Redundant CSM probes not working using OneArmedMode+PBR
In a redundant configuration: 2xCat6500 with one CSM each, using One Armed Mode when we use Policy Based Routing for return traffic the redundant CSM probes fail. If we use Source NAT instead everything works fine (both Active and Standby ok).
The problem is that we need to user PBR because the servers need to know the source IP and we want to assure a quick failover.
I'm pointing to the alias address. I didn't mention before but both C6500 have an IP interface configured in the Server Side VLAN and are using HSRP. I think the problem is related with that - when the redundant CSM sends the probe request, the response is routed to the active CSM. Maybe I need to define a specific PBR to the probes.
Similar Messages
-
I hooked up new iMac to wireless network and now iPad and iPhone do not work using wireless. They did before hooking up the iMac. I am using a Netgear N300 router. Also my Netgear ethernet/homeplug for wireless TV internet no longer works. Any ideas? I have tried unplugging, restarting, and resetting. No luck! Thanks!
You should probalby contact Netgear
-
Using export slide show from iphoto, I am trying to create a DVD of photos and vid clips in large format. The vid clips do not work using burn software. Any idea?
Have used large format, but using the 'burn' software, I am not getting seamless video quality on DVD even though I am burning at 2* speed. Any ideas? Do I need better software? Or is there a problem with the SuperDrive?
-
when i finally connected my mac to work network on windows environment everything related to apple including App store, Safari, software updates, iCloud and iTunes do not work using a proxy server and everything else is working very well including chrome browser…i tried everything but no clue...anybody have solution for this..???
I also forgot to note that this problem also persists with the new iBooks application. I cannot get past the 'Get Started' screen or access the iBooks Store. Again, all top bar menus are unresponsive.
DT -
HTTP probes not working on Local Director 416 using 4.2.4
Situation: We are using an LD-416 to load balance http and https requests for 4 web servers with publicly addressable IP's behind one publicly addressable virtual IP.
Desired: We would like to setup http probes to monitor a web page on the servers and fail them if the expected header result of 200 is not met.
Steps taken: Setup http probes to monitor one of the web servers per the Command Reference guide. Page used for testing is written to generate a header response other than the expected result. Commands entered:
1. probe real websrv04 HTTP 1
2. probehttp real websrv04 file /sw/testfileserver/badpage.asp expected 200 request HEAD
3. probeconfig HTTP 1
4. write t
5. write mem
Websrv04 is defined as a real server. We have also tried doing it by the IP address as well as leaving out those settings for which we're checking the defaults (ie. expected and request).
Expectation: The LD should run an http probe against websrv04 every ten seconds looking for the page "badpage.asp" and expect to receive a header result of 200. The first time the LD sees anything other than the expected result, it should fail the server.
Reality: The server never fails. We can even remove the page in question from the web server and the probe still will not fail the server.
Any and all help would be most greatly appreciated.you need to configure a probe to the virtual address as well otherwise probing does not work.
This is done in the web document but it does not appear clearly that it is necessary. Hoewever, you need it to make it work.
Gilles. -
DHCP with redundant Gateway does not work
I am having trouble connecting to my office network using Wifi.
I have done some investigation and found the problem which is...
When DHCP server serves the request and replies with multiple/redundant gateways, the device does take the IP and communicates within the local network but ignores the gateway and is not able to connect the outside network.
When I requested my Systems Administrator and he added specific setting for my device's MAC address and sent only one gateway in DHCP reply, device starts to connect outside.
Our office has other debian based and CentOS based systems running including Ubuntu workstations but none of them is having problem with multiple/redundant gateways but only N900 is having this problem. It means that the problem is not inherited from Linux or Debian but the bug is related to Maemo itself.
I have tried to tell add some technical details and do not expect answers like to check firewall and so. This is a genuine problem and is not intermittent. We have experienced it using MS DHCP server under windows 2003 and win 2k as well.
End users: Please try to duplicate the problem before suggesting a work around or anything
Developers/Admins/Officials: I hope you acknowledge the problem soon.Yes it is uncommon configuration in house holds but in offices or places that have access to more than one Internet connection the configuration will be common. Houses normally have one small router with one internet connection. However in many offices the router is attached to multiple connections and manages fault-tolerance. Having said all that, regardless of how often it is used, when used it wont work and it is a bug.
In DHCP protocol "003 Router" is defined as a list of IPs not a single IP and if DHCP protocol is properly supported this should have work. What I mean is that this problem is related to DHCP implementation. Following is the output of route command...
ACTUAL OUTCOME:
===============
/ $ sudo /sbin/route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.2.15 * 255.255.255.0 U 0 0 0 wlan0
/ $
EXPECTED OUTCOME:
=================
/ $ sudo /sbin/route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.2.15 * 255.255.255.0 U 0 0 0 wlan0
default 192.168.2.1 0.0.0.0 UG 0 0 0 wlan0
default 192.168.2.2 0.0.0.0 UG 10 0 0 wlan0
/ $
I already posted the big on Bugzilla
https://bugs.maemo.org/show_bug.cgi?id=9662
Well I posted this here as well so if someone else also faces the same problem (not sure if there will be one) but they should at-least know the problem instead of thinking that why the hell my internet does not work in office when there is no firewall blocking it.. :-)
I do hope to get it viewed by a "sympathetic developer" :-)
I currently am not into develop/modify scripts but if this is not fixed by others then I believe I don't have a choice.
For now as I mentioned I did a work around by adding an IP reservation in my DHCP server which allows me to fix it to one Gateway for this MAC address only. But if I did not have admin access over my DHCP server, I was in trouble then and maybe would not be able to event troubleshoot and identify the problem. -
NTLM SSO is not working using IIS
Hi,
We have unable to login to the infoview using SSO getting u201C page canu2019t found u201C error.
1. We can login to the infoview using AD authentication when tomcat as the application server but we are unable to login to the infoview using SSO when IIS as the application server.
2. If we select the option called u201Cintegrated windows Authenticationu201D under internet options then the SSO is not working and if we uncheck the u201Cintegrated windows Authenticationu201D in the internet options then we are able to login to the infoview using SSO.We are able to login to the infoview using SSO on another environments and the working and problematic environments we Configured IIS6, XI2 SP4.
4.We tried to login to the infoview using http://servername instead of entire URL however we are getting error.
5.We restarted IIS but no use.
6.Our admin follow the below options-
Open a registry editor, such as Regedit.exe or Regedt32.exe.
Navigate to:
HKLM\System\CurrentControlSet\Services\HTTP\Parameters
Right-click Parameters, select New | DWORD value, and then name the value MaxFieldLength.
Right-click Parameters, select New | DWORD value, and then name the value MaxRequestBytes.
In the right pane, double-click MaxFieldLength, and then set its value to 32768 (decimal).
In the right pane, double-click MaxRequestBytes, and then set its value to 32768 (decimal).
Close the registry editor and restart the IIS Admin service for the change to take effect.
But we are getting same problem.
7.We tried to login to the infoview using http://localhost but issue still persists.
8.We installed jakarta redirector.Is this root cause of this issue?
9.We selected intigrated windows authentication under default websites and i am sure i gave all the options under internet information manager.
Any one please help on this.
My environment is-
BOXIR2 SP4,
NTLM SSO,
Windows 2003,
IIS6."We tried to login to the infoview using http://servername instead of entire URL however we are getting error"
What's the error using the hostname for SSO with integrated windows authentication enabled on only the infoview virtual directory?
Regards,
Tim -
Java program not working using newer version of scheduler (AutoSys)
A little background: I'm in the middle of trying to upgrade our AutoSys server (scheduler) to the latest version (version R4 to R11) and have to do regression testing to ensure our jobs will work in the new version. There's a small java program that is not working supposedly due to the following error:
Exception in thread "Main Thread" java.lang.NoClassDefFoundError: com/f1j/swing/common/JDKAdapter
at com.f1j.swing.common.Adapter.<clinit>(Adapter.java:86)
at com.f1j.swing.engine.ss.JBook.<init>(JBook.java:3032)
at com.f1j.swing.engine.ss.JBook.<init>(JBook.java:3096)
at com.test.Foo.performScan(Foo.java:122)
So in the old version (R4), it runs fine. In R11, I get the exception above. The CLASSPATH matches and I've verified that by echoing it in the shell script that calls the java program. Here's how it's called in the shell script.
echo $CLASSPATH
${JAVA_HOME}/bin/java com.test.Foo
So the Foo class was written by me, which makes use of this external library called f1j11swing.jar (for spreadsheet creation).
The source of the error is from this line in Foo (line 122):
book = new com.f1j.swing.engine.ss.JBook();
The funny part is JDKAdapter (the missing class) is in the same jar file as JBook, so it definitely finds the library in the classpath. But for some reason, this new AutoSys version is spitting out this error. I've exhausted many approaches to resolving this, but I'm still stuck.
Here's the layout of how things are called (should be same for R4 and R11):
1. AutoSys server logs into client machine XYZ as user arnold
2. arnold (AutoSys client) on XYZ executes shell script to call java program
The only significant difference I see is that the AutoSys server in R4 is HP while the R11 server is Sun. However, it shouldn't matter because the client server they're logging into to execute the script is the same linux server.
Does anyone have any ideas? I've already started dialogue with the vendor and it seems kind of in limbo at the moment. Please let me know if you need more info. Thanks.Hi DrClap,
I just checked jre/lib/ext of my $JAVA_HOME and verified that there doesn't exist any library with a class named "Adapter." We don't put anything in this directory other than what came with the original installation. I've tried isolating the jars before as well, by doing something like (to no avail):
java -cp /users/test/lib/f1j11swing.jar:/users/test/lib/Foo.jar com.test.Foo
If I remove the f1jswing11.jar path in the above command, it will complain about other things. Also, for fun, I tried dropping f1j11swing.jar into the ext folder and removing it from the CLASSPATH and it yielded the original error. Running it directly from the shell and old version of autosys works fine.
I hope I understood your suggestion correctly and please let me know if you have any other ideas. I'm surprised why java would act differently with a different version of an AutoSys client logging into the same machine and environment. Thanks.
xiarce - I haven't heard anything regarding this, but I'll bring it up. Thanks.
Edited by: user4170063 on Apr 13, 2011 2:25 PM -
Loging onto my bank I go to the barclays pege there on the top line is "log in" it used to work when I click on it but has stoped, any button on the first three lines of a web page does not work.
I now use Google crome but would like to stay with Firefox if this coruption can be sorted.
RodPlease reload the webpage while bypassing the cache using '''one''' of the following steps:
*Hold down the ''Shift'' key and click the ''Reload'' button with the left mouse key.
OR
*Press ''Ctrl'' + ''F5'' or ''Ctrl'' + ''Shift'' + ''R'' (Windows and Linux)
*Press ''Command'' + ''Shift'' + ''R'' (Mac)
See if this helps solve the issues you had and please report back to us! -
SQL Statement not works using functions or subqueries-MAXDB
Hello All,
I created an ABAP program to select information about country(table: T005) with the country names (Table: T005T). I tried to create a sql query with a sql subquery to select everything but for some reason that I don't know it doesn't work. Please find the query below.
DATA:
resu TYPE REF TO cl_sql_result_set ,
stmt TYPE REF TO cl_sql_statement ,
qury TYPE string .
qury = `SELECT land1, spras, `
&& `(SELECT landx `
&& `FROM SAPNSP.T005T `
&& `WHERE mandt = '` && sy-mandt && `' `
&& `AND spras = 'EN' `
&& `AND land1 = ? ), `
&& `(SELECT natio `
&& `FROM SAPNSP.T005T `
&& `WHERE mandt = '` && sy-mandt && `' `
&& `AND spras = 'EN' `
&& `AND land1 = ? ) `
&& `FROM SAPNSP.T005 `
&& `WHERE mandt = '` && sy-mandt && `' `
&& `AND land1 = ? `
&& `GROUP BY land1, spras` .
resu = stmt->execute_query( qury ) .
Well, the query above works but the fields LANDX and NATIO are in blank in ALL THE CASES, even with information registred in table T005T.
So, exploring the SDN forum and after read some documents regarding ADBC, I create a function to handle this sql select and get the correctly the missing informations, but, still don't work. Please find the function below:
CREATE FUNCTION select_landx (land1 CHAR(3)) RETURNS CHAR(15)
AS
VAR landx CHAR(15);
DECLARE functionresult CURSOR FOR
SELECT spras, land1, landx
FROM SAPNSP.t005t
WHERE spras = 'EN'
AND land1 = :land1;
IF $count IS NULL THEN <- | $count is always 0, my SELECT
BEGIN it's not work but I don't know why
CLOSE functionresult;
RETURN NULL;
END
ELSE
SET $rc = 0;
WHILE $rc = 0 DO
BEGIN
FETCH functionresult INTO :landx;
END;
CLOSE functionresult;
RETURN landx;
Calling the function in a SQL statement:
DATA:
resu TYPE REF TO cl_sql_result_set ,
stmt TYPE REF TO cl_sql_statement ,
qury TYPE string .
qury = `SELECT land1, spras, select_landx(?) landx `
&& `FROM SAPNSP.T005 `
&& `WHERE mandt = '` && sy-mandt && `' `
&& `AND land1 = ? `
&& `GROUP BY land1, spras` .
resu = stmt->execute_query( qury ) .
Any comments ?
Best regards,
Arthur SilvaHello,
Thank's a lot, it works. It's funny because the given solution works using only abap codes.
It may be happens because the abap interpretor send the sql statement to the db interface that handle the code in the another way.
Thanks again, it was driving me crazy.
Best regards,
Arthur Silva -
DMTF not working using IP to IP gateway
Hi,
I have a Cisco IP telephony infrastructure with Cisco Call Manager 4.0(2a) and Cisco 7940G series IP Phones. I have implemented "IP to IP gateway" using a Cisco 2651XM router. I have followed the Configuration guide of "IP-IP gateway" during my configuration.
The IP2IPGw is configured for H323-to-H323 and will register with a gateway of an Internet Telephony Service provider (ITSP).
Now when I make an outbound call to a conference bridge, the bridge requests for the code and the digits pressed from my ip phone is not accepted. The same when I do it from a Analog phone using a FXS port, it works.
The IPIPGw document specifies the dtmf-relay is enabled by deafult. I still have configured all available dtmf options, but still no luck.
Please help me in resolving this.
Attached: Config file and Network design.
thanks in advance,
Naveen VHi Amrit,
Thanks for your reply.
I had configured the DTMF parameters on the dial-peer's with h245-alphanumeric and also with rtp-nte, but no luck.
I have configured an Inter Cluster Trunk between CCM 4.0 and IP-IP Gateway router. I am not sure if there are any configuration on CCM end related to DTMF.
I even tried the rtp-payload (dial-peer) and is still not working.
Let me know your suggestions on this.
thanks,
Naveen V -
Sharing in PE9 does not work, using by email or photo mail
I want to share photos by email attachments and photo mail but they do not work. I currently have Windows Live Mail and use Photoshop elements 9. Any solutions
Sorry. It doesn’t work if you installed MS Live Essentials 2011.
Use Windows Live Gallery and make sure your recipients can connect.
Microsoft Silverlight is a free web-browser plug-in that enables interactive media experiences.
-
Upload to FTP host not working using SFTP
I've tested and retested the FTP Server using SFTP on Transmit, works perfectly every time and won't work using Muse's Upload to FTP. Any ideas?
Thanks Zak,
I still have these questions:
1. Why does Transmit, CyberDuck, and Filezilla all work just fine using SFTP with your Apple server ?
2. Why does Muse have “no experience doing this on an Apple Server”, yet confident it should work ?
3. Is the following what you are referring to?
If so, it seems less secure, and I'm loath to reduce our security after having been hacked before. Why can't Muse work just like Dreamweaver and every other FTP client that I know of?
Key-Based SSH Login
Key-based authentication is helpful for such tasks as automating file transfers and backups and for creating failover scripts because it allows computers to communicate without a user needing to enter a password.
Important: Key-based authentication has risks. If the private key you generate becomes compromised, unauthorized users can access your computers. You must determine whether the advantages of key-based authentication are worth the risks.
Generating a Key Pair for SSH
The following outlines the process of setting up key-based SSH login on Mac OS X
and Mac OS X Server. To set up key-based SSH, you must generate the keys the two
computers will use to establish and validate the identity of each other.
This doesn’t authorize all users of the computer to have SSH access.
Keys must be generated for each user account.
To do this, run the following commands in Terminal:
1. Verify that an .ssh folder exists in your home folder: ls -ld ~/.ssh
If .ssh is listed in the output, move to step 2.
If .ssh is not listed in the output,run: mkdir ~/.ssh and continue to step 2.
2. Change directories in the shell to the hidden .ssh directory with the following command:
cd ~/.ssh
3. Generate the public and private keys by entering the following command:
ssh-keygen -b 1024 -t rsa -f id_rsa -P ''
-b flag sets the length of the keys to 1,024-bits
-t indicates to use the RSA hashing algorithm
-f sets the file name as id_rsa
-P followed by two single-quote marks sets the private key password to be null.
The null private key password allows for automated SSH connections.
Keys are equivalent to passwords so you should keep them private and protected.
4. Copy the public key into the authorized key file by entering the following command:
cat id_rsa.pub >> authorized_keys2
5. Change the permissions of the private key by entering the following command:
chmod go-rwx ~/.ssh/.id_rsa
Set the permissions on the private key so the file can only be changed by the owner.
6. Copy the public key and the authorized key lists to the specified user’s home folder on
the remote computer by entering the following command:
scp authorized_keys2 username@remotemachine:~/.ssh/
- To establish two-way communication between servers, repeat this process on the second computer.
- The process must be repeated for each user that needs to open key-based SSH sessions.
- The root user is not excluded from this requirement.
- The home folder for the root user on Mac OS X Server is located at /var/root/.
Key-Based SSH with Scripting Sample
The following Perl script is a trivial scripting example that should not be implemented, but it demonstrates connecting over an SSH tunnel to all servers defined in the variable serverList, running softwareupdate, installing available updates, and restarting the computer if necessary.
The script assumes that key-based SSH was set up for the root user on all servers to be updated.
#!/usr/bin/perl
# \@ is the escape sequence for the "@" symbol.
my @serverList = ('root\@exampleserver1.example.com',
'root\@exampleserver2.example.com');
foreach $server (@serverList) {
open SBUFF, "ssh $server -x -o batchmode=yes 'softwareupdate -i -a' |";
while(<SBUFF>) {
my $flag = 0;
chop($_);
#check for restart text in $_
my $match = "Please restart immediately";
$count = @{[$_ =~ /$match/g]};
if($count > 0) {
$flag = 1;
close SBUFF;
if($flag == 1) {
"ssh $server -x -o batchmode=yes shutdown -r now" -
Wireless with PEAP Authentication not working using new NPS server
All,
We are planning to migrate from our old IAS server to new NPS server. We are testing the new NPS server with our wireless infrastructure using WISM. We are using PEAP with server Cert for authentication. For testing purpose we are doing user authentication but our goal is to do machine authentication. On client side we are using Windows XP, Windows 7 & iPAD’s
I believe I have configured the NPS & CA server as per the documents I found on Cisco support forum & Microsoft’s site.
But it is not working for me. I am getting the following error message on the NPS server.
Error # 1
=======
Cryptographic operation.
Subject:
Security ID: SYSTEM
Account Name: MADXXX
Account Domain: AD
Logon ID: 0x3e7
Cryptographic Parameters:
Provider Name: Microsoft Software Key Storage Provider
Algorithm Name: RSA
Key Name: XXX-Wireless-NPS
Key Type: Machine key.
Cryptographic Operation:
Operation: Decrypt.
Return Code: 0x80090010
Error # 2
======
An error occurred during the Network Policy Server use of the Extensible Authentication Protocol (EAP). Check EAP log files for EAP errors.
I was wondering if anyone has any insight on what is going on.
Thanks, DsScott,
I have disabled MS-CHAP v1 & only MS-CHAP v2 is enabled on Network Policies > Constraints.
I disabled validate Certificate on Windows 7 and tried to authenticate, it is still failing. Here is the output from the event viewer:
Cryptographic operation.
Subject:
Security ID: SYSTEM
Account Name: MADHFSVNPSPI01$
Account Domain: AD
Logon ID: 0x3e7
Cryptographic Parameters:
Provider Name: Microsoft Software Key Storage Provider
Algorithm Name: RSA
Key Name: DOT-Wireless-NPS
Key Type: Machine key.
Cryptographic Operation:
Operation: Decrypt.
Return Code: 0x80090010
Network Policy Server denied access to a user.
Contact the Network Policy Server administrator for more information.
User:
Security ID: AD\mscdzs
Account Name: AD\mscdzs
Account Domain: AD
Fully Qualified Account Name: AD\mscdzs
Client Machine:
Security ID: NULL SID
Account Name: -
Fully Qualified Account Name: -
OS-Version: -
Called Station Identifier: 64-ae-0c-00-de-f0:DOT
Calling Station Identifier: a0-88-b4-e2-79-cc
NAS:
NAS IPv4 Address: 130.47.128.7
NAS IPv6 Address: -
NAS Identifier: WISM2B
NAS Port-Type: Wireless - IEEE 802.11
NAS Port: 29
RADIUS Client:
Client Friendly Name: WISM2B
Client IP Address: 130.47.128.7
Authentication Details:
Connection Request Policy Name: Secure Wireless Connections
Network Policy Name: Secure Wireless Connections
Authentication Provider: Windows
Authentication Server: MADHFSVNPSPI01.AD.DOT.STATE.WI.US
Authentication Type: PEAP
EAP Type: -
Account Session Identifier: -
Logging Results: Accounting information was written to the local log file.
Reason Code: 23
Reason: An error occurred during the Network Policy Server use of the Extensible Authentication Protocol (EAP). Check EAP log files for EAP errors.
Attached are EAP logs & debug logs from the controller.
Thanks for all the help. I really appreciate. -
Silent install does not work using /S argument
I am trying to perform a silent install of the Flash Player using the EXE. I prefer not to use the MSI. I am trying this command:
install_flash_player_10.exe /s
or
install_flash_player_ax.exe /s
Both commands produce this error:
Invalid argument or invalid use of argument '/s'
Has anyone encountered this before? Thanks!When we build SMS packages for deployment we also build uninstall packages in the event that we need to rollback. The silet uninstall command for Flash 10.1 is
install_flash_player_10.exe -uninstall
It also seems to remove both the ActiveX and Plugin version if both are installed as in our environment. The uninstall string the registry:
C:\WINDOWS\system32\Macromed\Flash\FlashUtil10h_ActiveX.exe -maintain activex
does not work.
Thanks for posting the -install tip. I was having trouble with that.
Cheers!
Maybe you are looking for
-
In Adobe Reader (v11.0.09), after answer application questions in scrolling window panes within a .pdf doc, I signed the doc, and it froze/locked, so I cannot edit or view the full answers anymore. On an ugent deadline, so any thoughts on how to re-
-
Is it possible to change encryption keystore more than once??
It seems that once my environment has been informed of a keystore to use for ssl communication, it can't be changed. Is this so? I need to be able to do the following: 1) Set a keystore for ssl communicaton 2) Establish an ssl connection, (send and r
-
UiXML: dataBinding problem with decimal validator
I'm trying to use the decimal validator inside a uit template and dataBind the minValue, maxValue, maxScale and maxPrecision attributes to the ui:rootAttr dataObject like so: <textInput ...> <onSubmitValidater> <decimal data:minValue="minValue@ui:roo
-
Is there a way to add a column to show each users mailbox size in the EMC for Exchange 2013 under recipients > mailboxes? Such a simple tool would be so much easier for administrative purposes.
-
Nodemanager Broken in WLS 12.1.2 (Bug)
I discovered the following issue with the latest WLS 12.1.2 release: WebLogic 12.1.2 Nodemanager Bug Any suggestions? Is anybody else bothered? Does it work with the per machine NM? Same problem in earlier versions of WLS or just 12.1.2? (I haven't n