Importing HA 2 ACE 4710 into ANM 4.1

Similar Messages

• ANM 5.2 unable to import ACE 4710

  Good day,
  I am currently experiencing a problem while trying to import multiple 4710 ACE Appliances into ANM. ANM version is 5.2 and ACE 4710 Appliances version is 5.1.2. The error message is the same for all Appliances (currently 14, more to be deployed this year, another 12 this year). The management class, policy-map and servcie policy are all in place.
  The error message is below:
  Any assistance would be greatly appreiated.
  Thank you.
  Paul

  Paul,
  Can you get a show tech-support?
  After that, can you do the following:
  1. "dm status"
  2. "dm reload"
  3. "dm status"
  I think you probably may require to reboot the box but it will be better to open a TAC case for that and check deeper.
  Hope this helps!
  Jorge

• Problem importing CSS11050 into ANM

  I am trying to migrate from an ancient CSS11050 running version version 5.00 build 605 to two new ACE modules. I have installed an Application Network Manager Virtual Apliance version 4.1 and successfully imported the ACE modules, however it refuses to import the existing CSS module, the error I get is "Device discovery failed: Exception occured for model:BootController java.lang.NullPointerException" (see screenshot).I tried with and without selecting SNMP.
  I'm going to open a ticket but has anyone else seen this or have any suggestions? Since I am by no means a CSS (or ACE) expert having everthing loaded into ANM should make the migration easier.
  Thanks
  Nathan Spitzer
  Sr. Network Communications Analyst
  Lockheed Martin

  The CSS11050 is a first generation CSS model and is not supported by ANM.
  Only the second generation CSS models (CSS11501, CSS11503, CSS11506) which can run the latest software releases (8.10 and 8.20) are supported.
  See the full list of supported devices here:
  http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/application_networking_manager/4.1/device_support/table/sdt.html

• Can not import ACE module to ANM

  Hello,
  Good day.
  I recently facing an interesting problem.
  We are running ANM 5.1.0 to manage our LB contexts, those contexts are configured on ACE20-MOD-K9 module which installed in Catalyst6500 switch. Our installation is like this, two ACE20-MOD-K9 modules installed into same Catalyst6513 different slots. And  those two ACE modules serves different Data Halls, contexts configured on those modules are completely seperated, different VLAN, different subnet no relation at all.
  I'm able to import the catalyst chassis into ANM and under Config>Guided Setup>Import Device>Modules, I'm able to see both ACE modules but only one module able to be imported, another one I can not even choose it. There are slightly difference those two modules show themselves in that page. The one I'm able to import shows exactly it's module type and version number but another one is showing someting strange.
  Slot#      Model                     Type            Serial #      State                 Version                Description                                      #VC
  3            ACE20-MOD-K9      ACE v2.3      XXXXXX      up                     A2(3.5)                Application Control Engine Module      28
  9            ACE20-MOD-K9      Module         XXXXXX      Not Imported      ace2t_main_d      Application Control Engine Module      N/A  <---problem module
  Does any was facing samiliar problem?
  Thanks

  I think I found something related to my issue.
  In ANM operating Guidance,section"Importing ACE Modules after the Host Chassis has been Imported" mentioned some restriction. The module in slot 9 actually has samiliar situation, show module commands shows that Catalyst chassis doesn't really recognize the software version that might caused ANM not able to figure out if that module is supported or not so it makes a simple decision deny import. I will try to reboot that module see if we can fix this issue.
  "Guidelines and Restrictions
  ANM 3.0 and greater releases do not support the importing of an ACE module that contains an A1(6.x) software release or an ACE appliance that contains an A1(7.x) or A1(8.x) software release. If you attempt to import an ACE that supports one of these releases, ANM displays a message to instruct you that it failed to import the unrecognized ACE configuration and that device discovery failed.
  However, if you perform an ANM upgrade (for example, from ANM 2.2 to ANM 3.0), and the earlier ANM release contained an inventory with an ACE module that supported the A1(6x) software release or an ACE appliance that supported the A1(7.x) or A1(8.x) software release, ANM 3.0 (and greater) allows the A1(x) software release to reside in the ANM database and will support operations for the release. ANM prevents a new import of an ACE module or ACE appliance that contains the unsupported software version.
  We strongly recommend that you upgrade your ACE module or ACE appliance to a supported ACE software release, and that you instruct ANM to recognize the updated release. See the "Instructing ANM to Recognize an ACE Module Software Upgrade" section.
  See the Supported Device Tables for the Cisco Application Networking Manager for a complete list of supported ACE module and ACE appliance software releases."
  http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/application_networking_manager/5.2/user/guide/UG_manage_devices.html

• ACE 4710 HTTPS load balance configuration

  Have two ACE 4710 in HA setup. We would like to setup HTTPS loadbalance(actually just a primary and standby configuration in the serverfarm). Initially this would be for Exchange OWA connections but may expand to more HTTPS connections later.
  I know there are several ways to do SSL with the ACE( client, server, end-to-end). I am just wanting to know the easiest way to deploy this? Is a certificate always needed on the ACE for each connection? In HA mode would a certificate be needed for both or does it replicate in some way to the other ACE?
  Any configuration examples would be helpful.
  Thanks.

  IF you terminate SSL on the ACE you need certificates and key on ace in the context in which you are doing the termination. The certs and keys need to be installed on the active and standby (manually unless using anm to manage).
  when speaking of SSL
  SSL termination refers to ace terminating SSL and sending to server as clear text
  end to end - ACE terminates SSL (to look into payload to make a loadbalance decision or sticky decision) and then re-encrypts to the server, so to the client ACE is an ssl server and to the server the ace is an ssl client.
  You can find some config examples at
  http://docwiki.cisco.com/wiki/Category:Data_Center_Application_Services_Configuration_Examples

• SSL Certificates Update Error in ACE 4710

  Hi,
  I am facing a problem while updating the SSL certificates in ACE 4710. Our certificate is expired and we have purchased a new certificate from CA. Moreover the common name of the certificate is also changed.
  I tried importing the certificate to the repository and change the SSL proxy likewise to use the new certificate. but still the new certificate with new CN is not recognised by the clients. they can see the old certificate only. I even tried deleting and creating a new ssl proxy service with the new cert and attaching it to policy map.
  but still the new certificate is not used even after a reboot,
  Attaching screenshots and running config. Any help will be appreciated.
  BR//Rajiv

  Ravi,
        Here are the procedures for updating your certificate on the ACE. 
  1) Create New RSA Key
  2) Create CSR
  3) Send CSR to CA authority for a new certificate
  4) Import Certificate into the ACE
  5) Change the ssl-proxy to use the new Certificate and Key
  6) Remove the SSL-Proxy from the policy map and reapply
  Now if you created the CSR on a different box, you will need to import both the RSA key are the certificate.  Another thing you should be aware of is a possible change in the Root and intermediate certicates that are used by the CA.  In your configuration, you have
  crypto chaingroup iotms-chain-gr-1
    cert inter-root-new
  Is the the correct certificates for your cert?  If so, it seems odd that there is only on certificate in the Chaingroup.  Most CAs use an intermediate and and a root certificate. 
  Verify that you have the correct chaingroup (with the correct root and intermediate certificates). 

• ACE 4710 Can not confirm http cookie sticky connections

  We are using a ACE 4710 with A3(2.6) software release.
  I had to change our sticky load balancing method for HTTPS to cookie based.
  However while connections appear to work if I look at the sho sticky database table I can not see or confirm sticky entries for the cookie based connections.
  Here or config snippets to show the config
  sticky http-cookie ghh-www scook-ghh
    cookie insert browser-expire
    serverfarm ghh-www-443
  class-map match-all ghh-www-443_CLASS
    2 match virtual-address 172.16.1.21 tcp eq https
  class-map type http loadbalance match-any ghh-www-443_CLASSURL
    2 match http url [.]*
  policy-map type loadbalance first-match ghh-sticky-443_POLICY
    class class-default
      sticky-serverfarm scook-ghh
  policy-map multi-match POLICY
  class ghh-www-443_CLASS
        loadbalance vip inservice
        loadbalance policy ghh-sticky-443_POLICY
        loadbalance vip icmp-reply active
        appl-parameter http advanced-options CASE_PARAM

  Another point: please check whether your servers are listening only for HTTPS traffic or also for HTTP traffic:
  in the first case the ACE will have to: decrypt the traffic from the client, inspect the http header to take the loadbalance decision and then re-encrypt it and send it to the server
  in the second case the ACE would have to: decrypt the traffic from the client, inspect the http header to take the loadbalance decision and send it out as it is unencrypted to the server
  the second solution would have the benefit of being easier to configure and to require less resoucerces both on the ACE (only decryption to be performed) and on the servers (no need for SSL operations at all there) but it might be that your company or business sector have requirements for which this traffic should never flow unencrypted, in which case you would have to go for the first solution.
  Here you have a config example for the first solution:
  http://www.cisco.com/en/US/products/hw/modules/ps2706/products_configuration_example09186a00809c6f37.shtml
  I would not expect you to have to pay extra for importing the cert and kepair into the ace, it would be just a copy, however as Alex said that may still depend on the license agreement with the CA.
  Cheers,
  Francesco

• ACE 4710: Possible to allow a user to clear counters but nothing else?

  Hello all,
  Using an ACE 4710 we have a user setup with the Network-Monitor role which allows the user to view config, interface status, etc.  We would also like to allow this user to clear the interface error counters as well, but nothing else.  Is this possible?
  Thanks!

  Hello Brandon-
  Network-Monitor only lets you browse outputs, it is a not a role that allows a user to make any changes including clearing stats.  You can create custom roles and domains to get closer to what you want, but you cannot zero in on a single command like that.
  i.e.
  ACE# conif t
  ACE(config)# role MyRole
  ACE(config-role)# rule 1 permit modify feature ?
    AAA             AAA related commands
    access-list     ACL related commands
    connection      TCP/UDP related commands
    fault-tolerant  Fault tolerance related commands
    inspect         Appln inspection related commands
    interface       Interface related commands
    loadbalance     Loadbalancing policy and class commands
    pki             PKI related commands
    probe           Health probe related commands
    rserver         Real server related commands
    serverfarm      Serverfarm related commands
    ssl             SSL related commands
    sticky          Sticky related commands
    vip             Virtual server related commands
  You can create a permit or deny rule, within that, create/debug/modify/monitor each feature seperately.
  Domains allow you to create containers for objects.  You can place specific rservers, serverfarms, etc. into it - then apply it to a role so that the user assigned to it can only touch those objects.
  Regards,
  Chris Higgins

• ACE 4710 Connectivity help?

  I'm using an ACE 4710 in a new datacenter, with the following setup:
  2/4 physical ethernet interfaces port channeled into port-channel 1
  2/4 physical ethernet interfaces port channeled into port-channel 2
  I have the following vlans defined:
  1001 - admin     - interface ip: 10.53.136.70
  400 - client side - interface ip: 10.53.136.100
  500 - server side - interface ip: 192.168.128.1
  999 - fault tolerance - interface ip: 192.168.11.2
  My problem is I am trying to nat ssh and web server traffic from the client side, to the server side, but it's never getting to the server.  For example, if I ssh to 10.53.136.102, it times out.  (10.53.136.102 should get nat'd to 192.168.128.2)
  Also, I can connect to the ACE 4710 via telnet using 10.53.136.70, but cannot connect to 10.53.136.100.
  I'm thinking there is either something wrong with the port-channels, or the access lists.  On the other hand there could be something wrong with the nat'ing, but I had it working before switching over to the port-channels.
  Any thoughts?
  Thanks,
  Brent

  I've attached the two contexts which we are using.  The admin context is new_lb_config.txt and the second context where the loadbalancing occurs is in the new_lb_config_VC_WBPX.txt file.
  From the load balancer, I am able to ping the real server ips in the 192.168. ip range.  The 4710 recognizes that they are in service.
  I believe the ACL for the VLAN 400 is set to permit all traffic, but I don't know if the service policies are preventing something from happening.
  Right now, I have disconnected the two 4710s and I am only working on one of them to see if I can get the basic connectivity going.  Once I accomplish that, I will work on high availability.  I'll have to check whether it thinks it is in passive mode...not entirely sure how to do that, but I will check it out.
  Thanks,
  Brent

• ACE 4710 - DM initialization failed

  When trying to get to the device manager GUI on my ACE 4710 I get to the login screen. On entering credentials I am given an error
  "DM initialization failed (Failed to import ACE configuration: Device discovery failed: unknown). Contact your technical support team."
  I have tried "dm reload" but I am still getting the error.
  Any help greatfully appreciated.

  You are probably hitting CSCsv95366. This is fixed in A3(2.2).
  You can get the details about this bug at
  http://tools.cisco.com/Support/BugToolKit/action.do?hdnAction=searchBugs
  HTH
  Syed Iftekhar Ahmed

• ACE 4710 dramatically increasing Sticky entries

  Hello,
  When I do a "show resource usage" on my ACE 4710 / SW  Version A3(2.5) I see the Sticky entries increasing peramanently.
         Resource         Current       Peak        Min        Max       Denied
  sticky                    50758      62348      65536          0          0
  When I have a look to the ANM managing the box I see the last days the current value was round about 25000 / 27000 max.
  I look for a method to discover by what sticky definition or by what function / realserver the most increasing counters / entries are caused.
  When I use the sh sticky database .... I see the lists for group or a special realserver / client but I miss sh show top clients / rservers / rules what generates the big sticky table....
  Any good tipp how to troubleshoot that will be appreciated.
  Regards
  Gerhard

  Hello Surya,
  Thank you for your response. I us a mix of different persistance Methods:
  For some of the services  source-ip based, for other, Cookie-based, and for some other I look on a special http header field... So it would be interesting to find out for what of the methods  ths sticky entries grows...Because I see the counter rising  since 2nd Oct 2:00 am... before it was never so high...
  Regards
  Gerhard

• ACE 4710 upgrading software problem

  I logged into ACE 4710 to upgrade the image to c4710ace-mz.A1_8_0.bin. I logged in with Admin status and I got the following message, "
  ACE4710/Admin# delete image:c4710ace-mz.3.0.0_A1_7a.bin
  delete: cannot remove 'c4710ace-mz.3.0.0_A1_7a.bin': Permission denied"
  Is this a bug? Is there a workaround? Thank you.

  I am getting the same message again when i tried to delete an image and put a new image on.
  ACE4710/Admin# dir image:
  180784189 May 20 07:52:18 2008 c4710ace-mz.A1_8_0.bin
  176933319 May 6 07:10:04 2008 c4710ace-mz.A1_7b.bin
  Usage for image: filesystem
  714985472 bytes total used
  167362560 bytes free
  882348032 bytes total
  ACE4710/Admin# delete image:4710ace-mz.A1_7b.bin
  delete: cannot remove '4710ace-mz.A1_7b.bin': No such file or directory
  How can this issue be resolved?

• ACE 4710: Find out the response time of a real server

  Hi to everyone,
  I have a couple of ACE 4710 and I need to find out what is the response time of a real server.
  Is there a way for this?
  Thank you for any answer!
    giorgio romano

  Hi,
  Kindly add the following line in your serverfarm configuration:
  predictor response syn-to-synack
  Suppose your serverfarm looks like this:
  serverfarm host AAA_FARM
  predictor response syn-to-synack
  probe HTTP_PROBE
  probe TCP9001_PROBE
  rserver SC106
  inservice
  rserver SC107
  inservice
  rserver SC108
  inservice
  rserver SC109
  inservice
  rserver SC110
  inservice
  rserver SC111
  inservice
  rserver SC112
  inservice
  rserver SC113
  inservice
  rserver SC114
  inservice
  rserver SC120
  inservice
  rserver SC131
  inservice
  And then use the following command to see the average response time from your rserver as follows:
  ACE1/prod# show serverfarm AAA_FARM detail
  serverfarm     : AAA_FARM, type: HOST
  total rservers : 11
  active rservers: 11
  description    : ServerFarm AAA
  state          : ACTIVE
  predictor      : RESPONSE
  method            : syn-to-synack
  samples           : 8
  failaction     : -
  back-inservice    : 0
  partial-threshold : 0
  num times failover       : 0
  num times back inservice : 0
  total conn-dropcount : 0
  Probe(s) :
  HTTP_PROBE,  type = HTTP
  TCP9001_PROBE,  type = TCP
  ----------connections-----------
  real                  weight state        current    total      failures
  ---+---------------------+------+------------+----------+----------+---------
  rserver: SC106
  x.x.x.x.:0        8      OPERATIONAL  2          1125       0
  max-conns            : 4000000   , out-of-rotation count : 0
  min-conns            : 4000000
  conn-rate-limit      : -         , out-of-rotation count : -
  bandwidth-rate-limit : -         , out-of-rotation count : -
  retcode out-of-rotation count : -
  load value           : 0
  average response time (usecs) : 81   ----> thats what you might be looking for
  From other day :
  rserver: SC114
  x.x.x.x:0        8      OPERATIONAL  70         10903      2
  max-conns            : 4000000   , out-of-rotation count : 0
  min-conns            : 4000000
  conn-rate-limit      : -         , out-of-rotation count : -
  bandwidth-rate-limit : -         , out-of-rotation count : -
  retcode out-of-rotation count : -
  load value           : 0
           average response time (usecs) : 1334                       ----> thats what you might be looking for
  For Serverfarm BBB_FARM
  serverfarm     : BBB_FARM, type: HOST
  total rservers : 1
  active rservers: 1
  description    : ServerFarm BBB
  state          : ACTIVE
  predictor      : RESPONSE
  method            : syn-to-synack
  samples           : 8
  failaction     : -
  back-inservice    : 0
  partial-threshold : 0
  num times failover       : 1
  num times back inservice : 1
  total conn-dropcount : 0
  Probe(s) :
  ----------connections-----------
  real                  weight state        current    total      failures
  ---+---------------------+------+------------+----------+----------+---------
  rserver: SC208
  x.x.x.x:0        8      OPERATIONAL  0          0          0
  max-conns            : 4000000   , out-of-rotation count : 0
  min-conns            : 4000000
  conn-rate-limit      : -         , out-of-rotation count : -
  bandwidth-rate-limit : -         , out-of-rotation count : -
  retcode out-of-rotation count : -
  load value           : 0
           average response time (usecs) : 0   ----> thats what you might be looking for
  Use more detials for response predictor:
  http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA3_1_0/configuration/slb/guide/rsfarms.html#wp1068831
  Configuring the Application Response Predictor
  To instruct the ACE to select the server with the lowest average response time for the specified response-time measurement based on the current connection count and server weight (if configured), use the predictor response command in server farm host or redirect configuration mode. This predictor is considered adaptive because the ACE continuously provides feedback to the load-balancing algorithm based on the behavior of the real server.
  To select the appropriate server, the ACE measures the absolute response time for each server in the server farm and averages the result over a specified number of samples (if configured). With the default weight connection option configured, the ACE also takes into account the server's average response time and current connection count. This calculation results in a connection distribution that is proportional to the average response time of the server.
  The syntax of this command is as follows:
  predictor response {app-req-to-resp | syn-to-close | syn-to-synack}[samples number]
  The keywords and arguments are as follows:
  •app-request-to-resp—Measures the response time from when the ACE sends an HTTP request to a server to the time that the ACE receives a response from the server for that request.
  •syn-to-close—Measures the response time from when the ACE sends a TCP SYN to a server to the time that the ACE receives a CLOSE from the server.
  •syn-to-synack—Measures the response time from when the ACE sends a TCP SYN to a server to the time that the ACE receives the SYN-ACK from the server.
  •samples number—(Optional) Specifies the number of samples over which you want to average the results of the response time measurement. Enter an integer from 1 to 16 in powers of 2. Valid values are 1, 2, 4, 8, and 16. The default is 8.
  For example, to configure the response predictor to load balance a request based on the response time from when the ACE sends an HTTP request to a server to when the ACE receives a response back from the server and average the results over four samples, enter:
  host1/Admin(config)# serverfarm SFARM1
  host1/Admin(config-sfarm-host)# predictor response app-req-to-resp
  samples 4
  To reset the predictor method to the default of round-robin, enter:
  host1/Admin(config-sfarm-host)# no predictor
  To configure an additional parameter to take into account the current connection count of the servers in a server farm, use the weight connection command in server farm host predictor configuration mode. By default, this command is enabled. The syntax of this command is as follows:
  weight connection
  For example, enter:
  host1/Admin(config)# serverfarm SF1
  host1/Admin(config-sfarm-host)# predictor response app-request-to-resp
  samples 4
  host1/Admin(config-sfarm-host-predictor)# weight connection
  To remove the current connection count from the calculation of the average server response time, enter:
  host1/Admin(config-sfarm-host-predictor)# no weight connection
  You can use threshold milliseconds parameter which is optional Specifies the required minimum average response time for a server. If the server response time is greater than the specified threshold value, the ACE removes the server from the load-balancing decision process (takes the server out of service).
  Enter an integer from 1 to 300000 milliseconds (5 minutes). The default is no threshold (servers are not taken out of service).
  In case if you have measures the response time from  when the ACE sends a TCP SYN to a server to the time that the ACE receives a CLOSE from the server  use syn-to-close      (already discussed previously)
  If you have to measures the response time from when the ACE sends a TCP SYN to a server to the time that the ACE receives the SYN-ACK from the server use syn-to-synack   (already discussed previously)
  SAMPLES parameter is optional and  specifies the number of samples that you want to average from the results of the response time measurement and response time is used to select the server with the lowest response time for the requested response-time measurement. If you do not specify a response-time measurement method, the ACE uses the HTTP app-req-to-response method.
  Whenever a server's load reaches zero, by default, the ACE uses the autoadjust feature to assign a maximum load value of 16000 to that server to prevent it from being flooded with new incoming connections. The ACE periodically adjusts this load value based on feedback from the server's SNMP probe and other configured options.
  Using the least-loaded predictor with the configured server weight and the current connection count option enabled, the ACE calculates the final load of a real server as follows:
  final load = weighted load × static weight × current connection count
  where:
  •weighted load is the load reported by the SNMP probe
  •static weight is the configured weight of the real server
  •current connection count is the total number of active connections to the real server
  The ACE recalculates the final load whenever the connection count changes, provided that the (config-sfarm-host-predictor) weight connection command is configured. If the (config-sfarm-host-predictor) weight connection command is not configured, the ACE updates the final load when the next load update arrives from the SNMP probe.
  If two servers have the same lowest load (either zero or nonzero), the ACE load balances the connections between the two servers in a round-robin manner.
  HTH
  Plz rate if u find it useful.
  Sachin

• ACE 4710 in failover - ssl offload, cert for second ACE

  Hi,
  I'm testing two ACE 4710 appliances that should work in active/standby mode and do ssl offload in bridged mode.
  At the moment I have configured one of the devices to do basic load balancing (without ssl offload).
  Now I would like to move further and configure ssl offload and configure High availability.
  I read that the certificate for ssl can be localy generated on the ACE device but I couldn't find any information regarding the cert that should be used on the second ACE.
  Should I generate a new cert od the standby unit or somehow use the one on the first ACE?
  Is it better to first set up high availability and then configure ssl offload or vice versa?
  Does anyone have a config example of ssl offload and active/standby configuration?
  Thank you in advance.

  You simply need to generate keys & CSR on the primary ACE. Export the Keys from Primary ACE, Import these keys to Standby ACE and once you recieve the certs from CA then simply import the cert to both ACEs.
  FOllowing will be steps to achive that
  On primary Ace
  1. create RSA Keys
  crypto generate key 2048 app1.key
  2. Create CSR & send it to CA
  ace/Admin(config)# crypto csr-params app1-csr
  ace/Admin(config-csr-params)# common-name www.app1.com
  ace/Admin(config-csr-params)# country US
  ace/Admin(config-csr-params)# email [email protected]
  ace/Admin(config-csr-params)# locality xyz
  ace/Admin(config-csr-params)# organization-name xyz
  ace/Admin(config-csr-params)# organization-unit xyz
  ace/Admin(config-csr-params)# state CA
  ace/Admin(config-csr-params)# serial-number 1234
  ace/Admin(config-csr-params)# end
  ace/Admin(config)# crypto generate csr app1-csr app1.key
  (copy the result to a file)
  4. Import certificate recieved from CA
  crypto import terminal app1.cert
  (pasted the content from the cert)
  5. verify the cert & keys match
  crypto verify app1.key app1.cert
  6. Export the keys from Active
  crypto export app1.key
  (copy the result to a file)
  ON Standby ACE:
  1. Import the keys
  crypto import terminal app1.key
  2. Import the cert
  crypto import terminal app1.cert
  3.verify the cert & keys match
  crypto verify app1.key app1.cert
  Hope this helps
  Syed

• ACE 4710 - Monitoring Real Server Showing N/A

  I recently installed a Cisco ACE 4710 version A4(2.0) into our test network. Load balancing across a number of web servers appears to be working ok and serving pages to users. However, when i tried to check the real time stats via device manager (Monitor> virtual contexts> context > Real servers) a number of fields specifically "current connections", "total conns", "failed conns" etc were showing N/A. Do I need to enable this somehow i.e. polling, if so how?

  Hello Samson,
  You may try to reboot the entire ACE 4710, probably during a maintenance window, some java process might have gotten stuck.
  If the issue persists then open a TAC case since there are some software defects related to this behavior.
  Jorge