CSM probe debugging
Hi,
i've tried to debug a non-scripted probe on my csm, but i can't see any output. What does the message "Health Monitor quiet mode: output error messages" mean, and how can i make those messages visible?
TIA, Stephan
Hi Gilles,
I was reading that CSM only supports on a HTTP Probes the request methods like "GET", "HEAD" and "URL", Not "POST".
It is possible to configure in a TCL script a HTTP Probe with "POST"?
I see in the manual (4.2(x) Release)that does not appears the generic tcl command "POST".
I will really appreciate your help.
Thanks
Hugo Rivas
Network Services
Data Center Triara
Similar Messages
-
Redundant CSM probes not working using OneArmedMode+PBR
In a redundant configuration: 2xCat6500 with one CSM each, using One Armed Mode when we use Policy Based Routing for return traffic the redundant CSM probes fail. If we use Source NAT instead everything works fine (both Active and Standby ok).
The problem is that we need to user PBR because the servers need to know the source IP and we want to assure a quick failover.I'm pointing to the alias address. I didn't mention before but both C6500 have an IP interface configured in the Server Side VLAN and are using HSRP. I think the problem is related with that - when the redundant CSM sends the probe request, the response is routed to the active CSM. Maybe I need to define a specific PBR to the probes.
-
CSM Probes went down for 15 minutes
Hi all,
This morning all the probes went down on the csm module for exactly 15 mins and then came back up. There has been nothing else in the logs to indicate whey the went down. I have found a watchdog process which i think might have started back up the process for SLB. Has anyone ever come across this and what was the reason that the probes stayed down for exactly 15 mins.
Cheers
KevA possible workaround is to reset the card from the SUP console.
Try:
http://www.cisco.com/en/US/products/hw/switches/ps708/prod_release_note09186a00800fe64c.html -
Hello,
We are currently running an http probe on the CSM which accepts a return code of 200 and 401 (because this application is single sign on and CSM does not have a user defined for it).
This application is having an issue where the web application is available and returning a 401 code, however in some cases the actual application instance is not available.
The only way we can see that is by looking at the HTTP stream:
HTTP/1.1 401 Unauthorized
WWW-Authenticate: NTLM
Content-Length: 0
Date: Thu, 05 Jul 2007 16:29:22 GMT
Server: Apache-Coyote/1.1
Connection: close
This connection close is the only value by which we can tell whether the application is working.
My question is there anyway we can use this value in the probe. I am quiet sure that its not possible but if anyone can confirm that will be great.
ThanksHi Gilles,
I was reading that CSM only supports on a HTTP Probes the request methods like "GET", "HEAD" and "URL", Not "POST".
It is possible to configure in a TCL script a HTTP Probe with "POST"?
I see in the manual (4.2(x) Release)that does not appears the generic tcl command "POST".
I will really appreciate your help.
Thanks
Hugo Rivas
Network Services
Data Center Triara -
PIX loadbalancing woth CSM - probe problem
2 CSM/CATs on one side (FT)
2 CSM/CATS on other (also FT)
load balancing 2 PIX 535.
probing icmp pings only "direct" pix interface
the opposite interface will never answer to ping.
So switching off int in one pix make real FAILED on one side but other side still have working real and sends traffic to one leg PIX.
How to solve that ?I thinking about that:
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat6000/cfgnotes/csm_3_2/icn/fwldbal.htm#1037625
when Firewall 1 and Firewall 2 are pinged on directly connected interfaces then directly connected probe detect pix problem. But problem with whole PIX device is less typical than one of his interfaces down (ie. fiber patchcord unplug) than one (opposite/working) interface answers with ping and CSM sends traffic to that "real".
Great solution will be pinging opposite pix interface
but this isn't supported by PIX ASA. So i have tried
ping "any" ip behind pix which is currentl ip address of CSM VLAN.
When you had one PIX there is no a problem... but when you had two of them you need check both of them.. you defining static route:
ip_behind_pix VIA ip_pix_direct_int
Then thing not only about ECHO REQ but also on ECHO REPLY - there is no way to put static routing for those devices what active and standbys on both sides will detect pix interface errros...
There is no way to put REPLY on different gate than ECHO REQ...
Think of it drawing 6 icons, giving them 10 ip (2 for pix inside and outside, one for every CSM) adds
and then try set up static route that ping REQ and reply will go the same way. There is no such way...
IMHO 8-) -
Hello,
I have the following problem after configuring/setting up tcp probe:
probe TCP tcp
interval 10
failed 30
vserver test:3389
virtual x.x.x.x tcp 3389
serverfarm test
inservice
serverfarm test
real a.a.a.a
inservice
real b.b.b.b
inservice
real c.c.c.c
inservice
probe TCP
Vserver shows o.o.s
serverfarm shows o.o.s probe failed for all servers
when I show probe, I get:
real vserver serverfarm policy status
a.a.a.a:3389 test:3389 test (default) OPERABLE
I have a separate VIP setup for each server without a probe and I can connect to them on port 3389, so I know
the application/servers are ok.
The csm is running ver 3.1(4)
Can you explain why the probe shows operable yet the serverfarm shows probe_failed?
Thanks,if you remove the probe, is the vserver inservice ?
I would also recommend to test with a software more recent.
There was some probe issues in the past and they should be fixed with new releases.
Gilles. -
Probs Debugging PL/SQL proc JDev903
Im trying to debug PL/SQL functions in JDeveloper 9.0.3.
Issue N1. In Run PL/SQL window JDev adds schema name to my function and PL/SQL block fails to compile. Im manually deleting prefix from my function and block is compiled successfully.
Then an error happened: PLS-00302: component 'JDEV_TMP_PROC_1' must be declared
Please advice
Debugger attempting to connect to database.
Executing PL/SQL: ALTER SESSION SET PLSQL_DEBUG=TRUE
Executing PL/SQL: DECLARE
id VARCHAR2( 30 );
BEGIN
id := DBMS_DEBUG.initialize( '24.27.75.30:1036303964414', 1 );
DBMS_DEBUG.debug_on( TRUE );
END;
Debugger connected to database.
Deadlock detection is not supported by the debuggee virtual machine.
Executing PL/SQL: BEGIN MY_SCHEMA."JDEV_TMP_PROC_1"(); END;
ORA-06550: line 1, column 11:
PLS-00302: component 'JDEV_TMP_PROC_1' must be declared
ORA-06550: line 1, column 7:JDev can debug with Oracle 8.1.7 or later.
Is the PL/SQL you want to debug in the same schema as you are connecting? Because you mentioned schema names, I wonder if there may be a bug with trying to debug PL/SQL in a schema other than the one you are connected to. If so, can you try creating connection as the owner of the PL/SQL and see if that works?
Thanks!
-- Brian (JDev Team) -
Looks like 4 timer commands you can use on probes:
1) Interval - How often to normally Probe
2) Retries - How many consecutive normal interval probes have fail before marking server as failed
3) Failed - How often to probe after a server is failed to determine if it should be brought back online
4) Open - For TCP probes, how long to wait for a TCP socket to open.
What do you guys recommend for timer values.
Currently we're using 5-3-60-10
But, I'm wondering about the 10-second Open timer. 10 seconds for a TCP socket to open? That seems insanely long. I'm tempted to change it to 1 second.The default interval is 120 seconds and it would take 3 probes to fail before it would bring down the server. You can lowering this and also using the command "fail action purge" so when a server fails it forces the user to disconnect.
-
Polling / Debugging / Showing RSSI values for Probe Requests for Unconnected Mobile Stations
Hi Guys,
I've been researching on this for last two days and still can't find a specific way to do this..
I'm trying to get information (MAC & RSSI) on the prob-requests from all mobile clients heard from an Access Point directly. That is, Without getting WLC and/or WSE and/or LBS involved)
I understand that this information can be easily accessible from the WLC itself (from GUI or by polling the WLC using SNMP OIDs from AIRSPACE-WIRELESS-MIB). But this MIB is not compatible with the AP's IOS. So no luck there..
I found an MIB (CISCO-DOT11-ASSOCIATION-MIB) that works on the AP and would give me information only on the connected/associated clients but NOT on the probing-unconnected clients.
The closest I have gotten so far is the following debug command on the AP,
debug dot11 rxprobe
dot11 RX Probe debugging is on
023937: Oct 29 11:47:02 ACDT: ToCtrl: 00016F, 001, -11b, ffff.ffff.ffff, 1234.abcd.1234 SSID: NULL
023938: Oct 29 11:47:02 ACDT: ToCtrl: 000171, 001, -11b, ffff.ffff.ffff, 1234.abcd.1234 SSID: someSSID
Which, as you can see, outputs the MAC address of the probing station. But I'm not quite sure what the other values represent. Can someone please point out the real meaning of the other information presented in this output (is RSSI hidden somewhere there :)).
Also, Is there any other way of getting this information out ? ( again without using the WLC or WSE or LBS)
When AP is linked up with an WLC, the AP pushes this information to the WLC via the CAPWAP tunnel. So definitely this information is in there (may be not stored in the AP). I just can't find a way to tap this information.
Any information surrounding this will be much appreciated.
Why I want this?: I'm working on a project that needs this functionality.
ThanksThe same command on a 1130 outputs:
*Mar 1 03:58:00.684: ToLwapp: 000769, 001, -11b, ffff.ffff.ffff, 0024.2c22.6812 SSID: NULL
*Mar 1 03:58:00.685: ToLwapp: 00076A, 001, -11b, ffff.ffff.ffff, 0024.2c22.6812 SSID: eduroam
*Mar 1 03:58:00.685: ToLwapp: 00076B, 001, -11b, ffff.ffff.ffff, 0024.2c22.6812 SSID: Vodafone-42F541
*Mar 1 03:58:00.727: ToLwapp: 000794, 001, -11b, ffff.ffff.ffff, 0024.2c22.6812 SSID: eduroam
*Mar 1 03:58:01.454: ToLwapp: 00026B, 001, -11b, ffff.ffff.ffff, 1c4b.d68c.d7de SSID: eduroam
*Mar 1 03:58:01.474: ToLwapp: 00027F, 001, -11b, ffff.ffff.ffff, 1c4b.d68c.d7de SSID: eduroam
*Mar 1 03:58:01.967: ToLwapp: 00046D, 001, -11b, ffff.ffff.ffff, 0024.2c22.6812 SSID: NULL
*Mar 1 03:58:01.968: ToLwapp: 00046D, 001, -11b, ffff.ffff.ffff, 0024.2c22.6812 SSID: eduroam
*Mar 1 03:58:01.969: ToLwapp: 00046E, 001, -11b, ffff.ffff.ffff, 0024.2c22.6812 SSID: Vodafone-42F541
*Mar 1 03:58:06.723: ToLwapp: 000701, 001, -11b, ffff.ffff.ffff, 0024.2c22.6812 SSID: NULL
*Mar 1 03:58:06.724: ToLwapp: 000701, 001, -11b, ffff.ffff.ffff, 0024.2c22.6812 SSID: eduroam
*Mar 1 03:58:06.725: ToLwapp: 000702, 001, -11b, ffff.ffff.ffff, 0024.2c22.6812 SSID: Vodafone-42F541
*Mar 1 03:58:06.771: ToLwapp: 000730, 001, -11b, ffff.ffff.ffff, 0024.2c22.6812 SSID: NULL
*Mar 1 03:58:06.771: ToLwapp: 000730, 001, -11b, ffff.ffff.ffff, 0024.2c22.6812 SSID: eduroam
*Mar 1 03:58:06.772: ToLwapp: 000731, 001, -11b, ffff.ffff.ffff, 0024.2c22.6812 SSID: Vodafone-42F541
*Mar 1 03:58:07.616: ToLwapp: 00027D, 001, -11b, ffff.ffff.ffff, 9cb7.0d6c.9b38 SSID: eduroam
*Mar 1 03:58:07.647: ToLwapp: 00029D, 001, -11b, ffff.ffff.ffff, 9cb7.0d6c.9b38 SSID: eduroam
*Mar 1 03:58:07.986: ToLwapp: 0003EF, 001, -11b, ffff.ffff.ffff, 0024.2c22.6812 SSID: NULL
*Mar 1 03:58:07.987: ToLwapp: 0003F0, 001, -11b, ffff.ffff.ffff, 0024.2c22.6812 SSID: eduroam
*Mar 1 03:58:07.988: ToLwapp: 0003F1, 001, -11b, ffff.ffff.ffff, 0024.2c22.6812 SSID: Vodafone-42F541 -
Identity firewall NetBIOS Probe problem
Hi,
I've setup an Identity Firewall on a ASA5510 version 8.4.5 (inside interface). ADAgent is installed and configured on an Windows 2003 server and connected to the DC (Windows 2008 server). Everything works fine except the NetBIOS Probe function.
The NetBIOS probe function is active and configured as below.
user-identity domain TEST aaa-server LDAP_Identity
user-identity default-domain TEST
no user-identity action mac-address-mismatch remove-user-ip
user-identity inactive-user-timer minutes 120
user-identity logout-probe netbios local-system
user-identity poll-import-user-group-timer hours 1
user-identity ad-agent aaa-server adagent
user-identity user-not-found enable
The problem is following message...
"746013 user-identity: Delete IP-User mapping 192.168.3.61 - TEST\Peter Succeeded - Netbios probing failed"
I've never seen an NetBIOS probe successful message
Can anyone help me with this issue?
ThanksHi,
Could you please run some of these debug commands:
debug user-identity user
debug user-identity user-group
debug user-identity ad-agent
debug-user-identity ldap
debug user-identity logout-probe
debug user-identity acl
debug user-identity tmatch
debug user-identity fqdn
debug user-identity process
debug user-identity debug
debug user-identity error
debug ldap 255
Also here is a guide that may provide some direction -
https://supportforums.cisco.com/docs/DOC-20366
Tarik Admani
*Please rate helpful posts* -
Hi,
I have a question about the config of the ACe probe.
I have the following probe defined :
probe http P_HTTP_TEST
interval 5
passdetect interval 2
passdetect count 2
request method get url /test
expect status 200 200
expect regex trululu
I would like to use the regex just like the expect string on the csm probe...
The regex doesn't seem to work as the strin trululu is not on the page tested.
I guess the expect status override the regex but without the expect status it doesn't work either.
Anyone know how exactly the probe expect works for http ?
Another question, on the CSM module, the tcp probe by default use the real port for the probe, not the default port of the probe type, is it possible to change that so it mimmicks the CSM way of working ?
Thanks a lot ;-)This seems to be bug related to some version of ACE software as HTTP return code overrides missing regexp. For sure this bug is present in:
system: Version A2(2.0) [build 3.0(0)A2(2.0)]
Notice the difference between 192.168.1.1 (is missing regex in HTTP response) and 192.168.1.2 (sends regexp in HTTP response). Both are successful and as addition 192.168.1.1 (missing regexp) is showing last status code 200 which seems to be sufficient for probe to pass. 192.168.1.2 (which sends expected regexp) doesn't show last status code.
probe : tw2_http_81
type : HTTP
state : ACTIVE
description :
port : 81 address : 0.0.0.0 addr type : -
interval : 30 pass intvl : 30 pass count : 1
fail count: 1 recv timeout: 10
http method : GET
http url : /knowtw2-f/livelink.exe?func=ll&objtype=142&bypass
conn termination : GRACEFUL
expect offset : 0 , open timeout : 10
expect regex : lbmonitor
send data : -
--------------------- probe results --------------------
probe association probed-address probes failed passed health
------------------- ---------------+----------+----------+----------+-------
real : 192.168.1.1[81]
192.168.1.1 2 0 2 SUCCESS
Socket state : CLOSED
No. Passed states : 1 No. Failed states : 0
No. Probes skipped : 0 Last status code : 200
No. Out of Sockets : 0 No. Internal error: 0
Last disconnect err : -
Last probe time : Mon Nov 7 12:38:42 2011
Last fail time : Never
Last active time : Mon Nov 7 12:38:22 2011
real : 192.168.1.2[81]
192.168.1.2 2 0 2 SUCCESS
Socket state : CLOSED
No. Passed states : 1 No. Failed states : 0
No. Probes skipped : 0 Last status code : 0
No. Out of Sockets : 0 No. Internal error: 0
Last disconnect err : -
Last probe time : Mon Nov 7 12:38:27 2011
Last fail time : Never
Last active time : Mon Nov 7 12:37:58 2011 -
I just upgraded to a 6513 with sup720's. I moved both csm's and config info to the new config. Everything is working but before the move I could see both csm probe details and they were both operable. Now after the move only the active say's operable and the standby says failed. How do I get this back so that both are operable?
you will have to do some troubleshooting.
Get on the standby.
See if it can ping the server.
'ping mod csm X x.x.x.x'
Check csm arp table.
Check L2 mac-address table between CSM and server.
finally, sniff on the server to see if it gets the probe and if it does send a response.
Once you know exactly why it fails, you'll know how to fix it.
Gilles. -
Cisco Security manager syslog.log file problem
Hello
I have this problem with the CSM, the next file Syslog.log (C:\Program Files\CSCOpx\log\Syslog.log ), this file grows very fast to fill the hard disk and saturates the server, I have tried the log rotation of the cisco works but it doesnt work, what else can i do?
the hard drive fills in 4 hours. tankyouIn CSM clinet under Tools > CSM Administration > Debugging you can changing the level to something higher than debugging.
I hope it helps.
PK -
It was a BDC program which is updating FB05 by using call transaction and the results will updates in to the spool.
When I try to run the program in background, I am not getting the spool correctly and the status of program is showing as waiting.
please let me know what is the reason it is showing as waiting in the spool.First u debug the background job, so that u can know whats the prob.
debug using SM50 or JDBG commands
Madhavi -
Hi
Have an AS5400 with modem cards and E1 ports, configured for dial backup with callback. Sometimes the callback doesn't complete, and in the debug output we receive the message "no interface available". Soon after in the debug, there is an incoming call in the same interface. It seems that the AS5400, after disconnecting the call to do the callback, received another call, and placed it in the same modem that would be used for callback. This happens even if there are plenty of idle mdems and E1 channels in te equipment. How can we avoid that?
Following is the debug output:
Jul 12 18:30:16.067: As2/05 DDR: PPP callback: Callback server starting to u01005460 0158232234500
Jul 12 18:30:17.067: As2/05 DDR: disconnecting call
Jul 12 18:30:28.231: As2/05 DDR: Dialer statechange to up
Jul 12 18:30:28.235: As2/05 DDR: Dialer received incoming call from <unknown>
Jul 12 18:30:31.067: As2/05 DDR: beginning callback to u01005460 0158232234500
Jul 12 18:31:05.387: As2/05 DDR: re-enable timeout
Jul 12 18:31:05.387: As2/05 DDR: beginning callback to u01005460 0158232234500
Jul 12 18:31:05.387: As2/05 DDR: No interface available for callback to u01005460 0158232234500
Jul 12 18:31:09.235: As2/05 DDR: Dialer statechange to up
Jul 12 18:31:09.235: As2/05 DDR: Dialer received incoming call from <unknown>
Jul 12 18:31:16.067: As2/05: Dialer session up timeout, 277E0410Hi,
If you could upload the following debugs, it would be more helpful for the audience:
debug dialer
debug isdn q931 (disregard if its T1/CAS)
debug modem
debug csm modem
debug chat
debug ppp nego
debug ppp authen
debug aaa authen
debug aaa authoriz
debug callback
If possible, it would be nice to see 'show ver' and 'show run' as well. However, please make sure you hide the username/passwords and ip addresses.
Thanks and Regards,
~Zulfiqar
Maybe you are looking for
-
Xml query search by date or number
table :tb column:pxml <?xml version="1.0" encoding="GBK"?> <model id="f379f851-b1f9-48bf-8ac7-dafd2b1cedb0" name="hotel" objid="8873dc02-cf83-4527-95bb-e3025469e4ba"> <property id="3100" name="thedate"> <value>2009-09-07</value> </property> <property
-
I Accodently removed mu Clash of King game from Game center, but my profile is still there, I want it back.Any solution for this situation?
-
Is there a keybaord shortcut to disable the trackpad?
When typing on the built-in keyboard of the 13" MBP is is very difficult not to inadvertently touch the trackpad and end up typing at the wrong point of the text. OK one can disable the trackpad in accessibility options when a mouse is connected but
-
How best to delete multiple emails from Inbox?
I have left tens of hundreds, 1000s?, of emails in both my sent and inbox. And wish to delete them. Is there a quicker way then one-by-one? I've tried holding down Ctrl and highlighting multiple emails without success. Please help a senior citizen ..
-
Limiting User permissions to the user folder
Hello, So I have recently been placed in charge of a network. The prior network administrator arranged the permissions so that users have access to the user folder on the server. The issue comes in where unauthorized users can access other user's