Cisco WAAS WAE-674 - Slow response in IE-7 PC's while trying to access the SAP application through cisco WEA

Similar Messages

• Slow connection with OS X 10.7 while trying to access a Windows 2003 server

  Good afternoon:
  I am a systems engineer in an enterprise environment that is now deploying Macs and I have been finding that the Macs have a very slow connection to the Windows 2003 server; even after installing all necessry components.
  All of the Macs access network services via Active Directory
  The issue is the connection speed when trying to access folders on the servers.
  Does anyone have any ideas as to speed up this connectivity issue?

  Did you resolve this issue? Any links to anwers to this?
  thank you.

• Getting error response while trying to access REST webservice through Powerbuilder

  Hi Team,
  I am trying to access a rest webservice through powerbuilder 12.5(.net).The rest webservice is secured through basic authentication.I am passing the userid and password through powerbuilder to acess the service,But its returning an error .But while i am trying to accss the same REST webservice through SOAPUI, i am able to get the response.
  Please find the below line of code which i have written in powerbuilder.
  p_testcleint2 lp_rest
  string ls_string
  lp_rest=create p_testcleint2
  PBWebHttp.WebClientCredential lsCredential             //configure credentials
  lsCredential = create PBWebHttp.WebClientCredential
  lsCredential.AccessAuthentication = PBWebHttp.AuthenticationMode.Basic!
  lsCredential.Password='Pa$$word1!'
  lsCredential.Username='admin'
  lp_rest.restConnectionObject.ClientCredential = lsCredential  //add credentials to connection
  try
     lp_rest.PostMessage()
  catch (System.Exception ee)
    messagebox("Failure",string(ee.Message))
  end try
  Error i am getting as below :
  The remote server returned an error:(401) unauthorized.
  Can you please let me know why this error is coming or do i need to any extra paramert in the lsCredential to handle this.
  Thanks in advance.
  Regards
  Subrat

  Hi Chris,
  Thanks for the reply.
  Yes i checked -in fiddler, the basic authentication request is not generating in the fiddler.
  In the same Rest service if i turned off the basic authentication then call is happening in Powerbuilder and its displaying in fiddler also.
  Regards
  Subrat

• Cisco ACE Issue accessing SAP applications through ACE appliance

  Hi,
  I have website whose VIP resides on my ACE appliance. That site has many links on it which are SAP applications.
  For one link, when i click it first time, user is asked for authentication which is not  actually required and get blank page.
  When I click back (go to main site again) and again click the same link, it opens normally without any authentication prompt.
  Rest all links on the site have no issues and open normally.
  I had same issue with acceptance for same application and below parameter map resolved the issue
  parameter-map type http case_param
    case-insensitive
    persistence-rebalance
    set header-maxparse-length 65535
    set content-maxparse-length 65535
    length-exceed continue
  I tried using same parameter map with persistance rebalance disbaled but still it does not work.
  What could be the issue in this case?

  Hi,
  The SAP has front end server to which ACE is sending traffic dstined to particular VIP. front end server then communicates with backend server for all date related to all applications. When client is using different applications, url in browser remains the same. All applications are working fine except this single application.
  same setup is working fine with cisco CSS and even the accepatnce is working fine for same set of applications.
  I am getting bad tcp checksum messges in capture output.
  10.38.199.196 is client IP....10.36.64.40 is VIP and , 10.36.64.86 is nat ip  and 10.36.32.55 is front end server which is user interface to various applications

• I have had a time capsule for years and it worked well.  Now my airport utility states it is unable to find any airport wireless devices.  When I rescan, I get the same response.  I access the internet wirelessly through my Time Capsule - that part works.

  My time capsule is currently not backing up my MAC.  My airport utility states it can't find any airport wireless devices.  But I can access the internet via my time capsule.  I was trying to reset my time capsule but it won't let me since the airport utiity states it can't find any airport wireless devices.

  i was having the same problem. i held the reset button on my airport express for ten seconds, waited for it to restart and than unplugged my internet modem for 15 seconds and waited for it to restart and my wireless worked. but when i go to setup everything through the airport utility everything goes to crap and i have to start over again. i don't get it.

• Windows Azure Pack - Server returned HTTP response code: 500 error while accessing the public tenant API

  Hi,
  We are facing the following error while trying to access the given Windows Azure Pack Public tenant API to query the virtual machines list along with network adaper details - 
  java.io.IOException: Server returned HTTP response code: 500 for URL: https://<hostname>:30006/<subscription-id>/services/systemcenter/vmm/VirtualMachines?$expand=VirtualNetworkAdapters&$top=10000&$skip=0
  The response is proper when we access the following URL - 
  https://<hostname>:30006/<subscription-id>/services/systemcenter/vmm/VirtualMachines
  Only on adding the $expand=VirtualNetworkAdapters, url parameter we are getting the above error.
  Where can we check for the error logs on the Azure Pack server ? We checked for the logs using Windows Event Viewer but did not find any for the public tenant API.
  What should be the cause for such an error and how can we fix this to get the proper data?
  Thanks in advance.

  Yes, we tried this, $top=10&$skip=0 works for the following url
  https://<hostname>:30006/<subscription-id>/services/systemcenter/vmm/VirtualMachines?$top=10&$skip=0
  It is only when we add $expand=VirtualNetworkAdapters,
  the server returns the mentioned error response - 
  URL for which the server returns the 500 error -
  https://<hostname>:30006/<subscription-id>/services/systemcenter/vmm/VirtualMachines?$expand=VirtualNetworkAdapters&$top=10&$skip=0
  Can
  you point to the error logs for Windows Azure Pack and SPF ?

• Azure CDN Slow Response time

  We are having weird issue:
  While accessing CDN (tied to blob images) we get this occasional slowness in images loading between 8:00AM to 9:00AM EST. Also we have SiteGuardian tool setup to monitor our page which has CDN Images which reports slowness in getting images.
  Sometimes we get slow response:
  URL
  https://xxxxx.vo.msecnd.net/xxxxxx/629120870.jpg
  Content-Type
  application/octet-stream
  Element Type
  image
  Resolve host time
  1.032823 seconds
  Request connect time
  0.012877 seconds
  Request transmit time
  25.593073 seconds
  Response server time
  0.337203 seconds
  Response receive time
  0.002101 seconds
  Total time
  26.98s
  Response
  200 - OK
  Size
  23 K
  When things are fine we get a quick response:
  URL
  https://xxxxx.vo.msecnd.net/xxxxxx/629120870.jpg
  Content-Type
  application/octet-stream
  Element Type
  image
  Resolve host time
  0.012714 seconds
  Request connect time
  0.035204 seconds
  Request transmit time
  0.294088 seconds
  Response server time
  0.254342 seconds
  Response receive time
  0.006517 seconds
  Total time
  603ms
  Response
  200 - OK
  Size
  23 K
  And sometime it just times out.
  What is the best way to trouble shoot such scenario? Is there any logging available if a request fails or if there is slowness in response time? Also, anyway to find out which CDN nodes things are cached at etc?
  Thanks in advance.

  Hi - Our issue is not yet resolved.
  We have CDN connected to Azure Blob Storage Account. We let CDN Heuristics control the caching as our images (blobs) do not have any cache control policy set at this time.
  We enabled log and we are seeing such entries, one is below:
  1.0;2014-03-07T14:35:43.8958635Z;GetBlob;AnonymousClientOtherError;304;4;4;anonymous;;containername;blob;"http://XXXX.blob.core.windows.net/image1087175937.jpg";"/containername/image1087175937.jpg";abcc2dd9-cf8d-42c5-9e54-7dd9d96a3177;0;65.54.81.147:23347;2009-09-19;696;0;116;0;0;;;;;"If-None-Match=Tuesday,
  04-Mar-14 00:22:58 GMT";"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; BRI/2; EIE10;ENUSWOL)";"REFERRER URL";
  Are such entries getting logged because of CDN or why do we get these?  The IP address is a Microsoft IP.
  Based on documentation it seems:
  AnonymousClientOtherError
  Indicates that the anonymous requests failed precondition checks (like If- Modified etc.) for GET requests.
  Examples: Conditional GET requests that fail the check.
  Thanks in advance.

• Slow response from DB

  Hi ,
  My database is 10.02.0.4.0 on Solaris 5.9.
  We are using Oracle 10g AS as Application server to
  host the Application. Whenever the end user trying to access the
  application who got the very solw response. At the application level
  we have configured enough settings on datasource and connection pool parameters.
  At Oracle Level 150 session, Processes 300 has set.
  what could be the reason for End user getting problem like "Slow response","Connection Tiemd out".
  Any parameter need to change. When I getting this error, what is the appraoch i need to follow to mitigate these kind of error in future .
  Thanks,
  Tippu

  I have a performance checklist at :
  Re: Multiple Sessions Performance Issue …………
  Hth
  Girish Sharma

• I'm experiencing extremely slow response when attempting to open the control center from the lock screen, any suggestions?

  When trying to access the control center from the lock screen, it takes anywhere from 2 to MANY swipes to get a response.  Never opens on the first try.

  I'm not having the same problem, but there is a feature in the OS that attempts to discern from swipes to unlock and swipes to open control center. This is what you may be experiencing.

• Why does HP LoadRunner measure slow response time for SAP GUI selection steps?

  We are running HP LoadRunner 11.52 scenarios out to multiple (up to 4) load generators.  Load generators have 24 GB ram and 8 CPU's.  We have run a maximum of 200 users and see a maximum usage of ~25% on CPU's.  We were previously running SAP GUI 7.4 and downgraded to 7.3 when we came to understand 7.4 is not supported in PAM for LR 11.52.  Regardless, our results have not changed.  What we are trying to resolve is why the first two steps of opening the SAP GUI and entering system-related selection is taking so long to process?  Additionally, we typically see that during the time escalation of those steps, that there is a period where the process seems to pause for a large time gap.  The process below shows a snapshot while in progress.  The SAP GUI steps are hitting severe peaks wthile all other steps during the process tend to track at a steady quick response time.  Any degradation there looks to be tied to the long pauses.
  Would anyone have knowledge or experience with this type of output and understand why it might be consistenty happening?  Thanks.

  > Has anybody else been contacted by SAP regarding a "Very Important Notification about Security and Your SAP System"
  A forum search on ' 1298160", one of the note numbers, reveals the answer to your question.
  Please always use the search first.

• How do I access the DCJMS* variables in my response SOAP:Header ?

  Hi all,
  I have set up a sync / async Integration Process in XI
  This is initiated by a SAP R/3 transaction that calls a synchronous function to enter XI
  Once in the Bridge, a JMS receiver adapter sends out an asynchronous request message from XI to MQ
  A correlation allows the JMS sender adapter to return an asynchronous response message from MQ to XI back into my the Integration Process
  I have set up the JMS sender adapter configuration to return the DC (dynamic configuration) variables in the <SOAP:Header> of the XI response message along with the payload
  You can see that the DCJMS* variables are returned below
  <?xml version="1.0" encoding="UTF-8" standalone="yes" ?>
  - <!--
  Response
    -->
  - <SOAP:Envelope xmlns:SOAP="http://schemas.xmlsoap.org/soap/envelope/" xmlns:SAP="http://sap.com/xi/XI/Message/30">
  - <SOAP:Header>
  + <SAP:Main xmlns:SAP="http://sap.com/xi/XI/Message/30" xmlns:SOAP="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsu="http://www.docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" versionMajor="003" versionMinor="000" SOAP:mustUnderstand="1" wsu:Id="wsuid-main-92ABE13F5C59AB7FE10000000A1551F7">
  + <SAP:ReliableMessaging xmlns:SAP="http://sap.com/xi/XI/Message/30" xmlns:SOAP="http://schemas.xmlsoap.org/soap/envelope/" SOAP:mustUnderstand="1">
  + <SAP:HopList xmlns:SAP="http://sap.com/xi/XI/Message/30" xmlns:SOAP="http://schemas.xmlsoap.org/soap/envelope/" SOAP:mustUnderstand="1">
  + <SAP:RunTime xmlns:SAP="http://sap.com/xi/XI/Message/30" xmlns:SOAP="http://schemas.xmlsoap.org/soap/envelope/">
  + <SAP:PerformanceHeader xmlns:SAP="http://sap.com/xi/XI/Message/30">
  - <SAP:DynamicConfiguration xmlns:SAP="http://sap.com/xi/XI/Message/30" xmlns:SOAP="http://schemas.xmlsoap.org/soap/envelope/" SOAP:mustUnderstand="1">
    <SAP:Record namespace="http://sap.com/xi/XI/System/JMS" name="DCJMSCorreleationID">40D982A0-B19D-11DB-9508-0002A5D5916B</SAP:Record>
    <SAP:Record namespace="http://sap.com/xi/XI/System/JMS" name="DCJMSTimestamp">1170297456940</SAP:Record>
    <SAP:Record namespace="http://sap.com/xi/XI/System/JMS" name="DCJMSMessageID">ID:414d5120514d4430312020202020202045c12b962001dd02</SAP:Record>
    </SAP:DynamicConfiguration>
  - <SAP:Diagnostic xmlns:SAP="http://sap.com/xi/XI/Message/30" xmlns:SOAP="http://schemas.xmlsoap.org/soap/envelope/" SOAP:mustUnderstand="1">
    <SAP:TraceLevel>Information
  <b>Question</b>
  I want to access the DCJMS* variables but am not sure how to go about it as the
  variables exist in the <SOAP:Header>?
  I followed the SAP documentation to access adapter-specific attributes (refer to link http://help.sap.com/saphelp_nw04/helpdata/en/14/80243b4a66ae0ce10000000a11402f/frameset.htm )
  I have used the following code to create a user-defined function for the accessing adapter specific attributes (similar to the link)
  public String Get_Msgid(Container container){
  DynamicConfiguration conf = (DynamicConfiguration) container.getTransformationParameters().get
  (StreamTransformationConstants.DYNAMIC_CONFIGURATION);
  DynamicConfigurationKey key = DynamicConfigurationKey.create
  ("http://sap.com/xi/XI/System/JMS","DCJMSMessageID");
  String jmsMsgID = conf.get(key);
  return jmsMsgID;
  <b>Question</b>
  Do I use message mapping to extract the DCJMS* variables?
  <b>Question</b>
  If so then which message is used for the source message so that I can access the <SOAP:Header>?  Eg do I use the response message type or is there a trick to accessing the SOAP:Header?
  <b>Question</b>
  Do I use the user-defined function (like above)?
  I performed the following steps
  •     Opened the message mapping in edit mode
  •     Created the user-defined function using the graphical editor
  •     Saved the message mapping
  •     I have not connected the user-defined function to any of the xml tags in either the source or target messages
  When I go to test the message mapping I am getting the following error
  Compilation process error : CreateProcess: null\bin\javac -J-Xmx256m @E:/usr/sap/XID/DVEBMGS00/j2ee/cluster/server0/./temp/classpath_resolver/Mapd79a7bf0b65611dbaf390002a5d5916b/O1170817003886.txt @E:/usr/sap/XID/DVEBMGS00/j2ee/cluster/server0/./temp/classpath_resolver/Mapd79a7bf0b65611dbaf390002a5d5916b/S1170817003886.txt error=2
  STACKTRACE:
  com.sap.aii.ib.core.mapping.exec.ExecuteException: Compilation process error : CreateProcess: null\bin\javac -J-Xmx256m @E:/usr/sap/XID/DVEBMGS00/j2ee/cluster/server0/./temp/classpath_resolver/Mapd79a7bf0b65611dbaf390002a5d5916b/O1170817003886.txt @E:/usr/sap/XID/DVEBMGS00/j2ee/cluster/server0/./temp/classpath_resolver/Mapd79a7bf0b65611dbaf390002a5d5916b/S1170817003886.txt error=2
  at  com.sap.aii.ib.server.mapping.exec.ServiceUtil.compileSourceCode(ServiceUtil.java:207)
  at com.sap.aii.ib.server.mapping.exec.ServiceUtil.compile(ServiceUtil.java:156)
  at com.sap.aii.ibrep.server.mapping.ServerMapService.compileSourceCode(ServerMapService.java:361)
  at com.sap.aii.ibrep.server.mapping.ServerMapService.compileSourceCodeWithoutAndWithArchives(ServerMapService.java:301)
  at com.sap.aii.ibrep.server.mapping.ServerMapService.execute(ServerMapService.java:153)
  at com.sap.aii.ibrep.sbeans.mapping.MapServiceBean.execute(MapServiceBean.java:52)
  at com.sap.aii.ibrep.sbeans.mapping.MapServiceRemoteObjectImpl0.execute(MapServiceRemoteObjectImpl0.java:259)
  at com.sap.aii.ibrep.sbeans.mapping.MapServiceRemoteObjectImpl0p4_Skel.dispatch(MapServiceRemoteObjectImpl0p4_Skel.java:146)
  at com.sap.engine.services.rmi_p4.DispatchImpl._runInternal(DispatchImpl.java:304)
  at com.sap.engine.services.rmi_p4.DispatchImpl._run(DispatchImpl.java:193)
  at com.sap.engine.services.rmi_p4.server.P4SessionProcessor.request(P4SessionProcessor.java:122)
  at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
  at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
  at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
  at java.security.AccessController.doPrivileged(Native Method)
  at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:100)
  at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:170)
  A thread in the SDN (Error while Activating Message Mapping, Posted: Jan 9, 2007 3:32 PM) suggests checking the java path on the XI machine
  This is JAVA_HOME=C:\j2sdk1.4.2_08 and seems ok
  <b>Question</b>
  Do you know why I would get the compilation error?
  Any assistance would be appreciated
  Regards,
  Mike

  Jin,
  My compilation issue has gone via a SAP recommendation to specify the JDK home directory in the instance profile
  Back to the mapping - I can now run my scenario
  <b>Source message</b>
  The response message has the following <SOAP:Header> from which I want to extract the DCJMSCorreleationID (note that it's misspelt)
    <?xml version="1.0" encoding="UTF-8" standalone="yes" ?>
  - <!--  Response
    -->
  - <SAP:DynamicConfiguration xmlns:SAP="http://sap.com/xi/XI/Message/30" xmlns:SOAP="http://schemas.xmlsoap.org/soap/envelope/" SOAP:mustUnderstand="1">
    <SAP:Record namespace="http://sap.com/xi/XI/System/JMS" name="DCJMSCorreleationID">40D982A0-B19D-11DB-9508-0002A5D5916B</SAP:Record>
    <SAP:Record namespace="http://sap.com/xi/XI/System/JMS" name="DCJMSTimestamp">1170297456940</SAP:Record>
    <SAP:Record namespace="http://sap.com/xi/XI/System/JMS" name="DCJMSMessageID">ID:414d5120514d4430312020202020202045c12b962001dd02</SAP:Record>
    </SAP:DynamicConfiguration>
  <b>Grahpical mapping</b>
  LHS - Response message with occurrance 0..1 so it is not connected to my UDF
  UDF Get_Corrid with no inputs
  RHS - The UDF output is connected to the Acknowledgement msg tag <ACK>
  <b>UDF</b>
  DynamicConfiguration conf = (DynamicConfiguration) container.getTransformationParameters().get
  (StreamTransformationConstants.DYNAMIC_CONFIGURATION);
  DynamicConfigurationKey key = DynamicConfigurationKey.create
  ("http://sap.com/xi/XI/System/JMS","DCJMSCorreleationID");
  String Corrid = conf.get(key);
  return Corrid;
  <b>Target message</b>
  The idea is to copy the correlation id of the response message into the acknowledgement message.  But as you can see the result is NULL
    <?xml version="1.0" encoding="utf-8" ?>
  - <ns2:AWB0020_MARKET_DATA_RESPONSE_ACK xmlns:ns2="http://awb.com.au/mq/tx/MarketData">
    <ACK>null</ACK>
    </ns2:AWB0020_MARKET_DATA_RESPONSE_ACK>
  Please advise
  Thanks Mike

• Error when trying to read the SOAP Response

  Hai,
  iam trying to access the web service of DUBAI international Airport
  GetFlightSchedulebyDateRange at http://dca.gov.ae/WebServices/Flights
  This is my program
  package MyClient3;
  import java.io.FileOutputStream;
  import java.net.URL;
  import java.util.Iterator;
  import javax.xml.soap.MessageFactory;
  import javax.xml.soap.MimeHeaders;
  import javax.xml.soap.Name;
  import javax.xml.soap.SOAPBody;
  import javax.xml.soap.SOAPBodyElement;
  import javax.xml.soap.SOAPConnection;
  import javax.xml.soap.SOAPConnectionFactory;
  import javax.xml.soap.SOAPElement;
  import javax.xml.soap.SOAPEnvelope;
  import javax.xml.soap.SOAPFactory;
  import javax.xml.soap.SOAPFault;
  import javax.xml.soap.SOAPHeader;
  import javax.xml.soap.SOAPMessage;
  import javax.xml.soap.SOAPPart;
  public class Client3 {
  public static void main(String arg[]){
  try{
  MessageFactory factory = MessageFactory.newInstance();
  SOAPMessage message = factory.createMessage();
  SOAPPart soapPart = message.getSOAPPart();
  SOAPEnvelope envelope = soapPart.getEnvelope();
  SOAPHeader header = envelope.getHeader();
  SOAPBody body = envelope.getBody();
  // header.detachNode();
  SOAPFactory soapFactory = SOAPFactory.newInstance();
  Name bodyName = soapFactory.createName("GetFlightSchedulebyDateRange",null,"http://dca.gov.ae/WebServices/Flights");
  SOAPBodyElement bodyElement = body.addBodyElement(bodyName);
  Name name = soapFactory.createName("Todate");
  SOAPElement symbol = bodyElement.addChildElement(name);
  //symbol.addTextNode("2007-05-25T00:00:00.0000000+04:00");
  symbol.addTextNode("2007-05-27");
  name = soapFactory.createName("Fromdate");
  symbol = bodyElement.addChildElement(name);
  //symbol.addTextNode("2007-05-25T00:00:00.0000000+04:00");
  symbol.addTextNode("2007-05-27");
  MimeHeaders hd = message.getMimeHeaders();
  hd.addHeader("SOAPAction", "http://dca.gov.ae/WebServices/Flights/GetFlightSchedulebyDateRange");
  SOAPConnectionFactory soapConnectionFactory = SOAPConnectionFactory.newInstance();
  SOAPConnection connection = soapConnectionFactory.createConnection();
  message.writeTo(System.out);
  System.out.println();
  System.out.println(soapPart.toString());
  String endpoint = "http://dubaiairport.com/dcaflightinfo/fis/flights.asmx?WSDL";
  URL url = new URL(endpoint);
  SOAPMessage response = connection.call(message, url);
  response.writeTo(System.out);
  SOAPPart part = response.getSOAPPart();
  SOAPEnvelope env = part.getEnvelope();
  connection.close();
  System.out.println("\n\nIterating through the response object to get the values:\n\n");
  // SOAPBody se = response.getSOAPBody();
  }catch(Exception e){System.out.println("+++++++++++++++++++++++++"+e);}
  i am getting the error
  ERROR: 'Character reference "&#x1B" is an invalid XML character.
  in the statement
  SOAPEnvelope env = part.getEnvelope();
  can some help me to solve this problem, iam using JAX-WS 2.0, and netbeans

  I got the solution, there was a Invalid char in SOAP response message, i stored the SOAP res msg to a file, parsed that file to remove the invalid char , ans used the soap msg from the file,
  it worked perfectly fo me

• Minimizing the response time of the 10g Application

  Hi,
  We are developing an application using 10g iDs & Planning to deploy the app using 10g AS in on the internet.
  While trying to test the deployment the forms are not responding as desired.
  Please let me know if there are ways to minimize the response time so that the App run faster.
  can we compress the traffic any way.
  best regards
  Arkesh

  thanks for ur reply
  Jinit version=1.3.1.22 is in place
  I have checked the form making that as thinnest as possibe.
  response time is still high.
  I would like add few more information
  1. The AS is having a Real IP.
  2. Users are connected to that AS via Internet being located at a different site.
  Users are annoyed with the responses they are getting from the application.
  waiting for replies....
  Arkesh

• WAAS WAE Alarm 'mstore_key_retrieval'

  Hello,
  I am supporting an environment that has 30+ remote WAEs deployed with a CM at the HQ.
  All remote WAE's Versions = Cisco Wide Area Application Services (universal-k9) Software Release 4.2.3b (build b4 Oct  4 2010)
  HQ's CM version = Cisco Wide Area Application Services (universal-k9) Software Release 4.4.3 (build b4 Aug 22 2011)
  On 4 of these WAEs, I currently am receiving encryption key alarms:
  WAE#show alarms detail support
  Critical Alarms:
          Alarm ID                 Module/Submodule               Instance
     1 mstore_key_retrieval      cms                          ssl_mstore_key          
       Apr 11 18:36:16.026 CDT, Processing Error Alarm, #000002, 3000:700008
       Unable to generate and/or retrieve SSL managed store encryption key from the Key Manager
       /alm/crit/cms/mstore_key_retrieval_failure:
           CMS/Management agent failed to generate and/or retrieve SSL managed store encryption key from Key Manager.
       Explanation:
           This alarm indicates one of following issues: Central
           Manager device(s) is not reachable.  Secure store on
           Central Manager is initialized but not open.  Key Manager
           process on Central Manager device is not running or failing
           to respond.  Key Manager is unable to process key
           generation or retrieval request.   If this issue is
           present, the WAE device will not be able to process  a
           configuration update received from the Central Manager if
           it  contains SSL certificate/key information.
       Action:
           Check if Central Manager device is reachable (TCP
           connections from the WAE to the Central Manager on port
           443) Check following log files for additional information
           about the error: /local1/errorlog/kc.log on WAE
           /local1/errorlog/km/km.log on CM
     2 mstore_key_failure        sslao                        mstore_key_failure      
       Apr 11 18:39:07.518 CDT, Processing Error Alarm, #000006, 26000:26002
       Failed to open SSL store due to failure in getting key from Central Manager.
       /alm/crit/sslao/mstore_key_failure:
           SSL managed secure store key retrieval failure.
       Explanation:
           The SSL accelerator is unable to get the SSL secure store
           key from the Central Manager.
       Action:
           Check the connection with the Central Manager.
  The explanations and actions match the alarm book , but in addition to that, in the Cisco WAAS Monitoring Guide, it also states:
  Alarm 700008 (mstore_key_retrieval_failure) CMS/Management agent failed to generate and/or retrieve SSL managed store encryption key from Key Manager.
  Severity: Critical
  Category: Processing
  Description: This alarm indicates one of following issues:
  –The WAAS Central Manager device is not reachable
  –Secure store on WAAS Central Manager is initialized but not open
  –The Key Manager process on the WAAS Central Manager device is not running or failing to respond
  –Key Manager cannot process key generation or retrieval request. If this issue is present, the WAAS device cannot process a configuration update received from WAAS Central Manager if it contains SSL certificate and key pair information.
  Action: Check to see if the WAAS Central Manager device is reachable (TCP connections from the WAE to the WAAS Central Manager on port 443). Check the following log files for additional information about the error:
  –On WAE: /local1/errorlog/kc.log on WAE
  –On WAAS Central Manager: /local1/errorlog/km/km.log
  Action: Fix the clock on the device or the primary WAAS Central Manager.
  For a complete list of alarm conditions, see the Alarm Book located in the WAAS 4.2.1 Software Download area on Cisco.com.
  Using this information, I've checked the following:
  TCP 443 is reachable from the WAE to the CM (I can telnet from each WAE to the CM on TCP 443)
  Time is correct on the WAEs and CM ('show ntp status' and 'show clock' are consistent)
  Secure store on CM is open ('show cms secure-store' on the CM shows that the mode is in 'Open' state),
  Verified that the key manager process is running (Looking at the CM's KM log shows plenty of action that it's working for other WAEs)
  Here is some information I gathered from the WAEs' kc.log files and the CM's km.log (slightly scrubbed):
  From the WAEs' kc.log files:
  pool-1-thread-1] INFO  CommClientAbstractRPC - Send key retrieval request to CM 10.x.x.x for token d1b77e45-ce60-4332-a92d-3d3cb17d35cf
  pool-1-thread-1] WARN  CommClientAbstractRPC - Received error response from KM(20,No key found for token d1b77e45-ce60-4332-a92d-3d3cb17d35cf from device 17111)
  From the CM's km.log file:
  [pool-1-thread-4] INFO - retrieveKey request, token=d1b77e45-ce60-4332-a92d-3d3cb17d35cf from device WAE1/17111
  [pool-1-thread-4] INFO - Checking secure store open
  [pool-1-thread-4] INFO - Loading KEK from data server
  [pool-1-thread-4] INFO - ticket 17111 (1327767406332, 1327767392433, 13899, 10000)
  [pool-1-thread-4] WARN - No key found for token d1b77e45-ce60-4332-a92d-3d3cb17d35cf from device 17111
  *** Going through these logs, I've seen other devices have the same issue, and eventually a WAE records the following:
  [main] ERROR DeviceInfo - /state/node.dat (No such file or directory)
  java.io.FileNotFoundException: /state/node.dat (No such file or directory)
  at java.io.FileInputStream.open(Native Method)
  at java.io.FileInputStream.<init>(Unknown Source)
  at java.io.FileInputStream.<init>(Unknown Source)
  at com.cisco.waas.kc.DeviceInfo.retrieveNodeInfo(DeviceInfo.java:65)
  at com.cisco.waas.kc.DeviceInfo.<init>(DeviceInfo.java:47)
  at com.cisco.waas.kc.DeviceInfo.getInstance(DeviceInfo.java:37)
  at com.cisco.waas.kc.comm.CommClientAbstractRPC.retrieveKey(CommClientAbstractRPC.java:149)
  at com.cisco.waas.kc.RetrieveKeyCommand.execute(RetrieveKeyCommand.java:43)
  at com.cisco.waas.cli.CLICommand.execute(CLICommand.java:114)
  at com.cisco.waas.cli.AbstractCLI.process(AbstractCLI.java:28)
  at com.cisco.waas.kc.KeyClient.main(KeyClient.java:40)
  [main] ERROR DeviceInfo - /state/node.dat (No such file or directory)
  java.io.FileNotFoundException: /state/node.dat (No such file or directory)
  at java.io.FileInputStream.open(Native Method)
  at java.io.FileInputStream.<init>(Unknown Source)
  at java.io.FileInputStream.<init>(Unknown Source)
  at com.cisco.waas.kc.DeviceInfo.retrieveNodeInfo(DeviceInfo.java:65)
  at com.cisco.waas.kc.DeviceInfo.<init>(DeviceInfo.java:47)
  at com.cisco.waas.kc.DeviceInfo.getInstance(DeviceInfo.java:37)
  at com.cisco.waas.kc.comm.CommClientAbstractRPC.initKey(CommClientAbstractRPC.java:40)
  at com.cisco.waas.kc.InitKeyCommand.execute(InitKeyCommand.java:40)
  at com.cisco.waas.cli.CLICommand.execute(CLICommand.java:114)
  at com.cisco.waas.cli.AbstractCLI.process(AbstractCLI.java:28)
  at com.cisco.waas.kc.KeyClient.main(KeyClient.java:40)
  *** Followed with what appears to be a new SSL key being generated ***:
  [main] INFO  DeviceInfo - loaded device info, hash  H04Fer5il3b/9oanDZXx/7aBnIo=
  [pool-1-thread-1] DEBUG CMProber$ProbeWorker - Sending CM probe request to CM 10.x.x.x
  [pool-1-thread-1] DEBUG CMProber$ProbeWorker - CM 10.x.x.x returned :primary:4.4.3.0.4
  [pool-1-thread-1] DEBUG CMProber$ProbeWorker - Primary CM address 10.x.x.x version 4.4.3.0.4
  [main] DEBUG CommClientAbstractRPC - CM version 4.4.3
  [main] INFO  CommClientAbstractRPC - Send key initialization request to CM 10.x.x.x key type SSL
  [main] INFO  CommClientAbstractRPC - Received new token for generated key SSL/cbe3d6fc-875e-4b61-baeb-528c55cb3597
  [main] INFO  DeviceInfo - loaded device info, hash  H04Fer5il3b/9oanDZXx/7aBnIo=
  [pool-1-thread-1] INFO  CommClientAbstractRPC - Send key retrieval request to CM 10.0.65.234 for token cbe3d6fc-875e-4b61-baeb-528c55cb3597
  [main] INFO  CommClientAbstractRPC$1 - Successfully retrieved key from CM for token cbe3d6fc-875e-4b61-baeb-528c55cb3597
  *** And the CM records the following ***:
  [pool-1-thread-4] INFO - initKey request from device WAE2/30129 key type SSL
  [pool-1-thread-4] INFO - Checking secure store open
  [pool-1-thread-4] INFO - Loading KEK from data server
  [pool-1-thread-4] INFO - Return crypto of type : 0
  [pool-1-thread-4] INFO - Checking secure store open
  [pool-1-thread-4] INFO - Loading KEK from data server
  [pool-1-thread-4] INFO - Loading KEK from data server
  [pool-1-thread-4] INFO - Generated new key WAE2/SSL token cbe3d6fc-875e-4b61-baeb-528c55cb3597
  I'm wanting to know why this occurs on some boxes and not others, and what triggers the process for a WAE to stop repeatedly sending key retrieval requests with a token that the CM has repeatedly replies with the key not being found and performing an initial key request.
  Thanks!

  Hi all, I got into the same issue and looking at a solution I found a way to clear those alarms whithout re-registering the WAE/WAVE. Here it goes...
  WAE##sh accelerator
  Accelerator     Licensed        Config State    Operational State
  cifs            Yes             Enabled         Running
  epm             Yes             Enabled         Running
  http            Yes             Enabled         Running
  mapi            Yes             Enabled         Running
  nfs             Yes             Enabled         Running
  ssl             Yes             Enabled         Disabled  ---> your SSL AO is probably down due the issue
  video           No              Enabled         Shutdown
  WAE#sh alarms
  Critical Alarms:
          Alarm ID                 Module/Submodule               Instance
     1 mstore_key_retrieval      cms                          ssl_mstore_key
     2 mstore_key_failure        sslao                        mstore_key_failure
  Major Alarms:
  None
  Minor Alarms:
  None
  WAE#crypto pki managed-store initialize
  All certificate/private keys in SSL managed store will be deleted and optimized SSL traffic will be interrupted. Are you sure you want to continue(yes/no)? [no]:yes
  Restarting SSL accelerator. Done.
  After a couple of minutes alarms will be cleared and SSLAO will be back UP.
  WAE#sh accelerator
  Accelerator     Licensed        Config State    Operational State
  cifs            Yes             Enabled         Running
  epm             Yes             Enabled         Running
  http            Yes             Enabled         Running
  mapi            Yes             Enabled         Running
  nfs             Yes             Enabled         Running
  ssl             Yes             Enabled         Running
  video           No              Enabled         Shutdown
  WAE#sh alarms
  Critical Alarms:
  None
  Major Alarms:
  None
  Minor Alarms:
  None
  In case you have the issue in the Core WAE (where the cms secure-store is opened), you might need to initialize it.
  Regards,
  Fernando

• WAE 674 booting issues

  I am having issues with my WAE 674.
  Powered on for the first time and was hanging at the booting the kernel screen.
  Then used the software recovery CD waas-rescue-cdrom-4.4.1.12-npe-k9.iso, it went through all the steps of installation.
  After reboot it hangs at booting the kernel, it does not move from this point. Nothing on the hyperterminal.
  I have attached the screenshot.
  Any ideas?
  Thanks,
  Suhail.

  Hi Suhail,
  How are you connected to the WAE?
  If you are directly connected to the WAE through a screen/keyboard, I believe that what you see is expected: the WAAS software stop redirecting it's console output on the screen after booting it's kernel and move it to the serial port.
  This is explained in the hardware specs of your device:
  You can connect a keyboard to any USB port and  connect a monitor to the video connector to troubleshoot the BIOS boot  process. However, video output is for troubleshooting only during the  BIOS boot process. The video output stops displaying when the serial  port becomes active. To monitor the boot process in normal operation,  use the serial console port.
  http://www.cisco.com/en/US/partner/docs/app_ntwk_services/waas/wae/installation/7341-7371/guide/7300intr.html#wp1040565
  Could you have a look at the boot sequence from the serial port and see if everything looks fine from there?
  Regards,
  Nicolas