on digest verification. i.e. calculates the digest value over the SAML token and compares to the digest in the Xml Signature block.
    Is anybody else using SAML tokens?
    Has anyone else seen a similar problem?

    By adding SAML assertions to outgoing requests, the ACE XML Gateway can act as an asserting party for systems that rely on SAML credentials. The SAML assertions generated by the ACE XML Gateway can be in the form of a SAML 1.0, SAML 1.1, or SAML 2.0 credential.
    The following url may help you;
    http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_xml_gateway/v52/user/guide/axg_ug_backendauth.html#wp1049962

  • Ace 4710 strange behaviour

    Hi, We have two ACE-4710-K9 (named LB01 and LB02) configured in HA mode. Besides Admin, on each of them there are tree context configured, named, ACADEMIC, COMMERCIAL, STREAMING. On LB01 the active context is ACADEMIC. On LB02 the active contexts are COMMERCIAL and STREAMING. Each context is configured with a FrontEnd and a BackEnd Vlan interface, and a "management" Vlan interface used for accessing and monitoring the device and for the downloading of the needed ssl certificates. Recently we upgraded the devices to Version A3(2.6) form a previous A3(2.4). After that upgrade we experienced some strange behaviour. From the context in STANDBY state we are not able to ping the host on the "management" Vlan interface, while there is no problem on the other Vlans. We see that the ICMP packets are sent to the Vlan, are replayed by the remote host BUT are not received at all on the LB01 or LB02. No messages in the log. Trying with 5 consecutive (failed) ping we can see that the counters of unicast packet output on LB01/LB02 Vlan is incremented by 5 BUT the unicast packets input counters is unchanged even if the remote host sent the replays. In the STREAMING context this behaviour isn't constant, ie the ping *sometimes* starts working for a few second and then returns to stop. In the other standby context the ping never works instead. In the active context all works fine. This strange problem prevents us to load the ssl certificates in the STANDBY context from the "management" Vlan. We was not able to find any reference to a similar problem in the Cisco documentation or Tac collection, so we are curious to know wheter someone else experienced such a behaviour. Thank you and best regards. Alessandro Asson - CINECA

    Thanks,
    I see you are using shared VLAN config in both ACE.
    Same VLAN 1000 is used for both Admin and streaming context.
    In this config, you may need to use the shared-vlan-host-id command as explained here:
    http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA3_1_0/configuration/routing_bridging/guide/vlansif.html#wp1025243
    In fact as explained:
    'By default, the bank of MAC addresses that the ACE uses is randomly selected at boot time. However, if you configure two ACE appliances in the same Layer 2 network and they are using shared VLANs, the ACEs may select the same address bank, which results in the use of the same MAC addresses. To avoid this conflict, you must configure the bank that the ACEs will use.'
    This would also reply to your question in the readme file:
    SHOW ARP TABLE ON THE D01,D02,D07 ROUTERS SHOWS THE SAME MAC ADDRESS FOR
    BOTH IP ADDRESSES OF LB01 AND LB02: is that normal ??
    Hope this helps,
    Dom.

  • ACE 4710 - need help configuring backend server monitoring

    Currently running an ACE 4710, which is handling all of our inbound SSL connections and then forwarding requests thru
    to backend web servers. This all works fine.
    My question is this..Right now we are not load balancing any of the backen web servers. But I now have a requirement that should
    a web server crash or become unavailable I need to redirect that backend connection to another web server.
    Scenario is more like I have 2 web servers both serving same content, but I want one server to take all the connections unless it fails, at that point
    have all the connections forwarded to 2nd server.
    Is there a way to setup the load balancing where the 1st server gets all the connections until a failure happens ?
    Any help would be appreciated.
    Cheers
    Dave                  

    Hi Dave,
    You can use sorry-server or backup server feature. details can be found at
    http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA3_1_0/configuration/slb/guide/rsfarms.html#wp1000264

  • ACE 4710 - Monitoring Real Server Showing N/A

    I recently installed a Cisco ACE 4710 version A4(2.0) into our test network. Load balancing across a number of web servers appears to be working ok and serving pages to users. However, when i tried to check the real time stats via device manager (Monitor> virtual contexts> context > Real servers) a number of fields specifically "current connections", "total conns", "failed conns" etc were showing N/A. Do I need to enable this somehow i.e. polling, if so how?

    Hello Samson,
    You may try to reboot the entire ACE 4710, probably during a maintenance window, some java process might have gotten stuck.
    If the issue persists then open a TAC case since there are some software defects related to this behavior.
    Jorge

  • ACE 4710 FT failover failure

    Hello,
    I am running redundant ACE 4710 appliances running A3(2.7).  I have five FT groups configured along with FT Tracking and when the vlans fail due to physical links being down, the contexts to do not failover.  If one of the ACE boxes fail completely, failover works fine.  I have included the FT config from one of the contexts below.  I have a case open with TAC and the Engineer is suggesting the use of a query interface in additon to FT Tracking.  We have had two incidents on separate contexts where we lost a physical interface on the primary ACE, one for the maintenance of the core switch, the other was a cable disconnect and we are unable to understand why the indivdual context didn't failover.  Any ideas would be much appreciated.  Let me know if more info/configs are needed.
    Dave
    ft interface vlan 900
      ip address 10.10.10.1 255.255.255.0
      peer ip address 10.10.10.2 255.255.255.0
      no shutdown
    ft peer 1
      heartbeat interval 300
      heartbeat count 20
      ft-interface vlan 900
    ft group 3
      peer 1
      no preempt
      priority 210
      peer priority 120
      associate-context XYZ
      inservice
    FT Group                     : 3
    No. of Contexts             : 1
    Context Name                 : XYZ
    Context Id                   : 2
    Configured Status           : in-service
    Maintenance mode             : MAINT_MODE_OFF
    My State                   : FSM_FT_STATE_ACTIVE
    My Config Priority           : 210
    My Net Priority             : 210
    My Preempt                   : Disabled
    Peer State                   : FSM_FT_STATE_STANDBY_HOT
    Peer Config Priority         : 120
    Peer Net Priority           : 120
    Peer Preempt                 : Disabled
    Peer Id                     : 1
    Last State Change time       : Wed Jan 11 13:14:16 2012
    Running cfg sync enabled     : Enabled
    Running cfg sync status     : Running configuration sync has completed
    Startup cfg sync enabled     : Enabled
    Startup cfg sync status     : Startup configuration sync has completed
    Bulk sync done for ARP: 0
    Bulk sync done for LB: 0
    Bulk sync done for ICM: 0
    show int
    vlan424 is up, VLAN up on the physical port
    Hardware type is VLAN
    MAC address is 00:1e:68:1e:ba:b7
    Virtual MAC address is 00:0b:fc:fe:1b:03
    Mode : routed
    IP address is 10.104.224.6 netmask is 255.255.255.0
    FT status is active
    Description:"New Server VIP and real"
    MTU: 1500 bytes
    Last cleared: never
    Last Changed: Sun Mar 11 01:13:12 2012
    No of transitions: 3
    Alias IP address is 10.104.224.5 netmask is 255.255.255.0
    Peer IP address is 10.104.224.7 Peer IP netmask is 255.255.255.0
    Assigned on the physical port, up on the physical port
    Previous State: Sun Mar 11 00:04:57 2012, VLAN not up on the physical port
    Previous State: Sun Sep 18 10:21:15 2011, administratively up
         3991888419 unicast packets input, 23734607976687 bytes
         20246934 multicast, 174801 broadcast
         0 input errors, 0 unknown, 0 ignored, 0 unicast RPF drops
         1609345958 unicast packets output, 23690663385228 bytes
         7 multicast, 55807 broadcast
         0 output errors, 0 ignored

    Dave,
    For tracking to work you need to have preempt enabled. Can you try enabling preempt under the ft group and test your tracking again? Another potential issue you may run into is if your tracking is not lowering the priority enough when it fails. The difference between the active and standby device is 100. If you are not decrementing the priority greater than this value even if priority is enabled it will not lower it enough to force the failover. If after enabling preempt on this group the tracking still does not work as expected send you whole config for us to look at.
    Regarding the query interface; This is not a bad idea. It will help prevent an active active situation if there is a problem with the ft link between the two modules.
    Thanks
    Jim

  • ACE 4710 using SAML Tokens

    reposted from another forum:
    Am using an ACE 4710 and am converting incoming WSS username tokens to SAML Tokens - authenicating against Tivoli directory.
    The receiving web service is attempting to validate the SAML token but fails on digest verification. i.e. calculates the digest value over the SAML token and fails when comparing to the digest in the Xml Signature block.
    Is anybody else using SAML tokens?
    Has anyone else seen a similar problem?

    You are right we are using transport encryption (SSL) to protect the WSS Password.
    We then use LDAP to authenticate the username/password and create a SAML token using attributes from LDAP. The ACE Xml Gateway creates this SAML token, signs it and inserts into the SOAP header that is forwarded to our service.
    At our service we are trying to verify the signed SAML token. The error we are seeing is the Xml signature digest created by the ACE XML Gateway is wrong.
    With XML signature some Xml referenced by an ID is canonicalised, hashed (digest created) and then this digest is encrypted using the private key of some certificate.
    On receipt we repeat the process, canonicalise and hash the Xml referenced and compare our computed digest to the one created by the ACE device. This is where we get the error. We are using the standard canonicalisation and hashing algorithms (c14n and SHA1 respectively). Our code can successfully verify SAML tokens from other sources.

  • NOT POSSIBLE TO START ESSBASE WHEN SSO INITIALIZATION FAILS

    Version is 11.1.1.3. My Essbase is not starting. Issues from the logs and what I have attempted are as follows. I have highlighted the relevant areas in bold.
    When Starting Essbase from products/Essbase/bin/start.bat:
    C:\Hyperion\products\Essbase\bin>start.bat
    C:\Hyperion\products\Essbase\bin>REM eis
    C:\Hyperion\products\Essbase\bin>net start "Hyperion Integration Services"
    The requested service has already been started.
    More help is available by typing NET HELPMSG 2182.
    C:\Hyperion\products\Essbase\bin>REM APS
    C:\Hyperion\products\Essbase\bin>call C:\Hyperion\products\Essbase\aps\bin\start.bat
    C:\Hyperion\products\Essbase\bin>REM aps
    C:\Hyperion\products\Essbase\bin>net start HyS9aps
    The requested service has already been started.
    More help is available by typing NET HELPMSG 2182.
    C:\Hyperion\products\Essbase\bin>REM EAS
    C:\Hyperion\products\Essbase\bin>call C:\Hyperion\products\Essbase\eas\bin\start.bat
    C:\Hyperion\products\Essbase\bin>REM eas
    C:\Hyperion\products\Essbase\bin>net start HyS9eas
    The requested service has already been started.
    More help is available by typing NET HELPMSG 2182.
    C:\Hyperion\products\Essbase\bin>REM EssbaseAgent
    C:\Hyperion\products\Essbase\bin>net start hypservice_1
    The service name is invalid.
    More help is available by typing NET HELPMSG 2185.
    C:\Hyperion\products\Essbase\bin>REM EssbaseStudio
    C:\Hyperion\products\Essbase\bin>C:\Hyperion\products\Essbase\EssbaseStudio\Server\startServer.bat
    C:\Hyperion\products\Essbase\bin>setlocal
    C:\Hyperion\products\Essbase\bin>set CONFIGTOOL_HOME="C:\Hyperion\common\config\9.5.0.0"
    C:\Hyperion\products\Essbase\bin>call ""C:\Hyperion\common\config\9.5.0.0"\setJavaRuntime.bat"
    Logging configuration file is not found. Expected filename is C:\Hyperion\products\Essbase\bin\.\server.properties
    Log file location is:
    C:\Hyperion\logs\esbstudio\server.log
    13:23:09 11/01/11 INFO Starting up
    13:23:09 11/01/11 INFO Oracle Essbase Studio Server. Version 11.1.1.3.00, Bui
    ld 090, June 25 2009
    13:23:16 11/01/11 (system) WARNING Failed to load driver for sap
    13:23:16 11/01/11 (system) SEVERE Cannot load Teradata connector
    13:23:16 11/01/11 (system) WARNING Failed to load driver for teradata
    13:23:16 11/01/11 (system) WARNING Failed to load driver for mysql
    13:23:16 11/01/11 (system) WARNING Failed to load driver for netezza
    Essbase.log:
    [Tue Oct 25 11:26:31 2011]Local/ESSBASE0///Error(1051223)
    Single Sign On function call [css_init] failed with error [CSS Error: CSS method invocation error: com.hyperion.css.CSSSystem.<init>]
    [Tue Oct 25 11:26:31 2011]Local/ESSBASE0///Info(1051198)
    Single Sign-On Initialization Failed !
    [Tue Oct 25 11:26:31 2011]Local/ESSBASE0///Info(1051232)
    Using English_UnitedStates.Latin1@Binary as the Essbase Locale
    [Tue Oct 25 11:26:31 2011]Local/ESSBASE0///Error(1051527)
    In Shared Services Security mode it is not possible to start Essbase when single sign on initialization fails.
    AND
    C:\Hyperion\logs\essbase\SharedServices_Security_Client.log com.hyperion.css.CSSSystem.<init>(Unknown Source)
    2011-10-25 11:26:11,039 INFO [main] Configure CSS with registry com.hyperion.css.CSSSystem.initCSSSystem(Unknown Source)
    2011-10-25 11:26:11,039 INFO [main] Initializing CSS from Registry. com.hyperion.css.common.configuration.CSSConfigurationManager.getConfiguration(Unknown Source)
    2011-10-25 11:26:11,085 INFO [main] Trying to get Registry Instance com.hyperion.css.registry.RegistryManager.<init>(Unknown Source)
    2011-10-25 11:26:31,023 ERROR [main] 20:1092:Failed to initialize EPM System registry. *[Root Cause: java.sql.SQLException: [Hyperion][SQLServer JDBC Driver]Error establishing socket to host and port: machinex:1433. Reason: Connection refused: connect ] com.hyperion.css.registry.RegistryManager.<init>(Unknown Source)*
    *2011-10-25 11:26:31,023 ERROR [main] Arguments: param1={}, param2=null, param3=C:\Hyperion\logs\essbase\,* com.hyperion.css.CSSSystem.initCSSSystem(Unknown Source)
    2011-10-25 11:26:31,023 INFO [main] CSS system intialization failed. : [21484 ms] com.hyperion.css.CSSSystem.initCSSSystem(Unknown Source)
    What I have attempted:
    - Attempted to connect to Shared Services, Workspace url's - YES
    - Checked openLDAP & my Database is running - YES
    - Added following to Configuration File :
    SharedServicesLocation machinex 28080
    AUTHENTICATIONMODULE CSS http://machinex:28080/interop/framework/getCSSConfigFile YES, but same error
    - Changed essbase.bak to essbase.sec YES but same error
    - netstat -an to check for 1423. Port 1423 is not listening, although ALL TCP Ports have been enabled. So YES but same error.
    - Read Knowledgebase article # 954322.1 - the suggested things in there don't seem to apply to my case, unless I am missing something.
    At this point does anybody have any suggestions ?

    An update: Just for kicks, I tried restarting Essbase using Start->Programs-EPMSystem->Essbase->EssbaseServer->Essbase.bat and apparently now Essbase is started.
    EAS, Studio and Planning however are down.
    Excerpt from the HyS9eas-sysout.log:
    [ERROR] RegistryUtils - SQL Exception when trying to create a new connection [Hyperion][SQLServer JDBC Driver]Error establishing socket to host and port: machinex:1433. Reason: Connection refused: connect
    * CRITICAL ERROR: Common Security Services initialization failed. Please *
    * make sure that a valid entry is provided for SECURITY_CONFIGURATION in *
    * OlapAdmin.properties. This is required if Shared Services is enabled. *
    * Please restart the server after the changes. *
    Stopping DAO factory!
    HBR Configuration has not been initialized. Make sure you have logged in sucessfully and there are no exceptions in the HBR log file.
    java.lang.ExceptionInInitializerError
    .... bunch of java code.
    This is really strange. There is NOTHING that I changed, started or stopped which could have caused Essbase to start magically all of a sudden.
    Any insights into the cause of all this ?

Maybe you are looking for

  • Pages '08 Export does not honor the "Hide extension" checkbox

    I have noticed that Pages '08, even with the latest update (3.0.3), does not honor the state of the "Hide extension" checkbox in the Export save dialog (or "sheet" that slides out from the title bar). Specifically, I have seen this happen when export

  • How Can I report a Production Error

    When I want to report a Production error in Support portal, I got a error like this Currently you do not have authorization to use this function. To request the authorization, please contact one of the administrators at your company:      S0004554480

  • Need guidance in where caluse of a select query.Please suggest.

    Hi All, I have a internal table IT_INPUT which includes multiple cost centers . Now for all entries in IT_INPUT-COst center i want to selct the records from COP table. The issue i am fasing is - Cost center is concatenated with some other values and

  • 8800 - OS doesn't seem to upgrade

    This is rather weird... My 8800 lists the version as v4.2.1.72 (in options->about) I've downloaded 4.2.1.79 from blackberry.com: I've run the install routine several times, apparently successfully. However options-> about still lists the version as 4

  • Username for "fav" websites

    Usually, my settings have it so my usernames/Id's are saved upon shutdown, but not passwords. In the last two weeks, everytime I startup, nothing has been saved/remembered and I must fully logon to ALL my favorites......and I haven't done anything wi