NME-NAM with Cisco Prime 5.1.2 and IOS Firewall

Hello,
I have installed and configured the Cisco NME-NAM with Prime 5.1.2 and have access to the NAM via a web browser. It is not picking up any data even though I havew configured the following:
internal data source
network site 10.10.16.0/20
All reports show "No data for selected time interval"
I am running IOS 15.1 on a 2811 with IOS firewall enabled.
Do I need to create a FW rule to allow traffic to be monitored by the NME-NAM?
Thank you,
Matthew

Hi rajeeshp,
Currently I am not allowed to upgrade it because of internal procedures involved in upgrading a specific piece of software (obtaining permissions from various departments). Is it free to upgrade from 1.2 to 1.3 or there is a specific charge for that.
Predrag Petrovic

Similar Messages

  • Strange issue with 3.6.3 VPN Client and IOS firewall

    I'm able to establish a VPN connection from the VPN Client to the e0/0 interface of the IOS FW/VPN router and pass encrypted traffic.
    Whenever I initiate a connection to something on the "Internet" from the LAN (e0/1) of the router, a temporary ACL entry is added to ACL 103 as it should be and I'm able to get out on the Internet from the internal LAN; however, I immediately lose my VPN connection from my PC Client when IOS FW adds those temporary "return entries".
    Router is running 12.2(13)T.
    Anyone else having issues like that? I've looked everywhere on cisco.com and elsewhere but I don't see anyone having a similar issue.
    You Cisco gurus have any thoughts?
    Thanks,
    Jamey
    Config below:
    jamey#wr t
    Building configuration...
    Current configuration : 3947 bytes
    ! Last configuration change at 16:27:03 GMT Wed Jan 22 2003 by jdepp
    ! NVRAM config last updated at 00:14:38 GMT Wed Jan 22 2003 by jdepp
    version 12.2
    service timestamps debug datetime msec
    service timestamps log datetime msec localtime show-timezone
    service password-encryption
    hostname "jamey"
    no logging buffered
    no logging console
    username XXXX password 7 XXXXX
    clock timezone GMT 0
    aaa new-model
    aaa authentication login tac local
    aaa session-id common
    ip subnet-zero
    no ip domain lookup
    ip inspect name myfw ftp
    ip inspect name myfw realaudio
    ip inspect name myfw smtp
    ip inspect name myfw streamworks
    ip inspect name myfw vdolive
    ip inspect name myfw tftp
    ip inspect name myfw rcmd
    ip inspect name myfw tcp
    ip inspect name myfw udp
    ip inspect name firewall http java-list 3
    ip audit notify log
    ip audit po max-events 100
    crypto isakmp policy 3
    encr 3des
    hash md5
    authentication pre-share
    group 2
    crypto isakmp nat keepalive 20
    crypto isakmp client configuration group XXXX
    key XXXXXXX
    dns x.x.x.x
    domain xxx.com
    pool ipsec-pool
    acl 191
    crypto ipsec security-association lifetime kilobytes 536870911
    crypto ipsec security-association lifetime seconds 86400
    crypto ipsec transform-set foxset esp-3des esp-md5-hmac
    crypto dynamic-map dynmap 10
    set transform-set foxset
    crypto map clientmap client authentication list tac
    crypto map clientmap isakmp authorization list XXXXX
    crypto map clientmap client configuration address respond
    crypto map clientmap 10 ipsec-isakmp dynamic dynmap
    interface Loopback10
    description just for test purposes
    ip address 172.16.45.1 255.255.255.0
    interface Ethernet0/0
    description "Internet"
    ip address x.x.x.x 255.255.255.224
    ip access-group 103 in
    ip inspect myfw out
    no ip route-cache
    no ip mroute-cache
    half-duplex
    crypto map clientmap
    interface Ethernet0/1
    description "LAN"
    ip address 192.168.45.89 255.255.255.0
    no ip route-cache
    no ip mroute-cache
    half-duplex
    ip local pool ipsec-pool 192.168.100.1 192.168.100.254
    ip classless
    ip route 0.0.0.0 0.0.0.0 Ethernet0/0
    no logging trap
    access-list 3 permit any
    access-list 103 permit ip 192.168.100.0 0.0.0.255 any log
    access-list 103 permit icmp any any log
    access-list 103 permit udp any eq isakmp any log
    access-list 103 permit esp any any log
    access-list 103 permit ahp any any log
    access-list 103 permit udp any any eq non500-isakmp log
    access-list 103 permit tcp any any eq 1723 log
    access-list 103 permit udp any any eq 1723 log
    access-list 103 deny tcp any any log
    access-list 103 deny udp any any log
    access-list 191 permit ip 192.168.45.0 0.0.0.255 192.168.100.0 0.0.0.255
    access-list 191 permit ip 172.16.45.0 0.0.0.255 192.168.100.0 0.0.0.255
    radius-server authorization permit missing Service-Type
    call rsvp-sync
    line con 0
    line aux 0
    line vty 0 4
    exec-timeout 0 0
    password XXXXXX
    line vty 5 15
    end
    Some debugging info:
    At this point, my VPN PC is successfully connected to the e0/0 VPN router and assigned IP of 192.168.100.2. It is running constant pings to 192.168.45.67 and 172.16.45.1 (172.16.45.1 is a loopback on the router for testing), 192.168.45.67 is a host on the internal network.
    .Jan 22 01:27:38.284: ICMP type=8, code=0
    .Jan 22 01:27:38.288: IP: s=192.168.45.67 (Ethernet0/1), d=192.168.100.2 (Ethern
    et0/0), g=192.168.100.2, len 60, forward
    .Jan 22 01:27:38.288: ICMP type=0, code=0
    .Jan 22 01:27:38.637: IP: s=192.168.45.145 (Ethernet0/0), d=255.255.255.255, len
    40, access denied
    .Jan 22 01:27:38.637: UDP src=2301, dst=2301
    .Jan 22 01:27:38.641: IP: s=192.168.45.145 (Ethernet0/1), d=255.255.255.255, len
    40, rcvd 2
    .Jan 22 01:27:38.641: UDP src=2301, dst=2301
    .Jan 22 01:27:38.761: IP: s=<VPN PC CLIENT> (Ethernet0/0), d=<VPN ROUTER E0/0 INTERFACE> (Ethern
    et0/0), len 112, rcvd 3, proto=50
    .Jan 22 01:27:38.765: IP: s=192.168.100.2 (Ethernet0/0), d=172.16.45.1, len 60,
    rcvd 4
    .Jan 22 01:27:38.765: ICMP type=8, code=0
    .Jan 22 01:27:38.765: IP: s=172.16.45.1 (local), d=192.168.100.2 (Ethernet0/0),
    len 60, sending
    .Jan 22 01:27:38.765: ICMP type=0, code=0
    .Jan 22 01:27:39.282: IP: s=<VPN PC CLIENT> (Ethernet0/0), d=<VPN ROUTER E0/0 INTERFACE> (Ethern
    et0/0), len 112, rcvd 3, proto=50
    .Jan 22 01:27:39.286: IP: s=192.168.100.2 (Ethernet0/0), d=192.168.45.67 (Ethern
    et0/1), g=192.168.45.67, len 60, forward
    .Jan 22 01:27:39.286: ICMP type=8, code=0
    .Jan 22 01:27:39.286: IP: s=192.168.45.67 (Ethernet0/1), d=192.168.100.2 (Ethern
    et0/0), g=192.168.100.2, len 60, forward
    .Jan 22 01:27:39.290: ICMP type=0, code=0
    .Jan 22 01:27:39.763: IP: s=<VPN PC CLIENT> (Ethernet0/0), d=<VPN ROUTER E0/0 INTERFACE> (Ethern
    et0/0), len 112, rcvd 3, proto=50
    .Jan 22 01:27:39.767: IP: s=192.168.100.2 (Ethernet0/0), d=172.16.45.1, len 60,
    rcvd 4
    .Jan 22 01:27:39.767: ICMP type=8, code=0
    .Jan 22 01:27:39.767: IP: s=172.16.45.1 (local), d=192.168.100.2 (Ethernet0/0),
    len 60, sending
    .Jan 22 01:27:39.767: ICMP type=0, code=0
    .Jan 22 01:27:40.283: IP: s=<VPN PC CLIENT> (Ethernet0/0), d=<VPN ROUTER E0/0 INTERFACE> (Ethern
    et0/0), len 112, rcvd 3, proto=50
    .Jan 22 01:27:40.287: IP: s=192.168.100.2 (Ethernet0/0), d=192.168.45.67 (Ethern
    et0/1), g=192.168.45.67, len 60, forward
    .Jan 22 01:27:40.287: ICMP type=8, code=0
    .Jan 22 01:27:40.287: IP: s=192.168.45.67 (Ethernet0/1), d=192.168.100.2 (Ethern
    et0/0), g=192.168.100.2, len 60, forward
    .Jan 22 01:27:40.291: ICMP type=0, code=0
    .Jan 22 01:27:40.596 GMT: %SEC-6-IPACCESSLOGNP: list 103 permitted 50 216.16.193
    .52 -> <VPN ROUTER E0/0 INTERFACE>, 222 packets
    .Jan 22 01:27:40.596 GMT: %SEC-6-IPACCESSLOGP: list 103 permitted udp 216.16.193
    .52(500) -> <VPN ROUTER E0/0 INTERFACE>(500), 16 packets
    here is where I initiate a telnet connection to a host 2.2.2.2 (a dummy host on the "Internet")
    from a host on the internal side (LAN) (192.168.45.1)
    .Jan 22 01:27:40.600: IP: s=192.168.45.1 (Ethernet0/1), d=2.2.2.2 (Ethernet0/0),
    g=2.2.2.2, len 44, forward
    .Jan 22 01:27:40.600: TCP src=38471, dst=23, seq=953962328, ack=0, win=4128
    SYN
    .Jan 22 01:27:40.764: IP: s=<VPN PC CLIENT> (Ethernet0/0), d=<VPN ROUTER E0/0 INTERFACE> (Ethern
    et0/0), len 112, rcvd 3, proto=50
    here is where by VPN connection breaks
    .Jan 22 01:27:40.768: IPSEC(epa_des_crypt): decrypted packet failed SA identity
    check
    .Jan 22 01:27:41.285: IP: s=<VPN PC CLIENT> (Ethernet0/0), d=<VPN ROUTER E0/0 INTERFACE> (Ethern
    et0/0), len 112, rcvd 3, proto=50
    .Jan 22 01:27:41.285: IPSEC(epa_des_crypt): decrypted packet failed SA identity
    check
    .Jan 22 01:27:45.773: IP: s=<VPN PC CLIENT> (Ethernet0/0), d=<VPN ROUTER E0/0 INTERFACE> (Ethern
    et0/0), len 112, rcvd 3, proto=50
    .Jan 22 01:27:45.777: IPSEC(epa_des_crypt): decrypted packet failed SA identity
    check
    .Jan 22 01:27:46.774: IP: s=<VPN PC CLIENT> (Ethernet0/0), d=<VPN ROUTER E0/0 INTERFACE> (Ethern
    et0/0), len 112, rcvd 3, proto=50
    .Jan 22 01:27:46.774: IPSEC(epa_des_crypt): decrypted packet failed SA identity
    check

    Ok..I found the bug ID for this:
    CSCdz46552
    the workaround says to configure an ACL on the dynamic ACL.
    I don't understand what that means.
    I found this link:
    http://www.cisco.com/en/US/products/sw/secursw/ps2138/products_maintenance_guide_chapter09186a008007da4d.html#96393
    and they talk about it, but I'm having a hard time decoding what this means:
    "To specify an extended access list for a crypto map entry, enter the match address crypto map configuration command. This access list determines which traffic should be protected by IPSec and which traffic should not be protected by IPSec. If this is configured, the data flow identity proposed by the IPSec peer must fall within a permit statement for this crypto access list. If this is not configured, the router will accept any data flow identity proposed by the IPSec peer. However, if this is configured but the specified access list does not exist or is empty, the router will drop all packets."

  • Cisco Prime Infrastructure 1.2 and Aironet 1250 + VSS issues

    Hi,
    I  am new to the NCS implementations and configurations. I have one very  specific case with Cisco Prime Infrastructure 1.2 and autonomnous APs  and several issues with Cisco VSS on 6500 switches.
    So here is the version from Prime:
    NCS/admin# show version
    Cisco Application Deployment Engine OS Release: 2.0
    ADE-OS Build Version: 2.0.1.038
    ADE-OS System Architecture: x86_64
    Copyright (c) 2005-2010 by Cisco Systems, Inc.
    All rights reserved.
    Hostname: NCS
    Version information of installed applications
    Cisco Prime Network Control System
    Version : 1.2.1.012
    IOS version on our APs (which are autonomnous) is:
    AP-N-1>show ver
    Cisco IOS Software, C1250 Software (C1250-K9W7-M), Version 12.4(25d)JA1, RELEASE SOFTWARE (fc1)
    Technical Support: http://www.cisco.com/techsupport
    Copyright (c) 1986-2011 by Cisco Systems, Inc.
    Compiled Thu 11-Aug-11 03:23 by prod_rel_team
    Well  the issue what we have now is that access point has been added but its  not recognized by the NCS prime. I have tried all three versions of SNMP  but I get the same result. The SNMP configuration is valid since I use  the same for my switching infrastructure. When I enter "debug snmp packets" and "terminal monitor" I can see the SNMP communication between Prime and Aironet 1250 which is standalone.
    When  I switch to Lifecycle theme and go to Operate > Device Monitor  Center I see all devices I have added. The Aironet 1250 is reachable but  under collection status I get Managed with Warnings. When I hover over  with my mouse I get "None available".
    I  have successfully added my switching infrastructure in total, which is  operating perfectly for Catalyst 2960/3650/3750/4500 series but for 6500  under VSS I have some warnings. The device is recognized by the system  which is excellent and all is operational. I get the following errors  under Collection Status:
    feature_sensor
    SNMP request timed out
    feature_powerSupplyFanStatus-6k
    SNMP request timed out
    IdentityCapability
    The device is unreachable.
    feature_flashdevice
    SNMP request timed out
    sam_ipsla_feature
    The device is unreachable.
    What can be done to resolve these issues ? I have attached a screenshot of this particular issue. The affected access point is 172.16.165.241.
    Predrag Petrovic       

    Hi rajeeshp,
    Currently I am not allowed to upgrade it because of internal procedures involved in upgrading a specific piece of software (obtaining permissions from various departments). Is it free to upgrade from 1.2 to 1.3 or there is a specific charge for that.
    Predrag Petrovic

  • Autonomous to LWAPP with Cisco Prime 2.2

    Hello, I need to know if exist any procedure to convert Autonomous to LWAPP  access point with Cisco Prime 2.2.

    Here are the Steps Cristian.
    To create an autonomous AP migration template, follow these steps:
    Step 1 Choose Design > Configuration > Wireless Configuration > Autonomous AP Migration Templates .
    Step 2 From the Select a command drop-down list, choose Add Template, then click Go . If you are updating an already existing template, click the applicable template in the Template Name column.
    Step 3 Complete the required fields. For information about the field descriptions, see: http://www.cisco.com/c/en/us/td/docs/net_mgmt/prime/infrastructure/2-0/reference/guide/prime_infr_ref.html
    Step 4 To view the migration analysis summary, choose Operate > Wireless > Migration Analysis .
    Note: After an access point has been converted to lightweight, the previous status or configuration of the access point is not retained.
    Hope this will resolve your issue ;)

  • Cisco Prime Infrastructure 1.2 with Cisco Prime Network Control System Hardware Appliance

    Hi Team,
    I have  following BOM
    Cisco Prime Infrastructure
    R-PI-1.2-K9
    Cisco Prime Infrastructure 1.2
    1
    R-PI-1.1-500-K9
    Prime Infrastructure 1.2 Software - 500 Device Base Lic
    1
    L-PILMS42-500
    Prime Infrastructure LMS 4.2 - 500 Device Base Lic
    1
    L-PINCS12-500
    Prime Infrastructure NCS 1.2 - 500 Device Base Lic
    1
    PRIME-NCS-APL-K9
    Cisco Prime Network Control System Hardware Appliance
    1
    PI-APL-IMAGE-1.2
    Cisco Prime Infrastructure 1.2 Appliance Software
    1
    Pls let me know if we have both NCS and LMS preinstalled with Cisco Prime Infrastructure 1.2 Appliance Software orwe need seperate appliance or server for LMS 4.2. 
    Regards

    Hi Scott,
    Thanks for the response but I got to know that LMS and NCS are combined in single ISO image from PI 1.2 and can be installed on the same physical NCS appliance.
    Can you pls check this.
    Regards

  • Cisco Prime LMS appliance Compatibilty with Cisco Prime NCS

    Hi,
    Is it possible if we can install Cisco Prime LMS 4.2 in the appliance which is inbuilt with Cisco Prime  NCS .
    We have PILMS42-1.5K-U license available with us.
    Rgds,
    Kamal

    One can install either LMS 4.2 or NCS on the a physical (software on PRIME-NCS-APL-K9 hardware) or virtual appliance (software installed on customer-provided VM).
    The two products (NCS and LMS) cannot coexist on a given appliance instance. This is due to change in the future as LMS and NCS merge under the Cisco Prime Infrastructure 2.0 release but for now they are distinct and separate products with a common approach and similar look and feel but requiring separate servers, whether physical or virtual.
    Please refer to the ordering and licensing guide here.

  • Controller software compatibility with cisco prime 2.0

    Are any of the following wireless software (5500 controller) releases compatibile with cisco prime 2.0 ?
           - 7.4.121.0
           - 7.6.100.0
    M.

    HI,
    Cisco PI 2.0 supports:
    Cisco 5500 Series
    7.0 through 7.4.110.0
    http://www.cisco.com/en/US/docs/net_mgmt/prime/infrastructure/2.0/release/notes/cpi_rn.html
    Your both software not supported by PI 2.0.
    May be PI 2.1 will support both these software in future.
    Regards

  • Experience with Air 4.0.0.1628 and ios 6

    Dear developers, I was wondering if anyone has tested and had crashes when saving data with Air 4.0.0.1628 and ios 6.
    During the last few days an app that has been available since August 2013 for download on Itunes started developing issues/crashes with saving data using shared objects.  It may have always had these issues since I updated it using Air 4.0.0.1628 but I only detected it yesterday. 
    At first, I thought it may be due to low memory on the Ipad, but I was unable to replicate the failures/crashes on an IPAD with ios 7 and about 88 megabytes of free memory.  I am currently using Air 4.0.0.1628 and flash pro cs6.
    Unfortunately, I no longer have access to the IPAD that the app was crashing on and cannot do further testing on it, but it had ios 6 installed in it. 
    Thanks
    Justin

    I'm not implying that the server/Facebook way is to work around the lack of local storage - just that it happens to help in this situation (and any where, for example, the app is reinstalled or the user moves to a new device etc).
    Also, it's not just to help work around the SO problem   It's also for the complete social implementation, right (virallity, FB game API etc)   For that, I don't mind including the ANEs and all that jazz.

  • Importing video with sound to GarageBand 2.0 and iOS 7.0.4

    Importing video with sound to GarageBand 2.0 and iOS 7.0.4
    My daughter has an iPad 2 with GarageBand 2.0 and iOS 7.0.4.  She would like to import a video file which has a sound track on it to GarageBand for iPad so that she can add an additional sound track to it.  The video/audio file to be imported would be in AVI, MPEG2 or another iPad compatible format.  Is this possible? If so, how would the mechanics work?  Would you: (1) load the file into the Movies section of iTunes and import the file from the Movies section of iTunes; (2) save the file onto an SD card and import the video/audio file from the SD card by inserting the SD card into an "SD adaptor" on an "iPad Camera Connection Kit"; or (3) email the video file to yourself and upload it to GarageBand from email?

    This is part of a mobile training application and I allow the learner to record an audio response in addition to viewing the videos.  When they record a response, you can hear the playback so the device has its volume up and working when the app is running.  Since I posted this issue, I switched to .flv video and that plays ok.  It's apparently the .mp4 video that's a problem.  I'm encoding it with ffmpeg and suspect that it's something with the settings.   Do you have a recommendation for mp4 settings for OSMF?

  • Traffic Analyzer is rare with Cisco Prime NAM

    Hi,
    we see any rare with Traffic Analyzer, see that ip source configured X.X.X.X/24 is as destination X.X.X.X. Where see that source is Y.Y.Y.Y. If we configure as destination X.X.X.X wihout source about Cisco Prime NAM, will have that appear in traffic analyzer as ip Destination correctly, but is backwards.
    have a card NAM-2 with last patch (WS-SVC-NAM-2), Version 5.1(2)). We configure about Cisco Prime Network Analisis Module Web where
    choose  Capture > Packet/Capture Decode > Sessions
    Configure Capture Session paramaters correctly, below:
    with a Name "Prueba"
    Capture Sourceis Data Ports with DATA PORT 1 and DATA PORT 2. (see attach file Configure Capture Session.jpg)
    Configure Software Filter Dialog parameters correctly, below:
    with a Name "Prueba"
    Destination Address / Mask: X.X.X.X/24
    select Both Directions
    Application or Port: None
    (see attach file Software Filter Dialog.jpg)
    w
    When have all configured about Cisco NAM, we see in Analyzer Packet that ip configure as destination appear as source, and as source other address. We see that is not correctly
    (see attach file Nam Traffic Analyzer Packet Decoder.jpg)
    It´s normal or is an issue real?
    Best Regards.

    Alfroj,
    I downloaded the NAM 5.1 software to be installed on a SRE Module.
    I was wondering if you could help me out with an error.
    When i configure the module and then try to install the files from a ftp server, it doesnt work.
    It loads all the files and when its installing, theres a crash and the system reboots. It does this all the time. Just keeps rebooting and rebooting.
    Im attaching the messages I get
    I would appriciate if you could help me out
    Thanks in advance
    Sincerely,
    Dante Verastegui

  • Issue with cisco prime adding aceess point in the map and move in the final position

    I have an Cisco Prime infrastructure with a 2.1.1 version, I created a new campus, a new building, a new floor after that i want to add access point in one floor i can add 4 access ponit but in other one floor I add first 3 access points successful bunt when i try to add a new access point in the same floor tha access point it is added but I can not move it to the final possition on the map.
    the cisco prime shows the followging message
    Cannot find feature by (Mac/Name/ID) null
    how can I move the access point into the last possiton ?

    Duplicate post. 
    Go HERE.

  • UPS monitoring support with Cisco Prime Infrastructure 1.2

    Dear Members,
    Good day,
    I am having a project implemented wherein i have the UPS power redudancy solution for our network devices.
    Now can anyone gide that is it possible for below :-
    UPS units installed with SNMP cards be monitored via Cisco Prime Infrastructure 1.2 as our monitoring & management solution is Cisco Prime Infrastructure 1.2 ?
    if yes
    Can you guide if following action would be possible to export the below logs from UPS unit to our Cisco Prime Infrastructure 1.2
       a) UPS fault status information
       b) UPS operational status(input power available Y/N)
       c) Battery fault status
       d) Battery charging current
       e) Battery charge level
       f) Output current
    Conclusion is we need to confirm that would it be posible to achieve remote monitoring of these UPS units via our CPI 1.2
    Thanks in Advance for your support & replies to this query.
    Regards,
    Muzammil N.

    Prime Infrastructure 1.2 can manage non-Cisco devices in a limited fashion via SNMP query and trap processing. It cannot import logs and does not have a generic syslog server,
    So if your devices have snmp read only support and can generate SNMP traps for the above you can add them to PI. Follow the manual add device procedure here.

  • Trouble With Cisco Prime Infrastructure 1.3

    Hi,
    I have installed the Evaluation Version Cisco Prime Infrastructure 1.3.
    There are a few problems that i am facing;
    I am trying to push a simple configuration to WLC using Prime Infrastructure. But it is failing as PI doesnot have RW SNMP access.
    My question is that can I use PI to push configs without using SNMP. Like do it using ftp or something.
    Also do the Wired Devices also need SNMP RW access on PI's part.
    2. I tried running discovery for WLC and it worked fine where all the controllers were discovered. But when I try to discover a Switch, the reachability tab says Reachable but in Collection Status tab it shows Unmanaged. When I click on the Unmanaged tab it says " Pre-collection check failed because: ". I have configured the SNMP correctly.
    3. I have the CAD files for all the maps in our environment but when I try to upload it to Prime it converts it into GIF, so the maps are uploaded as plain image with no knowledge of walls and obstacles.
    So we would have to add the walls and obstacles by ourselves. Is there any way it can automatically pick up on the walls and obstacles and thus provide a better way for predicting RF profiles.
    All your help is greatly appreciated.

    TAC Case! Sounds like a bug to me...
    Sent from Cisco Technical Support iPad App

  • Issues with Cisco Prime LMS 4.2.3

    Hi,
    I'm trailing Cisco Prime LMS 4.2.3 Soft appliance on ESXi before I deploy it into a live environment and am having some issues.
    I've upgraded to version 4.2.3 and the box was working fine after the upgrade however on power it up today the Apache service will not start.
    If I look at the LMS application I see this for the Apache service.
    "Apache                Administrator has shut down this server   0 "
    I have tried to starting it.
    CiscoLMS42/admin# application start Apache
    % Application failed to start
    CiscoLMS42/admin#
    If I run an application operation debug at the same time I get the following output.
    CiscoLMS42/admin# 6 [5343]: application:operation cars_install.c[1145] [admin]: Application initialization initiated for appname: Apache, operation: 0
    7 [5343]: application:operation cars_install.c[1146] [admin]: Operations: O-APP_START, 1-APP_STOP, 2-APP_STATUS
    6 [5343]: application:operation cars_install.c[1150] [admin]: Verifying app (Apache) is installed ...
    3 [5343]: application:operation cars_install.c[1152] [admin]: App (Apache) is not installed.
    3 [5343]: application:operation install_cli.c[281] [admin]: Error while starting application  - Application: Apache ErrorCode: -999
    I'm at a complete lose as to where to look next, failing anything else I'll have to rebuild it, but it would be nice to know how to get the Apache up and running again.
    regards
    Rich

    Hi Richard,
    I see the following:
    [ Thu Apr 18 20:53:11 GMT 2013 ] TomcatMonitor After gettingAJPPort : ajpPort = 9009 and host =CiscoLMS42
    [ Thu Apr 18 20:53:11 GMT 2013 ] TomcatMonitor theMgr constructor successful.
    [ Thu Apr 18 20:53:11 GMT 2013 ] TomcatMonitor Inside whileloop
    [ Thu Apr 18 20:53:11 GMT 2013 ] TomcatMonitor Tomcat is not ready, it's coming up Connection refused
    It looks like the hostname cannot be resolved. Can you try to add a static entry in /etc/hosts for the IP of the server and CiscoLMS42?
    Restart the daemon manager and it should work.
    Regards,
    Vlad
    ==========
    NMS Team
    Krakow, Poland
    Cisco TAC

  • Replicate in the Master controller and creation of new user with cisco prime infrastructure 2.1.

    Hello!!
    We have multiple controllers Cisco WLC 5508 (all running software version 7.6.120.0) distributed in various buildings and a controller in other control building (also Cisco WLC 7.6.120.0 5508) operating as Master and backup of the buildings's controllers . 
    Each building is radiated such an SSID that is used as a validation of the user connected to that SSID web portal each controller (in the WLAN, Security -> Layer 3 -> Web Policy), using the local database to validate the user. 
    The problem is that the local database of users is not being replicated between controllers buildings and the Master controller, so if you drop the controller of a building, the Master controller begins to provide service to the buildings access points, but the equivalent radiated SSID cannot able to validate users. 
    I need know if it's possible through Cisco Prime Infrastruture 2.1, first replicate in the Master controller on the basis of existing controllers buildings each local data and, second, that the creation of new users are automatically perform both the controllers like to the Master .
    Thanks.

    As noted earlier, it is not advisable to use the root user to log in for normal use. New users and groups can be created by navigating to Administration > Users, Roles & AAA as shown in the preceding figures. It would help to chalk out what are the various levels at which you want to distribute the users, and to create those roles first. It doesn’t really matter whether you create users or groups first. New users can be easily added by going to Administration > Users, Roles & AAA > Users > Add Users > Select “Add Users” from the drop-down on the right side. Once you get into the add user workflow, fill in the username, password, and local authorization for this user as shown in the figure below.
    A virtual domain can also be assigned to the users when you define their roles by selecting the virtual domain on the left side and moving it to the right side as shown in the image below (left).

Maybe you are looking for