Cisco WAAS WAE-674 - Slow response in IE-7 PC's while trying to access the SAP application through cisco WEA
Hi,
From location A when we are trying to access the SAP application in location B through WAE-674 via internet Explorer there is a slow response in IE-7 PC's compare to IE-8 PC's,But when we try without WAE-674 the response is normal.
We also found that optimization in location A WAAS device as 70-90% but still users are facing slowness while opening the Webpage.
Please suggest how to address the problem ASAP.
Thanks & Regards,
P.Ramkumar
I would suggest that you open a case with the tac to look at this. Matthew
Similar Messages
-
Slow connection with OS X 10.7 while trying to access a Windows 2003 server
Good afternoon:
I am a systems engineer in an enterprise environment that is now deploying Macs and I have been finding that the Macs have a very slow connection to the Windows 2003 server; even after installing all necessry components.
All of the Macs access network services via Active Directory
The issue is the connection speed when trying to access folders on the servers.
Does anyone have any ideas as to speed up this connectivity issue?Did you resolve this issue? Any links to anwers to this?
thank you. -
Getting error response while trying to access REST webservice through Powerbuilder
Hi Team,
I am trying to access a rest webservice through powerbuilder 12.5(.net).The rest webservice is secured through basic authentication.I am passing the userid and password through powerbuilder to acess the service,But its returning an error .But while i am trying to accss the same REST webservice through SOAPUI, i am able to get the response.
Please find the below line of code which i have written in powerbuilder.
p_testcleint2 lp_rest
string ls_string
lp_rest=create p_testcleint2
PBWebHttp.WebClientCredential lsCredential //configure credentials
lsCredential = create PBWebHttp.WebClientCredential
lsCredential.AccessAuthentication = PBWebHttp.AuthenticationMode.Basic!
lsCredential.Password='Pa$$word1!'
lsCredential.Username='admin'
lp_rest.restConnectionObject.ClientCredential = lsCredential //add credentials to connection
try
lp_rest.PostMessage()
catch (System.Exception ee)
messagebox("Failure",string(ee.Message))
end try
Error i am getting as below :
The remote server returned an error:(401) unauthorized.
Can you please let me know why this error is coming or do i need to any extra paramert in the lsCredential to handle this.
Thanks in advance.
Regards
SubratHi Chris,
Thanks for the reply.
Yes i checked -in fiddler, the basic authentication request is not generating in the fiddler.
In the same Rest service if i turned off the basic authentication then call is happening in Powerbuilder and its displaying in fiddler also.
Regards
Subrat -
Cisco ACE Issue accessing SAP applications through ACE appliance
Hi,
I have website whose VIP resides on my ACE appliance. That site has many links on it which are SAP applications.
For one link, when i click it first time, user is asked for authentication which is not actually required and get blank page.
When I click back (go to main site again) and again click the same link, it opens normally without any authentication prompt.
Rest all links on the site have no issues and open normally.
I had same issue with acceptance for same application and below parameter map resolved the issue
parameter-map type http case_param
case-insensitive
persistence-rebalance
set header-maxparse-length 65535
set content-maxparse-length 65535
length-exceed continue
I tried using same parameter map with persistance rebalance disbaled but still it does not work.
What could be the issue in this case?Hi,
The SAP has front end server to which ACE is sending traffic dstined to particular VIP. front end server then communicates with backend server for all date related to all applications. When client is using different applications, url in browser remains the same. All applications are working fine except this single application.
same setup is working fine with cisco CSS and even the accepatnce is working fine for same set of applications.
I am getting bad tcp checksum messges in capture output.
10.38.199.196 is client IP....10.36.64.40 is VIP and , 10.36.64.86 is nat ip and 10.36.32.55 is front end server which is user interface to various applications -
My time capsule is currently not backing up my MAC. My airport utility states it can't find any airport wireless devices. But I can access the internet via my time capsule. I was trying to reset my time capsule but it won't let me since the airport utiity states it can't find any airport wireless devices.
i was having the same problem. i held the reset button on my airport express for ten seconds, waited for it to restart and than unplugged my internet modem for 15 seconds and waited for it to restart and my wireless worked. but when i go to setup everything through the airport utility everything goes to crap and i have to start over again. i don't get it.
-
Hi,
We are facing the following error while trying to access the given Windows Azure Pack Public tenant API to query the virtual machines list along with network adaper details -
java.io.IOException: Server returned HTTP response code: 500 for URL: https://<hostname>:30006/<subscription-id>/services/systemcenter/vmm/VirtualMachines?$expand=VirtualNetworkAdapters&$top=10000&$skip=0
The response is proper when we access the following URL -
https://<hostname>:30006/<subscription-id>/services/systemcenter/vmm/VirtualMachines
Only on adding the $expand=VirtualNetworkAdapters, url parameter we are getting the above error.
Where can we check for the error logs on the Azure Pack server ? We checked for the logs using Windows Event Viewer but did not find any for the public tenant API.
What should be the cause for such an error and how can we fix this to get the proper data?
Thanks in advance.Yes, we tried this, $top=10&$skip=0 works for the following url
https://<hostname>:30006/<subscription-id>/services/systemcenter/vmm/VirtualMachines?$top=10&$skip=0
It is only when we add $expand=VirtualNetworkAdapters,
the server returns the mentioned error response -
URL for which the server returns the 500 error -
https://<hostname>:30006/<subscription-id>/services/systemcenter/vmm/VirtualMachines?$expand=VirtualNetworkAdapters&$top=10&$skip=0
Can
you point to the error logs for Windows Azure Pack and SPF ? -
We are having weird issue:
While accessing CDN (tied to blob images) we get this occasional slowness in images loading between 8:00AM to 9:00AM EST. Also we have SiteGuardian tool setup to monitor our page which has CDN Images which reports slowness in getting images.
Sometimes we get slow response:
URL
https://xxxxx.vo.msecnd.net/xxxxxx/629120870.jpg
Content-Type
application/octet-stream
Element Type
image
Resolve host time
1.032823 seconds
Request connect time
0.012877 seconds
Request transmit time
25.593073 seconds
Response server time
0.337203 seconds
Response receive time
0.002101 seconds
Total time
26.98s
Response
200 - OK
Size
23 K
When things are fine we get a quick response:
URL
https://xxxxx.vo.msecnd.net/xxxxxx/629120870.jpg
Content-Type
application/octet-stream
Element Type
image
Resolve host time
0.012714 seconds
Request connect time
0.035204 seconds
Request transmit time
0.294088 seconds
Response server time
0.254342 seconds
Response receive time
0.006517 seconds
Total time
603ms
Response
200 - OK
Size
23 K
And sometime it just times out.
What is the best way to trouble shoot such scenario? Is there any logging available if a request fails or if there is slowness in response time? Also, anyway to find out which CDN nodes things are cached at etc?
Thanks in advance.Hi - Our issue is not yet resolved.
We have CDN connected to Azure Blob Storage Account. We let CDN Heuristics control the caching as our images (blobs) do not have any cache control policy set at this time.
We enabled log and we are seeing such entries, one is below:
1.0;2014-03-07T14:35:43.8958635Z;GetBlob;AnonymousClientOtherError;304;4;4;anonymous;;containername;blob;"http://XXXX.blob.core.windows.net/image1087175937.jpg";"/containername/image1087175937.jpg";abcc2dd9-cf8d-42c5-9e54-7dd9d96a3177;0;65.54.81.147:23347;2009-09-19;696;0;116;0;0;;;;;"If-None-Match=Tuesday,
04-Mar-14 00:22:58 GMT";"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; BRI/2; EIE10;ENUSWOL)";"REFERRER URL";
Are such entries getting logged because of CDN or why do we get these? The IP address is a Microsoft IP.
Based on documentation it seems:
AnonymousClientOtherError
Indicates that the anonymous requests failed precondition checks (like If- Modified etc.) for GET requests.
Examples: Conditional GET requests that fail the check.
Thanks in advance. -
Hi ,
My database is 10.02.0.4.0 on Solaris 5.9.
We are using Oracle 10g AS as Application server to
host the Application. Whenever the end user trying to access the
application who got the very solw response. At the application level
we have configured enough settings on datasource and connection pool parameters.
At Oracle Level 150 session, Processes 300 has set.
what could be the reason for End user getting problem like "Slow response","Connection Tiemd out".
Any parameter need to change. When I getting this error, what is the appraoch i need to follow to mitigate these kind of error in future .
Thanks,
TippuI have a performance checklist at :
Re: Multiple Sessions Performance Issue …………
Hth
Girish Sharma -
When trying to access the control center from the lock screen, it takes anywhere from 2 to MANY swipes to get a response. Never opens on the first try.
I'm not having the same problem, but there is a feature in the OS that attempts to discern from swipes to unlock and swipes to open control center. This is what you may be experiencing.
-
Why does HP LoadRunner measure slow response time for SAP GUI selection steps?
We are running HP LoadRunner 11.52 scenarios out to multiple (up to 4) load generators. Load generators have 24 GB ram and 8 CPU's. We have run a maximum of 200 users and see a maximum usage of ~25% on CPU's. We were previously running SAP GUI 7.4 and downgraded to 7.3 when we came to understand 7.4 is not supported in PAM for LR 11.52. Regardless, our results have not changed. What we are trying to resolve is why the first two steps of opening the SAP GUI and entering system-related selection is taking so long to process? Additionally, we typically see that during the time escalation of those steps, that there is a period where the process seems to pause for a large time gap. The process below shows a snapshot while in progress. The SAP GUI steps are hitting severe peaks wthile all other steps during the process tend to track at a steady quick response time. Any degradation there looks to be tied to the long pauses.
Would anyone have knowledge or experience with this type of output and understand why it might be consistenty happening? Thanks.> Has anybody else been contacted by SAP regarding a "Very Important Notification about Security and Your SAP System"
A forum search on ' 1298160", one of the note numbers, reveals the answer to your question.
Please always use the search first. -
How do I access the DCJMS* variables in my response SOAP:Header ?
Hi all,
I have set up a sync / async Integration Process in XI
This is initiated by a SAP R/3 transaction that calls a synchronous function to enter XI
Once in the Bridge, a JMS receiver adapter sends out an asynchronous request message from XI to MQ
A correlation allows the JMS sender adapter to return an asynchronous response message from MQ to XI back into my the Integration Process
I have set up the JMS sender adapter configuration to return the DC (dynamic configuration) variables in the <SOAP:Header> of the XI response message along with the payload
You can see that the DCJMS* variables are returned below
<?xml version="1.0" encoding="UTF-8" standalone="yes" ?>
- <!--
Response
-->
- <SOAP:Envelope xmlns:SOAP="http://schemas.xmlsoap.org/soap/envelope/" xmlns:SAP="http://sap.com/xi/XI/Message/30">
- <SOAP:Header>
+ <SAP:Main xmlns:SAP="http://sap.com/xi/XI/Message/30" xmlns:SOAP="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsu="http://www.docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" versionMajor="003" versionMinor="000" SOAP:mustUnderstand="1" wsu:Id="wsuid-main-92ABE13F5C59AB7FE10000000A1551F7">
+ <SAP:ReliableMessaging xmlns:SAP="http://sap.com/xi/XI/Message/30" xmlns:SOAP="http://schemas.xmlsoap.org/soap/envelope/" SOAP:mustUnderstand="1">
+ <SAP:HopList xmlns:SAP="http://sap.com/xi/XI/Message/30" xmlns:SOAP="http://schemas.xmlsoap.org/soap/envelope/" SOAP:mustUnderstand="1">
+ <SAP:RunTime xmlns:SAP="http://sap.com/xi/XI/Message/30" xmlns:SOAP="http://schemas.xmlsoap.org/soap/envelope/">
+ <SAP:PerformanceHeader xmlns:SAP="http://sap.com/xi/XI/Message/30">
- <SAP:DynamicConfiguration xmlns:SAP="http://sap.com/xi/XI/Message/30" xmlns:SOAP="http://schemas.xmlsoap.org/soap/envelope/" SOAP:mustUnderstand="1">
<SAP:Record namespace="http://sap.com/xi/XI/System/JMS" name="DCJMSCorreleationID">40D982A0-B19D-11DB-9508-0002A5D5916B</SAP:Record>
<SAP:Record namespace="http://sap.com/xi/XI/System/JMS" name="DCJMSTimestamp">1170297456940</SAP:Record>
<SAP:Record namespace="http://sap.com/xi/XI/System/JMS" name="DCJMSMessageID">ID:414d5120514d4430312020202020202045c12b962001dd02</SAP:Record>
</SAP:DynamicConfiguration>
- <SAP:Diagnostic xmlns:SAP="http://sap.com/xi/XI/Message/30" xmlns:SOAP="http://schemas.xmlsoap.org/soap/envelope/" SOAP:mustUnderstand="1">
<SAP:TraceLevel>Information
<b>Question</b>
I want to access the DCJMS* variables but am not sure how to go about it as the
variables exist in the <SOAP:Header>?
I followed the SAP documentation to access adapter-specific attributes (refer to link http://help.sap.com/saphelp_nw04/helpdata/en/14/80243b4a66ae0ce10000000a11402f/frameset.htm )
I have used the following code to create a user-defined function for the accessing adapter specific attributes (similar to the link)
public String Get_Msgid(Container container){
DynamicConfiguration conf = (DynamicConfiguration) container.getTransformationParameters().get
(StreamTransformationConstants.DYNAMIC_CONFIGURATION);
DynamicConfigurationKey key = DynamicConfigurationKey.create
("http://sap.com/xi/XI/System/JMS","DCJMSMessageID");
String jmsMsgID = conf.get(key);
return jmsMsgID;
<b>Question</b>
Do I use message mapping to extract the DCJMS* variables?
<b>Question</b>
If so then which message is used for the source message so that I can access the <SOAP:Header>? Eg do I use the response message type or is there a trick to accessing the SOAP:Header?
<b>Question</b>
Do I use the user-defined function (like above)?
I performed the following steps
Opened the message mapping in edit mode
Created the user-defined function using the graphical editor
Saved the message mapping
I have not connected the user-defined function to any of the xml tags in either the source or target messages
When I go to test the message mapping I am getting the following error
Compilation process error : CreateProcess: null\bin\javac -J-Xmx256m @E:/usr/sap/XID/DVEBMGS00/j2ee/cluster/server0/./temp/classpath_resolver/Mapd79a7bf0b65611dbaf390002a5d5916b/O1170817003886.txt @E:/usr/sap/XID/DVEBMGS00/j2ee/cluster/server0/./temp/classpath_resolver/Mapd79a7bf0b65611dbaf390002a5d5916b/S1170817003886.txt error=2
STACKTRACE:
com.sap.aii.ib.core.mapping.exec.ExecuteException: Compilation process error : CreateProcess: null\bin\javac -J-Xmx256m @E:/usr/sap/XID/DVEBMGS00/j2ee/cluster/server0/./temp/classpath_resolver/Mapd79a7bf0b65611dbaf390002a5d5916b/O1170817003886.txt @E:/usr/sap/XID/DVEBMGS00/j2ee/cluster/server0/./temp/classpath_resolver/Mapd79a7bf0b65611dbaf390002a5d5916b/S1170817003886.txt error=2
at com.sap.aii.ib.server.mapping.exec.ServiceUtil.compileSourceCode(ServiceUtil.java:207)
at com.sap.aii.ib.server.mapping.exec.ServiceUtil.compile(ServiceUtil.java:156)
at com.sap.aii.ibrep.server.mapping.ServerMapService.compileSourceCode(ServerMapService.java:361)
at com.sap.aii.ibrep.server.mapping.ServerMapService.compileSourceCodeWithoutAndWithArchives(ServerMapService.java:301)
at com.sap.aii.ibrep.server.mapping.ServerMapService.execute(ServerMapService.java:153)
at com.sap.aii.ibrep.sbeans.mapping.MapServiceBean.execute(MapServiceBean.java:52)
at com.sap.aii.ibrep.sbeans.mapping.MapServiceRemoteObjectImpl0.execute(MapServiceRemoteObjectImpl0.java:259)
at com.sap.aii.ibrep.sbeans.mapping.MapServiceRemoteObjectImpl0p4_Skel.dispatch(MapServiceRemoteObjectImpl0p4_Skel.java:146)
at com.sap.engine.services.rmi_p4.DispatchImpl._runInternal(DispatchImpl.java:304)
at com.sap.engine.services.rmi_p4.DispatchImpl._run(DispatchImpl.java:193)
at com.sap.engine.services.rmi_p4.server.P4SessionProcessor.request(P4SessionProcessor.java:122)
at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
at java.security.AccessController.doPrivileged(Native Method)
at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:100)
at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:170)
A thread in the SDN (Error while Activating Message Mapping, Posted: Jan 9, 2007 3:32 PM) suggests checking the java path on the XI machine
This is JAVA_HOME=C:\j2sdk1.4.2_08 and seems ok
<b>Question</b>
Do you know why I would get the compilation error?
Any assistance would be appreciated
Regards,
MikeJin,
My compilation issue has gone via a SAP recommendation to specify the JDK home directory in the instance profile
Back to the mapping - I can now run my scenario
<b>Source message</b>
The response message has the following <SOAP:Header> from which I want to extract the DCJMSCorreleationID (note that it's misspelt)
<?xml version="1.0" encoding="UTF-8" standalone="yes" ?>
- <!-- Response
-->
- <SAP:DynamicConfiguration xmlns:SAP="http://sap.com/xi/XI/Message/30" xmlns:SOAP="http://schemas.xmlsoap.org/soap/envelope/" SOAP:mustUnderstand="1">
<SAP:Record namespace="http://sap.com/xi/XI/System/JMS" name="DCJMSCorreleationID">40D982A0-B19D-11DB-9508-0002A5D5916B</SAP:Record>
<SAP:Record namespace="http://sap.com/xi/XI/System/JMS" name="DCJMSTimestamp">1170297456940</SAP:Record>
<SAP:Record namespace="http://sap.com/xi/XI/System/JMS" name="DCJMSMessageID">ID:414d5120514d4430312020202020202045c12b962001dd02</SAP:Record>
</SAP:DynamicConfiguration>
<b>Grahpical mapping</b>
LHS - Response message with occurrance 0..1 so it is not connected to my UDF
UDF Get_Corrid with no inputs
RHS - The UDF output is connected to the Acknowledgement msg tag <ACK>
<b>UDF</b>
DynamicConfiguration conf = (DynamicConfiguration) container.getTransformationParameters().get
(StreamTransformationConstants.DYNAMIC_CONFIGURATION);
DynamicConfigurationKey key = DynamicConfigurationKey.create
("http://sap.com/xi/XI/System/JMS","DCJMSCorreleationID");
String Corrid = conf.get(key);
return Corrid;
<b>Target message</b>
The idea is to copy the correlation id of the response message into the acknowledgement message. But as you can see the result is NULL
<?xml version="1.0" encoding="utf-8" ?>
- <ns2:AWB0020_MARKET_DATA_RESPONSE_ACK xmlns:ns2="http://awb.com.au/mq/tx/MarketData">
<ACK>null</ACK>
</ns2:AWB0020_MARKET_DATA_RESPONSE_ACK>
Please advise
Thanks Mike -
Error when trying to read the SOAP Response
Hai,
iam trying to access the web service of DUBAI international Airport
GetFlightSchedulebyDateRange at http://dca.gov.ae/WebServices/Flights
This is my program
package MyClient3;
import java.io.FileOutputStream;
import java.net.URL;
import java.util.Iterator;
import javax.xml.soap.MessageFactory;
import javax.xml.soap.MimeHeaders;
import javax.xml.soap.Name;
import javax.xml.soap.SOAPBody;
import javax.xml.soap.SOAPBodyElement;
import javax.xml.soap.SOAPConnection;
import javax.xml.soap.SOAPConnectionFactory;
import javax.xml.soap.SOAPElement;
import javax.xml.soap.SOAPEnvelope;
import javax.xml.soap.SOAPFactory;
import javax.xml.soap.SOAPFault;
import javax.xml.soap.SOAPHeader;
import javax.xml.soap.SOAPMessage;
import javax.xml.soap.SOAPPart;
public class Client3 {
public static void main(String arg[]){
try{
MessageFactory factory = MessageFactory.newInstance();
SOAPMessage message = factory.createMessage();
SOAPPart soapPart = message.getSOAPPart();
SOAPEnvelope envelope = soapPart.getEnvelope();
SOAPHeader header = envelope.getHeader();
SOAPBody body = envelope.getBody();
// header.detachNode();
SOAPFactory soapFactory = SOAPFactory.newInstance();
Name bodyName = soapFactory.createName("GetFlightSchedulebyDateRange",null,"http://dca.gov.ae/WebServices/Flights");
SOAPBodyElement bodyElement = body.addBodyElement(bodyName);
Name name = soapFactory.createName("Todate");
SOAPElement symbol = bodyElement.addChildElement(name);
//symbol.addTextNode("2007-05-25T00:00:00.0000000+04:00");
symbol.addTextNode("2007-05-27");
name = soapFactory.createName("Fromdate");
symbol = bodyElement.addChildElement(name);
//symbol.addTextNode("2007-05-25T00:00:00.0000000+04:00");
symbol.addTextNode("2007-05-27");
MimeHeaders hd = message.getMimeHeaders();
hd.addHeader("SOAPAction", "http://dca.gov.ae/WebServices/Flights/GetFlightSchedulebyDateRange");
SOAPConnectionFactory soapConnectionFactory = SOAPConnectionFactory.newInstance();
SOAPConnection connection = soapConnectionFactory.createConnection();
message.writeTo(System.out);
System.out.println();
System.out.println(soapPart.toString());
String endpoint = "http://dubaiairport.com/dcaflightinfo/fis/flights.asmx?WSDL";
URL url = new URL(endpoint);
SOAPMessage response = connection.call(message, url);
response.writeTo(System.out);
SOAPPart part = response.getSOAPPart();
SOAPEnvelope env = part.getEnvelope();
connection.close();
System.out.println("\n\nIterating through the response object to get the values:\n\n");
// SOAPBody se = response.getSOAPBody();
}catch(Exception e){System.out.println("+++++++++++++++++++++++++"+e);}
i am getting the error
ERROR: 'Character reference "" is an invalid XML character.
in the statement
SOAPEnvelope env = part.getEnvelope();
can some help me to solve this problem, iam using JAX-WS 2.0, and netbeansI got the solution, there was a Invalid char in SOAP response message, i stored the SOAP res msg to a file, parsed that file to remove the invalid char , ans used the soap msg from the file,
it worked perfectly fo me -
Minimizing the response time of the 10g Application
Hi,
We are developing an application using 10g iDs & Planning to deploy the app using 10g AS in on the internet.
While trying to test the deployment the forms are not responding as desired.
Please let me know if there are ways to minimize the response time so that the App run faster.
can we compress the traffic any way.
best regards
Arkeshthanks for ur reply
Jinit version=1.3.1.22 is in place
I have checked the form making that as thinnest as possibe.
response time is still high.
I would like add few more information
1. The AS is having a Real IP.
2. Users are connected to that AS via Internet being located at a different site.
Users are annoyed with the responses they are getting from the application.
waiting for replies....
Arkesh -
WAAS WAE Alarm 'mstore_key_retrieval'
Hello,
I am supporting an environment that has 30+ remote WAEs deployed with a CM at the HQ.
All remote WAE's Versions = Cisco Wide Area Application Services (universal-k9) Software Release 4.2.3b (build b4 Oct 4 2010)
HQ's CM version = Cisco Wide Area Application Services (universal-k9) Software Release 4.4.3 (build b4 Aug 22 2011)
On 4 of these WAEs, I currently am receiving encryption key alarms:
WAE#show alarms detail support
Critical Alarms:
Alarm ID Module/Submodule Instance
1 mstore_key_retrieval cms ssl_mstore_key
Apr 11 18:36:16.026 CDT, Processing Error Alarm, #000002, 3000:700008
Unable to generate and/or retrieve SSL managed store encryption key from the Key Manager
/alm/crit/cms/mstore_key_retrieval_failure:
CMS/Management agent failed to generate and/or retrieve SSL managed store encryption key from Key Manager.
Explanation:
This alarm indicates one of following issues: Central
Manager device(s) is not reachable. Secure store on
Central Manager is initialized but not open. Key Manager
process on Central Manager device is not running or failing
to respond. Key Manager is unable to process key
generation or retrieval request. If this issue is
present, the WAE device will not be able to process a
configuration update received from the Central Manager if
it contains SSL certificate/key information.
Action:
Check if Central Manager device is reachable (TCP
connections from the WAE to the Central Manager on port
443) Check following log files for additional information
about the error: /local1/errorlog/kc.log on WAE
/local1/errorlog/km/km.log on CM
2 mstore_key_failure sslao mstore_key_failure
Apr 11 18:39:07.518 CDT, Processing Error Alarm, #000006, 26000:26002
Failed to open SSL store due to failure in getting key from Central Manager.
/alm/crit/sslao/mstore_key_failure:
SSL managed secure store key retrieval failure.
Explanation:
The SSL accelerator is unable to get the SSL secure store
key from the Central Manager.
Action:
Check the connection with the Central Manager.
The explanations and actions match the alarm book , but in addition to that, in the Cisco WAAS Monitoring Guide, it also states:
Alarm 700008 (mstore_key_retrieval_failure) CMS/Management agent failed to generate and/or retrieve SSL managed store encryption key from Key Manager.
Severity: Critical
Category: Processing
Description: This alarm indicates one of following issues:
–The WAAS Central Manager device is not reachable
–Secure store on WAAS Central Manager is initialized but not open
–The Key Manager process on the WAAS Central Manager device is not running or failing to respond
–Key Manager cannot process key generation or retrieval request. If this issue is present, the WAAS device cannot process a configuration update received from WAAS Central Manager if it contains SSL certificate and key pair information.
Action: Check to see if the WAAS Central Manager device is reachable (TCP connections from the WAE to the WAAS Central Manager on port 443). Check the following log files for additional information about the error:
–On WAE: /local1/errorlog/kc.log on WAE
–On WAAS Central Manager: /local1/errorlog/km/km.log
Action: Fix the clock on the device or the primary WAAS Central Manager.
For a complete list of alarm conditions, see the Alarm Book located in the WAAS 4.2.1 Software Download area on Cisco.com.
Using this information, I've checked the following:
TCP 443 is reachable from the WAE to the CM (I can telnet from each WAE to the CM on TCP 443)
Time is correct on the WAEs and CM ('show ntp status' and 'show clock' are consistent)
Secure store on CM is open ('show cms secure-store' on the CM shows that the mode is in 'Open' state),
Verified that the key manager process is running (Looking at the CM's KM log shows plenty of action that it's working for other WAEs)
Here is some information I gathered from the WAEs' kc.log files and the CM's km.log (slightly scrubbed):
From the WAEs' kc.log files:
pool-1-thread-1] INFO CommClientAbstractRPC - Send key retrieval request to CM 10.x.x.x for token d1b77e45-ce60-4332-a92d-3d3cb17d35cf
pool-1-thread-1] WARN CommClientAbstractRPC - Received error response from KM(20,No key found for token d1b77e45-ce60-4332-a92d-3d3cb17d35cf from device 17111)
From the CM's km.log file:
[pool-1-thread-4] INFO - retrieveKey request, token=d1b77e45-ce60-4332-a92d-3d3cb17d35cf from device WAE1/17111
[pool-1-thread-4] INFO - Checking secure store open
[pool-1-thread-4] INFO - Loading KEK from data server
[pool-1-thread-4] INFO - ticket 17111 (1327767406332, 1327767392433, 13899, 10000)
[pool-1-thread-4] WARN - No key found for token d1b77e45-ce60-4332-a92d-3d3cb17d35cf from device 17111
*** Going through these logs, I've seen other devices have the same issue, and eventually a WAE records the following:
[main] ERROR DeviceInfo - /state/node.dat (No such file or directory)
java.io.FileNotFoundException: /state/node.dat (No such file or directory)
at java.io.FileInputStream.open(Native Method)
at java.io.FileInputStream.<init>(Unknown Source)
at java.io.FileInputStream.<init>(Unknown Source)
at com.cisco.waas.kc.DeviceInfo.retrieveNodeInfo(DeviceInfo.java:65)
at com.cisco.waas.kc.DeviceInfo.<init>(DeviceInfo.java:47)
at com.cisco.waas.kc.DeviceInfo.getInstance(DeviceInfo.java:37)
at com.cisco.waas.kc.comm.CommClientAbstractRPC.retrieveKey(CommClientAbstractRPC.java:149)
at com.cisco.waas.kc.RetrieveKeyCommand.execute(RetrieveKeyCommand.java:43)
at com.cisco.waas.cli.CLICommand.execute(CLICommand.java:114)
at com.cisco.waas.cli.AbstractCLI.process(AbstractCLI.java:28)
at com.cisco.waas.kc.KeyClient.main(KeyClient.java:40)
[main] ERROR DeviceInfo - /state/node.dat (No such file or directory)
java.io.FileNotFoundException: /state/node.dat (No such file or directory)
at java.io.FileInputStream.open(Native Method)
at java.io.FileInputStream.<init>(Unknown Source)
at java.io.FileInputStream.<init>(Unknown Source)
at com.cisco.waas.kc.DeviceInfo.retrieveNodeInfo(DeviceInfo.java:65)
at com.cisco.waas.kc.DeviceInfo.<init>(DeviceInfo.java:47)
at com.cisco.waas.kc.DeviceInfo.getInstance(DeviceInfo.java:37)
at com.cisco.waas.kc.comm.CommClientAbstractRPC.initKey(CommClientAbstractRPC.java:40)
at com.cisco.waas.kc.InitKeyCommand.execute(InitKeyCommand.java:40)
at com.cisco.waas.cli.CLICommand.execute(CLICommand.java:114)
at com.cisco.waas.cli.AbstractCLI.process(AbstractCLI.java:28)
at com.cisco.waas.kc.KeyClient.main(KeyClient.java:40)
*** Followed with what appears to be a new SSL key being generated ***:
[main] INFO DeviceInfo - loaded device info, hash H04Fer5il3b/9oanDZXx/7aBnIo=
[pool-1-thread-1] DEBUG CMProber$ProbeWorker - Sending CM probe request to CM 10.x.x.x
[pool-1-thread-1] DEBUG CMProber$ProbeWorker - CM 10.x.x.x returned :primary:4.4.3.0.4
[pool-1-thread-1] DEBUG CMProber$ProbeWorker - Primary CM address 10.x.x.x version 4.4.3.0.4
[main] DEBUG CommClientAbstractRPC - CM version 4.4.3
[main] INFO CommClientAbstractRPC - Send key initialization request to CM 10.x.x.x key type SSL
[main] INFO CommClientAbstractRPC - Received new token for generated key SSL/cbe3d6fc-875e-4b61-baeb-528c55cb3597
[main] INFO DeviceInfo - loaded device info, hash H04Fer5il3b/9oanDZXx/7aBnIo=
[pool-1-thread-1] INFO CommClientAbstractRPC - Send key retrieval request to CM 10.0.65.234 for token cbe3d6fc-875e-4b61-baeb-528c55cb3597
[main] INFO CommClientAbstractRPC$1 - Successfully retrieved key from CM for token cbe3d6fc-875e-4b61-baeb-528c55cb3597
*** And the CM records the following ***:
[pool-1-thread-4] INFO - initKey request from device WAE2/30129 key type SSL
[pool-1-thread-4] INFO - Checking secure store open
[pool-1-thread-4] INFO - Loading KEK from data server
[pool-1-thread-4] INFO - Return crypto of type : 0
[pool-1-thread-4] INFO - Checking secure store open
[pool-1-thread-4] INFO - Loading KEK from data server
[pool-1-thread-4] INFO - Loading KEK from data server
[pool-1-thread-4] INFO - Generated new key WAE2/SSL token cbe3d6fc-875e-4b61-baeb-528c55cb3597
I'm wanting to know why this occurs on some boxes and not others, and what triggers the process for a WAE to stop repeatedly sending key retrieval requests with a token that the CM has repeatedly replies with the key not being found and performing an initial key request.
Thanks!Hi all, I got into the same issue and looking at a solution I found a way to clear those alarms whithout re-registering the WAE/WAVE. Here it goes...
WAE##sh accelerator
Accelerator Licensed Config State Operational State
cifs Yes Enabled Running
epm Yes Enabled Running
http Yes Enabled Running
mapi Yes Enabled Running
nfs Yes Enabled Running
ssl Yes Enabled Disabled ---> your SSL AO is probably down due the issue
video No Enabled Shutdown
WAE#sh alarms
Critical Alarms:
Alarm ID Module/Submodule Instance
1 mstore_key_retrieval cms ssl_mstore_key
2 mstore_key_failure sslao mstore_key_failure
Major Alarms:
None
Minor Alarms:
None
WAE#crypto pki managed-store initialize
All certificate/private keys in SSL managed store will be deleted and optimized SSL traffic will be interrupted. Are you sure you want to continue(yes/no)? [no]:yes
Restarting SSL accelerator. Done.
After a couple of minutes alarms will be cleared and SSLAO will be back UP.
WAE#sh accelerator
Accelerator Licensed Config State Operational State
cifs Yes Enabled Running
epm Yes Enabled Running
http Yes Enabled Running
mapi Yes Enabled Running
nfs Yes Enabled Running
ssl Yes Enabled Running
video No Enabled Shutdown
WAE#sh alarms
Critical Alarms:
None
Major Alarms:
None
Minor Alarms:
None
In case you have the issue in the Core WAE (where the cms secure-store is opened), you might need to initialize it.
Regards,
Fernando -
I am having issues with my WAE 674.
Powered on for the first time and was hanging at the booting the kernel screen.
Then used the software recovery CD waas-rescue-cdrom-4.4.1.12-npe-k9.iso, it went through all the steps of installation.
After reboot it hangs at booting the kernel, it does not move from this point. Nothing on the hyperterminal.
I have attached the screenshot.
Any ideas?
Thanks,
Suhail.Hi Suhail,
How are you connected to the WAE?
If you are directly connected to the WAE through a screen/keyboard, I believe that what you see is expected: the WAAS software stop redirecting it's console output on the screen after booting it's kernel and move it to the serial port.
This is explained in the hardware specs of your device:
You can connect a keyboard to any USB port and connect a monitor to the video connector to troubleshoot the BIOS boot process. However, video output is for troubleshooting only during the BIOS boot process. The video output stops displaying when the serial port becomes active. To monitor the boot process in normal operation, use the serial console port.
http://www.cisco.com/en/US/partner/docs/app_ntwk_services/waas/wae/installation/7341-7371/guide/7300intr.html#wp1040565
Could you have a look at the boot sequence from the serial port and see if everything looks fine from there?
Regards,
Nicolas
Maybe you are looking for
-
HT3819 Home Share between different apple accounts?
We have one computer, iPads, and iPhones some with separate accounts. How might you go about home sharing between, say an iPad and computer? And it isn't clear if you can home share between different accounts.
-
I got water in the back of my macbook pro
Me and my friend were playing with water and water got in the back part of the macbook and we brought inside and the screen was going weird and we turned it off and than we tried to dry it and than a couple minutes later we plugged it in and the gree
-
ITunes has stopped working. it never works
iTunes has stopped working ...... iTunes has stopped working everytime. never works trying to sync iphone 4s with iTunes 11(latest). i rest all data and settings but copies back the backup contacts. still not working. never works iTunes has bug.
-
10 dim 1 fact data level restrict
All, I have 10 dimension tables and 1 fact table. and my Country Dimension table like below data Name,Country A UK B US C MY D SG My requirment is When user "A" logged in,he wants to view only UK country values simillarlly other user data. How will r
-
I currently am trying to install a Sun Calendar server on a CentOS4 machine which has working kerberos/ldap server access. Unfortunately when I try to run the csconfigurator script, despite correct entries and connections verified through 'ldapsearch