CSS 11501 Not Passing HTTPS or 443

Similar Messages

• CSS 11501 Disable plain HTTP to VIP

  Hi,
  How does one disable plaintext http access to the VIP of the 11501. In other words, is it possible to have the device listen _only_ on 443 and not on port 80 for incoming requests? We are do not want to provide plain http access to the VIP which is handling SSL encryption/decryption for our backend servers.
  thanks,
  Matt

  Matt,
  take a look at the config in my post 'Sticky Situation with CSS-11503'
  We are set to only take https traffic inbound and gets routed through the ssl module for decryption, http traffic gets an error msg if it hits the css.
  Hope this helps
  Mark

• BPEL not passing HTTP basic auth info

  The BPEL control does not seem to pass the HTTP basic auth data correctly.
  I placed the right credentials in the httpUsername and httpPassword properties for the partner link.
  I patched SOA Suite to 10.1.3.3.1 to try to solve this problem. But it still comes up with the same result.
  Any help would be greatly appreciated!

  Steps for invoking secure web services from BPEL================================================
  Add following lines in target wsdl(webservice)
  Add xmlns:ns4="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" in the namespaces section (ensure that "ns4" is not already being used!)
  Add xmlns:ns4="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" in the "schema" element
  Import the namespace http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd and provide a schemaLocation (physical file in the current directory)
  Add the following in the "message" element for the input message type:
       <s1:part name="secHeader" element="ns4:Security"/>
  Add <s3:header message="__relevant_message_name__" part="secHeader" use="literal"/> within <input> element (<binding>..<operation>)
  then in BPEL before invoke activity take one assign activity
  in assain activity xml expression to securerity variable in target variable
  <oas:Security xmlns:oas="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
  <oas:UsernameToken wsu:Id="UsernameToken-15799662" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
  <oas:Username>username</oas:Username>
  <oas:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">password</oas:Password>
  </oas:UsernameToken>
  </oas:Security>
  import xsds into local workspace
  oasis-200401-wss-wssecurity-secext-1.0.xsd
  oasis-200401-wss-wssecurity-utility-1.0.xsd
  xml.xsd
  xmldsig-core-schema.xsd

• [TECHNOTE ANNOUNCE]  Error installing Flash Player "The download did not pass the integrity check (16236.304.443)

  All,
  I've published a new technote for folks who are having trouble with the Adobe Download Manager and Flash Player.
  Error installing Flash Player "The download did not pass the integrity check (16236.304.443)
  http://kb2.adobe.com/cps/512/cpsid_51258.html
  Essentially this technote links to the Windows troubleshooting technote here:
  http://www.adobe.com/go/tn_19166
  However, before today the Windows troubleshooting technote only had an EXE install for the ActiveX version of Flash Player 10.  I have now added a link to download the EXE version of the Flash Player Plugin installer as well.
  Please point other users with integrity check errors to the first technote.

  Thank you for the update & Tech Note Announcement. I do have a couple of questions, if you could please respond.
  After uninstalling and ready to download; reading from the link you provided on 9/4/09, Should we follow the normal download instructions
  per #2. "Flash  Player download Center" and if a successful installation is not accomplished, THEN, go to "download and unzip install_Flash_Player_10_Plugin (all other windows browsers) ? Or should the latter step be done in lieu of #2 mentioned. I am assuming the download from F.P. D.L. Center would be done first and then troubleshoot by running the EXE. version of the F.P. Plugin installer.
  Experience has taught me not to assume much, and if you don't know, ask!
  Thanks for your hard work, but you have to admit, for the technically deprived, it is frustrating and confusing.

• CSS 11501 Load Balancing with X-forwarded-for

  Hi,
  We have a pair of CSS 11501,
  Currently it is using source ip for load balancing and 5 servers as backend , however we have users loggin in using http and based on its source IP (ISP PROXY) , it is forwarded to SERVER A.
  However, we have a SSL page and when the client switches over to SSL , it is forwarded to SERVER B/C/D/E  based on its source IP ( REAL CLIENT IP) .
  This will cause the user to be terminated as the 5 servers are independent and not running in a cluster.
  Is there any way that we can use the X-Forwarded-For address to load balance so that when users loging , they are sent to SERVER A (Based on X-Forwarded-For Header IP which translate to REAL CLIENT IP).
  This way we are able to also send it back to the same server when it uses SSL.
  I believe that we should be able to load balance using X-Forwarded-For IP or to rewrite the X-Forwarded-For IP into client source IP
  Regards

  Hi,
  Unfortunately CSS does not support X-Forwarded-For, and even if CSS supports that, this wont work if you are not using SSL termination.
  One option that you can use here, is using SSL termination, so you can manage the SSL traffic on HTTP on the CSS, in this way you can use the same HTTP content rule which is the one currently working.
  In summary, you will have an SSL content rule that will decrypt the traffic, and this one will use the same content rule that already exist for HTTP, in case that the server is the one doing the redirect to SSL, but this is something that requires testing since depending on the redirect behavior we might have a redirect loop, but without details it is kind of hard to confirm that you will face this with this option.
  Another option, which is less complex, is to use a portless content rule, so this content rule will match port 443 and 80 at the same time, and using sticky or balance based on source IP, you will get the same result with less config. The downside is the troubleshooting, but in this way you will have what you want.
    content HTTP-HTTPS
      vip address 10.198.44.70
      advanced-balance sticky-srcip
      add service server1
      add service server2
      add service server3
      add service server4
      add service server5
      protocol tcp
      active
  Here the content rule is not looking for the destination port, it is just looking for the source IP, and HTTP and HTTPS will end all the time on the same server.
  Thanks,
  Rodrigo

• CSS 11501 StartUp Problem

  Hi all,
  After i boot up for the first time, the CSS asked for change User/Pass, wich i perform a well known ones.
  After that it's always impossible to login.
  Is there any way of return to factory default Settings?
  or
  Is there any password recovery procedure?
  or
  What are the default User/Pass of the equipment?
  I already done a Power Off/On on it with no results.
  Best Regards,
  Petr?nio

  Hi,
  I perform the password recovery, as it was documented and then its always getting the "CSS 11501 Offline Diagnostic Monitor menu (OffDM)" Menu, even if i dont press the Y key in the bootup question "Would you like to access the Offline Diagnostic Monitor? (Y)"
  Any ideias?
  How can i test the login i changed before?
  Here is the bootup logging that appear's.
  I'm not pressing any key.
  ******** Boot UP ********
  CSS 11501 Offline Diagnostic Monitor menu (OffDM)
  Version: 08.10.1.06
  M A I N M E N U
  Enter the number of a menu selection:
  1* Set Boot Configuration
  2. Show Boot Configuration
  3* Advanced Options
  4. Reboot System
  > 4
  Are you sure you want to reboot? (y/n) [n] y
  Rebooting....
  BootRom...booting
  Copyright (1998-2002), Cisco Systems, Inc
  Locked boot flash.
  Validating operational boot flash, please wait...
  Operational boot flash valid. Jumping to operational boot flash.
  Copyright (1998-2002), Cisco Systems, Inc
  Operational boot flash.
  Attaching interrupt handlers...Done.
  Built Mar 9 2006 @ 17:56:32
  Version 08.10.1.06
  Press to enter the Diagnostic Monitor
  Ran 1 times, 24 tests. Detected 0 errors.
  Booting OffDm @ 0xbff00000
  SCM:MASTER Other:NOT-PRESENT
  Initializing the disk...OK
  Reading configuration records...
  No Primary or Secondary Boot Record Found
  FAILED
  MGMT disabled, network port not active
  Would you like to access the Offline Diagnostic Monitor? (Y)
  Booting(-) ...
  Transferring to menu...
  Waiting for commands..
  CSS 11501 Offline Diagnostic Monitor menu (OffDM)
  Version: 08.10.1.06
  M A I N M E N U
  Enter the number of a menu selection:
  1* Set Boot Configuration
  2. Show Boot Configuration
  3* Advanced Options
  4. Reboot System
  >

• CSS 11501 Load Balancing Issue

  Hi,
  We are facing some issue in load balancing in cisco CSS 11501 as we are not able to access the application  through virtual IP. Below is the ruuning configuration of the CSS:
  CSS11501# sh running-config
  !Generated on 10/06/2010 16:51:34
  !Active version: sg0810106
  configure
  !*************************** GLOBAL ***************************
    ip route 0.0.0.0 0.0.0.0 132.186.199.1 1
  !************************** CIRCUIT **************************
  circuit VLAN1
    ip address 132.186.199.145 255.255.255.0
  !************************** SERVICE **************************
  service Server1
    ip address 132.186.199.243
    port 5001
    protocol tcp
    keepalive port 5001
    active
  service Server2
    ip address 132.186.199.246
    protocol tcp
    port 5001
    keepalive port 5001
    active
  !*************************** OWNER ***************************
  owner L5_Owner
    content L3_Rule
      vip address 132.186.199.146
      protocol tcp
      port 5001
      add service Server1
      add service Server2
      active
    content L5_Rule
      vip address 132.186.199.146
      add service Server1
      add service Server2
      protocol tcp
      port 5001
      url "//132.186.199.146:5001/emi"
      active
  CSS11501#
  Observation : We are able to telnet on VIP: 132.186.199.146 on port 5001,  but not able to access the application.
  In Actual scenarion customer access  application by accessing URL: http://132.186.199.243:5001/emi and once he enter this URL in web browser the request redirects ( by server itself)  to URL: https://132.186.199.44:6002/cas/login?service=http%3A%2F%2F132.186.199.243%3A5001%2Femi%2Findex.jsp&acceptStrength=BASIC on backend server for user authenticaton and once user is authenticated then it again redirect to main URL ( http://132.186.199.243:5001/emi ) to access the application but when we are trying to access the application through VIP ( URL: http://132.186.199.146:5001/emi) we are not getting the login page as the request is not gettting redirected to backend server for user authentication.
  Please suggest a solution here.

  The problem is that you are in one-armed mode.
  So you need to configure client nat.
  Without nating the client ip address, the server response goes back directly to the client and bypasses the CSS.
  Therefore the client receives a response from an unknown server ip address (not the vip).
  So configure a group.
  For example
  group Client
      vip address 132.186.199.146
      add destination service Server1
       add destination service Server2
      active
  Also, remove the url command from your content rule.
  It is useless in your case and will just make performance worst.
  Gilles.

• Lbplugin not passing pages that end in .html through

  Hi,
  We are running SunOne 7.0 U2 webserver with the installed lbplugin for SUN Appserver (Glassfish). I've set up the loadbalancer.xml to pass the context root through to the appserver cluster, but any page in the war file that ends in .html is not passing through, but throwing a 404 error. It looks like the web server is looking locally for the files. I've tried everything I can think of to force it, but not sure what else to do. All images, etc. come through fine - just files ending in .html don't.
  I've made sure the plugin is at the top of the magnus.conf, the NameTrans directive is the first one in the server-obj.conf file, etc.
  Thanks!

  Thanks, tried that, but the same behavior persists. The log shows that the /ac2 path (weblogic) gave a 404 not found because it was handled by the JSP engine. Local JSPs work (this is with the ntrans-j2ee still in the default block).
  fine: Registering j2eeType=WebModule,name=//glassdev/,J2EEApplication=null,J2EEServer=none for null
  fine: Configuring default Resources
  fine: setName /com.sun.web-1/glassdev1
  fine: Register Realm com.sun.web-1:type=Realm,path=/,host=glassdev
  fine: valve parent=,path=/,host=glassdev com.sun.web-1:j2eeType=WebModule,name=//glassdev/,J2EEApplication=null,J2EEServer=none
  fine: valve objectname = com.sun.web-1:type=Valve,name=StandardContextValve,path=/,host=glassdev
  fine: Processed default web.xml /programs/sunone/70u2/https-glassdev/config/default-web.xml 505
  fine: debug reports: Entering into method : name_trans_lbplugin
  fine: debug reports: /WEB-INF/web.xml
  fine: debug reports: Exiting out of method : name_trans_lbplugin
  fine: PWC3013: Missing application web.xml, using defaults only StandardEngine[com.sun.web-1].StandardHost[glassdev].StandardContext[]
  fine: Bound StandardEngine[com.sun.web-1].StandardHost[glassdev].StandardContext[]
  fine: Creating JNDI naming context
  fine: Create/use TLD listener cache? false
  fine: Adding tld listeners:0
  fine: Registering com.sun.web-1:type=Manager,path=/,host=glassdev
  fine: Start: Loading persisted sessions
  fine: Posting standard context attributes
  fine: Configuring application event listeners
  fine: Sending application start events
  fine: Starting filters
  fine: debug reports: Entering into method : name_trans_lbplugin
  fine: debug reports: /
  fine: debug reports: Exiting out of method : name_trans_lbplugin
  fine: Checking for com.sun.web-1:j2eeType=WebModule,name=//glassdev/,J2EEApplication=null,J2EEServer=none
  fine: valve parent=,host=glassdev com.sun.web-1:type=Host,host=glassdev
  fine: valve objectname = com.sun.web-1:type=Valve,name=StandardHostValve,host=glassdev
  fine: valve parent= com.sun.web-1:type=Engine
  fine: valve objectname = com.sun.web-1:type=Valve,name=StandardEngineValve
  fine: Adding web module : context = , location = /local/htdocs
  fine: WebModule[/]: adding pattern "/" for resource "default"
  fine: WebModule[/]: adding pattern "*.jspx" for resource "jsp"
  fine: WebModule[/]: adding pattern "/servlet/*" for resource "invoker"
  fine: WebModule[/]: adding pattern "*.jsp" for resource "jsp"
  finefine: Waiting until the server is readySo I first try to request a JSP that is remote on Weblogic (this works if I comment out the NameTrans for ntrans-j2ee, but of course local jsps don't then)
  [15/Aug/2008:15:27:24] fine (14584) glassdev: debug reports: /ac2/wp-dyn/jsp/enc/html/perlBody.jsp
  [15/Aug/2008:15:27:24] fine (14584) glassdev: debug reports: Exiting out of method : name_trans_lbplugin
  [15/Aug/2008:15:27:24] fine (14584) glassdev: trying to GET /ac2/wp-dyn/jsp/enc/html/perlBody.jsp, ntrans-j2ee reports: mapped uri "/ac2/wp-dyn/jsp/enc/html/perlBody.jsp" in context "" to resource "jsp"
  [15/Aug/2008:15:27:24] fine (14584) glassdev: debug reports: Entering into method : name_trans_lbplugin
  [15/Aug/2008:15:27:24] fine (14584) glassdev: debug reports: /ac2/wp-dyn/jsp/enc/html/perlBody.jsp
  [15/Aug/2008:15:27:24] fine (14584) glassdev: debug reports: Exiting out of method : name_trans_lbplugin
  [15/Aug/2008:15:27:24] fine (14584) glassdev: trying to GET /ac2/wp-dyn/jsp/enc/html/perlBody.jsp, ntrans-j2ee reports: mapped uri "/ac2/wp-dyn/jsp/enc/html/perlBody.jsp" in context "" to resource "jsp"
  [15/Aug/2008:15:27:24] failure (14584) glassdev: for host 172.16.55.136 trying to GET /ac2/wp-dyn/jsp/enc/html/perlBody.jsp, service-j2ee reports: PWC6117: File "/ac2/wp-dyn/jsp/enc/html/perlBody.jsp" not foundBut local JSPs still work and other requests (not ending in .jsp) to Glassfish also work
  [15/Aug/2008:15:27:43] fine (14584) glassdev: debug reports: Entering into method : name_trans_lbplugin
  [15/Aug/2008:15:27:43] fine (14584) glassdev: debug reports: /wp-adv/jobs4/empty.jsp
  [15/Aug/2008:15:27:43] fine (14584) glassdev: debug reports: Exiting out of method : name_trans_lbplugin
  [15/Aug/2008:15:27:43] fine (14584) glassdev: for host 172.16.55.136 trying to GET /wp-adv/jobs4/empty.jsp, ntrans-j2ee reports: mapped uri "/wp-adv/jobs4/empty.jsp" in context "" to resource "jsp"
  [15/Aug/2008:15:27:43] fine (14584) glassdev: for host 172.16.55.136 trying to GET /wp-adv/jobs4/empty.jsp, service-j2ee reports: context=[StandardEngine[com.sun.web-1].StandardHost[glassdev].StandardContext[]] contextPath=[] wrapper=[StandardEngine[com.sun.web-1].StandardHost[glassdev].StandardContext[].StandardWrapper[jsp]] servletPath=[/wp-adv/jobs4/empty.jsp] pathInfo=[null]
  [15/Aug/2008:15:27:43] fine (14584) glassdev: debug reports: Entering into method : name_trans_lbplugin
  [15/Aug/2008:15:27:43] fine (14584) glassdev: debug reports: /wp-adv/jobs4/empty.jsp
  [15/Aug/2008:15:27:43] fine (14584) glassdev: debug reports: Exiting out of method : name_trans_lbplugin
  [15/Aug/2008:15:27:43] fine (14584) glassdev: trying to GET /wp-adv/jobs4/empty.jsp, ntrans-j2ee reports: mapped uri "/wp-adv/jobs4/empty.jsp" in context "" to resource "jsp"
  [15/Aug/2008:15:27:43] fine (14584) glassdev: for host 172.16.55.136 trying to GET /wp-adv/jobs4/empty.jsp, service-j2ee reports: JspEngine --> [/wp-adv/jobs4/empty.jsp] ServletPath: [/wp-adv/jobs4/empty.jsp] PathInfo: [null] RealPath: [/local/htdocs/dev/wp-adv/jobs4/empty.jsp] RequestURI: [/wp-adv/jobs4/empty.jsp] QueryString: [null]
  [15/Aug/2008:15:27:43] fine (14584) glassdev: debug reports: Entering into method : name_trans_lbplugin
  [15/Aug/2008:15:27:43] fine (14584) glassdev: debug reports: /wp-adv/jobs4/empty.jsp
  [15/Aug/2008:15:27:43] fine (14584) glassdev: debug reports: Exiting out of method : name_trans_lbplugin
  [15/Aug/2008:15:27:43] fine (14584) glassdev: trying to GET /wp-adv/jobs4/empty.jsp, ntrans-j2ee reports: mapped uri "/wp-adv/jobs4/empty.jsp" in context "" to resource "jsp"
  [15/Aug/2008:15:27:43] fine (14584): Updating accelerator cache
  [15/Aug/2008:15:27:43] fine (14584) glassdev: debug reports: Entering into method : name_trans_lbplugin
  [15/Aug/2008:15:27:43] fine (14584) glassdev: debug reports: /wp-adv/jobs4/empty.jsp
  [15/Aug/2008:15:27:43] fine (14584) glassdev: debug reports: Exiting out of method : name_trans_lbplugin
  [15/Aug/2008:15:27:43] fine (14584) glassdev: trying to GET /wp-adv/jobs4/empty.jsp, ntrans-j2ee reports: mapped uri "/wp-adv/jobs4/empty.jsp" in context "" to resource "jsp"
  [15/Aug/2008:15:27:43] fine (14584) glassdev: debug reports: Entering into method : name_trans_lbplugin
  [15/Aug/2008:15:27:43] fine (14584) glassdev: debug reports: /wp-adv/jobs4/empty.css
  [15/Aug/2008:15:27:43] fine (14584) glassdev: debug reports: Exiting out of method : name_trans_lbplugin
  [15/Aug/2008:15:27:43] warning (14584) glassdev: for host 172.16.55.136 trying to GET /wp-adv/jobs4/empty.css, send-file reports: HTTP4142: can't find /local/htdocs/dev/wp-adv/jobs4/empty.css (File not found)
  [15/Aug/2008:15:27:44] fine (14584): Updating accelerator cache
  [15/Aug/2008:15:27:49] fine (14584) glassdev: debug reports: Entering into method : name_trans_lbplugin
  [15/Aug/2008:15:27:49] fine (14584) glassdev: debug reports: /gog/index.html
  [15/Aug/2008:15:27:49] fine (14584) glassdev: debug reports: Exiting out of method : name_trans_lbplugin
  [15/Aug/2008:15:27:49] fine (14584) glassdev: debug reports: Entering into method : service_lbplugin
  [15/Aug/2008:15:27:49] fine (14584) glassdev: debug reports: BXKh
  [15/Aug/2008:15:27:49] info (14584) glassdev:  reports: lb.monitor: RNTM2901: RequestStart Sticky 00001218828469048497000760512 1218814069048 http://glassdev.digitalink.com/gog/index.html
  [15/Aug/2008:15:27:49] fine (14584): Updating accelerator cache
  [15/Aug/2008:15:27:53] info (14584):  reports: lb.monitor: HLCK1006: UnhealthyInstances GoG 1218814073080 NoUnhealthyInstances
  [15/Aug/2008:15:27:54] fine (14584): reaping 1 keep-alive connections
  [15/Aug/2008:15:27:57] info (14584) glassdev:  reports: lb.monitor: RNTM2904: RequestExit Sticky 00001218828469048497000760512 1218814077881 http://glassdev.digitalink.com/gog/index.html http://fishdev1:38080 8833
  [15/Aug/2008:15:27:57] fine (14584) glassdev: debug reports: Exiting out of method : service_lbplugin
  [15/Aug/2008:15:27:58] fine (14584) glassdev: debug reports: Entering into method : name_trans_lbplugin
  [15/Aug/2008:15:27:58] fine (14584) glassdev: debug reports: /gog/css/gog-movie-trailers.css
  [15/Aug/2008:15:27:58] fine (14584) glassdev: debug reports: Exiting out of method : name_trans_lbplugin
  [15/Aug/2008:15:27:58] fine (14584) glassdev: debug reports: Entering into method : service_lbplugin
  [15/Aug/2008:15:27:58] fine (14584) glassdev: debug reports: BXKhSo to test what I experienced with files ending in .html searching the server root instead of the doc root (which is why I added the htdocs object block), I created the directory structure off the root of the system and put the text "test" in the perlBody.jsp file:
  bash-3.00# pwd
  /ac2/wp-dyn/jsp/enc/html
  bash-3.00# ls -al
  total 6
  drwxr-xr-x   2 root     root         512 Aug 15 15:36 .
  drwxr-xr-x   3 root     root         512 Aug 15 15:36 ..
  -rw-r--r--   1 root     root           5 Aug 15 15:36 perlBody.jsp
  bash-3.00# cat perlBody.jsp
  test and hit the URL again and what should appear in my browser? Not a "not found", but "test". So this definitely looks like a bug in both the SHTML processing and proxy plugin processing.
  [15/Aug/2008:15:36:55] fine (14584) glassdev: trying to GET /ac2/wp-dyn/jsp/enc/html/perlBody.jsp, ntrans-j2ee
  reports: mapped uri "/ac2/wp-dyn/jsp/enc/html/perlBody.jsp" in context "" to resource "jsp"
  [15/Aug/2008:15:36:55] fine (14584) glassdev: debug reports: Entering into method : name_trans_lbplugin
  [15/Aug/2008:15:36:55] fine (14584) glassdev: debug reports: /ac2/wp-dyn/jsp/enc/html/perlBody.jsp
  [15/Aug/2008:15:36:55] fine (14584) glassdev: debug reports: Exiting out of method : name_trans_lbplugin
  [15/Aug/2008:15:36:55] fine (14584) glassdev: trying to GET /ac2/wp-dyn/jsp/enc/html/perlBody.jsp, ntrans-j2ee
  reports: mapped uri "/ac2/wp-dyn/jsp/enc/html/perlBody.jsp" in context "" to resource "jsp"
  [15/Aug/2008:15:36:55] fine (14584) glassdev: debug reports: Entering into method : name_trans_lbplugin
  [15/Aug/2008:15:36:55] fine (14584) glassdev: debug reports: /WEB-INF/tagPlugins.xml
  [15/Aug/2008:15:36:55] fine (14584) glassdev: debug reports: Exiting out of method : name_trans_lbplugin
  [15/Aug/2008:15:36:55] fine (14584) glassdev: for host 172.16.55.136 trying to GET /ac2/wp-dyn/jsp/enc/html/pe
  rlBody.jsp, service-j2ee reports: Generated /programs/sunone/70u2/https-glassdev/generated/glassdev/default-we
  bapp//org/apache/jsp/ac2/wp_002ddyn/jsp/enc/html/perlBody_jsp.java total=276 generate=73 validate=192
  [15/Aug/2008:15:36:55] fine (14584) glassdev: for host 172.16.55.136 trying to GET /ac2/wp-dyn/jsp/enc/html/pe
  rlBody.jsp, service-j2ee reports: Using classpath: /programs/sunone/70u2/lib/webserv-rt.jar:/programs/sunone/7
  0u2/lib/pwc.jar:/programs/sunone/70u2/lib/ant.jar:/programs/sunone/70u2/jdk/lib/tools.jar:/programs/sunone/70u
  2/lib/ktsearch.jar:/programs/sunone/70u2/lib/webserv-jstl.jar:/programs/sunone/70u2/lib/jsf-impl.jar:/programs
  /sunone/70u2/lib/jsf-api.jar:/programs/sunone/70u2/lib/webserv-jwsdp.jar:/programs/sunone/70u2/lib/container-a
  uth.jar:/programs/sunone/70u2/lib/mail.jar:/programs/sunone/70u2/lib/activation.jar::/programs/sunone/70u2/htt
  ps-glassdev/generated/glassdev/default-webapp:/programs/sunone/70u2/lib/webserv-rt.jar:/programs/sunone/70u2/l
  ib/pwc.jar:/programs/sunone/70u2/lib/ant.jar:/programs/sunone/70u2/jdk/lib/tools.jar:/programs/sunone/70u2/lib
  /ktsearch.jar:/programs/sunone/70u2/lib/webserv-jstl.jar:/programs/sunone/70u2/lib/jsf-impl.jar:/programs/suno
  ne/70u2/lib/jsf-api.jar:/programs/sunone/70u2/lib/webserv-jwsdp.jar:/programs/sunone/70u2/lib/container-auth.j
  ar:/programs/sunone/70u2/lib/mail.jar:/programs/sunone/70u2/lib/activation.jar:/programs/sunone/70u2/https-gla
  ssdev/config/:/programs/sunone/70u2/jdk/jre/lib/ext/dnsns.jar:/programs/sunone/70u2/jdk/jre/lib/ext/sunjce_pro
  vider.jar:/programs/sunone/70u2/jdk/jre/lib/ext/localedata.jar:/programs/sunone/70u2/jdk/jre/lib/ext/sunpkcs11
  .jar
  [15/Aug/2008:15:36:57] fine (14584) glassdev: for host 172.16.55.136 trying to GET /ac2/wp-dyn/jsp/enc/html/pe
  rlBody.jsp, service-j2ee reports: Compiled /programs/sunone/70u2/https-glassdev/generated/glassdev/default-web
  app//org/apache/jsp/ac2/wp_002ddyn/jsp/enc/html/perlBody_jsp.java 1890ms

• Cisco CSS 11501 - High-Availabilty

  We have a single CSS 11501 and were thinking about just buying a new one and putting it online as the standby with statefull (hopefully) failover, but weren't sure that this would work.
  Does anyone know what is needed to create a high-availability Cisco CSS 11501 environment?
  Do you only need 2 CSS 11501 and then configure them with one being active and the other being in a standby mode, like a PIX?
  Is there a HA Cable that would need to be connected between the 2 CSS's?
  Thanks in Advanced.
  Joe

  Daniel,
  There is a new stateful failover mechanism for the Cisco CSS 11500.
  This description is a bit "salesy" I know, but it covers the question asked :-)
  The Cisco CSS 11500 delivers ASR—the industry's first stateful Layer 5 session redundancy feature that enables failover of important flows while maximizing performance. Some flows—such as a long-lived File Transfer Protocol (FTP) or a database session — may be mission critical, but many are not. Most solutions on the market today require all traffic—important or not—to be backed up from one box to another. If the majority of flows are not critical, then most of system performance is wasted on unnecessary back
  ups. With ASR, the Cisco CSS 11500 may be configured so critical flows are marked as replication worthy, whereas others do not need to be so marked. ASR focuses traffic management resources precisely where needed.
  Better yet, have a look at the following link focusing on the section on Stateless Redundancy.
  http://www.cisco.com/univercd/cc/td/doc/product/webscale/css/css_510/advcfggd/redndncy.htm
  Regards
  Pete..

• CSS 11501 Trouble shooting data throughput

  I have two groups of servers that talk to each other through the Load Balancer. It appears that on certain transactions where there is a "get", "head" or "trace" in the actual http data, the transaction is not forwarded through the CSS 11501. This happens maybe once in 11,000 transactions. It appears the word get, head or trace has to be in a certain part of the data payload to cause this problem too occur. Has anybody heard of such an issue? If so, do you have a work around? If not, any suggestion on how I can further isolate the issue. FYI I have a TAC case open but it does not appear to be going any where any time soon.

  is it happening in the middle of a persistent connection or with the first request ?
  There are 2 possibilities I can think off.
  First one would be a flow timeout and the next request is just dropped because the css reclaim the fcb.
  The 2nd option is that by default the CSS does not support the "TRACE" http method.
  It must be enabled.
  See info at :
  http://www.cisco.com/en/US/products/hw/contnetw/ps792/products_command_reference_chapter09186a008040c3cf.html
  So, configure a flow-timeout-multiplier and enable parsing of rfc2518 methods.
  Gilles.

• X-Forwarded-For CSS 11501

  I was wondering if someone can tell me if it is possible to utilize X-Forwarded-For on a CSS 11501. We have a pair that is configured in a one-armed mode which prevents us from seeing the client's IP address. I've done it on an F5, but can't find anything for the CSS.
  Has anyone done this?
  Thanks!

  CSS can check for the x-Forwarded-for field and its contents but cannot inject it. It means if you are using source groups (source nat) then its not possible for CSS to insert the client IP in the HTTP header.
  Syed

• Cisco CSS 11501 Capacity Planning

  We have a pair of CSS 11501 units which currently have one VIP in front of two servers. Hence they are not being utilised at all.
  I've been asked about putting some additional services on these but have no idea what sort of capacity they could take, i.e. max servers, max VIPs, max users/connections.
  I've looked around but cannot find any documentation that helps. The following: http://www.cisco.com/en/US/prod/collateral/contnetw/ps5719/ps792/product_data_sheet0900aecd800f851e.html document states it has a '6Gbps Bandwidth Aggregate', which is strange as it doesn't even have that physical capacity?
  Any help appreciated.

  http://www.cisco.com/en/US/prod/collateral/contnetw/ps5719/ps792/product_data_sheet0900aecd800f851e.html
  No limit for vip and server (except you need to keep your conig under 10k lines)
  Number of concurrent connections is 200k per module and there is only 1 module in the 11501
  Gilles.

• High CPU utilization on CSS 11501 version sg0750303

  Hi everyone,
  I have the problem about High CPU utilization on CSS 11501 version sg0750303.
  Our customer has used one pair of CSS 11501 (active-standby).
  As a matter of convenience, called "Old CSS" after here in this post.
  However traffic via Old CSS had been increasing so customer decided to add one more
  pair (active-standby) of CSS to separate traffic.
  Yesterday we installed new two CSS 11501 version sg0750303 (active-standby).
  As a matter of convenience, called "New CSS" after here in this post.
  Today, active CSS 11501 and standby CSS 11501 which were installed yesterday (New CSSs)
  indicates High CPU utilization.
  Active CSS 11501:
  Peak CPU utilization: about 85%
  Average CPU Utilization: about 60%
  Standby CSS 11501:
  Peak CPU utilization: about 40%
  Average CPU Utilization: unknown
  I do not understand why CPU utilization of both New CSSs become high.
  The traffic pass through New CSS less than Old CSS, because the traffic is separated into
  Old CSS and New CSS.
  And CSS's configuration parameters (service, content, access-list) also less than Old CSS,
  because real servers are also separated into Old CSS and New CSS.
  Old CSS indicated average of CPU utilization about 20% before installing New CSSs yesterday,
  in spite of all traffic pass through Old CSS only.
  I wrote "New CSS remains High CPU utilization", however end users do not feel the
  performance issue (e.g., performance delay, communication failure and so on) and
  the traffic pass through New CSS normally.
  So I have the question "CSS 11501 sg0750303 remains High CPU utilization on normal situation ?"
  And customer uses MTRG to poll SNMP for Old CSSs and New CSSs.
  So I have the question "CSS 11501 sg0750303 become High CPU utilization in case of receiving
  SNMP polling ?".
  Or if this situation is abnormal we need to start investigation.
  Would you please let me know how do we investigate this situation.
  I found the DDTS CSCek57080 "Performance issue using arrowpoint-cookie with ASR".
  Release note of this DDTS says that
  A customer was using a CSS pair configuration where arrowpoint-cookie
  is being used along with a redundant-index on many content rules. When
  the flow rate increased to a few hundred flows/sec, the peer message
  queue of the CSS receiving ASR related message began to fill up.
  When the peer message queue became over subscribed, the CPU increased
  and the CSS became unstable.
  New CSSs have configured redunrant-index on two content rules, and end users do not feel the
  performance issue (e.g., performance delay, communication failure and so on) and
  the traffic pass through New CSS normally.
  So I think this DDTS does not related to this case.
  Your information would be greatly appreciated.
  Best regards,

  Gilles,
  Thank you very much for your cooperation.
  I got the capture you instructed us.
  The following are additional information from our customer.
  At time user traffic path through the active CSS, active CSS indicates;
  CPU utilization always range of 30% - 40%
  Peak CPU utilization about 60% - 80%
  At time there is no user traffic pass through active CSS, active CSS indicates;
  CPU utilization always range of 0% - 5%
  Attached files are named "Active CSS.log" and "Standby CSS.log".
  "Active CSS.log" is captured on active CSS and "Standby CSS.log" is captured on
  standby CSS.
  I found the following process is using resource by looking the output of
  "shell 1 1 spyReport" command.
  On active CSS,
  tFlowMgrPktR 8ba24070 50 26% ( 1469) 20% ( 26)
  On standby CSS,
  fmPeerMsgTas 8a511510 50 16% ( 176) 10% ( 7)
  Your comment would be greatly appreciated.
  Best regards,

• Removing warning for "Default CSS file not found."

  I am getting this warning in Flash Builder:
  "Default CSS file not found."
  I can not for the life of me figure out how to get rid of it. Any suggestions?

  Default css file can be specified as a compiler option (per SWC, I think).
  See http://livedocs.adobe.com/flex/3/html/help.html?content=compilers_14.html
  For example, flex framework has a default CSS file: C:\Program Files\Adobe\Adobe Flash Builder 4\sdks\3.5.0\frameworks\projects\framework\default.css
  Do you have some library project or a swc with default css file option turned on, but the css file is missing?

• Dashboard prompt value is not passing into the report

  Hi,
  I am using OBIEE 10g. The problem is in Oracle BI Answers
  I have a prompt and its related report. In the prompt, in one of the column, I am using sql result. The sql query is a co-related sub query where i have used 2 tables. employee_data and employee_region. The reason for using sub-query is that there is no data_center column in the employee_data table. It has the records for all the data_center e.g USA, UK,IND,AUSTRALIA etc So, I used the sub query with condition which will give the result on a particular data center (here it is USA) and this sub query's output is input for the main query. And the prompts works fine and gives correct result
  The sql query used for the column in the prompt (in Oracle BI Answers) as
  SELECT EMPLOYEE_DATA.ENAME FROM EMPLOYEE WHERE EMPLOYEE_DATA.ENAME IN (SELECT EMPLOYEE_REGION.ENAME FROM EMPLOYEE WHERE EMPLOYEE_REGION.DATA_CENTER = 'USA')Now in the report, there are 2 coulmns. - EMPLOYEE_DATA.ENAME and EMPLOYEE_REGION.DATA_CENTER
  I have used the main column EMPLOYEE_DATA.ENAME for filter as 'prompted'.
  The problem is the value from the prompt is not passing from the prompt to the report, what I found. Because, instead of showing the result for 'USA' data_center, It also shows other data_center 's (UK,IND,AUSTRALIA) data.
  How filter condition I should use for EMPLOYEE_DATA.ENAME column in the report so that the prompt value will pass to the report properly ?
  Thanks
  Edited by: Kuldip on Feb 21, 2013 6:17 AM

  Hi Kuldip,
  There are 2 ways of doing it.
  1. Nice and good: For the section where the report is put have a condition to display only if it returns rows. For details please refer to :
  http://bischool.wordpress.com/category/guided-navigation/
  2. The easy way: Add a "No Result" view to your report and add few spaces in the text.
  Let me know if this helped.
  Regards,
  Jay