Cannot configure service-policy on SIP-400

Similar Messages

• IMAP + POP service stops after startup. Cannot configure params in shell

  Hello,
  Just bought a MacMini, with 10.6.4 server. However, I cannot make POP nor IMAP services to work. They stop after startup. SMTP works fine though.
  How do I troubleshoot? The graphical 'Mail Configure Service...' does not make the IMAP service start.
  I cannot change the mail parameters via command line.
  For example:
  $ sudo serveradmin set mail:imap:enable_imap = no /yes is ignored.

  By manually reseting the variables in the file, mail started with IMAP and POP running,
  I trust this is a bug in the serveradmin .app
  Here is the garbled file:
  ----sslcertfile variable could not be reset by serveradmin, it apparently appended data instead of overwriting:
  # Note: This key is managed by Server Admin. See above before making changes
  sslcertfile = /etc/certificates/MacMini.sip.com.gr.8017D0CBEBF8CC56CF776F2E03D8E3849C9F743A.c ert.pem (Email).D8106694C6517EA5D450AC90C2D2B86624A82000.cert.pem SSL Server.EBBA9E02804AECB53A9C44F983024BEDE1397CA8.cert.pem Ltd (SSL client).7BA20201B838A758AA227335E7FD87EB80F53DEC.cert.pem (Email).D8106694C6517EA5D450AC90C2D2B86624A82000.cert.pem (Email).D8106694C6517EA5D450AC90C2D2B86624A82000.cert.pem (Email).D8106694C6517EA5D450AC90C2D2B86624A82000.cert.pem (Email).D8106694C6517EA5D450AC90C2D2B86624A82000.cert.pem Ltd (SSL client).7BA20201B838A758AA227335E7FD87EB80F53DEC.cert.pem Ltd (SSL client).7BA20201B838A758AA227335E7FD87EB80F53DEC.cert.pem (Email).D8106694C6517EA5D450AC90C2D2B86624A82000.cert.pem (Email).D8106694C6517EA5D450AC90C2D2B86624A82000.cert.pem Ltd (SSL client).7BA20201B838A758AA227335E7FD87EB80F53DEC.cert.pem (Email).D8106694C6517EA5D450AC90C2D2B86624A82000.cert.pem (Email).D8106694C6517EA5D450AC90C2D2B86624A82000.cert.pem (Email).D8106694C6517EA5D450AC90C2D2B86624A82000.cert.pem SSL Server.EBBA9E02804AECB53A9C44F983024BEDE1397CA8.cert.pem Ltd (SSL client).7BA20201B838A758AA227335E7FD87EB80F53DEC.cert.pem (Email).D8106694C6517EA5D450AC90C2D2B86624A82000.cert.pem (Email).D8106694C6517EA5D450AC90C2D2B86624A82000.cert.pem (Email).D8106694C6517EA5D450AC90C2D2B86624A82000.cert.pem (Email).D8106694C6517EA5D450AC90C2D2B86624A82000.cert.pem (Email).D8106694C6517EA5D450AC90C2D2B86624A82000.cert.pem SSL Server.EBBA9E02804AECB53A9C44F983024BEDE1397CA8.cert.pem (Email).D8106694C6517EA5D450AC90C2D2B86624A82000.cert.pem Ltd.1949E49930EF79AE0C0B92EFDA9699918DDC5AA8.cert.pem Ltd.1949E49930EF79AE0C0B92EFDA9699918DDC5AA8.cert.pem Ltd.1949E49930EF79AE0C0B92EFDA9699918DDC5AA8.cert.pem SIP Ltd.68A893BB34CC5B16AEBA36DFFE4A8B5397F9FB56.cert.pem Ltd.1949E49930EF79AE0C0B92EFDA9699918DDC5AA8.cert.pem Ltd.1949E49930EF79AE0C0B92EFDA9699918DDC5AA8.cert.pem SIP Ltd.68A893BB34CC5B16AEBA36DFFE4A8B5397F9FB56.cert.pem Ltd.1949E49930EF79AE0C0B92EFDA9699918DDC5AA8.cert.pem Ltd.1949E49930EF79AE0C0B92EFDA9699918DDC5AA8.cert.pem SIP Ltd.68A893BB34CC5B16AEBA36DFFE4A8B5397F9FB56.cert.pem SIP Ltd.68A893BB34CC5B16AEBA36DFFE4A8B5397F9FB56.cert.pem SIP Ltd.68A893BB34CC5B16AEBA36DFFE4A8B5397F9FB56.cert.pem Ltd.1949E49930EF79AE0C0B92EFDA9699918DDC5AA8.cert.pem Ltd.1949E49930EF79AE0C0B92EFDA9699918DDC5AA8.cert.pem Ltd.1949E49930EF79AE0C0B92EFDA9699918DDC5AA8.cert.pem Ltd.1949E49930EF79AE0C0B92EFDA9699918DDC5AA8.cert.pem Ltd.1949E49930EF79AE0C0B92EFDA9699918DDC5AA8.cert.pem Ltd.1949E49930EF79AE0C0B92EFDA9699918DDC5AA8.cert.pem SIP Ltd.68A893BB34CC5B16AEBA36DFFE4A8B5397F9FB56.cert.pem Ltd.1949E49930EF79AE0C0B92EFDA9699918DDC5AA8.cert.pem Ltd.1949E49930EF79AE0C0B92EFDA9699918DDC5AA8.cert.pem Ltd.1949E49930EF79AE0C0B92EFDA9699918DDC5AA8.cert.pem SIP Ltd.68A893BB34CC5B16AEBA36DFFE4A8B5397F9FB56.cert.pem SIP Ltd.68A893BB34CC5B16AEBA36DFFE4A8B5397F9FB56.cert.pem SIP Ltd.68A893BB34CC5B16AEBA36DFFE4A8B5397F9FB56.cert.pem SIP Ltd.68A893BB34CC5B16AEBA36DFFE4A8B5397F9FB56.cert.pem Ltd.1949E49930EF79AE0C0B92EFDA9699918DDC5AA8.cert.pem Ltd.1949E49930EF79AE0C0B92EFDA9699918DDC5AA8.cert.pem
  # Note: This key is managed by Server Admin. See above before making changes
  sslkeyfile = /etc/certificates/MacMini.sip.com.gr.8017D0CBEBF8CC56CF776F2E03D8E3849C9F743A.k ey.pem (Email).D8106694C6517EA5D450AC90C2D2B86624A82000.key.pem SSL Server.EBBA9E02804AECB53A9C44F983024BEDE1397CA8.key.pem Ltd (SSL client).7BA20201B838A758AA227335E7FD87EB80F53DEC.key.pem (Email).D8106694C6517EA5D450AC90C2D2B86624A82000.key.pem (Email).D8106694C6517EA5D450AC90C2D2B86624A82000.key.pem (Email).D8106694C6517EA5D450AC90C2D2B86624A82000.key.pem (Email).D8106694C6517EA5D450AC90C2D2B86624A82000.key.pem Ltd (SSL client).7BA20201B838A758AA227335E7FD87EB80F53DEC.key.pem (Email).D8106694C6517EA5D450AC90C2D2B86624A82000.key.pem (Email).D8106694C6517EA5D450AC90C2D2B86624A82000.key.pem (Email).D8106694C6517EA5D450AC90C2D2B86624A82000.key.pem SSL Server.EBBA9E02804AECB53A9C44F983024BEDE1397CA8.key.pem Ltd (SSL client).7BA20201B838A758AA227335E7FD87EB80F53DEC.key.pem (Email).D8106694C6517EA5D450AC90C2D2B86624A82000.key.pem (Email).D8106694C6517EA5D450AC90C2D2B86624A82000.key.pem (Email).D8106694C6517EA5D450AC90C2D2B86624A82000.key.pem (Email).D8106694C6517EA5D450AC90C2D2B86624A82000.key.pem (Email).D8106694C6517EA5D450AC90C2D2B86624A82000.key.pem SSL Server.EBBA9E02804AECB53A9C44F983024BEDE1397CA8.key.pem (Email).D8106694C6517EA5D450AC90C2D2B86624A82000.key.pem Ltd.1949E49930EF79AE0C0B92EFDA9699918DDC5AA8.key.pem Ltd.1949E49930EF79AE0C0B92EFDA9699918DDC5AA8.key.pem Ltd.1949E49930EF79AE0C0B92EFDA9699918DDC5AA8.key.pem SIP Ltd.68A893BB34CC5B16AEBA36DFFE4A8B5397F9FB56.key.pem Ltd.1949E49930EF79AE0C0B92EFDA9699918DDC5AA8.key.pem Ltd.1949E49930EF79AE0C0B92EFDA9699918DDC5AA8.key.pem SIP Ltd.68A893BB34CC5B16AEBA36DFFE4A8B5397F9FB56.key.pem Ltd.1949E49930EF79AE0C0B92EFDA9699918DDC5AA8.key.pem Ltd.1949E49930EF79AE0C0B92EFDA9699918DDC5AA8.key.pem SIP Ltd.68A893BB34CC5B16AEBA36DFFE4A8B5397F9FB56.key.pem SIP Ltd.68A893BB34CC5B16AEBA36DFFE4A8B5397F9FB56.key.pem SIP Ltd.68A893BB34CC5B16AEBA36DFFE4A8B5397F9FB56.key.pem Ltd.1949E49930EF79AE0C0B92EFDA9699918DDC5AA8.key.pem Ltd.1949E49930EF79AE0C0B92EFDA9699918DDC5AA8.key.pem Ltd.1949E49930EF79AE0C0B92EFDA9699918DDC5AA8.key.pem Ltd.1949E49930EF79AE0C0B92EFDA9699918DDC5AA8.key.pem Ltd.1949E49930EF79AE0C0B92EFDA9699918DDC5AA8.key.pem Ltd.1949E49930EF79AE0C0B92EFDA9699918DDC5AA8.key.pem SIP Ltd.68A893BB34CC5B16AEBA36DFFE4A8B5397F9FB56.key.pem Ltd.1949E49930EF79AE0C0B92EFDA9699918DDC5AA8.key.pem Ltd.1949E49930EF79AE0C0B92EFDA9699918DDC5AA8.key.pem Ltd.1949E49930EF79AE0C0B92EFDA9699918DDC5AA8.key.pem SIP Ltd.68A893BB34CC5B16AEBA36DFFE4A8B5397F9FB56.key.pem SIP Ltd.68A893BB34CC5B16AEBA36DFFE4A8B5397F9FB56.key.pem SIP Ltd.68A893BB34CC5B16AEBA36DFFE4A8B5397F9FB56.key.pem SIP Ltd.68A893BB34CC5B16AEBA36DFFE4A8B5397F9FB56.key.pem Ltd.1949E49930EF79AE0C0B92EFDA9699918DDC5AA8.key.pem Ltd.1949E49930EF79AE0C0B92EFDA9699918DDC5AA8.key.pem
  # Note: This key is managed by Server Admin. See above before making changes
  sslcafile = /etc/certificates/MacMini.sip.com.gr.8017D0CBEBF8CC56CF776F2E03D8E3849C9F743A.c hain.pem (Email).D8106694C6517EA5D450AC90C2D2B86624A82000.chain.pem SSL Server.EBBA9E02804AECB53A9C44F983024BE.....

• Configuring group policy for user profiles in Windows Server 2012 R2 Domain

  Requesting some experts advise on configuring group policy for user profiles.
  We will be building new Windows Server 2012 R2 Domain Controllers (Domain of 400 users).
  The settings which I am concerned:
  1. Folder Redirection: Desktop, Documents, Favorites.
  2. Quota for Folder Redirection - 1 GB per user.
  3. Map a networked drive - 1 GB per user.
  4. Roaming profile - (Will ignore if it does not suit our requirement). 
  The question is how outlook profile will be retained / automatically moved if the users move from once computer to other?
  FYI, E-mails hosted on MS Office365 and OST file size of few users more than 25GB. So, in case the user moves from one computer to other, the entire mailbox will be downloaded via internet. This consumes high bandwidth if more than 3-4 users shift per day.
  Thanks a lot for your valuable time and efforts.

  Hi,
  >>The question is how outlook profile will be retained / automatically moved if the users move from once computer to other?
  This depends on where our outlook data files are stored. If these data files are stored under
  drive:\Users\<username>\AppData\Local, then these files can’t be redirected, for folder redirection can’t redirect appdata local or locallow.
  However, regarding your question, we can refer to the following thread to find the solution.
  Roam outlook profiles without roaming profiles
  http://social.technet.microsoft.com/Forums/office/en-US/3908b8e0-8f44-4a34-8eb5-5a024df3463e/roam-outlook-profiles-without-roaming-profiles
  In addition, regarding how to configure folder redirection, the following article can be referred to for more information.
  Configuring Folder Redirection
  http://technet.microsoft.com/library/cc786749.aspx
  Hope it helps.
  Best regards,
  Frank Shen

• Error while applying the Service Policy

  Hi,
  I am getting the below error while applying the service policy to the Interface.
  I have set the mpls exp 4 as well as want to limit the bandwidth to 1Mbps
  PE#sh policy-map setexp-GBoIP
    Policy Map setexp-GBoIP
      Class GBoIP-traffic
        set mpls experimental imposition 4
       police cir 1024000 bc 32000
         conform-action transmit
         exceed-action drop
  PE(config-if)#int vlan 2007
  PE(config-if)#service-policy input setexp-GBoIP
  QoS-ERROR: Addition/Modification made to policymap setexp-GBoIP and class GBoIP-traffic is not valid, command is rejected
  As well as I have created new clas--map with priority and Bandwidth and applied in output direction, I got the belwo error while applying the Service policy in
  PE(config-if)#service-policy out TEST
  bandwidth command is not supported in output direction for this interface
  PE(config-if)#service-policy output TEST
  priority command is not supported in output direction for this interface
  Any idea why so ?
  Thanks in Advance.
  Regards,
  Nilesh

  Check the current value of IGW_AWARDS_S sequence and make sure the MINVALUE in the patch (i.e. 10000) is not greater than the current one.
  OERR: ORA 4007 MINVALUE cannot be made to exceed the current value (Doc ID 19824.1)
  You may also log a SR.
  Thanks,
  Hussein

• Why doesn't "show service-policy url-summary" work?

  Does any one know -- At Cisco Live this year -- this command was shown as an Option to see the number of
  hits on L7 class maps urls.
  It's not an option for me:  Running A3 (2.5)
  Thanks,
  From A2 documentation  (maybe this command was dropped from A3 -- but that would be unfortunate)
  To display the statistics for all policy maps or a specific policy map that is currently in service, use the show service-policy command. This command also allows you to display statistics for a specific class map in a policy or the hit counts for match HTTP URL statements in a Layer 7 HTTP policy map. If you do not enter an option with this command, the ACE displays all enabled policy statistics.
  show service-policy [policy_name [class-map class_name]] [detail | summary | url-summary] [|] [>]
  Syntax Description
  policy_name
  (Optional) Identifier of an existing policy map that is currently in service (applied to an interface) as an unquoted text string with a maximum of 64 alphanumeric characters. If you do not enter the name of an existing policy map, the ACE displays information and statistics for all policy maps.
  class-map class_name
  (Optional) Displays the statistics for the specified class map associated with the policy.
  detail
  (Optional) Displays a more detailed listing of policy map or class map statistics and status information.
  summary
  (Optional) Displays a summary of policy map or class map statistics and status information.
  url-summary
  (Optional) Displays the number of times that a connection is established based on a match HTTP URL statement for a class map in a Layer 7 HTTP policy map.
  The URL hit counter is per match statement per load-balancing Layer 7 policy. If you are using the same combination of Layer 7 policy and class maps with URL match statements in different VIPs, the count is combined. If the ACE configuration exceeds 64K URL and load-balancing policy combinations, this counter displays NA.

  Hi Dan,
  The url-summary has only been added to the ACE module code at this time.  The A2 code train is only for the module, while the A3 train is only for the appliance.  The good news is that later this year, we will have a new software coming out (A4) that will be the exact same image that can be loaded on either the module or the appliance, hence all functionality will be the same for both (except the acceleration and optimization that only the appliance will support.
  Hope this helps,
  Sean

• I seem to have lost some of my settings and now I cannot configure my airport connection. How do I get my settings back?

  Hello. First time using this. Still trying to figure out how to post my questions. I seem to have lost some of my settings and now I cannot configure my airport connection. How do I get my settings back?

  If you are using cable and a Nethear router sounds like from the information you provide before your Airport setting are setup improperly. PPoE is not something a cable service would need to work. Fallow the steps I will provide bellow, I will add some screen shots also to assist if necessary.
  1 - Open System Preferences from  (Menu)
  2 - Click "Network"
  3 - From the Network window you are going to wanna make sure Location is : Automatic and Show is : Airport
  4 - Once the Show: Airport is select you should see a window like this, my window is selected for Ethernet simply because I am no longer running Tiger but the window will look the same.
  5 - You will want to click on the PPPoE tab and you should see this
  6 - You're gonna wanna make sure " connection using PPPoE " is not select, if it is make sure to uncheck this option
  7 - Once this is uncheck make sure to click "Apply Now"
  8 - You will want to click back on to the "TCP/IP" tab and make sure IPv4 is set to " Using DHCP "
  9 - If the option to " Apply Now" is available again please click this
  10 - Once this is done go to your Aiport Menu and see if your network is listed and select your network and eneter the password if necessary.
  11 - If after these steps you still have issues I would recommend Power Cylcing your Router and Modem for about 5 minutes
  12 - Make sure all lights are off when unplugging the Router and the Modem
  13 - Some Modems have backup batterys so you may have to push in a tiny button on the back with a pin

• Sip 503 service unavailable and sip 500 internal server error

  Hi guys,could any one help me in the following.
  ITSP-->Voice gateway configured as CUBE-->CUCM-->UCCX
  I am moving a system from cme and aa enviroment to cucm and uccx
  The VGW is configured as CUBE and also is added as h323 gateway on cucm.
  When i tested the debug ccsip messages shows
  Sip 503 service unavailable or
  sip 500 internal server error.
  I can't now provide any debugs cause i am not on site,only on Saturday.
  As i read in previous discussion that could be the bind source address problem but i had this configured.
  Also i tried to configure the gateway instead of h232 to use sip trunk from cucm,but after this the incoming calls didn't even reach the router,the debug ccsip messages showed nothing.
  For now can any one advice me to what these 2 errors related to.
  What could be missing?
  Thanks in advance.

  Hi there : can some one explain the reason that i am getting this sip error with itsp:
  here is the debug of ccsip messages:
  Received:
  INVITE sip:[email protected];user=phone SIP/2.0
  Via: SIP/2.0/UDP 188.254.68.66:9298;branch=z9hG4bK-6110d60075a24c0f-a3c000c-1
  Call-ID: isbc6994325518768294927-1385194135-11717
  From: [email protected];user=phone>;tag=sbc09106994325518768294927
  To:
  CSeq: 1 INVITE
  Min-SE: 90
  Session-Expires: 3600;refresher=uac
  Contact:
  Allow: INVITE,CANCEL,BYE,ACK,REFER,UPDATE,INFO,PRACK
  Supported: timer,100rel
  Diversion: [email protected]>;privacy=off;screen=no;reason=unknown,[email protected]>;privacy=off;screen=no;reason=unknown
  Max-Forwards: 70
  User-Agent: VCS 5.8.2.56-03
  Content-Length: 394
  Content-Type: application/sdp
  v=0
  o=- 87852 198805 IN IP4 188.254.68.67
  s=SBC call
  c=IN IP4 188.254.68.67
  t=0 0
  m=audio 23682 RTP/AVP 8 0 18 98 96 97 101
  a=rtpmap:98 G.729a/8000
  a=rtpmap:96 G.729ab/8000
  a=rtpmap:97 G.729b/8000
  a=rtpmap:101 telephone-event/8000
  a=fmtp:101 0-15
  a=fmtp:18 annexb=no
  a=ptime:10
  a=X-vrzcap:vbd Ver=1 Mode=FaxPr ModemRtpRed=0
  a=X-vrzcap:identification bin=DSR2866 Prot=mgcp App=MG
  00:43:23: //11/FDB448CE8020/SIP/Msg/ccsipDisplayMsg:
  Sent:
  SIP/2.0 100 Trying
  Via: SIP/2.0/UDP 188.254.68.66:9298;branch=z9hG4bK-6110d60075a24c0f-a3c000c-1
  From: [email protected];user=phone>;tag=sbc09106994325518768294927
  To:
  Date: Sat, 23 Nov 2013 08:06:29 GMT
  Call-ID: isbc6994325518768294927-1385194135-11717
  CSeq: 1 INVITE
  Allow-Events: telephone-event
  Server: Cisco-SIPGateway/IOS-12.x
  Content-Length: 0
  00:43:23: //11/FDB448CE8020/SIP/Msg/ccsipDisplayMsg:
  Sent:
  SIP/2.0 503 Service Unavailable
  Via: SIP/2.0/UDP 188.254.68.66:9298;branch=z9hG4bK-6110d60075a24c0f-a3c000c-1
  From: [email protected];user=phone>;tag=sbc09106994325518768294927
  To:
  c2801#er=phone>;tag=27BA64-1DAE
  Date: Sat, 23 Nov 2013 08:06:29 GMT
  Call-ID: isbc6994325518768294927-1385194135-11717
  CSeq: 1 INVITE
  Allow-Events: telephone-event
  Server: Cisco-SIPGateway/IOS-12.x
  Reason: Q.850;cause=38
  Content-Length: 0
  00:43:23: //-1/xxxxxxxxxxxx/SIP/Msg/ccsipDisplayMsg:
  Received:
  ACK sip:[email protected];user=phone SIP/2.0
  Via: SIP/2.0/UDP 188.254.68.66:9298;branch=z9hG4bK-6110d60075a24c0f-a3c000c-1
  Call-ID: isbc6994325518768294927-1385194135-11717
  From: [email protected];user=phone>;tag=sbc09106994325518768294927
  To: ;tag=27BA64-1DAE
  CSeq: 1 ACK
  Max-Forwards: 70
  Content-Length: 0
  show run:
  voice service voip
  ip address trusted list
    ipv4 87.226.136.164 255.255.255.255
    ipv4 172.16.24.0 255.255.255.0
    ipv4 188.254.68.66 255.255.255.255
    ipv4 188.254.68.67 255.255.255.255
    ipv4 188.254.69.66 255.255.255.255
    ipv4 188.254.69.67 255.255.255.255
    ipv4 46.38.52.68 255.255.255.255
  address-hiding
  allow-connections h323 to h323
  allow-connections h323 to sip
  allow-connections sip to h323
  allow-connections sip to sip
  supplementary-service h450.12
  no supplementary-service sip moved-temporarily
  no supplementary-service sip refer
  redirect ip2ip
  fax protocol t38 version 0 ls-redundancy 0 hs-redundancy 0 fallback cisco
  sip
  voice class codec 1
  codec preference 1 g729br8
  codec preference 2 g729r8
  codec preference 3 g711alaw
  codec preference 4 g711ulaw
  voice class codec 2
  codec preference 1 g711ulaw
  codec preference 2 g711alaw
  codec preference 3 g729r8
  codec preference 4 g729br8
  voice translation-rule 1
  rule 1 /XXX5397962/ /1999/
  voice translation-rule 2
  rule 1 /XXX55317577/ /1999/
  voice translation-rule 3
  rule 1 /5555317884/ /1999/
  voice translation-profile ROS
  translate called 1
  voice translation-profile ROS2
  translate called 2
  voice translation-profile ROS3
  translate called 3
  interface FastEthernet0/0
  ip address 178.208.129.221 255.255.255.248
  ip access-group INBOUND in
  no ip unreachables
  ip verify unicast reverse-path
  ip nat outside
  ip inspect IPFW in
  ip inspect IPFW out
  ip virtual-reassembly in
  duplex auto
  speed auto
  no cdp enable
  interface FastEthernet0/1
  no ip address
  ip nat inside
  ip virtual-reassembly in
  duplex auto
  speed auto
  interface FastEthernet0/1.1
  encapsulation dot1Q 1 native
  ip address 10.110.0.200 255.255.255.0
  ip nat inside
  ip virtual-reassembly in
  interface FastEthernet0/1.2
  encapsulation dot1Q 2
  ip address 172.16.24.254 255.255.255.0
  ip nat inside
  ip virtual-reassembly in
  h323-gateway voip interface
  h323-gateway voip bind srcaddr 172.16.24.254
  ip dns server
  ip nat inside source list NAT interface FastEthernet0/0 overload
  ip route 0.0.0.0 0.0.0.0 178.208.X.X
  ip route 192.168.0.0 255.255.0.0 Null0 254
  sccp local FastEthernet0/1.2
  sccp ccm 172.16.24.101 identifier 1 version 7.0
  sccp
  sccp ccm group 1
  associate ccm 1 priority 1
  associate profile 1 register XCODE123456
  keepalive retries 1
  keepalive timeout 10
  switchover method immediate
  switchback method immediate
  dspfarm profile 1 transcode 
  codec g711ulaw
  codec g711alaw
  codec g729ar8
  codec g729abr8
  codec g729r8
  codec g729br8
  maximum sessions 6
  associate application SCCP
  dial-peer voice 10000 voip
  tone ringback alert-no-PI
  description ROSTELECOM Incoming
  translation-profile incoming ROS
  destination-pattern 74955397962
  session protocol sipv2
  session target ipv4:87.226.136.164
  session transport udp
  incoming called-number XXXX5397962
  dtmf-relay rtp-nte
  codec g711ulaw
  dial-peer voice 10010 voip
  tone ringback alert-no-PI
  description ROSTELECOM Incoming
  translation-profile incoming ROS2
  destination-pattern XXX55317577
  session protocol sipv2
  session target ipv4:87.226.136.164
  session transport udp
  incoming called-number 75555317577
  dtmf-relay rtp-nte
  codec g711ulaw
  dial-peer voice 10020 voip
  tone ringback alert-no-PI
  description ROSTELECOM Incoming
  translation-profile incoming ROS3
  preference 1
  destination-pattern 5555317884
  session protocol sipv2
  session target ipv4:188.254.68.66
  session transport udp
  incoming called-number 5555317884
  dtmf-relay rtp-nte
  codec g711ulaw
  dial-peer voice 10021 voip
  tone ringback alert-no-PI
  description ROSTELECOM Incoming
  translation-profile incoming ROS
  preference 2
  destination-pattern 5555317884
  session protocol sipv2
  session target ipv4:188.254.69.66
  session transport udp
  incoming called-number 5555317884
  dtmf-relay rtp-nte
  codec g711ulaw
  dial-peer voice 2 voip
  tone ringback alert-no-PI
  description to CUCM_PUB
  destination-pattern 1...
  session target ipv4:172.16.24.101
  voice-class codec 2 
  dtmf-relay rtp-nte
  I see in the debug that the itsp over g729 family codecs but not g711 at all
  This system was working with this dialpeers before with same provider ,just i have added the dial-peer 2 .
  I have changed the codec to match what is offered by itsp but no difference,still getting the same message.
  PLZ help ASAP.

• Policy map/ class map/ service policy for IOS xr

  Hi,
  I need to create a policy map and class map/service policy to limit the amount of bandwidth that can be used on one interface both in and out.
  I need the cap for the bandwidth to traverse this circuit to ne 10 Meg.
  the IOS xr version we are using is 4.3.4
  I was hoping someone could help me out by giving me a configuration example I could follow.
  Thank you.

  for instance like this:
  policy-map police-in
  class class-default
  police rate 10 mpbs <optionally set burst>
  policy-map shape-out-parent
  class class-default
  shape 10 mpbs <optional burst config>
  service-policy shape-out-child
  policy-map shape-out-child
  class class-default
  queue-limit 10 packets
  int g 0/0/0/0
  service-policy police-in in
  service-policy shape-out-parent out
  also have a look at CL 2013/2014 (orlando/sanfran) ID 2904 for more QOS details
  and the support forum article of "asr9000 quality of service architecture"
  xander

• Cannot find service {0}. Parameter name: SQLWriter SQL Express 2008 R2 SP2

  Hi, installing SQL Express 2008 R2 SP2 onto Windows Server 2012 R2.   I had previously removed SQL Express 2012 due to failed install due to incompatibility with our SAN.   (I had uninstalled it via Programs & Features,
  and also by following Shanky's tips. http://social.technet.microsoft.com/wiki/contents/articles/24364.sql-server-troubleshooting-could-not-find-database-engine-startup-handle-error-during-installation.aspx).
  This is what's in Detail log: 
  014-10-07 13:12:00 Slp: Parameter 5 : SqlEngineConfigAction_install_confignonrc
  2014-10-07 13:12:00 Slp: Parameter 6 : 0x50806C41
  014-10-07 13:12:01 Slp: Sco: Attempting to write hklm registry key SOFTWARE\Microsoft\Microsoft SQL Server to file C:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Log\20141007_122920\Registry_SOFTWARE_Microsoft_Microsoft SQL Server.reg_
  2014-10-07 13:12:01 Slp: Sco: Attempting to write hklm registry key SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall to file C:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Log\20141007_122920\Registry_SOFTWARE_Microsoft_Windows_CurrentVersion_Uninstall.reg_
  2014-10-07 13:12:01 Slp: Sco: Attempting to write hklm registry key SOFTWARE\Microsoft\MSSQLServer to file C:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Log\20141007_122920\Registry_SOFTWARE_Microsoft_MSSQLServer.reg_
  2014-10-07 13:12:01 Slp: Sco: Attempting to write hklm registry key SOFTWARE\Wow6432Node\Microsoft\Microsoft SQL Server to file C:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Log\20141007_122920\Registry_SOFTWARE_Wow6432Node_Microsoft_Microsoft SQL
  Server.reg_
  2014-10-07 13:12:01 Slp: Sco: Attempting to write hklm registry key SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall to file C:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Log\20141007_122920\Registry_SOFTWARE_Wow6432Node_Microsoft_Windows_CurrentVersion_Uninstall.reg_
  2014-10-07 13:12:01 Slp: Sco: Attempting to write hklm registry key SOFTWARE\Wow6432Node\Microsoft\MSSQLServer to file C:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Log\20141007_122920\Registry_SOFTWARE_Wow6432Node_Microsoft_MSSQLServer.reg_
  2014-10-07 13:12:02 Slp: Cannot find service {0}.
  The SqlEngineConfigAction_install_confignonrc part is what is in the background before the
  Cannot find service {0}. Parameter name: SQLWriter pops up.
  And in Event Viewer:
  Log Name:      Application
  Source:        Microsoft-Windows-RestartManager
  Date:          10/7/2014 1:11:48 PM
  Event ID:      10010
  Task Category: None
  Level:         Warning
  Keywords:     
  User:          SYSTEM
  Computer:     
  Description:
  Application 'C:\31f53f2e988a36f2c31e\x64\setup100.exe' (pid 688) cannot be restarted - Application SID does not match Conductor SID..
  Event Xml:
  <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <System>
      <Provider Name="Microsoft-Windows-RestartManager" Guid="{0888E5EF-9B98-4695-979D-E92CE4247224}" />
      <EventID>10010</EventID>
      <Version>0</Version>
      <Level>3</Level>
      <Task>0</Task>
      <Opcode>0</Opcode>
      <Keywords>0x8000000000000000</Keywords>
      <TimeCreated SystemTime="2014-10-07T20:11:48.532980400Z" />
      <EventRecordID>4538</EventRecordID>
      <Correlation />
      <Execution ProcessID="732" ThreadID="2548" />
      <Channel>Application</Channel>
      <Computer></Computer>
      <Security UserID="S-1-5-18" />
    </System>
    <UserData>
      <RmUnsupportedRestartEvent xmlns="http://www.microsoft.com/2005/08/Windows/Reliability/RestartManager/">
        <RmSessionId>0</RmSessionId>
        <Pid>688</Pid>
        <FullPath>C:\31f53f2e988a36f2c31e\x64\setup100.exe</FullPath>
        <DisplayName>Managed SQL Server Installer</DisplayName>
        <AppVersion>0</AppVersion>
        <AppType>5</AppType>
        <TSSessionId>2</TSSessionId>
        <Status>67108865</Status>
        <Reason>1</Reason>
      </RmUnsupportedRestartEvent>
    </UserData>
  </Event>
  Found one article saying you can get this if previous version not fully removed, and to do a repair of the previous version, but as I said I uninstalled it and followed all steps for cleanup, so nothing to repair. 

  Here is the ERRORLOG file from C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Log.  At the bottom I am seeing the error you said before was a SAN issue.  I had hoped that issue was only with
  SQL 2012, but it appears it is even with 2008?
  If that is still the issue, I'm trying to understand if by the articles, if the SAN conflict is an OS issue or an SQL issue?   In other words, is it because the OS is Server 2012?   Or would this still occur if I install SQL
  2008 on Server 2008 R2?    I don't know that they will be willing to upgrade the SAN, and I don't really want to fool with a .VHD (virtual disk) as a workaround speaks of.
  If you're asking if I did this from your article:  select startup account for Database Engine services as NT Authority\SYSTEM 
  , I don't recall what I did this last time.  I was doing that the last few days, but I think I didn't switch it to that once, just to see if I would have success.  I don't know if that was this last time or not when I switched it. 
  Is there anywhere I can check that after the fact?
  014-10-08 12:53:09.84 Server      Microsoft SQL Server 2008 R2 (SP2) - 10.50.4000.0 (X64)
   Jun 28 2012 08:36:30
   Copyright (c) Microsoft Corporation
   Express Edition (64-bit) on Windows NT 6.2 <X64> (Build 9200: )
  2014-10-08 12:53:09.84 Server      (c) Microsoft Corporation.
  2014-10-08 12:53:09.84 Server      All rights reserved.
  2014-10-08 12:53:09.84 Server      Server process ID is 2640.
  2014-10-08 12:53:09.84 Server      System Manufacturer: 'IBM', System Model: 'IBM System x -[7870AC1]-'.
  2014-10-08 12:53:09.84 Server      Authentication mode is WINDOWS-ONLY.
  2014-10-08 12:53:09.84 Server      Logging SQL Server messages in file 'c:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Log\ERRORLOG'.
  2014-10-08 12:53:09.84 Server      This instance of SQL Server last reported using a process ID of 2848 at 10/8/2014 10:56:44 AM (local) 10/8/2014 5:56:44 PM (UTC). This is an informational message only; no user action is required.
  2014-10-08 12:53:09.84 Server      Registry startup parameters:
    -d c:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\DATA\master.mdf
    -e c:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Log\ERRORLOG
    -l c:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\DATA\mastlog.ldf
  2014-10-08 12:53:09.84 Server      Command Line Startup Parameters:
    -m SqlSetup
    -f
    -Q
    -q SQL_Latin1_General_CP1_CI_AS
    -T 4022
    -T 4010
    -T 3659
    -T 3610
    -T 902
    -d c:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Template Data\master.mdf
    -l c:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Template Data\mastlog.ldf
  2014-10-08 12:53:09.86 Server      Warning: The server instance was started using minimal configuration startup option (-f). Starting an instance of SQL Server with minimal configuration places the server in single-user mode automatically. 
  After the server has been started with minimal configuration, you should change the appropriate server option value or values, stop, and then restart the server.
  2014-10-08 12:53:09.86 Server      SQL Server is starting at normal priority base (=7). This is an informational message only. No user action is required.
  2014-10-08 12:53:09.86 Server      Detected 16 CPUs. This is an informational message; no user action is required.
  2014-10-08 12:53:10.00 Server      Perfmon counters for resource governor pools and groups failed to initialize and are disabled.
  2014-10-08 12:53:10.01 Server      Using dynamic lock allocation.  Initial allocation of 2500 Lock blocks and 5000 Lock Owner blocks per node.  This is an informational message only.  No user action is required.
  2014-10-08 12:53:10.01 Server      Lock partitioning is enabled.  This is an informational message only. No user action is required.
  2014-10-08 12:53:10.03 Server      Node configuration: node 0: CPU mask: 0x00000000000000ff:0 Active CPU mask: 0x00000000000000ff:0. This message provides a description of the NUMA configuration for this computer. This is an informational
  message only. No user action is required.
  2014-10-08 12:53:10.05 Server      Support for distributed transactions was not enabled for this instance of the Database Engine because it was started using the minimal configuration option. This is an informational message only. No
  user action is required.
  2014-10-08 12:53:10.06 spid7s      Warning ******************
  2014-10-08 12:53:10.06 spid7s      SQL Server started in single-user mode. This an informational message only. No user action is required.
  2014-10-08 12:53:10.06 spid7s      Starting up database 'master'.
  2014-10-08 12:53:10.08 spid7s      Error: 5178, Severity: 16, State: 1.
  2014-10-08 12:53:10.08 spid7s      Cannot use file 'c:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Template Data\master.mdf' because it was originally formatted with sector size 4096 and is now on a volume with sector
  size 2097152. Move the file to a volume with a sector size that is the same as or smaller than the original sector size.
  2014-10-08 12:53:10.09 spid7s      Error: 5178, Severity: 16, State: 1.
  2014-10-08 12:53:10.09 spid7s      Cannot use file 'c:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Template Data\master.mdf' because it was originally formatted with sector size 4096 and is now on a volume with sector
  size 2097152. Move the file to a volume with a sector size that is the same as or smaller than the original sector size.
  2014-10-08 12:53:10.09 spid7s      Error: 5178, Severity: 16, State: 1.
  2014-10-08 12:53:10.09 spid7s      Cannot use file 'c:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Template Data\mastlog.ldf' because it was originally formatted with sector size 4096 and is now on a volume with
  sector size 2097152. Move the file to a volume with a sector size that is the same as or smaller than the original sector size.
  2014-10-08 12:53:10.09 spid7s      Error: 5178, Severity: 16, State: 1.
  2014-10-08 12:53:10.09 spid7s      Cannot use file 'c:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Template Data\mastlog.ldf' because it was originally formatted with sector size 4096 and is now on a volume with
  sector size 2097152. Move the file to a volume with a sector size that is the same as or smaller than the original sector size.

• Configuring Service Broker between SQL Server 2008 and 2012 on Intranet

  Hello, I would need help in configuring Service broker. As both servers are on the intranet, I wanted to remain the most simple so I used no certificates and allowed anonymous access but still, using SSBDiagnose, I can see errors.
  I would like to paste here my configuration and my usage of SSBDiagnose, I already asked a question about SSBDiagnose usage but this new question is rather on the usage of certificates and the configuration of SSB, for me to know if I am doing this in the
  best possible way.
  Reading on the web, I have read in few places that certificates are not mandatory and that Windows Authentication only can be used. Then, I read that even if endpoints don't request certificates, the communication between two servers will still requires
  certificates so I am wondering where is the truth... 
  I have two servers:
  EmployeesSvr (SQL Server 2012 Enterprise Edition with Always On, EmployeesSvr is the listener name in front of two virtual servers)
  CREATE MESSAGE TYPE [//E/S/ETChanged] VALIDATION = WELL_FORMED_XML
  CREATE CONTRACT [//E/S/ECContract] ([//E/S/ETChanged] SENT BY INITIATOR)
  CREATE QUEUE [dbo].[ECQueue] WITH STATUS = ON , RETENTION = OFF , ACTIVATION ( STATUS = ON , PROCEDURE_NAME = [dbo].[SSB_ECQueueProc] , MAX_QUEUE_READERS = 1 , EXECUTE AS N'dbo' )
  CREATE SERVICE [//E/S/ECService] ON QUEUE [dbo].[ECQueue] ([//E/S/ECContract])
  CREATE ROUTE [RouteToSECService] WITH SERVICE_NAME = N'//S/S/ECService' , BROKER_INSTANCE = N'F...' , ADDRESS = N'TCP://SoftwaresSrv.test.com:4022'
  CREATE REMOTE SERVICE BINDING [SECServiceBinding] TO SERVICE N'//S/S/ECService' WITH USER = [domain\SvcBrokerTestUser] , ANONYMOUS = ON
  CREATE ENDPOINT [ESBEndpoint] STATE=STARTED AS TCP (LISTENER_PORT = 4022, LISTENER_IP = ALL) FOR SERVICE_BROKER (MESSAGE_FORWARDING = DISABLED, MESSAGE_FORWARD_SIZE = 10, AUTHENTICATION = WINDOWS NEGOTIATE, ENCRYPTION = DISABLED)
  SoftwaresSvr (SQL Server 2008 R2)
  CREATE MESSAGE TYPE [//E/S/ETChanged] VALIDATION = WELL_FORMED_XML
  CREATE CONTRACT [//E/S/ECContract] ([//E/S/ETChanged] SENT BY INITIATOR)
  CREATE QUEUE [dbo].[ECQueue] WITH STATUS = ON , RETENTION = OFF , ACTIVATION ( STATUS = ON , PROCEDURE_NAME = [dbo].[SSB_ECQueueProc] , MAX_QUEUE_READERS = 1 , EXECUTE AS N'dbo' )
  CREATE SERVICE [//S/S/ECService] ON QUEUE [dbo].[ECQueue] ([//E/S/ECContract])
  CREATE ROUTE [RouteToECService] WITH SERVICE_NAME = N'//E/S/ECService' , BROKER_INSTANCE = N'2...' , ADDRESS = N'TCP://EmployeesSvr.test.com:4022'
  CREATE REMOTE SERVICE BINDING [EECServiceBinding] TO SERVICE N'//E/S/ECService' WITH USER = [domain\SvcBrokerTestUser] , ANONYMOUS = ON
  CREATE ENDPOINT [SSBEndpoint] STATE=STARTED AS TCP (LISTENER_PORT = 4022, LISTENER_IP = ALL) FOR SERVICE_BROKER (MESSAGE_FORWARDING = DISABLED, MESSAGE_FORWARD_SIZE = 10, AUTHENTICATION = WINDOWS NEGOTIATE, ENCRYPTION = DISABLED)
  My SSBDiagnose command :
  ssbdiagnose -E CONFIGURATION
  FROM SERVICE //E/S/ECService
  -S EmployersSvr
  -d EmployersDB
  TO SERVICE //S/S/ECService
  -S SoftwaresSvr
  -d SoftwaresDB
  ON CONTRACT //E/S/ECContract
  The result :
  Microsoft SQL Server 10.50.1600.1
  Service Broker Diagnostic Utility
  D 29978 EmployersSvr EmployersDB
  No valid certificate was found for user domain\SvcBrokerTestUser
  D 29977 SoftwaresSvr SoftwaresDB
  The user domain\SvcBrokerTestUser from database EmployersDB on EmployersSvr cannot be mapped into this database using certificates
  D 29933 SoftwaresSvr SoftwaresDB
  The routing address TCP://EmployeesSvr.test.com:4022 for service //E/S/ECService does not match any of the IP addresses for EmployersSvr
  An internal exception occurred: An exception occurred while executing a Transact-SQL statement or batch.
  Thank you for any help, I am searching for several answers :
  Can I use the setup as I defined, with no certificate ?  Is it risky ?
  Is there too many objects defined ?  Is it mandatory to have a Route and a Remote Service Binding ?  I don't understand how those two are working togheter...
  Is it ok to use the same windows account on each side, do they only need an 'Open' access rigth or do they need to be db_owner ?
  Best regards,
  Claude

  Hi Claude,
  1.Can I use the setup as I defined, with no certificate ?  Is it risky ?
  Service broker does not have to use certificate. The Certificate is necessary when you want to use dialog security, by which you can encrypt all messages sent outside a SQL Server instance.
  http://technet.microsoft.com/en-us/library/ms166036(v=SQL.105).aspx
  2.Is there too many objects defined ?  Is it mandatory to have a Route and a Remote Service Binding ?
  Remote Service Binding is used to privde dialog security. If you donnot need the dialog security, the Remote Service Binding is not mandatory.
  http://technet.microsoft.com/en-us/library/ms166042(v=SQL.105).aspx
  By default, each database contains a route that specifies that messages for any service which does not have an explicit route are delivered within the SQL Server instance. Since you have communications between different instances, creating a route between
  them is necessary.
  http://technet.microsoft.com/en-us/library/ms166032(v=SQL.105).aspx
  3.Is it ok to use the same windows account on each side, do they only need an 'Open' access rigth or do they need to be db_owner ?
  The windows account must own the certificate used for authentication. You can find more information below.
  http://technet.microsoft.com/en-us/library/ms166045(v=SQL.105).aspx
  http://technet.microsoft.com/en-us/library/ms186278(v=sql.105).aspx
  Best regards,

• CONFIGURE RETENTION POLICY TO REDUNDANCY 0

  Our database is 11g R2, below is our RMAN script
  Presently our retention policy is 1, so 1 backup is retained along with the current backup.
  I Just want to have 1 backup, i.e RMAN should take the backup and delete the old bacup.
  Will it work if i change the retention policy to 0 ?
  RUN
    ALLOCATE CHANNEL ch1 DEVICE TYPE DISK;
    ALLOCATE CHANNEL ch2 DEVICE TYPE DISK;
    ALLOCATE CHANNEL ch3 DEVICE TYPE DISK;
    DELETE NOPROMPT OBSOLETE;
    BACKUP DATABASE INCLUDE CURRENT CONTROLFILE format 'G:\Oracle\flash_recovery_area\BACKUPSET\tmp\rman_backup\df_%d_%s_%p_%T';
    SQL "ALTER SYSTEM ARCHIVE LOG CURRENT";
    BACKUP ARCHIVELOG ALL DELETE INPUT format 'G:\Oracle\flash_recovery_area\BACKUPSET\tmp\rman_backup\df_%d_%s_%p_%T';
  RMAN> show all
  2> ;
  using target database control file instead of recovery catalog
  CONFIGURE RETENTION POLICY TO REDUNDANCY 1;
  CONFIGURE BACKUP OPTIMIZATION OFF; # defaultEdited by: user10243788 on Apr 24, 2012 1:14 AM

  user10243788 wrote:
  Our database is 11g R2, below is our RMAN script
  Presently our retention policy is 1, so 1 backup is retained along with the current backup.
  I Just want to have 1 backup, i.e RMAN should take the backup and delete the old bacup.
  Will it work if i change the retention policy to 0 ?You cannot set the retention policy to redundancy 0 because redundancy count must be greater than zero.
  >
  RUN
  ALLOCATE CHANNEL ch1 DEVICE TYPE DISK;
  ALLOCATE CHANNEL ch2 DEVICE TYPE DISK;
  ALLOCATE CHANNEL ch3 DEVICE TYPE DISK;
  DELETE NOPROMPT OBSOLETE;
  BACKUP DATABASE INCLUDE CURRENT CONTROLFILE format 'G:\Oracle\flash_recovery_area\BACKUPSET\tmp\rman_backup\df_%d_%s_%p_%T';
  SQL "ALTER SYSTEM ARCHIVE LOG CURRENT";
  BACKUP ARCHIVELOG ALL DELETE INPUT format 'G:\Oracle\flash_recovery_area\BACKUPSET\tmp\rman_backup\df_%d_%s_%p_%T';
  }Just switch the order of operation:
  use
  BACKUP DATABASE INCLUDE CURRENT CONTROLFILE format 'G:\Oracle\flash_recovery_area\BACKUPSET\tmp\rman_backup\df_%d_%s_%p_%T';
  DELETE NOPROMPT OBSOLETE;
  instead of
  DELETE NOPROMPT OBSOLETE;
  BACKUP DATABASE INCLUDE CURRENT CONTROLFILE format 'G:\Oracle\flash_recovery_area\BACKUPSET\tmp\rman_backup\df_%d_%s_%p_%T';
  You can also exclude the operation SQL "ALTER SYSTEM ARCHIVE LOG CURRENT" because BACKUP ARCHIVELOG ALL implicitly switch logfile before archiving.

• Service-policy output not working in Cisco 3560 switch

  We got some Cisco catalyst 3560 that we want to control the bandwidth
  on the ports. Can this be done, and how do i do it?
  Ive got 3550s that can do policy-map with the interface command;
  service-policy output(and input) <policyname>
  But 3560 only seems to handle service-policy input.
  If i try to configure output, it says the following:
  SW(config-if)#service-policy output 4mbit-out
  police command is not supported for this interface
  Configuration failed!
  Warning: Assigning a policy map to the output side of an interface not
  supported
  Any workarounds or new ways to accomplish bandwith-control on a 3560 ?
  regards,
  Rajib

  The 3560 & 3750 (& 2960) don't support egress policy-maps. They do however support queueing so it is possible to achieve similar results by applying an ingress policer to your user ports to classify (& police?) the traffic, at the egress port you can then queue the traffic based on it's DSCP or CoS value that it was classified with (same as 3550).
  It is also possible to restrict the bandwidth in use at an egress port with the interface command 'srr-queue bandwidth limit <10-90>' where 10-90 represents a percentage of the links bandwidth. For example if you want to restrict a 100Mbps port to 10Mbps you would use the command 'srr-queue bandwidth limit 10'
  HTH
  Andy

• Fundamental ACL & Service Policy related questions

  Hi All,
  apologies in advance for seemingly stupid questions but I was forced to ask them as I have ALWAYS had great difficulty in using debug on Cisco platforms. Nothing ever shows up when I set up debug despite configuring "logging console" and setting the level to 7 etc. I have no clue why that is and if it's because all debugging messages go to the debug log instead of being prnted on the console, or what it is...I just don't get it. When I'm saying logging console...please print it on the console! Anyway, that rant aside...
  I have a VERY simple topology like so
                                                                                      A few servers in this VLAN
  ISP <---> 3560G (Physical Routed Port) <--> SVI (VLAN)
                                                                                      ASA5520 <--> Internal VLAN
  With regards to ACLs and their direction, when an ACL is applied to a physical port (or in cases where QoS is enabled and a service-policy) is applied to either a routed physical port on the 3560, saying that the policy is applied in the "in" direction (or 'input' in case of service-policy) does that mean 'inbound' in either direction? As in IF that routed port is my direct connection to the ISP, and I set up "ip access-group myacl in" (or service-policy input myPolicymap) ...will that be applicable if the traffic enters that port from the ISP side OR from the internal network side, or "IN" for it is always JUST the ISP side because it's assuming that all traffic generated from inside the network going out to the Internet is implcitly allowed UNLESS an ACL somewhere in the network restricts that?
  then, in case of an SVI...I believe just like the physical routed port, I can ONLY implement an "Inbound" ACL on this as well. So when I implement either a Heirarchical policy-map or just an access-group "in", then what is "IN" ...traffic entering this VLAN from the internal network and those public servers going out to the Internet AND Traffic entering this VLAN from the ISP/Internet via the physical routed Port OR is it JUST the latter, or is it just the former?
  Now Lastly, when I have the physical ports to which the ASA and each of those physical servers are connected to sitting on the public VLAN, if I apply port-based ACLs or service-policies to them, then again, what direction is the "IN" ACL applied? Both? i.e. traffic coming into it from the public servers and the Internal network through the ASA, and the Internet OR just the traffic coming into it from the Internet, but the traffic going out from the servers to the Internet is not subjected to this ACL or service-policy
  Again, very sorry for a dumb question but I'm seeing bizzare things in my network so was just wondering before I decide on what kind of security I want to plan/design
  Thanks in advance

  The mystical difference between debug output going to the console versus showing up in syslog is "logging debug-trace".  On goes to syslog, "no logging debug-trace" goes to console.  I've been bit by this one myself.
  ACLs on physical ports have directionality like the cable plug: "in" is from the cable entering into the switch or firewall, "out" is leaving the device to run along the cable to somewhere else.  On Catalyst switches port ACLs are inbound (receiving packets) only.  Obviously, on directly connected devices, one devices out is the other devices in.
  ACLs on SVI's depend on whether your are running a base image or services image; services images can do IPv4 and IPv6 in both directions.  However, port ACL's trump routed ACL's; if both exist, the port ACL is the only one applied.  I think if a directly connected port has no port ACL, no ACL is applied at all; routed ACL's on SVI's only apply to transitions between VLANs inside the switch, not to traffic entering physical ports.
  -- Jim Leinweber, WI State Lab of Hygiene

• OWSM user name token service policy for a proxy service at OSB

  Hi Friends,
  I am facing an issue while trying for the OWSM user name token service policy Authentication for a proxy service at OSB. I am using the PS4 SOA suite with AIA foundation pack. very first I am login into the EM console and choose the domain<soaosb_domain> form web logic domain I moved to security->security provide configuration. Inside the security provide configuration we have to key store section and I expand that and we have a configure button inside the keys tore. I click that button and it open a new page. In that page I got the Java key store (JKS) as the default key store and in the access Attributes I keep the default key store path and fill password and confirm password fields. Then in Identity certificates I fill the signature key and Encryption key with key Alias as 'orakey' and same password which I am mentioned at access Attributes. I got the message like the key store is created successfully. Then I restarted the server and again I am login into the EM console and choose the domain<soaosb_domain> form web logic domain I moved to security. In security I choose the credentials. In credentials we have create key. In the create key I add the key as hari-key and provide the hari as a user and his password.
  While trying to test the proxy service i am getting the [OSB Security - OWSM: 387253] Failed to initialize OWSM Credential Manager. Please validate the Key store Configuration.
  can anyone please look at this and suggest me how can I proceed for this.
  Thanks
  Hari

  anyone please respond to the above request.
  Thanks
  Hari

• Cannot read from policy store.

  Hi All,
  while starting our managed server(soa_server1) we are getting below error.
  we tried removing cache, tmp and data and fresh restart but no luck.
  The Memory on the mount point was 100% full, we have freed some memroy but now the server is not coming up.
  Any solutin or pointer would be really helpful.
  <Apr 3, 2013 1:17:14 PM EST> <Notice> <Log Management> <BEA-170019> <The server log file /opt/app/Middleware/user_projects/domains/dev1_aia_domain/servers/soa_server1/logs/soa_server1.log is opened. All server side log events will be written to this file.>
  oracle.security.jps.JpsRuntimeException: Cannot read from policy store.
  at oracle.security.jps.internal.policystore.xml.XmlPolicyStore.buildFromFile(XmlPolicyStore.java:440)
  at oracle.security.jps.internal.policystore.xml.XmlPolicyStore.<init>(XmlPolicyStore.java:227)
  at oracle.security.jps.internal.policystore.xml.XmlPolicyStoreProvider.getInstance(XmlPolicyStoreProvider.java:100)
  at oracle.security.jps.internal.policystore.xml.XmlPolicyStoreProvider.getInstance(XmlPolicyStoreProvider.java:74)
  at oracle.security.jps.internal.core.runtime.ContextFactoryImpl.findServiceInstance(ContextFactoryImpl.java:139)
  at oracle.security.jps.internal.core.runtime.ContextFactoryImpl.getContext(ContextFactoryImpl.java:170)
  at oracle.security.jps.internal.core.runtime.ContextFactoryImpl.getContext(ContextFactoryImpl.java:191)
  at oracle.security.jps.internal.core.runtime.JpsContextFactoryImpl.getContext(JpsContextFactoryImpl.java:132)
  at oracle.security.jps.internal.core.runtime.JpsContextFactoryImpl.getContext(JpsContextFactoryImpl.java:127)
  at oracle.security.jps.internal.policystore.PolicyUtil$1.run(PolicyUtil.java:850)
  at oracle.security.jps.internal.policystore.PolicyUtil$1.run(PolicyUtil.java:844)
  at oracle.security.jps.internal.policystore.PolicyUtil.getDefaultPolicyStore(PolicyUtil.java:844)
  at oracle.security.jps.internal.policystore.PolicyDelegationController.<init>(PolicyDelegationController.java:291)
  at oracle.security.jps.internal.policystore.PolicyDelegationController.<init>(PolicyDelegationController.java:285)
  at oracle.security.jps.internal.policystore.JavaPolicyProvider.<init>(JavaPolicyProvider.java:270)
  at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
  at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
  at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
  at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
  at java.lang.Class.newInstance0(Class.java:355)
  at java.lang.Class.newInstance(Class.java:308)
  at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.loadOPSSPolicy(CommonSecurityServiceManagerDelegateImpl.java:1339)
  at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1020)
  at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:879)
  at weblogic.security.SecurityService.start(SecurityService.java:141)
  at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
  at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
  at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)
  Caused by: oracle.security.jps.JpsRuntimeException: javax.xml.stream.XMLStreamException: javax.xml.stream.XMLStreamException: Premature end of file encountered
  at oracle.security.jps.internal.core.datastore.xml.XmlDataStoreParser.getDataStoreEntryStax(XmlDataStoreParser.java:166)
  at oracle.security.jps.internal.core.datastore.xml.XmlDataStoreParser.getDataStoreEntry(XmlDataStoreParser.java:180)
  at oracle.security.jps.internal.core.datastore.xml.XmlDataStoreParser.getDataStoreEntry(XmlDataStoreParser.java:187)
  at oracle.security.jps.internal.core.datastore.xml.XmlDataStore.loadXmlDataStore(XmlDataStore.java:418)
  at oracle.security.jps.internal.core.datastore.xml.XmlDataStore.<init>(XmlDataStore.java:283)
  at oracle.security.jps.internal.core.datastore.xml.XmlDataStore.getInstance(XmlDataStore.java:216)
  at oracle.security.jps.internal.policystore.xml.XmlPolicyStore.buildFromFile(XmlPolicyStore.java:436)
  at oracle.security.jps.internal.policystore.xml.XmlPolicyStore.<init>(XmlPolicyStore.java:228)
  ... 26 more
  Caused by: javax.xml.stream.XMLStreamException: javax.xml.stream.XMLStreamException: Premature end of file encountered
  at weblogic.xml.stax.XMLStreamReaderBase.prime(XMLStreamReaderBase.java:80)
  at weblogic.xml.stax.XMLStreamReaderBase.setInput(XMLStreamReaderBase.java:99)
  at weblogic.xml.stax.XMLStreamInputFactory.createXMLStreamReader(XMLStreamInputFactory.java:316)
  at oracle.security.jps.internal.core.datastore.xml.XmlDataStoreParser.getDataStoreEntryStax(XmlDataStoreParser.java:98)
  ... 33 more
  Caused by: javax.xml.stream.XMLStreamException: Premature end of file encountered
  at weblogic.xml.stax.XMLStreamReaderBase.prime(XMLStreamReaderBase.java:69)
  at weblogic.xml.stax.XMLStreamReaderBase.setInput(XMLStreamReaderBase.java:100)
  at weblogic.xml.stax.XMLStreamInputFactory.createXMLStreamReader(XMLStreamInputFactory.java:317)
  ... 34 more
  <Apr 3, 2013 1:17:19 PM EST> <Error> <Security> <BEA-090892> <The loading of OPSS java security policy provider failed due to exception, see the exception stack trace or the server log file for root cause. If still see no obvious cause, enable the debug flag -Djava.security.debug=jpspolicy to get more information. Error message: oracle.security.jps.JpsException: [PolicyUtil] Exception while getting default policy Provider>
  <Apr 3, 2013 1:17:19 PM EST> <Critical> <WebLogicServer> <BEA-000386> <Server subsystem failed. Reason: weblogic.security.SecurityInitializationException: The loading of OPSS java security policy provider failed due to exception, see the exception stack trace or the server log file for root cause. If still see no obvious cause, enable the debug flag -Djava.security.debug=jpspolicy to get more information. Error message: oracle.security.jps.JpsException: [PolicyUtil] Exception while getting default policy Provider
  weblogic.security.SecurityInitializationException: The loading of OPSS java security policy provider failed due to exception, see the exception stack trace or the server log file for root cause. If still see no obvious cause, enable the debug flag -Djava.security.debug=jpspolicy to get more information. Error message: oracle.security.jps.JpsException: [PolicyUtil] Exception while getting default policy Provider
  at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.loadOPSSPolicy(CommonSecurityServiceManagerDelegateImpl.java:1398)
  at weblogic.security.service.CommonSecurityServiceManagerDelegateImpl.initialize(CommonSecurityServiceManagerDelegateImpl.java:1018)
  at weblogic.security.service.SecurityServiceManager.initialize(SecurityServiceManager.java:873)
  at weblogic.security.SecurityService.start(SecurityService.java:141)
  at weblogic.t3.srvr.SubsystemRequest.run(SubsystemRequest.java:64)
  Truncated. see log file for complete stacktrace
  Truncated. see log file for complete stacktrace
  Caused By: oracle.security.jps.JpsRuntimeException: oracle.security.jps.JpsException: [PolicyUtil] Exception while getting default policy Provider
  at oracle.security.jps.internal.policystore.PolicyDelegationController.<init>(PolicyDelegationController.java:293)
  at oracle.security.jps.internal.policystore.PolicyDelegationController.<init>(PolicyDelegationController.java:284)
  at oracle.security.jps.internal.policystore.JavaPolicyProvider.<init>(JavaPolicyProvider.java:270)
  at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
  at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
  Truncated. see log file for complete stacktrace
  Caused By: oracle.security.jps.JpsException: [PolicyUtil] Exception while getting default policy Provider
  at oracle.security.jps.internal.policystore.PolicyUtil.getDefaultPolicyStore(PolicyUtil.java:899)
  at oracle.security.jps.internal.policystore.PolicyDelegationController.<init>(PolicyDelegationController.java:291)
  at oracle.security.jps.internal.policystore.PolicyDelegationController.<init>(PolicyDelegationController.java:285)
  at oracle.security.jps.internal.policystore.JavaPolicyProvider.<init>(JavaPolicyProvider.java:270)
  at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
  Truncated. see log file for complete stacktrace
  Caused By: java.security.PrivilegedActionException: oracle.security.jps.JpsException: [PolicyUtil] Unable to obtain default JPS Context!
  at oracle.security.jps.internal.policystore.PolicyUtil.getDefaultPolicyStore(PolicyUtil.java:844)
  at oracle.security.jps.internal.policystore.PolicyDelegationController.<init>(PolicyDelegationController.java:291)
  at oracle.security.jps.internal.policystore.PolicyDelegationController.<init>(PolicyDelegationController.java:285)
  at oracle.security.jps.internal.policystore.JavaPolicyProvider.<init>(JavaPolicyProvider.java:270)
  at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
  Truncated. see log file for complete stacktrace
  Caused By: oracle.security.jps.JpsException: [PolicyUtil] Unable to obtain default JPS Context!
  at oracle.security.jps.internal.policystore.PolicyUtil$1.run(PolicyUtil.java:860)
  at oracle.security.jps.internal.policystore.PolicyUtil$1.run(PolicyUtil.java:844)
  at oracle.security.jps.internal.policystore.PolicyUtil.getDefaultPolicyStore(PolicyUtil.java:844)
  at oracle.security.jps.internal.policystore.PolicyDelegationController.<init>(PolicyDelegationController.java:291)
  at oracle.security.jps.internal.policystore.PolicyDelegationController.<init>(PolicyDelegationController.java:285)
  Truncated. see log file for complete stacktrace
  Caused By: oracle.security.jps.JpsRuntimeException: Cannot read from policy store.
  at oracle.security.jps.internal.policystore.xml.XmlPolicyStore.buildFromFile(XmlPolicyStore.java:440)
  at oracle.security.jps.internal.policystore.xml.XmlPolicyStore.<init>(XmlPolicyStore.java:227)
  at oracle.security.jps.internal.policystore.xml.XmlPolicyStoreProvider.getInstance(XmlPolicyStoreProvider.java:100)
  at oracle.security.jps.internal.policystore.xml.XmlPolicyStoreProvider.getInstance(XmlPolicyStoreProvider.java:74)
  at oracle.security.jps.internal.core.runtime.ContextFactoryImpl.findServiceInstance(ContextFactoryImpl.java:139)
  Truncated. see log file for complete stacktrace
  Caused By: oracle.security.jps.JpsRuntimeException: javax.xml.stream.XMLStreamException: javax.xml.stream.XMLStreamException: Premature end of file encountered
  ed
  at oracle.security.jps.internal.core.datastore.xml.XmlDataStoreParser.getDataStoreEntryStax(XmlDataStoreParser.java:166)
  at oracle.security.jps.internal.core.datastore.xml.XmlDataStoreParser.getDataStoreEntry(XmlDataStoreParser.java:180)
  at oracle.security.jps.internal.core.datastore.xml.XmlDataStoreParser.getDataStoreEntry(XmlDataStoreParser.java:187)
  at oracle.security.jps.internal.core.datastore.xml.XmlDataStore.loadXmlDataStore(XmlDataStore.java:418)
  at oracle.security.jps.internal.core.datastore.xml.XmlDataStore.<init>(XmlDataStore.java:283)
  Truncated. see log file for complete stacktrace
  Caused By: javax.xml.stream.XMLStreamException: javax.xml.stream.XMLStreamException: Premature end of file encountered
  at weblogic.xml.stax.XMLStreamReaderBase.prime(XMLStreamReaderBase.java:80)
  at weblogic.xml.stax.XMLStreamReaderBase.setInput(XMLStreamReaderBase.java:99)
  at weblogic.xml.stax.XMLStreamInputFactory.createXMLStreamReader(XMLStreamInputFactory.java:316)
  at oracle.security.jps.internal.core.datastore.xml.XmlDataStoreParser.getDataStoreEntryStax(XmlDataStoreParser.java:98)
  at oracle.security.jps.internal.core.datastore.xml.XmlDataStoreParser.getDataStoreEntry(XmlDataStoreParser.java:180)
  Truncated. see log file for complete stacktrace
  Caused By: javax.xml.stream.XMLStreamException: Premature end of file encountered
  at weblogic.xml.stax.XMLStreamReaderBase.prime(XMLStreamReaderBase.java:69)
  at weblogic.xml.stax.XMLStreamReaderBase.setInput(XMLStreamReaderBase.java:100)
  at weblogic.xml.stax.XMLStreamInputFactory.createXMLStreamReader(XMLStreamInputFactory.java:317)
  at oracle.security.jps.internal.core.datastore.xml.XmlDataStoreParser.getDataStoreEntryStax(XmlDataStoreParser.java:98)
  at oracle.security.jps.internal.core.datastore.xml.XmlDataStoreParser.getDataStoreEntry(XmlDataStoreParser.java:180)
  Truncated. see log file for complete stacktrace
  >
  <Apr 3, 2013 1:17:20 PM EST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to FAILED>
  <Apr 3, 2013 1:17:20 PM EST> <Error> <WebLogicServer> <BEA-000383> <A critical service failed. The server will shut itself down>
  <Apr 3, 2013 1:17:20 PM EST> <Notice> <WebLogicServer> <BEA-000365> <Server state changed to FORCE_SHUTTING_DOWN>

  Hi,
  Your issue is something similar to the issue described in below metalink id. Please check below metalink id, you issue may be resolved.
  Start OMS failed with "javax.xml.stream.XMLStreamException: Premature end of file encountered" [ID 1481158.1]
  Mark if this helps you.
  Regards,
  Kishore