Second Client Side VLAN - CSM

Similar Messages

• CSM client side VLAN without a gateway?

  Hi there,
  We are running in bridge mode, and are having some weird arp table issues. I think I have it traced down to the fact that the CSM is arping for addresses, and the replies are getting to the CSM and getting cached, but the MSFC is never seeing them.
  Would behavior like this happen if there is no gateway configured on the client side VLAN? Is a gateway on the client side VLAN a requirement?
  Thanks!

  Let's see if I can explain this coherently, sorry if I don't...
  Problem:
  What we're seeing is that a machine with multiple IP addresses tied to one NIC can only be reached via one of those IP addresses from a different VLAN. I look on the MSFC arp table, and I only see an entry with a MAC for that one IP address, none of the others. If I add a static ARP entry, I can then reach the other IP addresses from the other VLANs. So communication is possible, the ARP table is just not getting populated automatically.
  -HOST A in VLAN A is pointing at the MSFC for it's gateway.
  -HOST B in VLAN B is pointing at the MSFC for it's gateway.
  -The CSM is in bridge mode. VLAN C is the client side VLAN. VLAN B is the server side VLAN.
  -HOST A is trying ping HOST B. HOST A can ping HOST B on it's "main" IP address, but none of the others.
  -The ARP table on the MSFC has an entry for the "main" IP address on HOST B, but no entries for any others.
  -The ARP table on the CSM does have entries for the "extra" IP addresses on HOST B.
  -A static ARP entry for an "extra" IP address on HOST B solves the problem. HOST A can then ping HOST B's "extra" IP address.
  My thoughts:
  The ARP table on the MSFC is not getting populated automatically from the CSM. As I see it, this is because HOST B is in VLAN B, which only has an interface on the CSM. The arp replies are going to the CSM successfully, but aren't getting to the MSFC because there is no gateway or route defined for VLAN B on the CSM.
  The reason that anything at all works is that the hosts in VLAN B are initiating communication outbound to their gateway on the MSFC, so it's getting their MAC addresses that way. When a machine has multiple IP addresses, and it doesn't use them to communicate outbound, the MSFC doesn't learn the MAC for those addresses because the ARP replies are going to the CSM which isn't sharing.
  Hopefully that makes sense, and it also makes sense why I'm thinking it's the lack of a gateway entry. Thanks for your help.

• How can I use multiple client side vlans in ACE?

  In CSM we have a default-gateway per Client VLAN, in ACE there is no equivalent command! How does the ACE handles routing in this situation?

  Hi,
  Talk about a deja-vu. I was faced with the exact same challenge about a year ago.
  Basically, I think you're looking at two options:
  1) Firewall-consolidation - Consolidate your four firewalls into one, having one dedicated interface towards the ace and route all your vips using the ace as
      next-hop. It looks like your firewalls are virtual (but I don't know), so it's duable. But I don't know if this is even an option for you.
  2) Per. clientvlan context - Context A for vlan1001, Context B for vlan1002 and so on. Each context handles clienttraffic for the respective vlan and since
      each context handles it's own routingtable, simply use the firewall-address as your default route. But from your drawing, it looks like your server-vlans
      are all connected to the same ace, so you will need to split that up. Assign each servervlan to an ace-context as you do with the clientside-vlans.
  Well, a third option would be NAT in your firewall. Unless you have a specific need for the original client-ip the reach the ace, you could nat incoming clientsessions in each of the firewalls to an interface-address on that firewall, hence the ace will see the clientrequest as originating from the firewall and since ace has connected routes to each of the firewall, it wall return traffic to respective firewall and leave it to him to return the traffic to the client.
  Since each firewall will present the packets with a unique NAT'ed address, you can apply different policies, parameters etc. for that NAT-address, if this is required.
  hth
  /Ulrich

• ACE - ICMP Client --- Server VLAN

  I am still trying to get the idea why it is not possible to get some ICMP replys from the ALIAS of the server VLAN when requesting the echo coming from the client side.
  The ICMP and also the traceroute works great with the inspection of ICMP for RSERVER -> Server VLAN -> Client VLAN -> OUT.
  The problem or issue is only when you try to get echo replys from the Server VLAN Alias and it's according ip and peer ip addresses.
  Funny thing is one of the interface addresses answers. In a context A it is the "ip address" and in a context B it is the "peer ip address".
  Kind off questions my sanity here. :)
  My inspection rules are applied to the client vlan's or transfer network interfaces whatever view you prefer and work so far as intended.
  Any idea Gilles?
  Roble

  I see, but i also have the same beahvior when routing inside a context.
  Have a look at context "Test" config. It has a client side vlan (444) and a server side vlan (555).
  The communication path for my ping looks like below.
  MyWorkstation <-> L3 Device <-> Context Test (Vlan 444) <-> Context Test (Vlan 555) -> ip, peer ip, alias
  As you can see i am staying inside the context test just passing the packet coming from the vlan 444 to an ip address inside vlan 555. So this should work.
  I am not talking about following communication path which can't work regarding you're statement above.
  Context Admin (Vlan 444) <-> Context Test (Vlan 444) <-> Context Test Vlan (555)-> ip, peer ip, alias
  Roble

• ACE in one-arm model. VIP on Client Side, servers in other vlan

  Hello All
  i have a LAN whit many servers,but only 2 need to be balanced. So i think in one-arm model, due to the higth trafic that not be pass trought ACE.
  i have a vlan 900 where is the client side and the VIP also. (10.0.9.64/26)
  the servers are in vlan 503 (10.12.3.0/24)
  it mi first design with ONE-arm but i thinks something is missing, because doesn't work.
  the configuration is the next:
  MSFC:
  svclc module 1 vlan-group 1,2,
  svclc vlan-group 1 503,900-902
  svclc vlan-group 2 511
  interface Vlan503
  description OSS_&_Otros
  ip address 10.12.3.253 255.255.255.0
  standby 10 ip 10.12.3.254
  standby 10 priority 150
  standby 10 preempt delay minimum 305
  interface Vlan900
  description MSF_<->_ACE
  ip address 10.0.9.126 255.255.255.192
  end
  access-list 101 permit ip 10.12.3.0 0.0.0.255 10.0.9.64 0.0.0.63
  access-list 101 deny ip any any
  route-map From_Server_OSS_to_ACE permit 10
  match ip address 101
  set ip next-hop 10.0.9.125
  ACE_1/admin#
  ip route 0.0.0.0 0.0.0.0 10.0.9.126
  context OSS
  allocate-interface vlan 511
  allocate-interface vlan 900
  allocate-interface vlan 902
  member Max20
  ACE_1/OSS# sh run
  Generating configuration....
  access-list EVERYONE line 10 extended permit ip any any
  access-list EVERYONE line 20 extended permit icmp any any
  rserver host OSS_FES_1
  description OSS_Front_End_Server_1
  ip address 10.12.3.140
  inservice
  rserver host OSS_FES_2
  description OSS_Front_End_Server_2
  ip address 10.12.3.150
  inservice
  serverfarm host SERVER_farm_OSS
  rserver OSS_FES_1
  inservice
  rserver OSS_FES_2
  inservice
  class-map match-all VIP-OSS
  2 match virtual-address 10.0.9.66 any
  policy-map type loadbalance first-match OSS-LB-POLICY
  class class-default
  serverfarm SERVER_farm_OSS
  policy-map multi-match OSS-POLICY-MAP
  class VIP-OSS
  loadbalance vip inservice
  loadbalance policy OSS-LB-POLICY
  loadbalance vip icmp-reply
  interface vlan 900
  description Clients-side
  ip address 10.0.9.125 255.255.255.192
  access-group input EVERYONE
  access-group output EVERYONE
  service-policy input OSS-POLICY-MAP
  no shutdown
  ip route 0.0.0.0 0.0.0.0 10.0.9.126
  maybe a i need to allocate the vlan 503 in OSS Context, any advice?
  Thanks in advace,
  Gianni From Chile

  Since you server are not behind the ACE in either bridge or routed mode add the follwoing to your config and use nat to get the traffic back to the ace.
  This is how one-armed mode works.
  ACE_1/OSS# sh run
  Generating configuration....
  access-list EVERYONE line 10 extended permit ip any any
  access-list EVERYONE line 20 extended permit icmp any any
  rserver host OSS_FES_1
  description OSS_Front_End_Server_1
  ip address 10.12.3.140
  inservice
  rserver host OSS_FES_2
  description OSS_Front_End_Server_2
  ip address 10.12.3.150
  inservice
  serverfarm host SERVER_farm_OSS
  rserver OSS_FES_1
  inservice
  rserver OSS_FES_2
  inservice
  class-map match-all VIP-OSS
  2 match virtual-address 10.0.9.66 any
  policy-map type loadbalance first-match OSS-LB-POLICY
  class class-default
  serverfarm SERVER_farm_OSS
  policy-map multi-match OSS-POLICY-MAP
  class VIP-OSS
  loadbalance vip inservice
  loadbalance policy OSS-LB-POLICY
  loadbalance vip icmp-reply
  nat dynamic 10 vlan 900
  interface vlan 900
  description Clients-side
  ip address 10.0.9.125 255.255.255.192
  nat-pool 10 0.9.126 10 0.9.126 netmask 255.255.255.192 pat
  access-group input EVERYONE
  access-group output EVERYONE
  service-policy input OSS-POLICY-MAP
  no shutdown

• ACE30 - PING to VIP and Client side SVI not working

  Hi Guys,
  Having setup the ACE30 based on the configuration guides, I've been able to get basic load balancing working, probes, stickness etc.  However in testing connectivty, I've noticed that from the real server on the backend I cannot seem to PING:
  1. The VIP for the web service that the server is a part of
  2. The Client side SVI
  I'd like this to work to ensure full connectivity.
  I've applied ACLs to the Client side SVI (on the ACE) to allow this in both directions, and also removed any ACLs attached to the client side SVI on the MSFC where the subnet is actually homed.  However I just cannot seem to PING the Client side SVI on the ACE, or the VIP.  Trying to understand if this is normal behavior.
  Have inserted my config below for completeness.
  ACE30 Config
  login timeout 60
  hostname ACE1
  boot system image:c6ace-t1k9-mz.A90_6_3_5.bin
  boot system image:c6ace-t1k9-mz.A4_1_0.bin
  resource-class RC_1
    limit-resource all minimum 10.00 maximum unlimited
  access-list all line 8 extended permit ip any any
  access-list v6-any line 8 extended permit ip anyv6 anyv6
  class-map type management match-any REMOTE_ACCESS
    description Remote access traffic match
    2 match protocol telnet any
    3 match protocol ssh any
    4 match protocol icmp any
    5 match protocol https any
  policy-map type management first-match REMOTE_MGMT_ALLOW_POLICY
    class REMOTE_ACCESS
      permit
  interface vlan 768
    description Management connectivity
    ip address 10.20.40.72 255.255.255.0
    service-policy input REMOTE_MGMT_ALLOW_POLICY
    no shutdown
  ip route 0.0.0.0 0.0.0.0 10.20.40.254
  context VC_1
    allocate-interface vlan 11
    allocate-interface vlan 186
    member RC_1
  username admin password 5 $1$STizNv5q$i96.Qrt4C4SfHkbLyVT74.  role Admin domain default-domain
  username www password 5 $1$ZAn8bOtv$xmmNlH8akF6iYfXdQCKMo1  role Admin domain default-domain
  ssh key rsa1 1024 force
  ! VC_1
  ACE1/VC_1# sh run
  probe http HTTP_PROBE1
    interval 15
    passdetect interval 60
    expect status 200 200
    open 1
  rserver host RS_MONASH_WEB1
    description Test Monash Web Server 1
    ip address 10.194.27.177
    inservice
  serverfarm host SF_MONASH_WEB
    probe HTTP_PROBE1
    rserver RS_MONASH_WEB1 80
      inservice
  sticky ip-netmask 255.255.255.255 address source STICKY_MONASH_WEB
    timeout 3600
    serverfarm SF_MONASH_WEB
  class-map type management match-any REMOTE_ACCESS
    description Remote access traffic match
    2 match protocol ssh any
    3 match protocol telnet any
    4 match protocol icmp any
    5 match protocol https any
  class-map match-all VS_MONASH_WEB
    2 match virtual-address 10.194.11.1 tcp eq www
  access-list ALLOW_TRAFFIC_TOWARDS_ACE extended permit ip any any
  access-list ALLOW_TRAFFIC_TOWARDS_ACE extended permit icmp any any
  policy-map type management first-match REMOTE_MGMT_ALLOW_POLICY
    class REMOTE_ACCESS
      permit
  policy-map type loadbalance first-match PM_MONASH_WEB_LB
    class class-default
      sticky-serverfarm STICKY_MONASH_WEB
  policy-map multi-match PM_MULTI_MATCH_CLIENT_VIP
    class VS_MONASH_WEB
      loadbalance vip inservice
      loadbalance policy PM_MONASH_WEB_LB
  service-policy input REMOTE_MGMT_ALLOW_POLICY
  interface vlan 11
    description Client connectivity on Vlan 11
    ip address 10.194.11.250 255.255.255.0
    access-group input ALLOW_TRAFFIC_TOWARDS_ACE
    access-group out ALLOW_TRAFFIC_TOWARDS_ACE       ! not sure if this is required as well?
    service-policy input PM_MULTI_MATCH_CLIENT_VIP
    no shutdown
  interface vlan 186
    description CSM www monash
    ip address 10.194.27.189 255.255.255.240
    access-group input ALLOW_TRAFFIC_TOWARDS_ACE    ! not sure if this is required?
    access-group out ALLOW_TRAFFIC_TOWARDS_ACE      ! not sure if this is required?
    ip dhcp relay server 130.194.15.17
    ip dhcp relay server 130.194.15.1
    ip dhcp relay enable
    no shutdown
  ip route 0.0.0.0 0.0.0.0 10.194.11.254
  6500s
  ! test-clay1-gw - ACE connects to this 6500
  svclc multiple-vlan-interfaces
  svclc module 2 vlan-group 2
  svclc vlan-group 2  11,171-499,768
  ! test-clay0-gw - Where Client side subnet, VLAN11 is homed
  interface Vlan11
  description Testlab server subnet
  ip address 10.194.11.253 255.255.255.0
  no shut
  ip route 10.194.27.176 255.255.255.240 10.194.11.250
  thanks
  Sheldon

  To ping your VIP of the webserver, you should apple the service-policy input command on VLAN 186 too. Currently the VIP only listens on VLAN 11. For the SVI i think that was forbidden by security reason, but i cant remember anymore. Maybe you just need to put the management policy on the interface VLAN 186. If it dont work, then my first guess was right

• How to 'client-side include for secondary menu on page'

  Hi there.
  The following page refers:
  test page for early
  draft
  The linked page is in fact a DW CS3 tmp preview file, for
  that reason the CSS has been pulled into the html file by DW, it
  won't look that way in the eventual page file.
  After lengthy battles with the Spry Horizontal menu, I
  eventually resorted to Pop Menu Magic 2 (PPM2) to generate menus.
  I'm very happy with the product (I'm not looking for PPM2 support,
  but rather support pertaining to CSS-driven menu's in general
  relating to caching). I started out with a single main navigation
  menu, which was very comprehensive - but also very big (ito file
  size). I was hoping to cache a part of the menu on the client-side
  to reduce download times once the site visitor has downloaded the
  first page in the site (where he enters the site is not
  applicable). But that proved impossible (I think...).
  I then followed some advice to break up my main navigation
  menu, keep only the more important stuff in there and rather
  distribute the lower levels of the main menu into their own
  dedicated menus. From there the page linked above.
  The main menu at the top is fine, no problem there. On the
  left below the masthead I've created two menus, one above the other
  (it displays as a single menu but the first menu ends above the
  "Other tour lists" item). The first of these two menus contains the
  bulk of the heavy navigation elements (±160kb of the total
  page file size of 220kb). The div info that applies to this menu =
  <div id="p7PMM_2" class="p7PMMv06">. I'd love to cache this
  menu, either in full or the bulk thereof, on the client-side. That
  is implement a client-side include. When a visitor first enters our
  site the include file with the 160kb (secondary) menu gets
  downloaded together with CSS stylesheets, etc. When the visitor
  links through to a following page in our site, his machine
  (client-side) dishes up the menu to that next page without having
  to download it from our hosting server a second time.
  Is this possible and how? Any and all suggestions will be
  appreciated!
  Our clients are mostly wealthy and thus probably (virtually)
  all have high-speed broadband connections. I seriously doubt that
  any of them are running dial-up connections. Thus this issue is not
  going to sink our site. But I'd love to cut page file size if
  possible.
  Furthermore, I'm not too worried about the small portion of
  visitors that may have their javascript disabled in their browsers.
  The main navigation menu at the top of the page will still allow
  them to navigate the site. Much the same goes for SEO.
  I've tried one or two CSI javascripts and succeeded in
  actually getting the relevant tags and contents inserted in the
  html document, but the javascript would then 'break'. That is all
  the coding and menu contents would be there, but the javascript
  won't function (menu's won't pop / fly-out). I'm a little clueless
  when it comes to Javascript, and many other things :-), but I
  suspect that the Javascript in the include file does not get
  called. If the Javascript is kept in the html file, the menu
  content (elements) in the include file arrives in the html file
  after the relevant script has been called and doesn't get
  rendered??
  Once again any help / suggestions will be appreciated!

  > But that proved impossible (I
  > think...).
  Even without doing anything on your part, the images, the
  CSS, and the
  javascript is already cached client-side. You cannot cache
  any of the
  structural code client-side.
  Murray --- ICQ 71997575
  Adobe Community Expert
  (If you *MUST* email me, don't LAUGH when you do so!)
  ==================
  http://www.projectseven.com/go
  - DW FAQs, Tutorials & Resources
  http://www.dwfaq.com - DW FAQs,
  Tutorials & Resources
  ==================
  "afrilux" <[email protected]> wrote in
  message
  news:[email protected]...
  > Hi there.
  >
  > The following page refers:
  http://www.afrilux.co.za/test/1/dev2.htm
  >
  > The linked page is in fact a DW CS3 tmp preview file,
  for that reason the
  > CSS
  > has been pulled into the html file by DW, it won't look
  that way in the
  > eventual page file.
  >
  > After lengthy battles with the Spry Horizontal menu, I
  eventually resorted
  > to
  > Pop Menu Magic 2 (PPM2) to generate menus. I'm very
  happy with the product
  > (I'm
  > not looking for PPM2 support, but rather support
  pertaining to CSS-driven
  > menu's in general relating to caching). I started out
  with a single main
  > navigation menu, which was very comprehensive - but also
  very big (ito
  > file
  > size). I was hoping to cache a part of the menu on the
  client-side to
  > reduce
  > download times once the site visitor has downloaded the
  first page in the
  > site
  > (where he enters the site is not applicable). But that
  proved impossible
  > (I
  > think...).
  >
  > I then followed some advice to break up my main
  navigation menu, keep only
  > the
  > more important stuff in there and rather distribute the
  lower levels of
  > the
  > main menu into their own dedicated menus. From there the
  page linked
  > above.
  >
  > The main menu at the top is fine, no problem there. On
  the left below the
  > masthead I've created two menus, one above the other (it
  displays as a
  > single
  > menu but the first menu ends above the "Other tour
  lists" item). The first
  > of
  > these two menus contains the bulk of the heavy
  navigation elements (?160kb
  > of
  > the total page file size of 220kb). The div info that
  applies to this menu
  > =
  > <div id="p7PMM_2" class="p7PMMv06">. I'd love to
  cache this menu, either
  > in
  > full or the bulk thereof, on the client-side. That is
  implement a
  > client-side
  > include. When a visitor first enters our site the
  include file with the
  > 160kb
  > (secondary) menu gets downloaded together with CSS
  stylesheets, etc. When
  > the
  > visitor links through to a following page in our site,
  his machine
  > (client-side) dishes up the menu to that next page
  without having to
  > download
  > it from our hosting server a second time.
  >
  > Is this possible and how? Any and all suggestions will
  be appreciated!
  >
  > Our clients are mostly wealthy and thus probably
  (virtually) all have
  > high-speed broadband connections. I seriously doubt that
  any of them are
  > running dial-up connections. Thus this issue is not
  going to sink our
  > site. But
  > I'd love to cut page file size if possible.
  >
  > Furthermore, I'm not too worried about the small portion
  of visitors that
  > may
  > have their javascript disabled in their browsers. The
  main navigation menu
  > at
  > the top of the page will still allow them to navigate
  the site. Much the
  > same
  > goes for SEO.
  >
  > I've tried one or two CSI javascripts and succeeded in
  actually getting
  > the
  > relevant tags and contents inserted in the html
  document, but the
  > javascript
  > would then 'break'. That is all the coding and menu
  contents would be
  > there,
  > but the javascript won't function (menu's won't pop /
  fly-out). I'm a
  > little
  > clueless when it comes to Javascript, and many other
  things :-), but I
  > suspect
  > that the Javascript in the include file does not get
  called. If the
  > Javascript
  > is kept in the html file, the menu content (elements) in
  the include file
  > arrives in the html file after the relevant script has
  been called and
  > doesn't
  > get rendered??
  >
  > Once again any help / suggestions will be appreciated!
  >
  >

• Client Side Rendering on Terminal Servers

  I’m having horrible printer issues on my Terminal Servers such as slow printing, slow to add printers, some applications load slowly because they are enumerating the list of printer (thanks Procmon), slow logons, etc. I'm trying to get Client Side Rendering
  (CSR) disabled. From what I can tell it still appears to be on. Terminal Server are Windows Server 2008 SP2 x86.
  On my print servers I have verified that all printers have Render print jobs on client computer unchecked. I have a Group Policy linked to the OU that the Terminal Servers are in that has
  Always render print jobs on the server set to enabled. Per
  http://blogs.technet.com/b/askperf/archive/2008/02/10/ws2008-client-side-rendering.aspx I have verified that on each Terminal Server in
  HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Printers the
  ForceCSREMFDespooling value is present & set to 1 so the GP is being applied.
  However I still have tons of entries in HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider\Servers\<SERVERNAME>\Printers.
  I have found KB958656 which seems to describe my problem that CSR is not being disabled. However one of the files it updates is older than a file that I have (win32spl.dll) & one is newer (printcom.dll).
  Printcom.dll in hotfix is 6.0.6001.22288 mine is 6.0.6001.18000
  Win32spl.dll in hotfix is 6.0.6001.22288 mine is 6.0.6002.18005
  Has anyone else seen this behavior & been able to get CSR disabled?
  Has anyone else had success with the KB hotfix mentioned or know whether or not installing it would causing any issues (since it has that older file)?
  Thanks in an advance to any input.
  Patrick Hoban
  http://patrickhoban.wordpress.com

  Alan/Patrick,
  Hi, sorry, went away on leave for a while so didn’t respond.
  Alan – our case was REG:112081612189183.
  For someone who has been dealing with MS support for about 20 years, this was the most disappointing of any support call I’ve ever had raised – to have the call shut
  down, without a perfmon trace, process explorer analysis, or hang dump analysis (of spooler) – and simply blame “3^rd party drivers” without any proof – is utterly deplorable.
  Anyway, for anyone’s benefit who has similar problems – trying to do direct printing from RDS – I’ve managed to get a solution working. 
  Here are the details;
  A nightly print spooler clean-up script that;
  Stops the spooler
  Deletes the entire key under “HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider”
  Re-creates the key (empty) and sets the value "RemovePrintersAtLogoff"=dword:00000000
  Note, this was vital. 
  MS support had recommended we set this to 1, along with some other keys (InactiveGuidPrinterAge, 
  InactiveGuidPrinterTrim) with specific values.  If we used these MS support recommended values, our RDS serer would not enumerate printers for more than 3-4 hours before requiring a restart of the spooler.
  Restart the spooler
  Map a printer (just to make sure it works)
  Clean up the USERS\.DEFAULT\Printers key on all existing servers
  There was heaps of crap here, the default user NTUSER.DAT was over 800MB in size
  Modify the security on the registry, using GPO to deny SYSTEM write access as below, to stop the crap writing here again;
  USERS\.DEFAULT\Printers
  Deny Set value
  Deny Create Subkey
  Run NGREGOPT on all servers to compress the DEFAULT and SOFTWARE hives back down.
  Even though we had deleted the crap from “Client Side Rendering Print Provider” and the DEFAULT user hive, the registry files were still large of course, and needed to be compressed to reduce
  paged pool usage.
  Note, make sure no users are on the server when this is run !
  With the nightly spooler ‘refresh’ and the registry security changes, we are no longer seeing any problems. 
  In addition the paged pool has gone down from 5GB to 1GB – which I believe was related to the registry bloat that had occurred previously. 
  Cleaning up the keys and using NGREGOPT has fixed this.
  In addition, I am running a spooler check script every 30 minutes on each of the 13 servers. 
  This script checks how long it takes to enumerate the printers for the specific test user. 
  If it takes more than 20 seconds, we get an alert.
  Since I have made the changes above, we no longer have any printing problems… touch wood.. even using HPD 5.4 for most printers, and other (RICHO) 3^rd party
  drivers.
  If anyone wants the scripts (the spooler refresh or the check script) let me know on david.frith<at>glfconsulting.com.au
  ta

• RMI client side callbacks

  Hi all,
  I have an RMI server and a number of clients that run on different machines. What I need to do is, implement the "observer" pattern. i.e.
  in my case, not only the clients call the server, but also the server
  must notify the registered clients when its state changes.
  For that purpose, I suppose, that my clients must also be RMI servers.
  My first question is, is that true what I suppose? Is there any other
  way to implement asynchron client side callbacks with RMI?
  My second question is, if it must be done so (clients are also RMI servers), how can I implement this? Server needs client interface jar
  file, ans client needs server interface jar file at compile time.
  (Important: I do not use any HTTP server from which I can load _Stub
  classes at runtime)
  I don't like this architecture at all and therefore think that there
  may be better solutions. One solution may be to poll the state of the
  server from the clients periodically, so that there is no need for
  callbacks. But that is also not the perfect solution for me.
  Can someone suggest anything else?
  Any idea will be greatly appreciated!
  Thank you

  Hello guvener
  Some time ago, I did exactly what you are thinking about. Here was the strategy.
  1. There was a server program, sitting (obviously) on the server machine, where rmiserver was running. The server class had only a single public method for the calling routines to call.
  2. That public method took, as a parameter, a transaction request. One possible transaction was, "Here is a message for another client." Another possible transaction was, "Listen out for a message for me." For example, a client would call the server with the "listen" transaction or with a "here's a message" transaction.
  3. When the calling method requested a "listen" transaction, the server would enter a "wait" state until it received a message for that particular client.
  4. To prevent blocking, there were three specific strategies:
  (a) The client would call the server with a "listen" transaction in a separate thread.
  (b) There was a "cancel" transaction that would allow a client to cancel its "listen" transaction with the server.
  (c) There was a "close-down" transaction that would allow the server to tell the clients their "listen" transactions had been cancelled, as it was closing down.
  This requires thorough and careful planning. However, once the classes are correctly planned, this strategy is elegant and simple and leads to only a small amount of coding. It's also flexible, without any restrictions on how many transactions a client could request at a time.
  Do be careful to synchronize where applicable!
  I hope this helps.

• The service DS.AdminService could not be found on the client side

  HI,
  we have installed below
  Software
  Version
  IPS
  INFORMATION PLATFORM SERVICES 4.1 SP02 WINDOWS (64B
  Data Service
  DATA SERVICES 4.2 WITH SP01 WINDOWS (64B)
  Information Steward
  INFORMATION STEWARD 4.2 WITH SP01 WINDOWS
  SAP NW 7.4
  Netweaver 7.4 portal
  When I login to portal with  below links I am able to see the related screens.
  http://host:port/irj/portal
  http:://host:port/BOE/CMC
  http://host:port/BOE/InfoStewardApp/1403181301/ICCExplorer/logon.do
  However when I log:portin with below link using admin account I am facing error :
    Welcome Administrator
    Logout
    The service DS.AdminService could not be found on the client side (FWM 02027)
  Please see attachment.
  http://://host:port/DataServices
  Please help. Thanks.
  Regards,
  Krishnam

  Please see below properties for EIM APS. please let me know where can I check.
  Server Name:
  ID, CUID:
  3806 ,  AWJiF9VQoMtJiEyRIjv0py4
  Node:
  USMHR1_ERP301 (USMHR1-ERP301, SAPDataServices-S)
  Description:
  EIM Adaptive Processing Server
  Command Line Parameters 
  -server -Dcom.sap.vm.tag=USMHR1_ERP301.EIMAdaptiveProcessingServer -Djava.awt.headless=true "-Dbobj.enterprise.home=D:/SAP BusinessObjects4.1IPS/SAP BusinessObjects Enterprise XI 4.0/" "-Dbobj.javaserver.home=D:/SAP BusinessObjects4.1IPS/SAP BusinessObjects Enterprise XI 4.0/java/pjs/container/" "-Dboe.common.dir=D:/SAP BusinessObjects4.1IPS/SAP BusinessObjects Enterprise XI 4.0/java/lib/" "-Dboe.external.dir=D:/SAP BusinessObjects4.1IPS/SAP BusinessObjects Enterprise XI 4.0/java/lib//external" "-Dboe.bundles.dir=D:/SAP BusinessObjects4.1IPS/SAP BusinessObjects Enterprise XI 4.0/java/lib//bundles" "-Djava.io.tmpdir=D:/SAP BusinessObjects4.1IPS/SAP BusinessObjects Enterprise XI 4.0/java/pjs/container/temp" "-Dbusinessobjects.logs.home=D:/SAP BusinessObjects4.1IPS/SAP BusinessObjects Enterprise XI 4.0/logging/" "-XtraceFile=D:/SAP BusinessObjects4.1IPS/SAP BusinessObjects Enterprise XI 4.0/logging/aps_USMHR1_ERP301.EIMAdaptiveProcessingServer_jvm.log" "-XX:GCHistoryFilename=D:/SAP BusinessObjects4.1IPS/SAP BusinessObjects Enterprise XI 4.0/logging/aps_USMHR1_ERP301.EIMAdaptiveProcessingServer_gc.prf" "-Xloggc:D:/SAP BusinessObjects4.1IPS/SAP BusinessObjects Enterprise XI 4.0/logging/aps_USMHR1_ERP301.EIMAdaptiveProcessingServer_gc.log" -XX:+PrintGCTimeStamps -XX:+PrintGCDetails -XX:LogGcMaxFileCount=3 -XX:LogGcMaxFileSize=5m "-XX:ErrorFile=D:/SAP BusinessObjects4.1IPS/SAP BusinessObjects Enterprise XI 4.0/logging/[email protected]" -Xms512m -Xmx2g -XX:MaxPermSize=256m -XX:+UseParallelOldGC -XX:+HeapDumpOnOutOfMemoryError "-XX:HeapDumpPath=D:/SAP BusinessObjects4.1IPS/SAP BusinessObjects Enterprise XI 4.0/logging/" -XX:+ExitVMOnOutOfMemoryError -Xjvmx -XsapSystem:08 -Xrs -Djava.net.preferIPv4Stack=false -jar "D:/SAP BusinessObjects4.1IPS/SAP BusinessObjects Enterprise XI 4.0/java/pjs/container/bin/boeserver.jar" -workdir "D:/SAP BusinessObjects4.1IPS/SAP BusinessObjects Enterprise XI 4.0/java/pjs/container/work"
  -name USMHR1_ERP301.EIMAdaptiveProcessingServer -pidfile "D:/SAP BusinessObjects4.1IPS/SAP BusinessObjects Enterprise XI 4.0/serverpids/USMHR1_ERP301_USMHR1_ERP301.EIMAdaptiveProcessingServer.pid" -ns USMHR1-ERP301.corp.pattersoncompanies.com:6400
  Common Settings 
  Request Port:
  Auto assign
  Host Identifiers:
  Auto assign
  Hostname
  IP Address
  Hostname Value
  (IPv4)    (IPv6)
  Automatically start this server when the Server Intelligence Agent starts
  Use Configuration Template
  Services Manager
  Service Startup Timeout (seconds):
  Restore System Defaults
  Set Configuration Template
  TraceLog Service
  Use Configuration Template
  Log level:
  Unspecified
  None
  Low
  Medium
  High
  Restore System Defaults
  Set Configuration Template
  Data Services Job Launcher Service
  Use Configuration Template
  Configuration Parameters
  Log Level:
  NONE
  INFO
  FINER
  Restore System Defaults
  Set Configuration Template
  Data Services RFC Server Service
  This service has no configuration property.
  Data Services View Data Service
  Use Configuration Template
  View Data Service Configuration
  Service Name:
  Listener Port:
  JMXConnector Port:
  BatchSize (KB):
  Minimum Shared Service Providers:
  Maximum Shared Service Providers:
  Maximum Dedicated Service Providers:
  Recycle Threshold:
  Number of attempts to launch service provider:
  Maximum idle time for shared service provider (minutes):
  Log Level:
  NONE
  INFO
  FINER
  Restore System Defaults
  Set Configuration Template
  Data Quality Service
  This service has no configuration property.
  Data Services Metadata Browsing Service
  Use Configuration Template
  Metadata Browsing Service Configuration
  Service Name:
  Maximum Data Source Connections:
  Retry attempts to launch Service Provider:
  Stateful Connection Timeout (seconds):
  Stateless Connection Timeout (seconds):
  Recycle Threshold:
  Log Level:
  NONE
  INFO
  FINER
  Collect Connection Statistics
  Listener Port:
  JMXConnector Port:
  Restore System Defaults
  Set Configuration Template
  Cleansing Package Builder Auto-analysis Service
  This service has no configuration property.
  Information Steward Data Review Service
  Use Configuration Template
  Data Review Service configuration
  Log Level:
  FINEST
  FINER
  FINE
  CONFIG
  INFO
  WARNING
  SEVERE
  Restore System Defaults
  Set Configuration Template
  Information Steward Metadata Search Service
  Use Configuration Template
  Search Service configuration
  Log Level:
  FINEST
  FINER
  FINE
  CONFIG
  INFO
  WARNING
  SEVERE
  Restore System Defaults
  Set Configuration Template
  Information Steward Metadata Integrator Service
  Use Configuration Template
  Integrator Service configuration
  Log Level:
  FINEST
  FINER
  FINE
  CONFIG
  INFO
  WARNING
  SEVERE
  Restore System Defaults
  Set Configuration Template
  Information Steward Application Service
  Use Configuration Template
  Application Service configuration
  Log Level:
  FINEST
  FINER
  FINE
  CONFIG
  INFO
  WARNING
  SEVERE
  Restore System Defaults
  Set Configuration Template
  Data Cleansing Advisor Service
  This service has no configuration property.
  Information Steward Administrative Task Service
  Use Configuration Template
  Task Services Configuration
  Concurrent Thread Instances:
  Thread process timeout (minutes):
  Log Level:
  FINEST
  FINER
  FINE
  CONFIG
  INFO
  WARNING
  SEVERE
  Restore System Defaults
  Set Configuration Template
  Cleansing Package Builder Publishing Service
  This service has no configuration property.
  Cleansing Package Builder Core Service
  This service has no configuration property.

• Client side conflict solution fails

  Hallo,
  In our application we want to resolve synchronisation conflicts on the
  client side.
  For a specific SyncBO. We want the the client data to be dominant.
  To achieve this we tried two ways of conflict resolvance:
  1. We used the ErrorConflictInbox to loop over all conflicts for that
  SyncBO and used the method acceptClientSyncBo on the SyncBoResponse
  object
  try{MeIterator meIter = SmartSyncRuntime.getInstance().getInboxNotifier
  ().getErrorConflictInbox().getSyncBoResponses
  (assignmentSyncBoDescriptor,
  SyncBoResponseType.CONFLICT);resolvedAssignmentConflicts =
  meIter.hasNext();while (meIter.hasNext()){SyncBoResponse conflict =
  (SyncBoResponse) meIter.next();if(conflict.getSyncBoResponseState
  ().equals(SyncBoResponseState.INITIAL)){conflict.acceptClientSyncBo
  ();}}} catch (Exception e){log.logException(e, true);}
  2. We registered a SyncReplyObserver in which we used the method
  acceptClientSyncBo on the SyncBoResponse object
  public SynchronizationControllerImpl(){SmartSyncRuntime.getInstance
  ().getInboxNotifier().registerSyncReplyObserver(assignmentObserver);}
  private AssignmentDeltaObserver assignmentObserver = new
  AssignmentDeltaObserver();
  private class AssignmentDeltaObserver implements SyncReplyObserver
  {public SyncBoDescriptor[] observerSyncBoTypes(){return new
  SyncBoDescriptor[] { assignmentSyncBoDescriptor };}public SyncReplyType
  [] observeSyncReplyTypes(){return new SyncReplyType[] {
  SyncReplyType.CONFLICT };}public void syncReplyReceived(SyncReply arg0,
  SyncBoDescriptor arg1, String arg2){try{SyncBoResponse conflict =
  SmartSyncRuntime.getInstance().getInboxNotifier().getErrorConflictInbox
  ().getSyncBoResponse(assignmentSyncBoDescriptor, new BigInteger
  (arg2));conflict.acceptClientSyncBo();} catch (Exception ignored)
  {log.logException(ignored,true);}}}
  In the first case we did not get every conflict, in fact we only got
  ONE unresolved conflict and the next time we only got SyncBoResponses
  with status resolved.
  In the second case we were able to process every conflict, but than the
  following problem which applied also to the first case occured:
  The SyncBoResponseState was changed to RESOLVED, but the BusinessObject
  remaind in state 16 (BusinessObject.STATUS_IN_SYNC) and the client-/
  and serverdata differed.
  As far as I had understood, the client data now should have been send
  to the server on the next synchronization, but the data had not been
  synchronized until the BusinessObject had been changed again on the
  client.
  As it seemed to be necessary to change the data after the conflict had
  been resolved, to make it synchronize again, we tried to make a change - change back cycle on some data, but although the BusinessObject's
  state changed to 8 (BusinessObject.STATUS_GLOBAL) on the first change,
  the state went back to 16 on re-modification.
  More importantly the data had not been synchronized when the client was
  synchronized again.
  Has anyone done this before and am I on the right way? Why does not it work?
  Greetings,
  Kai

  hello kai,
  your first code doesn't have any problem at all. im just
  wondering the line with //????// comment. do you assume
  that the first iterator object is a resolved conflict?
  after resolving the conflict, the SyncBoResponse instance
  having a RESOLVED will stay in your local repository. you
  have to call delete() method.
  by the way, at which timing does your application resolve
  the conflicts?
  try{
  MeIterator meIter = SmartSyncRuntime.getInstance()
             .getInboxNotifier().getErrorConflictInbox()
             .getSyncBoResponses(assignmentSyncBoDescriptor,
              SyncBoResponseType.CONFLICT);
  <b>//????//</b>
  resolvedAssignmentConflicts = meIter.hasNext();
  while (meIter.hasNext()){
    SyncBoResponse conflict =(SyncBoResponse) meIter.next();
    if(conflict.getSyncBoResponseState().equals (SyncBoResponseState.INITIAL)){
     conflict.acceptClientSyncBo();
     <b>//removed the RESOLVED ones; you may add state check as well
     conflict.delete();</b>
  } catch (Exception e){log.logException(e, true);}
  the same thing goes to your 2nd code. you have to call the
  delete() method of the SyncBoResponse once they are processed.
  what really happens when you invoke the acceptClientSyncBo
  method is that
  1)the quarantined client SyncBo is copied to tempObject
  2)the server data is applied; making the client SyncBo a
  global image - state GLOBAL/SYNCHED
  3)the client modification is applied using the tempObject
  -> client syncBo state is now INCONSISTENT; there's a delta
  data to be uploaded.
  4)SyncBoResponse is transitional to RESOLVED
  on your next sync, this delta data will be sent to the server
  just like a normal delta upload. until your success response
  for that delta upload message is received in the client,
  your SyncBo will be in its INSYNC state.
  hope this clear up some of your doubts.
  just let me know if you need more details.
  regards
  jo

• Uncaught exception raised in Server Client-side plugin

  When I try to connect to my XServe from the Server Admin on my desktop computer. I get the following error:
  Uncaught exception raised in Server Client-side plugin
  Sorry but the feature you tried to access cannot be used. Exception is:
  In updateConfigurationViewFromDescription: NSInvalidArgumentException * -[NSCFNumber count]: unrecognized selector sent to instance 0x18819ee0 .
  There is a second error with similar wording.
  If I say ok to the warnings I can make changes but they do not save.
  I can access the Server Admin on the XServe
  Anyone know of a solution so that I can login and edit the settings for my XServe from a remote computer?

  I'm getting this too, server is XServe running 10.6.6, remote Server Admin is on a 10.5.8 PPC iMac. No errors with same remote against a PowerMac server running 10.5.8. No errors with 10.6.6 remote against either server.
  Unlike the OP, however, the changes I've tried "take." The pop-ups are annoying though.
  Another issue with the 10.5 Server Admin/10.6 Server, if it isn't a thread hijack, disk volumes do not show up in the File Sharing pane, Share Points appear OK.

• Solution for tnsnames at client side

  Hi,
  My database is in oracle 10.2.0. I have configured 2 standby servers for my primary database. I want to know that are there any parameter in tnsnames.ora at the client side so that If switchover or failover occurs,the client or user should not be aware of the switch process i.e., without down time.
  Because there will be different service names and host, how can this be addressed at the client tnsnames.ora.
  Thanks in advance for your suggestions,
  satyanag

  Hi Satyanag,
  It's possible to specify more than one address location. For example:
  SCR9 =
  (DESCRIPTION =
  (ADDRESS_LIST =
  (ADDRESS = (PROTOCOL = TCP)(HOST = bloo)(PORT = 1521))
  (ADDRESS = (PROTOCOL = TCP)(HOST = fermat)(PORT = 1521))
  (CONNECT_DATA =
  (SERVER = DEDICATED)
  (SERVICE_NAME = scr9)
  If the first address can't be contacted Oracle will try the second address.
  Cheers,
  Andy Barry
  http://www.shutdownabort.com

• Cisco AQM 8.5 not recording : wav files are deleted from client side

  Daer Networkers,
  We do have Cisco AQM 8.5 SR2 ES1 installed with UCCX 8.5
  The issue is that when accessing the Web interface of AQM and try to look for calls, I can't find any one.
  When checking the client side, I can see that the call are being recorded : The FROM and TO files are there. But once the call is terminated, the wav file appear for some seconds and then it dissappears asi fi it's deleted.
  The wav files are not in the server too;
  I don't know what is the issue. Can you please help ?
  Thanks in advance.

  Hi,
  This issue was resolved by doing a repair to the QM Base services, then run postinstall as if it was run for the first once.
  The Proxy Gateway program was missing for some reason. After doing the repair the issue was resovled and calls are uploaded to the server.
  Now I am facing another issue !  : I can hear the client voice only. Agent's voice couln't be heard in the recorded files. As if the agent's voice is not recorded. Can you please advise ?

• EP6 Client Side IE Jscript Errors

  Hi,
  Lately we have been experiencing severe client side issues involving javascript IE errors.  This means that when the portal page loads for the user, it appears for the user incomplete.  Meaning perhaps they will see their first and/or second level navigation and then everything else is white.  On the bottom left corner of their IE window I have noticed there is the IE symbol with a yellow exclamation point over either stating 'Done,' 'Done with Errors,' 'Error on Page,' or something similar.  Basically it's always a javascript error. 
  Clearing cache, cookies, temp files, refreshing, and rebooting does not help.  These clients are all running IE6 w/128bit encryption.  One fix we have found so far is that after we performed our Patch4 upgrade, we found that somehow not all PRTBridge files were updated according to the primary server node's files.  We had to manually copy these files to each server node for that portal environment.  So far it appears that has helped.
  I'm just curious if anyone else has experienced this issue?
  Thanks - Danielle

  Hi,
  Is it possible that you have experienced the problems described in note 785308, that are caused after installing MS Security Hotfix KB834707?
  Best Regards,
  Elad