Debug on FWSM
How can you perform a debug packet on a FWSM? The traffic is in the Data Plane of the FWSM and not the control plane, so the debug command cannot see the through traffic.
Any ideas???
Hi Jeramel,
I'm not quite sure what you are looking for. Syslogs are your best bet for tracking when the FWSM creates and tearsdown a connection.
"show conn" will display the current connections passing through the FWSM, along with their state, and what inspections are applied to them.
"debug tcp" on the ASA is really showing some internal checks which the ASA is performing on the TCP packets. It should not be used on a loaded ASA. As it is very verbose.
What exactly are you looking to acheive?
Sincerely,
David.
Similar Messages
-
Can you do a debug of TCP sessions in a FWSM?
Hello,
Is there any debug or show command to see when the tcp connections are opened or closed in an FWSM? I know that in the current versions of ASA for this you can do a "debug tcp", but there is any command on the FWSM to do something like this?
Thanks in advance.Hi Jeramel,
I'm not quite sure what you are looking for. Syslogs are your best bet for tracking when the FWSM creates and tearsdown a connection.
"show conn" will display the current connections passing through the FWSM, along with their state, and what inspections are applied to them.
"debug tcp" on the ASA is really showing some internal checks which the ASA is performing on the TCP packets. It should not be used on a loaded ASA. As it is very verbose.
What exactly are you looking to acheive?
Sincerely,
David. -
Puedes un hace debugging de las sesiones TCP en un FWSM?
Hola,
Existe algun debug para ver las conexiones tcp que se van abriendo y cerrando en un FWSM? Se que las versiones actuales de ASA
para esto puedes hacer un "debug tcp", pero existe algun comando en el FWSM que haga algo similar a esto?
Saludos.You might have a higher chance for answers if you asked in english.
Rgds, MiKa -
FWSM (where is the debug troubleshooting facilities?)
Hi,
Thanks for reading ... hope someone can help.
I have just taken over some FWSM running fairly old code (3.1)
I have previously worked with ASA and PIX's, so this is fairly new to me.
I am troubleshooting some traffic issues. I noticed a few commands/tools that are not available.
There is no "debug NAT " facility unlike on the ASA's
There is no capture "match" command boo hoo.
And there is no "packet tracer" ASDM tool ..... which is a fantastic troubleshooting tool.
Any advise really really appreciated.
Thanksnat
MattSorry to disappoint, but unfortunately there won't be feature to feature parity between ASA and FWSM.
It is indeed very similar in terms of configuration, but FWSM is lacking quite a number of tools that ASA has.
FWSM will be replaced by ASA-SM which has the exact same tools as the existing ASA appliance. -
Problem with FWSM and L3 interface in same switch
I have two 6513s with an 802.1q trunk connecting them. Each switch has redundant Sup720s running in Native mode, IOS ver 12.2(18)SXF (they were initially running SXD3). A FWSM (ver 2.3(3), routed mode, single context) is in each switch, setup in failover mode.
I can not get a PC, in a vlan that has the layer 3 interface defined on the switch with the active FWSM in it, to communicate with devices "behind" the FWSM. If I move the layer 3 configuration for that vlan to the other 6513, everything works fine.
The MSFCs are on the inside of the firewall, they have a layer 3 interface configured in the same vlan as the FWSM "inside" interface. Several "same security level" interfaces are defined on the FWSM and used to protect server farms. I am using OSPF on the MSFCs and FWSM and the routing table is correct.
The FWSM builds connections for attempts made by the PC with the layer 3 interface defined on the same switch as the active FWSM just fine, so this is not a FWSM ACL problem.
A ping of the FWSM "inside" interface from a PC with the layer 3 interface defined on the same switch as the active FWSM fails, even though debug icmp trace on the FWSM shows the request and the response. A packet capture, using the NAM-2, shows only the request packets. I have captured on the common vlan and the FWSM backplane port channel interface.
Just to add to the confusion, if I capture in the same places, but do the ping from a PC that is in a vlan with the layer 3 interface defined in the 6513 that does not contain the active FWSM, which works fine, I see the request and reply on the common vlan capture, but only the request on the port channel capture.
This problem has been there from the beginning of this implementation and has not changed with IOS and FWSM software upgrades. I have experienced this with any and all vlans that I tried to define the layer 3 interface for on the switch with the active FWSM. I have MLS turned on.
If anyone else has experienced this and solved it, or knows what is going on, I would appreciate any insight.
Thanks.
KeithI will have to get setup to record more data, but I do know the FWSM showed a ping request and a ping reply at the "inside" interface.
I believe my problem is related to the IOS command "firewall multiple-vlan-interfaces" which I put in place to allow IPX traffic to be brought around the FWSM. The little documentation that there is for this command, states that policy routing may need to be implemented to prevent ip packets from going around the firewall. I do not have any policy routing in place.
I also do not have any active layer three interfaces defined for any of the vlans assigned to the firewall except the "inside" interface. So my resoning was that I did not need to be concerned about ip packets having a way around the FWSM. My suspicion is that this command and the fact that I have mls on is causing some type of a problem which results in the packet being "lost" when it needs to be going through the MSFC in the switch with the active FWSM to get to the PC. Hopefully that makes some sense.
Do you have any idea where better documention on using the "firewall multiple-vlan-interfaces" may be, or a better explanation of all that is happening inside the switch when that command is used?
Thanks. -
Hi!
I have FWSM running 4.1(6) with two security contexts.
The context test config is:
FWSM/test# sh run
: Saved
FWSM Version 4.1(6) <context>
hostname test
domain-name fwsm.spbstu.ru
enable password 8Ry2YjIyt7RRXU24 encrypted
names
dns-guard
interface Vlan556
nameif inside
security-level 100
ip address 192.168.100.254 255.255.255.0
interface Vlan557
nameif dmz
security-level 50
ip address 172.16.2.1 255.255.255.0
passwd 2KFQnbNIdI.2KYOU encrypted
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
access-list permit_any extended permit tcp any any
access-list permit_any extended permit udp any any
access-list permit_any extended permit ip any any
access-list dmz_in extended permit icmp any any
access-list dmz_in extended permit udp any any
access-list dmz_in remark dmz_in
access-list dmz_in extended permit tcp any any
access-list dmz_out extended permit icmp any any
access-list dmz_out extended permit udp any any
access-list dmz_out extended permit tcp any any
access-list inside_in extended permit tcp any eq 3389 any
access-list inside_in extended permit tcp any any
access-list inside_in extended deny ip any any
access-list inside_out extended permit icmp any any
access-list inside_out extended permit udp any any
access-list inside_out extended permit tcp any any
pager lines 24
logging enable
logging console debugging
logging buffered debugging
logging asdm debugging
mtu inside 1500
mtu dmz 1500
no asdm history enable
arp timeout 14400
nat-control
access-group permit_any in interface inside
access-group permit_any out interface inside
access-group permit_any in interface dmz
access-group permit_any out interface dmz
route dmz 0.0.0.0 0.0.0.0 172.16.2.254 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 1:00:00 h225 1:00:00 mgcp 0:05:00
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout sip-invite 0:03:00 sip-disconnect 0:02:00
timeout pptp-gre 0:02:00
timeout uauth 0:05:00 absolute
username cisco password ZBZ8GNEdrJsjFvsR encrypted
aaa authentication ssh console LOCAL
aaa authentication telnet console LOCAL
aaa authentication http console LOCAL
http server enable
no snmp-server location
no snmp-server contact
telnet timeout 60
ssh timeout 60
class-map inspection_default
match default-inspection-traffic
policy-map global_policy
class inspection_default
inspect dns
inspect ftp
inspect netbios
inspect rsh
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
inspect icmp
inspect http
service-policy global_policy global
Cryptochecksum:632fecb27da8e4b662d4197c60f1b22a
: end
Routing and vlan config is fine for sure.
but access is denied while ACL counters are 0
Does anybody have any ideas where I should look more carefully?
system context config is
FWSM# sh run
: Saved
FWSM Version 4.1(6) <system>
resource acl-partition 12
hostname FWSM
enable password 8Ry2YjIyt7RRXU24 encrypted
interface Vlan555
interface Vlan556
interface Vlan557
interface Vlan1216
passwd 2KFQnbNIdI.2KYOU encrypted
class default
limit-resource IPSec 5
limit-resource Mac-addresses 65535
limit-resource ASDM 5
limit-resource SSH 5
limit-resource Telnet 5
limit-resource All 0
ftp mode passive
pager lines 24
no failover
no asdm history enable
arp timeout 14400
console timeout 0
admin-context admin
context admin
description default_context
member default
allocate-interface Vlan1216
allocate-interface Vlan555
allocate-acl-partition 0
config-url disk:/admin.cfg
context test
description test
member default
allocate-interface Vlan556
allocate-interface Vlan557
allocate-acl-partition 1
config-url disk:/CON_test.cfg
prompt hostname context
Cryptochecksum:ae682011fefdab9a0e4eeda02ca49c6e
: endaccess-list permit_any extended permit tcp any any
access-list permit_any extended permit udp any any
access-list permit_any extended permit ip any any
access-list permit_any extended permit icmp any any
access-group permit_any in interface inside
access-group permit_any out interface inside
access-group permit_any in interface dmz
access-group permit_any out interface dmz
I don't understand why FWSM denies ICMP:
( I am pinging from Cat6509 SUP 172.16.2.254 ( which is on dmz interface ) the host on inside interface 192.168.100.250:
%FWSM-3-106010: Deny inbound icmp src dmz:172.16.2.254 dst inside:192.168.100.250 (type 8, code 0)
%FWSM-3-106010: Deny inbound icmp src dmz:172.16.2.254 dst inside:192.168.100.250 (type 8, code 0)
%FWSM-3-106010: Deny inbound icmp src dmz:172.16.2.254 dst inside:192.168.100.250 (type 8, code 0)
%FWSM-7-111009: User 'enable_15' executed cmd: show logging
%FWSM-3-106010: Deny inbound icmp src dmz:172.16.2.254 dst inside:192.168.100.250 (type 8, code 0)
%FWSM-3-106010: Deny inbound icmp src dmz:172.16.2.254 dst inside:192.168.100.250 (type 8, code 0)
Any ideas? -
Reg:FWSM router mode issue
Hi,
I have a Cisco FWSM installed on Cisco 7613 router,the topology is like mentioned below,
7613+{FWSM}------3560---------3560----[10.220.0.0/29,10.220.1.0/29,10.220.2.0/29]
Here we created a p2p link between 7613 gig port and switch3560 gig port (say 10.220.1.252/29) and then there ia a trunk between both 3560 switches ,We wish to run FWSM in router mode and configured vlan groups 10(101,102)and 20(200,201),assigned both these groups to firewall module on router on vlan 200 ip add 192.168.2.1/24 has been given, while on fwsm on int vl 200, 192.168.2.2 ip has been given,although the interfaces are up and pinging their individual ip ads they are not pinging each other(both ip ads appear in sh arp though.Kindly help in resolving this issue.
Also i configured inside vlan 201as inside its also up and visible in arp of router but not pinging others kindly help in the resolution of this issue.
We need to put this firewall in front of the router which has a serial line to another 7600 router,how would i take traffic to fwsm ,pls suggest what else do i need to do ,as i m new to FWSM .
router config:
Router#sh firewall module
Module Vlan-groups
04 1,2
Router#sh firewall vlan-group
Display vlan-groups created by both ACE module and FWSM
Group Created by vlans
1 ACE 100-101,200-202
2 <empty>
Router#sh arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 10.225.62.145 - 001d.a156.9300 ARPA GigabitEthernet10/1
Internet 10.225.62.146 107 001d.a1a5.fbc1 ARPA GigabitEthernet10/1
Internet 192.168.2.1 - 001d.a156.9300 ARPA Vlan200
Internet 192.168.2.2 7 0007.0e5c.3d00 ARPA Vlan200
Internet 192.168.3.1 4 0007.0e5c.3d00 ARPA Vlan201
Internet 192.168.3.2 - 001d.a156.9300 ARPA Vlan201
Fwsm config:
hostname FWSM
interface Vlan200
nameif outside
security-level 0
ip address 192.168.2.2 255.255.255.0
interface Vlan201
nameif inside
security-level 100
ip address 192.168.3.1 255.255.255.0
passwd 2KFQnbNIdI.2KYOU encrypted
ftp mode passive
pager lines 24
mtu outside 1500
mtu inside 1500
no failover
no asdm history enable
arp timeout 14400
route outside 0.0.0.0 0.0.0.0 192.168.2.1 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 1:00:00 h225 1:00:00 mgcp 0:05:00
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet timeout 5
ssh timeout 5
console timeout 0
class-map inspection_default
match default-inspection-traffic
policy-map global_policy
class inspection_default
inspect dns maximum-length 512
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect smtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
service-policy global_policy global
prompt hostname context
Cryptochecksum:4e3eadb1a489f3b696d0c6da8b1b20b9
: end
FWSM#
FWSM# sh arp
outside 192.168.2.1 001d.a156.9300
inside 192.168.3.2 001d.a156.9300
eobc 127.0.0.81 0000.1800.0000
FWSM# sh int
Interface Vlan200 "outside", is up, line protocol is up
Hardware is EtherSVI
MAC address 0007.0e5c.3d00, MTU 1500
IP address 192.168.2.2, subnet mask 255.255.255.0
Traffic Statistics for "outside":
6 packets input, 658 bytes
12 packets output, 1316 bytes
474 packets dropped
Interface Vlan201 "inside", is up, line protocol is up
Hardware is EtherSVI
MAC address 0007.0e5c.3d00, MTU 1500
IP address 192.168.3.1, subnet mask 255.255.255.0
Traffic Statistics for "inside":
6 packets input, 658 bytes
7 packets output, 726 bytes
107 packets droppedhi,
thanks for being so helpful,there is a little issue thats arisen, i can not ping inside address configured on fwsm(192.168.3.1)where as i can ping 192.168.3.2 on router interface.i cannot telnet fwsm using its outside interface ip 192.168.2.2 either,hereis my FWSM config ,kindly suggest if there is any mistake .
thanks.
Also i tried to ping inside fwsm interface from my client 10.220.2.2 and enabled debug,to get these ,
FWSM# debug icmp trace 255
debug icmp trace enabled at level 255
FWSM# ICMP echo request (len 50 id 2 seq 34642) 10.220.2.2 > 192.168.2.2
ICMP echo reply (len 50 id 2 seq 34642) 192.168.2.2 > 10.220.2.2
ICMP echo request (len 50 id 2 seq 34898) 10.220.2.2 > 192.168.3.1
ICMP echo reply (len 50 id 2 seq 34898) 192.168.3.1 > 10.220.2.2
ICMP echo request (len 32 id 2 seq 35154) 10.220.2.2 > 192.168.3.1
ICMP echo reply (len 32 id 2 seq 35154) 192.168.3.1 > 10.220.2.2
ICMP echo request (len 32 id 2 seq 43602) 10.220.2.2 > 192.168.3.1
ICMP echo reply (len 32 id 2 seq 43602) 192.168.3.1 > 10.220.2.2
ICMP echo request (len 32 id 2 seq 49746) 10.220.2.2 > 192.168.3.1
ICMP echo reply (len 32 id 2 seq 49746) 192.168.3.1 > 10.220.2.2
ICMP echo request (len 32 id 2 seq 55634) 10.220.2.2 > 192.168.3.1
ICMP echo reply (len 32 id 2 seq 55634) 192.168.3.1 > 10.220.2.2
ICMP echo request (len 50 id 2 seq 25683) 10.220.2.2 > 192.168.2.2
ICMP echo reply (len 50 id 2 seq 25683) 192.168.2.2 > 10.220.2.2
ICMP echo request (len 50 id 2 seq 25939) 10.220.2.2 > 192.168.3.1
ICMP echo reply (len 50 id 2 seq 25939) 192.168.3.1 > 10.220.2.2
Kindly suggest what could be done.
thanks. -
SW-6509-FWSM failover Troubleshooting First aid
Fault Description:
(1)
active FWSM and standby FWSM inside interface Between,ping fails。
on side FWSM---active: ping 172.17.1.50 -------OK,ping 172.17.1.49------ping fails;
on side FWSM---standby: ping 172.17.1.49--------OK,ping 172.17.1.50-------ping fails;
but,active FWSM and standby FWSM outside interface between,ping OK。
on side FWSM---active:ping 172.17.1.36 、 ping 172.17.1.37、ping 172.17.1.35/33/34/、ping www.baidu.com -----------All OK;
on side FWSM---standby:ping 172.17.1.36 、 ping 172.17.1.37 、ping 172.17.1.35/33/34/、ping www.baidu.com-----------All OK;
(2)
Another problem:
active FWSM and standby FWSM inside interface,ping 7706-------All fails。
Summary:May be caused fwsm。
Topology :Attachment
FWSM :
FWSM# show failover state
====My State===
Primary | Active |
====Other State===
Secondary | Standby |
====Configuration State===
Interface config Syncing - STANDBY
Sync Done
====Communication State===
Mac set
=========Failed Reason==============
My Fail Reason:
Ifc Failure
Other Fail Reason:
Comm Failure
FWSM# show failover
Failover On
Failover unit Primary
Failover LAN Interface: lan Vlan 997 (up)
Unit Poll frequency 1 seconds, holdtime 15 seconds
Interface Poll frequency 15 seconds
Interface Policy 50%
Monitored Interfaces 42 of 250 maximum
Config sync: active
Version: Ours 4.0(13), Mate 4.0(13)
Last Failover at: 19:08:24 Beijing Dec 2 2013
This host: Primary - Active
Active time: 358944 (sec)
Interface outside (172.17.1.36): Normal
Interface inside (172.17.1.49): Normal (Not-Monitored)
Other host: Secondary - Standby Ready
Active time: 0 (sec)
Interface outside (172.17.1.37): Normal
Interface inside (172.17.1.50): Normal (Not-Monitored)
(Not-Monitored) -----------------??????That's what I thought but the again, from the 6500 config prompt I actually get echo replys(!) from the FWCTX, with capture enabled as:
access-list CAP permit ip any any
capture mgmt access-list CAP interface MGMT packet-length 1500 circular-buffer
But it shows blank and no hit counts. Same happens usind RTMonitor in ASDM (6.2.(2f)) some packets that are permited and routed correctly aren't actually noticed. I don't get any logging for the missing/dropped/denied echo replies from the FWCTX to the 6500 MSFC nor for the successful replies from the 6500 to the FWCTX withh ASDM Debugging logging on. -
FWSM can not show sessions in xlate between two specific vlans
Dear Experts ,
I have FWSM running version 3.2(23) , configured with interface vlans , all having the same security level , except outside interface vlan which has security level 0 , also same-security-traffic permit inter-interface and same-security-traffic permit intra-interface are configured, my problem is when establishing sessions (I tried TCP only using ssh and telnet , in addition of ping ) from one specific vlan (172.16.1.0/28) to other vlan (172.16.1.16/28) , I can not see the established sessions in "show xlate debug" output ! although I can see these sessions from capture ! the two subnets are separate , two different /28.
I can see the session established from the remaining interface vlans with same security level toward 172.16.1.16/28 , my question is what is the exception with vlan having this subnet172.16.1.0/28, how it can reach other vlan with subnnet 172.16.1.16/28 without showing anything in xlate table ? do you thing it is bug ? please advise
RegardsRed1,
Need to make sure the packets are arriving on the correct interface. Need to grab captures and the debug level syslogs at the same time. Hope you are not running into the xlate limitation of the module.
Pls. check the limitation link here:
http://www.cisco.com/en/US/docs/security/fwsm/fwsm32/configuration/guide/specs_f.html#wp1056716
-Kureli
https://supportforums.cisco.com/community/netpro/expert-corner#view=webcasts
Upcoming Live Webcast in English: January 15, 2013
Troubleshooting ASA and Firewall Service Modules
Register today: http://tools.cisco.com/squish/42F25 -
FWSM : Can same security level command create identity nat?
Hi All,
As the topic : Can same security level command create identity nat? I found identity nat when show xlate debug command although no configuration related to identitiy nat for those subnet ip address.
My brief configuration
- same security level intra interface is enable
- xlate-baypass is enable
- NAT examption for some subnetTo my knowlege the FWSM creates a xlate for all connections.
http://www.cisco.com/en/US/docs/security/fwsm/fwsm31/configuration/guide/cfgnat_f.html
"Even if you do not configure NAT, the FWSM continues to create translation sessions for all traffic automatically. In this case, the translation is from the real address to the same real address. See the
show xlate command to view translation sessions." -
Hello
I have a customer who has Microsoft SMS running on Windows 2008 server and agent is installed on all clients, server is in DMZ and the clients are in other dmz , other applications are running and using RPS with no problems but the SMS server is new and I found dropped packets by the inspection policy for the inspected SMS server as below
fwsm# sho service-policy
Global policy:
Service-policy: global_policy
Class-map: inspection_default
Inspect: dns maximum-length 512, packet 358660, drop 0, reset-drop 0
Inspect: ftp, packet 1873, drop 0, reset-drop 0
Inspect: h323 h225, packet 0, drop 0, reset-drop 0
Inspect: h323 ras, packet 0, drop 0, reset-drop 0
Inspect: netbios, packet 224450, drop 0, reset-drop 0
Inspect: rsh, packet 0, drop 0, reset-drop 0
Inspect: sip, packet 0, drop 0, reset-drop 0
Inspect: skinny, packet 0, drop 0, reset-drop 0
Inspect: sqlnet, packet 1265466, drop 0, reset-drop 0
Inspect: sunrpc, packet 68218, drop 0, reset-drop 0
Inspect: tftp, packet 0, drop 0, reset-drop 0
Inspect: xdmcp, packet 72, drop 0, reset-drop 0
Inspect: dcerpc, packet 100362, drop 18, reset-drop 0
Also the output of " debug dcerpc events" gives this error "DCERPC-ERR: Corrupted packet, incorrect scm reply header"
Removing the DCREPC inspection interupts other application .
the FWSM version is 4.1(7) .
ANY IDEA ?Any hint experts ?
-
Filtering IPv6 extension headers on FWSM
Hello,
We want to filter IPv6 extension headers on FWSM (4.1.x) and we discovered that filtering does not works at all. For example to filter destination options we used the following IPv6 ACE:
ipv6 access-list OUTSIDE6_IN deny 60 any any
Then packets are sent using extended IPv6 ping from IOS router and FWSM ignores above ACE and forwards the packet to the destination. The same thing happens when using Scapy as packet generator.
The packet is good because it matches IOS IPv6 ACL Destination options ACE.
I didn't checked but my colleague reported me the same issue with filtering Hop-by-hop option on FWSM.
So, is something wrong with the procedure or this is about new bug?
Regards,
IgorJenifer,
ACL is assigned to the interface... Other ACEs are being matched so ACL works but it does not match extension headers correctly:
ipv6 access-list OUTSIDE6_IN line 1 deny 60 any any log debugging interval 300 (hitcnt=0) 0xbb24b0a2
ipv6 access-list OUTSIDE6_IN line 2 permit tcp any any eq www log debugging interval 300 (hitcnt=2) 0xbde27d7c -
Debugging is not working in R/3 from WebDynpro-ABAP developed webpage input
Dear Friends,
We are facing a serious problem for debugging. Expecting valuable input for the same.
Debugging is not working in R/3 from WebDynpro-ABAP developed webpage input in Production Server.
The debugging (for WebDynpro-ABAP application) is working in Dev. Server for
1st ] Within R/3
Ex. debug for bapi within R/3. i.e. value enter as input in R/3 only.
2nd ] From webpage to R/3
Ex. Some input given on the internet web page developed through WebDynpro and external breakpoint set in R/3 it works. It directs to R/3 code through debugging.
In Prod. Server the 1st case above is working but the 2nd case is not working.
In Prod. Server the WebDynpro developed applications are running successfully through internet explorer webpage inputs. So running the application is not a problem in prod. Server but debugging of the same is the problem.
The setting which are done in Prod. server are,
1] RZ10 in parameters are set for port and host name.
2.1] In SMICM check for ICM.
2.2] Host file updated in Windows-System 32.
3] In SICF following services are active,
3.1] default_host/sap/bc/webdynpro
3.2] default_host/sap/public/bc
3.3] default_host/sap/public/bc/webdynpro/viewdesigner
3.4] default_host/sap/bc/wdvd
3.5] default_host/sap/public/icman
3.6] default_host/sap/bc/gui/sap/its/webgui
3.7] default_host/sap/public/ping
3.8] default_host/sap/bc/error
3.9] default_host/sap/bc/echo
4] In SE80
4.1] Internet services-System-are published
4.2] Internet services-WEBGUI-are published
4.3] Utilities-Setting-ABAP Editor-Debugging-Username & New Debugger set.
4.4] Utilities-Setting-ABAP Editor-Editor-Front-End Editor(New) set.
5] In Su01 for user profiles sap_all & sap_new is assigned and role SAP_BC_WEBSERVICE_DEBUGGER is assigned.
6] The support packages are also updated to latest level.
7] Gone through following links but not getting any clues.
http://help.sap.com/saphelp_nw70ehp1/helpdata/en/48/74d50bd1431b5ae10000000a42189c/frameset.htm
http://help.sap.com/saphelp_nw04s/helpdata/EN/77/3545415ea6f523e10000000a155106/frameset.htm
Thanks in Advance.
Best Regards,
Abhijit.No cross posting
Read the "Rules of Engagament"
Regards
Juan -
Firefox can't open normally without going through the "this is embarrassing" routine; nor does it close down properly; I get the "end program" message and have to say "end now"it also sticks frequently, i.e. screen freezes for a minute or more; should I uninstall and re-install to try and debug?
- I've used Firefox exclusively for around 2 years.
- My outlook express has no problems
- other programs seem unaffected; it seems peculiar to Firefox.
- my main use is surfing the net, primarily entering competitions on line via specialist competition sites.
- every day at some stage(s) I have to switch computer off as Firefox has got very slow/sticky/freezes.
I'm not techy by any means, but I can only thing of un- and re-installing to hopefully start with a clean slate.Sounds like something is keeping Firefox from closing properly. See this: <br />
https://support.mozilla.com/en-US/kb/Firefox+hangs#Hang_at_exit -
ERROR while debugging a SELECT..ENDSELECT
Hello All,
We get an error while we go into the select..endselect loop during debugging. Because of this if we try to do some research on existing program with Select-endselect..it fails in the second pass of this loop.
This problem was not there earlier, but after we upgraded from 4.6 to 4.7 this problem is bugging us..every day. Does any one have a clue why ?
Thanks!!
Regards,
VishalHi,
debugging a SELECT...ENDSELECT statements brings to a LUW commit work if no other work processes are available for debug.
See OSS notes 675, 2104.
From OSS note 675 **********************************
Cause and prerequisites
Chain of causes:
1. There is a statement in one of the Select loops, that leads to a database Commit (or Rollback).
2. A database Commit causes the database to lose the cursor.
3. The system cannot automatically continue within Select loop after loss of cursor.
Following statements lead to a database Commit:
* All statements that cause a change of screen (CALL SCREEN, CALL DIALOG, CALL TRANSACTION, SUBMIT, I/W-Message)
* BREAK-POINT/ Debugging
. if no debug process free
. always after regeneration (in order to release generation lock).
* WAIT Here a work process is released and a Commit is executed.
* COMMIT WORK/ROLLBACK WORK
From OSS note 2104 **********************************
Solution
The "COMMITWORK" message appears in the ABAP debugger when programs
orscreensrequireregeneration,or when not enough free capacity
is available inthesystem (or else the debugger blocks a system
process).
Normallyonly one work process is released for debugging. This
isgenerally insufficient ina developmentsystem, as processes
can be blocked for other reasonstoo(background processing,
CPI-C connections,andso on).
The number of work processes made available for debugging can
be configured using the profileparameter
rdisp/wpdbug_max_no
Forexample:
rdisp/wpdbug_max_no = 10
setsthe maximum number of work processes made available for
debuggingto 10. It may be necessary to generally increase the
numberofwork processesatthis time (parameter rdisp/wp_no_dia).
In all other known cases, an error in the application program is
involved.
Regards, Manuel
Maybe you are looking for
-
Could these (MacBook Pro) keyboard/trackpad problems be Leopard related?
My (MacBook Pro's) keyboard and trackpad stop working every couple of minutes. And then suddenly comes back. The capslock key and it's LED is also not responding anymore when it happens. Could this be a software thing? I'm about to send this MacBook
-
When I go to see devices in iTunes 11.1.xxx its grayed out. However when I connect it to a PC with Win7 it says its synching but cant find anything. Help if you can
-
2.1 EA2: Date columns displayed wrong in Grid
Hello Forum, I have an issue displaying the values of DATE columns. I have set NLS_DATE_FORMAT to "DD.MM.YYYY HH24:MI:SS" but every time information is displayed as 00:00:00 but only in the grid view. When I do a select sysdate from dual; and press F
-
Quotes convert to junk character in Generic SQL
The filter on source (GENERIC SQL logical schema) uses <%=odiRef.getPop("I_POP")%> for Iterface Id. However, the quotes in <%=odiRef.getPop("I_POP")% is getting converted to junk character. Any inputs greatly appreciated.. Thanks,
-
Have recently purachased a E51 from one of the priority stores. The battery life seems a suspect. Had charged it to its max couple of nights ago. Since then have made phone calls lasting 45 minutes and listened to music for another 45 minutes. Howeve