Https certificate on WAAS Central Manager

Similar Messages

• Renewing Self Signed Certificate for WAAS Central Manager

  Hi,
  We would like some help from you about the following: We have an WAAS Central Manager which its self-signed certificate validity has expired as showed below:
          Validity
              Not Before: Jul  7 00:47:06 2009 GMT
              Not After : Jul  6 00:47:06 2014 GMT
  We have used its certificate to install some other remote WAAS Express routers. 
  We would like to know the following:
  1. is it possible to renew this certificate? or 
  2. do we need to reinstall another certificate on CM and replicate this new one on these waas express remote devices?
  If affirmative for at least one of them, please, could you share any document that describe how to do it?
  I have attached some output commands from our CM.
  Thanks,
  Marcelo

  attaching file now!!!

• WAAS Central Manager Replacement

  I have need to replace a WAAS Central Manager (4.4.x). The replacement would have a new IP address. The planned path of migrating is first to setup the replacement as standby and once sync'ed promote to primary. I will then manually update the WAE devices with new IP address.
  OLD CM:
  WAE# configure
  WAE(config)# central-manager role primary
  WAE(config)# cms enable
  On the standby device, execute the following CLI commands:
  WAE# configure
  WAE(config)# central-manager role standby
  WAE(config)# central-manager address new IP
  WAE(config)# cms enable
  Is this idea the best approach?
  Any idea if the SSL certificates would have to be revoked and re-issued (whether self signed or otherwise)?

  Hi,
  The steps to replace a CM hardware have been documented under the following bug:
  http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCtz47138
  Basically, the steps are the following:
  If the CM will be using the same hardware and IP you can restore the CMS database.
  If the CM will be using a new name or IP, use the workaround provided by CSCsi59886:
  1- Add new CM as standby
  2- Make it primary
  3- deactivate former CM in new CM GUI
  4- delete former CM from new CM GUI (and make sure it s gone from the DB)
  5- 'cms deregister' on former CM CLI
  7- rename former CM, change its mode and reload.
  8- rename the new primary and change its IP address
  9- Change the IP and mode of former CM and register it
  Regards,
  Nicolas

• Advice for WAAS Central Manager?

  Hello,
  We are building a WAAS lab (not production) for a customer and we recently discovered that we can't use the NME-WAE-502-K9 as the central manager which was very affordable.  So we are very disappointed about this.  The other equipment are Cisco ISR 2811 (very affordable for building WAAS) with NME-WAE-502-K9 running WAAS 4.1.1 acting as the application accelerators.  I have some questions and asking for some advice about some alternative options for us to consider:
  What is the cheapest/smallest WAAS option we can use for the WAAS central manager?  The only thing I could find is the WAE-512-K9, but maybe there is something else that is smaller and cheaper for consideration. 
  From what I read, after WAAS software version 4.1.1 it requires the Enterprise and Transport Licencing.  Does the WAAS central manager have a 30,60, or 90 day trial that the CM can run before a license is required like most of the Cisco Unified Communications products today?
  Thanks in advanced!
  -rya

  A central manager is required to managed all of your accelerators properly in a supported configuration. You don't necessarily need a physical appliance though. There is also the virtual form factor (vWAAS is the accelerator version and vCM is the manager version) that can run on a ESXi hypervisor.
  http://www.cisco.com/en/US/docs/app_ntwk_services/waas/waas/vwaas/guide/vwaasguide.html#wp69212
  John
  If this is useful please mark as Helpful or Solved.

• Is WAAS Central Manager needed for SRE?

  Hello experts,
  We're planning to deploy just WAAS SRE in 3945 routers at multiple sites? Do we need to buy WAAS central manager? also can WAAS SRE be configured from command line and able to save the config to text file just like on router's IOS?
  Thanks

  Hi,
  For your setup to be supported, you need to have all of your WAAS devices registered to a Central Manager.
  Will it optimise connections if you don't? Yes it will but if you run into any issues with it, you will be on your own...
  Regarding the configuration, you need to have the module imported into a CM but you can do all of the config from the CLI if you prefer and only use the CM for statistical reporting.
  Nicolas

• Cisco WAAS Central Manager

     Can someone tell me how to deploy Cisco WAAS Central Manager to manage 100 WAE devices over WAN? Is there any additional devices need to setup redundant design and any license cost included here per device basis to monitor? I need detailed solution to manage WAE devices centrally.

  Vinod,
  There is no need to buy additional licenses or no need to  add per device license  on the central manager. You can go with the 294-4G or the 474 device , these can support upto 250 devices. However would suggest you to go with a higher model so in future if you expand , you might want to replace the CM that time.
  Also a central manager cannot work as a inline or wccp device nor it can do any optimization.
  Regards
  Abijith

• WAAS Central Manager - Procedure for changing FQDN and ip address

  Software version 4.1.1c
  I have the need to change my waas central manager hostname, doamin name and ip settings. What is the proper procedure to do this in order to keep the cm synchronized with the waes. I seem to have them out of sync now. Do you deregister all the waes first, change and reboot the cm, then register them again?

  Hi,
  check SAP note 8307 Changing host name on R/3 host: What do you do?

• Can I create a report at WAAS central manager based on server IP address

  Hi,
  I have two distinct applications running at port 8080 for which I would like to have separated performance reports at Central Manager. Is there any mean to do that by using server ip address for example? If so how? Do I need to change policy? If so is that the only way?
  Thanks
  Wilhelm

  Hi Rulix,
  The latest version of CR Server is 2008. Therefore I'm assuming you are using CR Server 2008.
  New in CR 2008 is the .NET report modification software development kit (SDK). The report application server (RAS) SDK is now available for users of Crystal Reports .NET API without the use of a RAS server. Report modification such as changing, adding, or removing database providers, or adding, removing, or creating report objects, parameters, formulas, and sections can be achieved by accessing the RAS SDK through the Crystal Reports .NET SDK.
  Java developers however receive the JRC and Java SDK documentation through the free Crystal Reports for Eclipse download. This product will be updated on a separate schedule from Crystal Reports.
  Further Information and samples are available in our [Developer Library|https://www.sdn.sap.com/irj/sdn/businessobjects?rid=/webcontent/uuid/5001d5de-f867-2b10-00bf-8d27683c85a0]
  Kind regards,
  Tim

• WAAS Central Manager version 4.1

  Hello,
  I have to prepare a design of a WAAS deployment for my customer. I have an issue with the 4.1 version: Does i have to use an appliance dedicated for the management or i can use an WAE-512 with entreprise licence for managament and for WAN optimization features?
  Thank you in advance

  In any version of WAAS the supported configuration is to have a minimum of 2 application accelerators and one central manager. You cannot run the Central Manager and Application Accelerator on the same device.
  The enterprise license unlocks specific features, notably CIFS acceleration but will not influence the number of required WAE's.

• WaaS Central Manager - device serial number report available?

  Hi folks,
  just wondering if anyone knows a quick/easy way to talk to the WAAS database to pull serial number information for all of my WAE's installed.  i have 35 devices scattered around 7 states and I'm hoping for an easy way to collect serial number info.
  I was hoping the platform report from the CM would do it, but it does not provide serial numbers of each chasis, only model and software version.
  My thought is the CM probably has this data somewhere?  I'm hoping to avoid having to manually telnet to 35 appliances and run the command 'show inventory' to find the appliance I am looking for.
  anyone have a good shortcut?
  also - anyone know what the database format is?  mysql? postgres?

  The best way to collect serial # remotely from a WAAS device (WAE) is by executing 'show hardware'. You may write a script to get it.
  CM don't provide this info currently.
  Can you please unicast me at '[email protected]' so that I will be able to understand your requirements.
  thanks
  Nat

• WAAS Central Manager Policy Definitions across several device groups

  Hi there,
  I am trying to find a way to apply a custom application policy(s) to multiple device groups. ( not the AllDevicesGroup).
  I have not found a way to export or import the policy.
  Any help would be appreciated.
  Todd

  I have my "Core" WAE's in a separate device group to prevent them from recieving a policy or setting intended for Edge WAEs.  For example, If someone sets the assignment method to hash, I certianly dont want that pushed to my Core, ( using Mask assignment)
  However, a custom application definition WILL need to be applied to both Core and Edge WAE's. Therefore I need a way to create the policy for all devices group and copy out and apply selected custom policies to the Core device group as well.
  Problem:  I have QUALYS Vulnerability Scanners that wreak havoc on WAE's by opening 1000's of sessions and not propoerly closing them, causing TFO Overload conditions, throughout the network.
  Solution: create a custom policy to set Scanner IP action to pass-through. there are 30+ scanners so the match condition is lenthy and woudl be painful to build manually for each device group.
  new Problem: need to apply this to multiple device groups.

• Re: WAAS/Central Manager, do WAVE594 NEED connectivity to CM for optimization to another WAV594? can i install CM later?

  Can I install the End WAVE appliances and have optimization working, and install CM later?

  Hi Matt,
  It should be possible for you to do that - running with default optimization policies, which are on pr. default in a WAVE/WAE appliance.
  Check by doing a show run on the WAVE-594 ... you should see a lot of class-maps etc.
  You might end up with slightly better optimization results, when you can trigger the policy to your specific needs and enable some non-default features.
  Best regards
  Finn Poulsen

• WAAS Express devices went offline in Central manager

  Hi all,
  after a long time i have a new issue in our WAAS environment.
  We're running several WAAS Express devices.
  And a few weeks ago i integrated them into our WAAS Central Manager.
  The registration of WAAS Express device was done on basis of "waasx_deployment_guide_120910.pdf"
  Now when i came back from christmas holiday i detected that all of them became offline again in CM.
  Activating as well as replacing did not work, cause the router detected that the device is still registered.
  i got the following output after this:
  Jan 10 15:30:37: %WAAS-3-WAAS_CM_REGISTER_FAILED: IOS-WAAS registration with Central Manager failed for the following reason: Registration r
  ecord for this device already exists or other devices share certificate or mac address or ip address with this device. Failed to process reg
  istration request initiated from 10.11.176.1
  Jan 10 15:30:37: %WAAS-3-WAAS_CM_REGISTER_FAILED: IOS-WAAS registration with Central Manager failed for the following reason: Registration r
  ecord for this device already exists or other devices share certificate or mac address or ip address with this device. Failed to process reg
  istration request initiated from 10.11.176.1
  Now to my questions:
  How can i set the WAASxpress router to Status active again on CM?
  What could be the reason why the WAAS express device became offline?
  thanks for your feedback in advance
  Dieter

  Hi Dieter,
  i am just curious to know what made the WAAS express go offline. Even if you open a TAC case, TAC is going to ask this question.
  1. Was there any IOS upgrade performed on routers?
  2. Was the routers reloaded for any reason?
  3. If you are using AAA / TACACS, any changes like upgrade / renewal of certificates on them?
  This information will help you narrow down the problem quickly. If you can share above information, we might be able to move something for you.
  Regards.

• WAAS installed without Central Manager. not compressing traffic

  Hi,
  I installed 2 SRE modules in 2 ISR G2 router and configure them without Central Manager, but they are not doing compression, Traffic is going to Branch to Head Office but without compression.
  My configuration is similar to this link
  http://2and2is5.wordpress.com/2011/03/30/configuring-cisco-waas-on-a-sre/
  I want to compress http, exchange and cifs traffic.
  I don't have Central Manager, could WAAS works without Central Manager ?
  Can anyone help me with that.
  Thanks in Advanced.

  Hi Arslan
  WAAS requires a Central Manager however once they are setup it doesn;t technically require one in order to continue to to optimise traffic. If your WAAS environment is setup correctly and is intercepting the traffic http and CIFS should automatically been compressed with LZ compression. WAAS can accelerate Exchange however it depends on how your Exchange environment is setup and whether it is encrypted? If its encrypted via SSL you will need a WAAS Central manager to accelerate it.
  To check if you WAE's are running correctly type in "show cms info" on the WAAS and you will probably see your WAE is status is not online:
  WAE2#sh cms info
  Device registration information :
  Device Id                            = 3107921                            
  Device registered as                 = WAAS Application Engine            
  Current WAAS Central Manager         = ##.##.##.##                       
  Registered with WAAS Central Manager = ##.##.##.## 
  Status                               = Online                             
  Time of last config-sync             = Mon Sep 24 13:18:51 2012           
  CMS services information :
  Service cms_ce is running
  You can check the accelerator status with the below command:
  WAE2#sh accelerator
  Accelerator     Licensed        Config State    Operational State            
  cifs            Yes             Enabled         Running   
  epm             Yes             Enabled         Running   
  http            Yes             Enabled         Running   
  mapi            Yes             Enabled         Running   
  nfs             Yes             Enabled         Running   
  ssl             Yes             Enabled         Running   
  video           No              Disabled        Shutdown  

• Cannot Access Central Manager Web interface

  HI All
  I am facing an issue with a WAAS Central Manager
  I can access it via Telnet, but when I try to access it  via https://<central Manager>:8443, i get the below error:
  v\:* {behavior:url(#default#VML);}
  o\:* {behavior:url(#default#VML);}
  w\:* {behavior:url(#default#VML);}
  .shape {behavior:url(#default#VML);}
  st1\:*{behavior:url(#ieooui) }
  /* Style Definitions */
  table.MsoNormalTable
  {mso-style-name:"Table Normal";
  mso-tstyle-rowband-size:0;
  mso-tstyle-colband-size:0;
  mso-style-noshow:yes;
  mso-style-priority:99;
  mso-style-qformat:yes;
  mso-style-parent:"";
  mso-padding-alt:0in 5.4pt 0in 5.4pt;
  mso-para-margin:0in;
  mso-para-margin-bottom:.0001pt;
  mso-pagination:widow-orphan;
  font-size:11.0pt;
  font-family:"Calibri","sans-serif";
  mso-ascii-font-family:Calibri;
  mso-ascii-theme-font:minor-latin;
  mso-fareast-font-family:"Times New Roman";
  mso-fareast-theme-font:minor-fareast;
  mso-hansi-font-family:Calibri;
  mso-hansi-theme-font:minor-latin;
  mso-bidi-font-family:"Times New Roman";
  mso-bidi-theme-font:minor-bidi;}
  Service Temporarily Unavailable
  The server is temporarily unable to service your request due to maintenance downtime or capacity problems. Please try again later.
  Apache/1.3.41 Server at Central-Manager.x.com.lb  Port 8443
  I did the self test command on the CLI, and got the folllowing error:
  st1\:*{behavior:url(#ieooui) }
  /* Style Definitions */
  table.MsoNormalTable
  {mso-style-name:"Table Normal";
  mso-tstyle-rowband-size:0;
  mso-tstyle-colband-size:0;
  mso-style-noshow:yes;
  mso-style-priority:99;
  mso-style-qformat:yes;
  mso-style-parent:"";
  mso-padding-alt:0in 5.4pt 0in 5.4pt;
  mso-para-margin:0in;
  mso-para-margin-bottom:.0001pt;
  mso-pagination:widow-orphan;
  font-size:11.0pt;
  font-family:"Calibri","sans-serif";
  mso-ascii-font-family:Calibri;
  mso-ascii-theme-font:minor-latin;
  mso-fareast-font-family:"Times New Roman";
  mso-fareast-theme-font:minor-fareast;
  mso-hansi-font-family:Calibri;
  mso-hansi-theme-font:minor-latin;
  mso-bidi-font-family:"Times New Roman";
  mso-bidi-theme-font:minor-bidi;}
  Central-Manager#
  Test WARN  [system]
       WARN  HAS_ALARM        1 Critical Alarms are raised in the device. Please f
  ind the list below.
  1.     nodemgr: The emdb service has been disabled.
       Action:
       Critical/major alarms are raised. Check device alarms using 'show alarms de
  tail' cli command for details.
  Test NONE  [wafs]
  and the "show alarms" shows the following:
  /* Style Definitions */
  table.MsoNormalTable
  {mso-style-name:"Table Normal";
  mso-tstyle-rowband-size:0;
  mso-tstyle-colband-size:0;
  mso-style-noshow:yes;
  mso-style-priority:99;
  mso-style-qformat:yes;
  mso-style-parent:"";
  mso-padding-alt:0in 5.4pt 0in 5.4pt;
  mso-para-margin:0in;
  mso-para-margin-bottom:.0001pt;
  mso-pagination:widow-orphan;
  font-size:11.0pt;
  font-family:"Calibri","sans-serif";
  mso-ascii-font-family:Calibri;
  mso-ascii-theme-font:minor-latin;
  mso-fareast-font-family:"Times New Roman";
  mso-fareast-theme-font:minor-fareast;
  mso-hansi-font-family:Calibri;
  mso-hansi-theme-font:minor-latin;
  mso-bidi-font-family:"Times New Roman";
  mso-bidi-theme-font:minor-bidi;}
  entral-Manager#show alarms
  Critical Alarms:
       Alarm ID             Module/Submodule     Instance
     1 svcdisabled          nodemgr              emdb
  Major Alarms:
  None
  Minor Alarms:
  None
  Any Idea about this error? and how can i solve it?
  Thanks
  Regards,
  Georges

  Hi Georges,
  Looks like this may be a hardware issue.
  Can you please paste the output of following CLIs ?
  show hardware
  show version
  show alarm history detail
  Further,
  how did this issue arise?Was there a power failure / abnormal shutdown / reboot of the box?
  Was this unit operational when this alarm came in?
  How did you came to know about this issue? And since how long this issue is going on ?
  Regards.