AIP SSM Command/control Interface is not coming up
Hi to all,
kindly be informed that , i have AIP SSM for ASA, i configured it and its workign fine.but its command control interface is not coming up at all, i connect my lap top direct to AIP management interface but its status is always is down.kindly look at this configuration and guide me how i can communicate with AIP using mangement inerface.
My LapTop ip is 192.168.1.2/24
AIP Configuration
IPS1# sh ver
Application Partition:
Cisco Intrusion Prevention System, Version 6.2(1)E3
Host:
Realm Keys key1.0
Signature Definition:
Signature Update S365.0 2008-10-31
Virus Update V1.4 2007-03-02
OS Version: 2.4.30-IDS-smp-bigphys
Platform: ASA-SSM-20
Serial Number: JAF1319AJRG
No license present
Sensor up-time is 13 days.
Using 1019777024 out of 2093604864 bytes of available memory (48% usage)
application-data is using 47.1M out of 166.8M bytes of available disk space (30% usage)
boot is using 39.7M out of 68.6M bytes of available disk space (61% usage)
MainApp E-2008_OCT_16_16_24 (Release) 2008-10-16T16:40:57-0500 Running
AnalysisEngine E-2008_OCT_16_16_24 (Release) 2008-10-16T16:40:57-0500 Running
CLI E-2008_OCT_16_16_24 (Release) 2008-10-16T16:40:57-0500
Upgrade History:
IPS-K9-6.2-1-E3 16:24:00 UTC Thu Oct 16 2008
Recovery Partition Version 1.1 - 6.2(1)E3
Host Certificate Valid from: 12-Jul-2009 to 13-Jul-2011
IPS1#sh conf
! Current configuration last modified Sun Jul 12 23:56:08 2009
! Version 6.2(1)
! Host:
! Realm Keys key1.0
! Signature Definition:
! Signature Update S365.0 2008-10-31
! Virus Update V1.4 2007-03-02
service interface
exit
service authentication
exit
service event-action-rules rules0
exit
service host
network-settings
host-ip 192.168.1.3/24,192.168.1.1
host-name Cinet-IPS1
telnet-option enabled
access-list 0.0.0.0/0
exit
time-zone-settings
offset 0
standard-time-zone-name UTC
exit
exit
service logger
exit
service network-access
exit
service notification
exit
service signature-definition sig0
exit
service ssh-known-hosts
exit
service trusted-certificates
exit
service web-server
exit
service anomaly-detection ad0
exit
service external-product-interface
exit
service health-monitor
exit
service analysis-engine
virtual-sensor vs0
physical-interface GigabitEthernet0/1
exit
exit
If the interface won't link Up, then it is likely a cabling problem.
Even with a bad configuration on the AIP you should at least get link UP if your cabling is correct, so I don't think configuration is your problem here.
If I remember right the command and control interface of the SSM is a 10/100 TX interface. When connecting from a laptop directly to the command and control interface it would require a cross over cable rather than the normal straight through cable.
If you don't have a cross over cable, then try connecting the SSM to a switch and see if the SSM will link UP. The switch is designed to internally do the cross over.
Similar Messages
-
What does the interface configuration in AIP-SSM indicates ?
If this indicates that the traffics of this interface will be monitored, then what is the purpose of diverting traffic from asa though policy command.I would suggest an upgrade to the latest version which is 7.0.2(E3). You can upgrade directly to that version if you are currently already running at least 5.1.6(E3).
To upgrade:
1) Download the upgrade package:
http://tools.cisco.com/support/downloads/go/ImageList.x?relVer=7.0%282%29E3&mdfid=280432811&sftType=Intrusion+Prevention+System+%28IPS%29+System+Upgrades&optPlat=&nodecount=2&edesignator=null&modelName=Cisco+ASA+Advanced+Inspection+and+Prevention+%28AIP%29+Security+Services+Module&treeMdfId=268438162&treeName=Security&modifmdfid=null&imname=&hybrid=Y&imst=N&lr=Y
2) Go to IDM: Configuration --> Sensor Management --> Update Sensor --> upload the upgrade package from your local computer and update it.
Hope it helps. -
Search help (PREM) for personal no. is not coming in ALV grid table control
hi experts,
Search help (PREM) for personal no. is not coming in ALV grid table control.
i have assigned the srch help (prem) to my 'ZFIEXP_PROJALLOC' table for the emp_id.
but in output it is now showing the help.
ls_fcat-fieldname = 'EMPLOYEE CODE'.
ls_fcat-ref_table = 'ZFIEXP_PROJALLOC'.
ls_fcat-ref_field = 'EMP_ID'.
ls_fcat-outputlen = '10'.
ls_fcat-key = 'X'.
ls_fcat-edit = 'X'.
ls_fcat-coltext = 'EMPLOYEE CODE'.
ls_fcat-seltext = 'EMPLOYEE CODE'.
append ls_fcat to pt_fieldcat.
clear ls_fcat.
Then i tried to solve it using the PA0002 . ie.,
ls_fcat-fieldname = 'EMPLOYEE CODE'.
ls_fcat-ref_table = 'PA0002'.
ls_fcat-ref_field = 'PERNR'.
ls_fcat-outputlen = '10'.
ls_fcat-key = 'X'.
ls_fcat-edit = 'X'.
ls_fcat-coltext = 'EMPLOYEE CODE'.
ls_fcat-seltext = 'EMPLOYEE CODE'.
append ls_fcat to pt_fieldcat.
clear ls_fcat.
with this it is showing the help in employee code, but, when i click on an empl number, it is not added to my table control and allowing me to add the number by typing them.
plz help me.
thanks.Hi
In the layout give layout-sel_mode = 'A'. and
pass 'A' to i_save exporting parameter to method set_table_for_first_display.
The same thing if you are working with function module
reuse_alv_grid_display.
Reward points for useful answer.
Venkat -
'Application Server Control' not coming up - URGENT
All,
BPEL - 10.1.3.4
My SOA server is up, from the SOA home page when I click 'Application Server Control', the page is not coming up. No idea what went wrong during installation. FYI, I didnt face any issue during installation, it was smooth.
startup log:
Configuration information
Running in D:\oracle\OracleAS_1
Operation mode:Startup, App Server, No Enterprise Manager, Single Instance
Oracle home:D:\oracle\OracleAS_1
Oracle home name:Unnamed
Instance name:host.localhost.ariba.com
Instance type:allProducts
Version:10.1.3.4.0
Uses infrastructure:false
Not an infrastructure instance, no infrastructure information available
Components:[j2ee, apache, orabpel, oraesb, owsm, Wsil]
2010-10-14 05:11:06.994--Begin log output for Mid-tier services (host.localhost.ariba.com)
2010-10-14 05:11:06.994--Processing Step: starting OPMN
2010-10-14 05:11:08.385--Processing Step: starting OPMN managed processes
2010-10-14 05:11:08.432--Processing Step: OPMN and managed processes started
2010-10-14 05:11:25.495--End log output for Mid-tier services (host.localhost.ariba.com)
Thanks,
SenHi Sen,
I am facing the similar issue when i am trying to set up the SOA environment in my local system.
Can you please help me with the step you took to fix the issue.
Thanks & Regards,
Md Yaqoob -
AIP-SSM, it is not sensing the traffic
Hi everyone, i have a trouble, now iam using an ASA 5510 with AIP-SSM10, my problem is when I redirect the traffic to the AIP-SSM for detects attacks, i probe it and then I look in the events logs of the IPS, and the sensor dont detect nothing, is necessary to install an IPS license??, it is for my own project, thanks.
Unless you are scanning across the ASA, the SSM module will not "see" the scan and cannot produce events. To alarm on an SSM module, you must scan from one network to another. Basically, the SSM cannot do promiscuous monitoring. I would recommend an IPS appliance if you want to monitor traffic sent between hosts of the same network.
** Pls rate if this helps ** -
AIP-SSM (Not Applicable)
Hi Experts,
We have 2ASA and each one have AIP-SSM,with 2nd ASA AIP-SSM I tried to upload latest image for AIP-SSM 20 but didnt worked and now i see module is dead...pls check the detials below.....pls help me out how to make it up or work properly so that i can config other stuff.Pls its very imp and urgent help me out....
ASA-A:
251-DBSi-ASA5540# sh module 1
Mod Card Type Model Serial No.
1 ASA 5500 Series Security Services Module-20 ASA-SSM-20 JAF11370608
Mod MAC Address Range Hw Version Fw Version Sw Version
1 0007.0e11.e13b to 0007.0e11.e13b 1.0 1.0(11)2 5.1(6)E1
Mod SSM Application Name Status SSM Application Version
1 IPS Up 5.1(6)E1
Mod Status Data Plane Status Compatibility
1 Up Up
ASA-B:
251-DBSi-ASA5540# sh module 1
Mod Card Type Model Serial No.
1 ASA 5500 Series Security Services Module-20 ASA-SSM-20 JAF1137060C
Mod MAC Address Range Hw Version Fw Version Sw Version
1 001d.4524.a414 to 001d.4524.a414 1.0 1.0(11)2 5.1(6)E1
Mod SSM Application Name Status SSM Application Version
1 IPS Not Applicable 5.1(6)E1
Mod Status Data Plane Status Compatibility
1 Recover Not ApplicablePlease try rebooting the module, if it does not work recovery it using the following procedure
http://www.cisco.com/en/US/docs/security/ips/5.0/configuration/guide/cli/cliimage.html#wpxref68481
Regards
Farrukh -
.xlsm Can't exit design mode because Control 'Command Button 3' can not be created
I have several Windows 7 Enterprise machines that cannot open one .xlsm file properly. When it opens, it is opening in Design mode rather than as a spreadsheet with macros. My users are getting the error "Can't exit design mode because Control
'Command Button 3' can not be created". All our machines have Office 2010 ProPlus, but this file will only open on the XP PC's that have yet to be upgraded. Any ideas?Hi,
How do you create the button in Excel 2010? Just insert the control manually or insert it using a macro? This issue may be caused by the controls aren't instantiated before you can exit design mode.
Please try the method:
Code can only run after all controls are instantiated and properly connected. Make sure every file needed for the control is available before trying again.
Quote from:
http://msdn.microsoft.com/en-us/library/office/gg251344(v=office.14).aspx
Regards,
George Zhao
TechNet Community Support -
? - Letter A has replaced letters of all words in top bar and program boxes so I can read nothing, and therefore have no way to enter commands. This comes soon after installing OS X Mavericks, so I suspect this is related. Restarting and command-control-P-R have not helped. Can anyone suggest a cause?
Back up all data.
Launch the Font Book application and validate all fonts. You must select the fonts in order to validate them. See the built-in help and this support article for instructions. If Font Book finds any issues, resolve them.
From the application's menu bar, select
File ▹ Restore Standard Fonts...
You'll be prompted to confirm, and then to enter your administrator login password.
Boot in safe mode to rebuild the font caches. Boot again as usual and test.
Note: If FileVault is enabled, or if a firmware password is set, or if the boot volume is a software RAID, you can’t boot in safe mode. In that case, ask for instructions.
Also note that if you deactivate or remove any built-in fonts, for instance by using a third-party font manager, the system may become unstable. -
Hi,
i have an ASA5520 with v 7.2(2) running.
but the IPS module spftware is 5.1
when i tried to login to the > session 1
it prompts me for a login and password.
i tried cisco and a few other combinations.. but no luck ,,
how do i reset it ?? also that reset procedure on the docs says its resets password or the user cisco ..
how can i be sure if the user cisco even exists on it or not ?
any help please ???no man it doesnt ..
the link u specified says it too..
hw-module module slot_number password-reset?This command recovers a password on a Cisco ASA 5500 Series Content Security and Control Security Services Module (CSC-SSM) or the AIP-SSM without having to re-image the device.
Note: This command starts support from IPS 6.0 (ASA 7.2 version) and is used to restore the Cisco CLI account password to the default cisco
hers my ASA and IPS details..
ASA# sh version
Cisco Adaptive Security Appliance Software Version 7.2(2)
Device Manager Version 5.2(2)
Compiled on Wed 22-Nov-06 14:16 by builders
System image file is "disk0:/asa722-k8.bin"
Config file at boot was "startup-config"
ASA up 22 days 3 hours
Hardware: ASA5520, 512 MB RAM, CPU Pentium 4 Celeron 2000 MHz
ASA# sh module 1
Mod Card Type Model Serial No.
1 ASA5500 SSM-10 ASA-SSM-10 B155670DW4
Mod MAC Add Range Hw Ver. Fw Ver. Sw Ver.
1 00xx to 001 1.0 1.0(10)0 5.0(2)S152.0
Mod SSM Apps. Name Status SSM Apps Version
1 IPS Up 5.0(2)S152.0
Mod Status Data Plane Status Compatibility
1 Up Up -
How ASA forwarding traffic to AIP-SSM
Hi All,
Can someone help how ASA device forwarding traffic to AIP-SSM? I'm not taking abt Configuration part like Class-map, policy-map and service policy....want to understand the traffic flow from ASA once traffic matched with ACL to AIP-SSM.
From one of Cisoc document, understood that the module using a Cisco Propietary protocol for communicating with ASA appliance.
================================================================================================================
FYR from Cisco Website:
Q. How does the Cisco ASA AIP-SSM plug into and communicate with the appliance?
A. The Cisco ASA AIP-SSM plugs directly into the SSM slot in the Cisco ASA appliance's chassis. This provides a direct connection to the appliance's backplane. Once the module is installed, a proprietary protocol runs over the bus and controls data flow and messaging between the module and appliance.
================================================================================================================
Regards,
S.VinothHey ,
as you mentioned above , it uses a cisco Probietary protocol for that communication , there are two interfaces , control channel and data channnel , data channel is where the traffic being forwarded , the backplane is the connection between the ASA and the IPS interface .
Hope that this helps .
Mohammad. -
I have recently confgured my AIP-SSM-20 module in my firewalls (ASA 5540) which are configured in HA(Active/Standby).This implementation i have done on 13th June. It was working fine.
Now, i have observerd that the AIP-SSM-20 module in the primary firewall had gone to unresponsive state.
Below is the status of show module and show failover command.
FW1-5540# sh module
Mod Card Type Model Serial No.
0 ASA 5540 Adaptive Security Appliance ASA5540 JMX1234L11F
1 ASA 5500 Series Security Services Module-20 ASA-SSM-20 JAF1341ADPS
Mod MAC Address Range Hw Version Fw Version Sw Version
0 0021.d871.77ab to 0021.d871.77af 2.0 1.0(11)4 8.0(3)6
1 0023.ebf6.11ce to 0023.ebf6.11ce 1.0 1.0(11)5 6.2(2)E4
Mod SSM Application Name Status SSM Application Version
1 IPS Not Applicable 6.2(2)E4
Mod Status Data Plane Status Compatibility
0 Up Sys Not Applicable
1 Unresponsive Not Applicable
FW1-5540# sh failover
Failover On
Failover unit Primary
Failover LAN Interface: FAILOVER GigabitEthernet0/2 (up)
Unit Poll frequency 1 seconds, holdtime 15 seconds
Interface Poll frequency 5 seconds, holdtime 25 seconds
Interface Policy 1
Monitored Interfaces 3 of 250 maximum
Version: Ours 8.0(3)6, Mate 8.0(3)6
Last Failover at: 09:06:14 UTC Jun 15 2010
This host:
This host: Primary - Failed
Active time: 191436 (sec)
slot 0: ASA5540 hw/sw rev (2.0/8.0(3)6) status (Up Sys)
Interface DMZ_LAN (10.192.153.13): Normal (Waiting)
Interface INTRANET (10.192.154.13): Normal (Waiting)
Interface management (0.0.0.0): Link Down (Waiting)
slot 1: ASA-SSM-20 hw/sw rev (1.0/6.2(2)E4) status (Unresponsive/Down)
IPS, 6.2(2)E4, Not Applicable
Other host: Secondary - Active
Active time: 192692 (sec)
slot 0: ASA5540 hw/sw rev (2.0/8.0(3)6) status (Up Sys)
Interface DMZ_LAN (10.192.153.5): Unknown (Waiting)
Interface INTRANET (10.192.154.5): Unknown (Waiting)
Interface management (0.0.0.0): Unknown (Waiting)
slot 1: ASA-SSM-20 hw/sw rev (1.0/7.0(2)E4) status (Up/Up)
IPS, 7.0(2)E4, Up
Stateful Failover Logical Update Statistics
Link : Unconfigured.
I have tried using the
hw-module module 1 reset
to reset the IPS module but the status is always unresponsive.
Its production environment where i cannnot expirement much. Ned help to rectify the problem.Hi Scott,
I have almost same problem of sbgcsd in my customer. I'm deploying two ASA-5512 in failover configuration. One day, after almost 2 months testing project in a lab, when we install in customer's datacenter the systems presented following errors:
ciscoasa2(config)# failover
Detected an Active mate
ciscoasa2# Mate NOT PRESENT card in slot 1 is different from mine IPS5512
I tried to discover what was happened with IPS modulo, then I saw error in IPS status: "Unresponsive".
ciscoasa2# sh module ips
Mod Card Type Model Serial No.
ips Unknown N/A FCH1712J7UL
Mod MAC Address Range Hw Version Fw Version Sw Version
ips 7cad.746f.8796 to 7cad.746f.8796 N/A N/A
Mod SSM Application Name Status SSM Application Version
ips Unknown No Image Present Not Applicable
Mod Status Data Plane Status Compatibility
ips Unresponsive Not Applicable
Mod License Name License Status Time Remaining
ips IPS Module Disabled perpetual
According with Cisco Foruns I tried to "Reloading, Shutting Down, Resetting, and Recovering AIP-SSM" (*) using "hw-module module " command. But unfortunatelly ASA didn't accept this command. See below:
ciscoasa2# hw-module module 1 reload
^
ERROR: % Invalid input detected at '^' marker
What happened with this command (hw-module) ? Maybe is a problem in Software version ? When I entered "sh flash" command I saw that didn't exist any software for AIP-SMM module:
ciscoasa2# sh flash
--#-- --length-- -----date/time------ path
11 4096 Sep 12 2013 13:56:54 log
21 4096 Sep 12 2013 13:57:10 crypto_archive
100 0 Sep 12 2013 13:57:10 nat_ident_migrate
22 4096 Sep 12 2013 13:57:10 coredumpinfo
23 59 Sep 12 2013 13:57:10 coredumpinfo/coredump.cfg
101 34523136 Sep 12 2013 14:00:14 asa861-2-smp-k8.bin
102 17851400 Sep 12 2013 14:04:36 asdm-66114.bin
103 38191104 Apr 24 2014 12:59:58 asa912-smp-k8.bin
104 6867 Apr 24 2014 13:01:20 startup-config-jcl.txt
105 24095116 Jun 17 2014 14:54:14 asdm-721.bi
But another ASA (#1) have image:
ciscoasa1# sh flash
--#-- --length-- -----date/time------ path
11 4096 Sep 10 2013 06:42:56 log
21 4096 Apr 17 2014 03:13:12 crypto_archive
123 5276864 Apr 17 2014 03:13:12 crypto_archive/crypto_eng0_arch_1.bin
110 0 Sep 10 2013 06:43:12 nat_ident_migrate
22 4096 Sep 10 2013 06:43:12 coredumpinfo
23 59 Sep 10 2013 06:43:12 coredumpinfo/coredump.cfg
111 34523136 Sep 10 2013 06:44:24 asa861-2-smp-k8.bin
112 42637312 Sep 10 2013 06:45:46 IPS-SSP_5512-K9-sys-1.1-a-7.1-4-E4.aip <===
But I am not sure if this image is really the right image do AIP-SSM in ASA#2. But anyway I copy (through a simple TFTP server) from ASA#1 to ASA#2 , but after this, the same problem ramained !
Because I didn't applied the Failover condition to system.
What can I do now ?
Thank you very much in advance.
Leonardo_Melo.(CCAI-JCL-Brazil). -
Failure to Upgrade the software of my AIP-SSM-20
Dear all,
I have failed to upgrade the software of my AIP-SSM-20 on the ASA. The AIP-SSM-20 had an Image of version IPS-K9-5.1-7-E1.pkg and I tried to upgrade it to IPS-K9-6.1-1-E2.pkg but after the upgrade the AIP-SSM-20 became unusable. I can no longer log on to the IPS Module from the ASA. When I initiated a connection to the module with session 1 command, the systems says card in slot 1 did not respond to system request. I decided to restored the system image from the ASA by using the hw-module module 1 recover configure and hw-module module 1 recover boot commands but has so far failed.When I issued the command hw-module module 1 boot command, the status of the IPS shows recover and would be in that state even for days.And my TFTP server shows that it is transfering the images to the IPS.
I don't know where I have gone wrong and I would be very happy if somebody can give me a procedure that would help me to re-image the software of the IPS.
Any help would be highly appreciated.
Claude FozaoHalijen has already send you a link to reimage,let me briefly answer what a system image and upgrade files are and the difference between them
The System Image files are meant to be used only when a complete erasing of the sensor's image is needed. This is generally because the installed files were corrupted, or so old that it would be easier to start over and make it look like it came from the factory; than to use the standard "upgrade" files.So in case you are doing reimaging than use .img files which are system reimage files
In more than 90% of the cases, most customers will want to "upgrade" rather than do a System Image. The "upgrade" is done from within the sensor itself, and will both load the higher version as well as convert your current configuration to work with the newer version.it uses .pkg files
A usual poblem with the System Re-imaging process is that the card winds up in a boot loop because of an error. When ROMMON detects an error it reboots and tries the same steps again which usually winds up with the same error which causes a reboot, etc.....
So determining if the card is in a reboot loop, and what the error is would be the next step in your debugging process.
Execute "debug module-boot". Enter "hw-module module 1 recover stop". Wait for a few minutes, and then enter "hw-module module 1 recover boot".
The output from ROMMON on the SSM will be seen on your ASA connection.Look at the configuration being passed to the SSM's ROMMON and look for any bad entries.Watch to see if it able to download the System Image file, or if it continuously reboots.
If it continuously reboots, then look to see what error message is seen just prior to the reboot.
Some common problems:
1) Typos in IP address, gateway, tftp server IP, or system image filename.
2) If the tftp server is on the same subnet as the SSM's IP Address, then try leaving the Gateway address blank since it is not needed.
3) Remember that the IP Address is for the external interface of the SSM. So be sure you are using an address that is applicable for the network where you are pluggin in the SSM's external interface.
4) If the TFTP Server is on another subnet, then be sure there is a route to the other network. If having to route back through the ASA, then ensure that the ASA will allow TFTP packets to pass through the ASA. (The ASA could wind up blocking the TFTP packets depending on the ASA configuration)
5) Be sure the file can be downloaded from the TFTP server. Check the file permissions, and the directory where the file is located. From your desktop try to downlaod the file from the tftp server. This will ensure you are using the correct directory and that the file has correct permissions. Once common problem is that the file may be /tftpboot/sensorfiles/IPS-SSM_20-K9-sys-1.1-a-6.1-1-E1.img. But because the tftp server automatically starts in /tftpboot, you may need to NOT specify it for the file and instead just use: sensorfiles/IPS-SSM_20-K9-sys-1.1-a-6.1-1-E1.img
6) Check to make sure the file is not corrupted by running an md5sum and checking it against the value listed on cisco's web site. -
Looking for an explanation of the gig0/0 interface in the AIP-SSM-20. The ASA runs 8.2 and the IPS runs 6.2.
The documentation I'm reading doesn't mention it all. I want a management interface separate from the default connection between the ASA and the ips module.Hi Tanveer,
Thanks for the detailed response.
I believe that I was confusing the different modules.
Here is one last question from the setup command and the advanced configuration:
Management0/0 and gigabit 0/1 are given different IP addresses, correct? We want to use a same management vlan used by all networking devices. Does the gig0/1 have a different ip and is it the interface which connects to the ASA over the backplane?
Modify interface/virtual sensor configuration?[no]: yes
Current interface configuration
Command control: Management0/0
Unassigned:
Monitored:
GigabitEthernet0/1
Thank you in advance! -
AIP-SSM How to Verify Traffic is being passed for inspection?
"show conf" command on my AIP SSM CLI. gigabitEthernet0/1 backplane interface of the SSM has not been assigned to virtual sensor vs0.but
Through this command show service-policy
traffic is recevied by IPS Module.why this,
Kindly guide meThanks,i got it.
Cinet-IPS1# show statistics virtual-sensor
Virtual Sensor Statistics
Statistics for Virtual Sensor vs0
Name of current Signature-Defintion instance = sig0
Name of current Event-Action-Rules instance = rules0
List of interfaces monitored by this virtual sensor = GigabitEthernet0/1 subinterface 0
General Statistics for this Virtual Sensor
Number of seconds since a reset of the statistics = 434653
SensorApp Memory Use Percentage = 33
Processing Load Percentage = 1
Total packets processed since reset = 1722
Total IP packets processed since reset = 1722
Total IPv4 packets processed since reset = 1722
Total IPv6 packets processed since reset = 0
Total IPv6 AH packets processed since reset = 0
Total IPv6 ESP packets processed since reset = 0
Total IPv6 Fragment packets processed since reset = 0
Total IPv6 Routing Header packets processed since reset = 0
Total IPv6 ICMP packets processed since reset = 0
Total packets that were not IP processed since reset = 0
Total TCP packets processed since reset = 1466
Total UDP packets processed since reset = 0
Total ICMP packets processed since reset = 256
Total packets that were not TCP, UDP, or ICMP processed since reset = 0
Total ARP packets processed since reset = 0 -
SAP is not coming up after system refresh with Export/Import option
Hi,
I have exported Java 6.40 and finished the refresh successfully. And I imported the Java successfully. After importing Java, I restarted SAP but is not coming up. When I checked the dev_w0 trace file, I got the following information.
trc file: "dev_w0", trc level: 1, release: "640"
ACTIVE TRACE LEVEL 1
ACTIVE TRACE COMPONENTS all, M
B
B Wed Aug 05 10:48:17 2009
B create_con (con_name=R/3)
B Loading DB library 'F:\usr\sap\IDS\SYS\exe\run\dboraslib.dll' ...
B Library 'F:\usr\sap\IDS\SYS\exe\run\dboraslib.dll' loaded
B Version of 'F:\usr\sap\IDS\SYS\exe\run\dboraslib.dll' is "640.00", patchlevel (0.220)
B New connection 0 created
M sysno 00
M sid IDS
M systemid 560 (PC with Windows NT)
M relno 6400
M patchlevel 0
M patchno 247
M intno 20020600
M make: multithreaded, Unicode
M pid 844
M
M ***LOG Q0Q=> tskh_init, WPStart (Workproc 0 844) [dpxxdisp.c 1170]
I MtxInit: -2 0 0
M DpSysAdmExtCreate: ABAP is active
M DpShMCreate: sizeof(wp_adm) 20328 (1452)
M DpShMCreate: sizeof(tm_adm) 2969176 (14772)
M DpShMCreate: sizeof(wp_ca_adm) 24000 (80)
M DpShMCreate: sizeof(appc_ca_adm) 8000 (80)
M DpShMCreate: sizeof(comm_adm) 290000 (580)
M DpShMCreate: sizeof(vmc_adm) 0 (424)
M DpShMCreate: sizeof(wall_adm) (38456/34360/64/184)
M DpShMCreate: SHM_DP_ADM_KEY (addr: 05FE0040, size: 3391480)
M DpShMCreate: allocated sys_adm at 05FE0040
M DpShMCreate: allocated wp_adm at 05FE1B88
M DpShMCreate: allocated tm_adm_list at 05FE6AF0
M DpShMCreate: allocated tm_adm at 05FE6B18
M DpShMCreate: allocated wp_ca_adm at 062BB970
M DpShMCreate: allocated appc_ca_adm at 062C1730
M DpShMCreate: allocated comm_adm_list at 062C3670
M DpShMCreate: allocated comm_adm at 062C3688
M DpShMCreate: allocated vmc_adm_list at 0630A358
M DpShMCreate: system runs without vmc_adm
M DpShMCreate: allocated ca_info at 0630A380
M DpShMCreate: allocated wall_adm at 0630A388
M ThTaskStatus: rdisp/reset_online_during_debug 0
X EmInit: MmSetImplementation( 2 ).
X <ES> client 0 initializing ....
X Using implementation flat
M <EsNT> Memory Reset disabled as NT default
X ES initialized.
M
M Wed Aug 05 10:48:18 2009
M calling db_connect ...
C Prepending e:\oracle\IDS to Path.
C got NLS_LANG='AMERICAN_AMERICA.UTF8' from environment
C Client NLS settings: AMERICAN_AMERICA.UTF8
C Logon as OPS$-user to get SAPIDS's password
C Connecting as /@IDS on connection 0 (nls_hdl 0) ... (dbsl 640 070308)
C Nls CharacterSet NationalCharSet C EnvHp ErrHp ErrHpBatch
C 0 UTF8 1 05B17398 05B1C458 05B1BEC0
C Attaching to DB Server IDS (con_hdl=0,svchp=05B1BE14,srvhp=05B1CA84)
C Starting user session (con_hdl=0,svchp=05B1BE14,srvhp=05B1CA84,usrhp=05B256B8)
C *** ERROR => OCI-call 'OCISessionBegin' failed: rc = 1017
[dboci.c 4508]
C *** ERROR => CONNECT failed with sql error '1017'
[dbsloci.c 11395]
C Try to connect with default password
C Connecting as SAPIDS/<pwd>@IDS on connection 0 (nls_hdl 0) ... (dbsl 640 070308)
C Nls CharacterSet NationalCharSet C EnvHp ErrHp ErrHpBatch
C 0 UTF8 1 05B17398 05B1C458 05B1BEC0
C Starting user session (con_hdl=0,svchp=05B1BE14,srvhp=05B1CA84,usrhp=05B256B8)
C *** ERROR => OCI-call 'OCISessionBegin' failed: rc = 1017
[dboci.c 4508]
C *** ERROR => CONNECT failed with sql error '1017'
[dbsloci.c 11395]
B ***LOG BY2=> sql error 1017 performing CON [dbsh#3 @ 1204] [dbsh 1204 ]
B ***LOG BY0=> ORA-01017: invalid username/password; logon denied [dbsh#3 @ 1204] [dbsh 1204 ]
B ***LOG BY2=> sql error 1017 performing CON [dblink#3 @ 428] [dblink 0428 ]
B ***LOG BY0=> ORA-01017: invalid username/password; logon denied [dblink#3 @ 428] [dblink 0428 ]
M ***LOG R19=> tskh_init, db_connect ( DB-Connect 000256) [thxxhead.c 1283]
M in_ThErrHandle: 1
M *** ERROR => tskh_init: db_connect (step 1, th_errno 13, action 3, level 1) [thxxhead.c 9708]
M
M Info for wp 0
M
M stat = 4
M reqtype = 1
M act_reqtype = -1
M rq_info = 0
M tid = -1
M mode = 255
M len = -1
M rq_id = 65535
M rq_source = 255
M last_tid = 0
M last_mode = 0
M int_checked_resource(RFC) = 0
M ext_checked_resource(RFC) = 0
M int_checked_resource(HTTP) = 0
M ext_checked_resource(HTTP) = 0
M report = > <
M action = 0
M tab_name = > <
M
M *****************************************************************************
M *
M * LOCATION SAP-Server ord-sapproj_IDS_00 on host ord-sapproj (wp 0)
M * ERROR tskh_init: db_connect
M *
M * TIME Wed Aug 05 10:48:18 2009
M * RELEASE 640
M * COMPONENT Taskhandler
M * VERSION 1
M * RC 13
M * MODULE thxxhead.c
M * LINE 9893
M * COUNTER 1
M *
M *****************************************************************************
M
M PfStatDisconnect: disconnect statistics
M Entering TH_CALLHOOKS
M ThCallHooks: call hook >ThrSaveSPAFields< for event BEFORE_DUMP
M *** ERROR => ThrSaveSPAFields: no valid thr_wpadm [thxxrun1.c 730]
M *** ERROR => ThCallHooks: event handler ThrSaveSPAFields for event BEFORE_DUMP failed [thxxtool3.c 255]
M Entering ThSetStatError
M Entering ThReadDetachMode
M call ThrShutDown (1)...
M ***LOG Q02=> wp_halt, WPStop (Workproc 0 844) [dpnttool.c 357]
I have checked database connectivity with the command 'r3trans -d', it got finished with the return code 0012 and the trace.log file is showing the following information.
=======================================
4 ETW000 r3trans version 6.13 (release 640 - 17.07.08 - 08:11:00).
4 ETW000 unicode enabled version
4 ETW000 ===============================================
4 ETW000
4 ETW000 date&time : 05.08.2009 - 10:52:31
4 ETW000 control file: <no ctrlfile>
4 ETW000 R3trans was called as follows: r3trans -d
4 ETW000 trace at level 2 opened for a given file pointer
4 ETW000 [dev trc ,00000] Wed Aug 05 10:52:34 2009 0.000000
4 ETW000 [dev trc ,00000] db_con_init called 0.000000
4 ETW000 [dev trc ,00000] create_con (con_name=R/3) 0.000000
4 ETW000 [dev trc ,00000] Loading DB library 'dboraslib.dll' ... 0.000000
4 ETW000 [dev trc ,00000] load shared library (dboraslib.dll), hdl 0 8449 0.008449
4 ETW000 [dev trc ,00000] using "f:\usr\sap\IDS\SYS\exe\run\dboraslib.dll"
4 ETW000 37 0.008486
4 ETW000 [dev trc ,00000] Library 'dboraslib.dll' loaded 18 0.008504
4 ETW000 [dev trc ,00000] function DbSlExpFuns loaded from library dboraslib.dll
4 ETW000 27 0.008531
4 ETW000 [dev trc ,00000] Version of 'dboraslib.dll' is "640.00", patchlevel (0.220)
4 ETW000 219 0.008750
4 ETW000 [dev trc ,00000] function dsql_db_init loaded from library dboraslib.dll
4 ETW000 27 0.008777
4 ETW000 [dev trc ,00000] function dbdd_exp_funs loaded from library dboraslib.dll
4 ETW000 36 0.008813
4 ETW000 [dev trc ,00000] New connection 0 created 26 0.008839
4 ETW000 [dev trc ,00000] 0: name = R/3, con_id = -000000001 state = DISCONNECTED, perm = YES, reco = NO , timeout = 000, con_max = 255, con_opt = 255, occ = NO
4 ETW000 34 0.008873
4 ETW000 [dev trc ,00000] db_con_connect (con_name=R/3) 22 0.008895
4 ETW000 [dev trc ,00000] find_con_by_name found the following connection for reuse:
4 ETW000 25 0.008920
4 ETW000 [dev trc ,00000] 0: name = R/3, con_id = 000000000 state = DISCONNECTED, perm = YES, reco = NO , timeout = 000, con_max = 255, con_opt = 255, occ = NO
4 ETW000 32 0.008952
4 ETW000 [dev trc ,00000] Setting DIR_CLIENT_ORAHOME is not set as environment variable,
4 ETW000 assuming using instant client with unspecified location.
4 ETW000 227 0.009179
4 ETW000 [dev trc ,00000] -->oci_initialize (con_hdl=0) 130 0.009309
4 ETW000 [dev trc ,00000] got NLS_LANG='AMERICAN_AMERICA.UTF8' from environment
4 ETW000 32 0.009341
4 ETW000 [dev trc ,00000] Client NLS settings: AMERICAN_AMERICA.UTF8 23827 0.033168
4 ETW000 [dev trc ,00000] Logon as OPS$-user to get SAPIDS's password 34 0.033202
4 ETW000 [dev trc ,00000] Connecting as /@IDS on connection 0 (nls_hdl 0) ... (dbsl 640 070308)
4 ETW000 35 0.033237
4 ETW000 [dev trc ,00000] Nls CharacterSet NationalCharSet C EnvHp ErrHp ErrHpBatch
4 ETW000 32 0.033269
4 ETW000 [dev trc ,00000] 0 UTF8 1 0253CDB0 02541E18 02541880
4 ETW000 112 0.033381
4 ETW000 [dev trc ,00000] Allocating service context handle for con_hdl=0 29 0.033410
4 ETW000 [dev trc ,00000] Allocating server context handle 25 0.033435
4 ETW000 [dev trc ,00000] Attaching to DB Server IDS (con_hdl=0,svchp=025417D4,srvhp=025423DC)
4 ETW000 51 0.033486
4 ETW000 [dev trc ,00000] Assigning server context 025423DC to service context 025417D4
4 ETW000 41860 0.075346
4 ETW000 [dev trc ,00000] Allocating user session handle 47 0.075393
4 ETW000 [dev trc ,00000] Starting user session (con_hdl=0,svchp=025417D4,srvhp=025423DC,usrhp=0254AFA8)
4 ETW000 50 0.075443
4 ETW000 [dboci.c ,00000] *** ERROR => OCI-call 'OCISessionBegin' failed: rc = 1017
4 ETW000 4381 0.079824
4 ETW000 [dbsloci. ,00000] *** ERROR => CONNECT failed with sql error '1017'
4 ETW000 31 0.079855
4 ETW000 [dev trc ,00000] set_ocica() -> OCI or SQL return code 1017 23 0.079878
4 ETW000 [dev trc ,00000] Try to connect with default password 80 0.079958
4 ETW000 [dev trc ,00000] Connecting as SAPIDS/<pwd>@IDS on connection 0 (nls_hdl 0) ... (dbsl 640 070308)
4 ETW000 28 0.079986
4 ETW000 [dev trc ,00000] Nls CharacterSet NationalCharSet C EnvHp ErrHp ErrHpBatch
4 ETW000 31 0.080017
4 ETW000 [dev trc ,00000] 0 UTF8 1 0253CDB0 02541E18 02541880
4 ETW000 32 0.080049
4 ETW000 [dev trc ,00000] Assigning username to user session 0254AFA8 19 0.080068
4 ETW000 [dev trc ,00000] Assigning password to user session 0254AFA8 25 0.080093
4 ETW000 [dev trc ,00000] Starting user session (con_hdl=0,svchp=025417D4,srvhp=025423DC,usrhp=0254AFA8)
4 ETW000 32 0.080125
4 ETW000 [dboci.c ,00000] *** ERROR => OCI-call 'OCISessionBegin' failed: rc = 1017
4 ETW000 1691 0.081816
4 ETW000 [dbsloci. ,00000] *** ERROR => CONNECT failed with sql error '1017'
4 ETW000 28 0.081844
4 ETW000 [dev trc ,00000] set_ocica() -> OCI or SQL return code 1017 18 0.081862
4 ETW000 [dblink ,00428] ***LOG BY2=>sql error 1017 performing CON [dblink#3 @ 428]
4 ETW000 119 0.081981
4 ETW000 [dblink ,00428] ***LOG BY0=>ORA-01017: invalid username/password; logon denied [dblink#3 @ 428]
4 ETW000 30 0.082011
2EETW169 no connect possible: "DBMS = ORACLE --- dbs_ora_tnsname = 'IDS'"
=================================================================================
Kindly suggest me the solution to resolve the issue.
Thanks & regards,
MogileeswarPlease check the logs it is clrerly mentioned thet your sapsystem is not able to connect to database.
ERROR => CONNECT failed with sql error '1017' [dbsloci.c 11395] B ***LOG BY2=> sql error 1017 performing CON [dbsh#3 @ 1204] [dbsh 1204 ] B ***LOG BY0=> ORA-01017: invalid username/password; logon denied [dbsh#3 @ 1204] [dbsh 1204 ] B ***LOG BY2=> sql error 1017 performing CON [dblink#3 @ 428] [dblink 0428 ] B ***LOG BY0=> ORA-01017: invalid username/password
Check the Note------Note 713685 - Hom./Het.System Copy SAP Web AS 6.40
run these commands:
brconnect -u / -c -l E -f chpass -o SAPSR3 -password whatever_you_want
sqlplus /nolog @sapdba_role.sql SID NT
Also check the parameter DBS_ORA_SCHEMA is set to SAPSR3.
Also read note 400241.
Thanks
Rishi Abrol
Maybe you are looking for
-
I'm new to using the apple OS. Recently had business partner buy an ipad mini, was thinking of buying more for our businesses. I'm used to using Windows Office products for my reports, wanted to know how apple's Pages, Keynote and Numbers compared
-
DMS BP giving 'requested resource is not available' error
Hello, smart KM people I'm having a problem with our DMS business package in our EP6 SP16 portal. I configured the DMS repository manager successfully.. and the Document Explorer workset is functional and I'm able to navigate through the folder str
-
Hello With DSS 5.5.3 the mp3 streaming works fine, but my video don't work anyway. No error messages, no problem in logs, I see my own conexion for video on the server but with 0kbs input and 0kbs output. I try this with my local loop adress (rtsp://
-
Interconnect HTTP adapter and B2B
The HTTP adapter within Interconnect does not seem to support SOAP HTTP formats, would B2B be able to manipulate the HTTP from the HTTP Adapter and create it in SOAP format.
-
Need to debug PTRV_EXPENSE_FORM. Have to find Driver Program
Hi experts I have created a custom copy of PTRV_EXPENSE_FORM (ZPTRV_EXPENSE_FORM), which is working absolutely as required, except that manager is not able to view the entire information entered by the user. I want to debug it, but don't know how to