- Preface
- Product Overview
- Administration Tasks for Internal Directory Mode
- Administration Tasks for External Directory Mode
- Directory Administration Tool
- Cisco PIX Firewall Device Support
- IMGW Device Module Development Toolkit
- Troubleshooting
- How to Use the IMGW Device Module Toolkit
- Software Licenses and Acknowlegements
- Contacting Cisco TAC
- Cannot Log In to the System
- System Cannot Connect to the Network
- Cannot Connect to the System Using a Web Browser
- System Cannot Start from the Disk
- Cannot Connect to System with SSH or SSH Interaction is Slow
- Cannot Connect to System Using Telnet
- Backup and Restore not Working Properly
- How to Use the showversion Command
- How to Use the cns-send and cns-listen Commands
- How to Re-activate IBM Director Agent After Setup
Troubleshooting
This appendix provides troubleshooting information. It contains information about:
•
System Cannot Connect to the Network
•Cannot Connect to the System Using a Web Browser
•System Cannot Start from the Disk
•Cannot Connect to System with SSH or SSH Interaction is Slow
•Backup and Restore not Working Properly
•How to Use the showversion Command
•How to Use the cns-send and cns-listen Commands
Contacting Cisco TAC
In some of the following sections, you might be advised to contact the Cisco Technical Assistance Center (TAC) for assistance. You can obtain TAC assistance online at http://www.cisco.com/tac.
For more information, refer to the "Obtaining Technical Assistance" section.
Cannot Log In to the System
Problem: You cannot log in to the system.
Probable causes:
•You did not run the setup program to create an initial system configuration.
•You lost all of the user account passwords.
Resolution:
Step 1 Did you run the setup program after starting the system for the first time?
If no, run the setup program as described in the "Running the Setup Program" section on page 2-1.
If yes, continue.
Step 2 Do you know the password for any system user accounts?
If no, reconfigure the system to create a new user account. Refer to the "How to Manage User Accounts" section for more information.
If yes, continue.
Step 3 If you are certain you entered a valid username and password, contact the TAC for assistance.
System Cannot Connect to the Network
Problem: The system cannot connect to the network.
Probable causes:
•The network cable is not connected to the Ethernet 0 port.
•The Ethernet 0 interface is disabled or misconfigured.
•The system is configured correctly, but the network is down or misconfigured.
•The system is not configured correctly.
Resolution:
Step 1 Verify that the network cable is connected to the Ethernet 0 port and the Link light is on.
•If the network cable is not connected, connect it.
•If the network cable is connected but the Link light is not on, these are the probable causes:
–The network cable is faulty.
–The network cable is the wrong type (for example, a cross-over type, rather than the required straight-through type).
–The port on the default gateway to which the system connects is down.
If the network cable is connected and the Link light is on but the system cannot connect to the network, continue.
Step 2 Use the ping command to perform the following tests:
a. Try to connect to a well-known host on the network. A DNS server is a good target host.
If the ping command can reach another host, the system is connected to the network. If it cannot connect to a particular host, the problem is with the network configuration or that host. Contact your network administrator for assistance.
If the ping command cannot reach another host, continue.
b. Attempt to reach another host on the same subnet as the system.
If the ping command can reach a host on the same subnet, but cannot reach a host on a different subnet, the default gateway is probably down or misconfigured.
If the ping command cannot reach any hosts, continue.
Step 3 Use the ifconfig command to determine if the Ethernet 0 interface is disabled or misconfigured.
If the Ethernet 0 interface is disabled, enable it. If it is misconfigured, configure it correctly. For more information, refer to "Running the Setup Program" section on page 2-1.
If the interface is enabled and correctly configured, continue.
Step 4 To ensure all network setting are configured correctly, run the Setup program again by entering the setup command in the shell prompt.
Note You cannot run Setup a second time by logging in as setup because that account is disabled for security reasons after it is used once successfully.
Step 5 Contact your network administrator to verify that there are no conditions on the network that prevent the system from connecting to the network.
If conditions prevent the system from connecting to the network, have your network administrator correct them.
Step 6 If no conditions are preventing the system from connecting to the network, contact the Cisco TAC.
Cannot Connect to the System Using a Web Browser
Problem: You cannot connect to the system by entering its IP address in a web browser.
Probable causes:
•The system cannot connect to the network.
•Encryption is enabled (plaintext disabled).
•The HTTP service is not running.
Resolution:
Step 1 Make sure that the system can connect to the network by following the procedure in the "System Cannot Connect to the Network" section.
Step 2 When you are sure that the system is connected to the network, attempt to connect the system using a web browser.
If encryption is enabled:
•Use https://... to connect.
•Ensure the certificate is correct.
If you still cannot connect, continue
Step 3 To stop and start the web server only, enter the following commands:
/etc.rc.d/init.d/httpd stop
/etc.rc.d/init.d/httpd start
If the LDAP directory contains thousands of devices, restart and wait 20 minutes.
Step 4 Attempt to connect the system using a web browser.
If you cannot connect, continue.
Step 5 Restart the system.
If the LDAP directory contains thousands of devices, restart and wait 20 minutes.
Step 6 If you still cannot connect to the system using a web browser, contact the Cisco TAC for assistance.
System Cannot Start from the Disk
Problem: The system cannot start from the disk during a restart.
Probable causes:
•The disk has a physical error.
•The disk image is corrupted.
Resolution:
Step 1 If the system does not start automatically from the maintenance image and the start process fails, power the system off and then on.
Step 2 Contact the Cisco TAC if the system still cannot start from the disk.
Note If you require a replacement system, refer to the "Installing a Replacement CNS 2100 Series System" section on page 2-25 for information about installing a replacement system.
Cannot Connect to System with SSH or SSH Interaction is Slow
Problem: You cannot connect to the system using SSH or SSH interaction with the system is extremely slow, even though the system is connected to the network.
Probable cause: The system cannot get DNS services from the network. The system will not function correctly without DNS. SSH problems are the most visible symptom, but the system will have more serious problems. In most cases, it will not correctly process requests from management applications that use it.
Resolution: Perform the following steps. Connect to the console if you cannot connect using SSH.
Step 1 To set up the name servers properly, edit the /etc/resolv.conf file.
Or, you can re-execute Setup (see "How to Re-execute Setup" section on page 2-2).
Step 2 Verify that the system can get DNS services from the network by entering the following command:
# host <dns-name>
where <dns-name> is the DNS name of a host on the network that is registered in DNS. The command returns the IP address of the host.
Step 3 If the system cannot resolve DNS names to IP addresses, the DNS server it is using is not working properly.
Resolve the network DNS problem, then continue.
Step 4 If the system can resolve DNS names to IP addresses but you still cannot connect to the system using SSH or SSH interaction with the system is extremely slow, contact the Cisco TAC.
Cannot Connect to System Using Telnet
Problem: You cannot connect to the system using Telnet even though the system is connected to the network.
Probable cause: Telnet service is disabled on the system.
Resolution: Connect to the system with SSH.
Backup and Restore not Working Properly
Problem: Your backup and restore is not working properly.
Probable causes:
•The time base for the CNS 2100 Series system is not set to the UTC time zone.
•The time has changed.
•The cron job is not started.
Resolution: Perform the following steps:
Step 1 Connect to the console if you cannot connect using SSH.
Step 2 Log into the CNS 2100 Series system as root.
Example:
Kernel 2.2.16-11bipsec.uid32 on an i586
login: admin
Password:
Copyright (c) 2000 Cisco Systems, Inc.
Appliance 1.0 Wed Feb 21 22:20:29 UTC 2001
Build Version (152) Wed Nov 15 12:00:13 PST 2000
bash$ su
Password:
Step 3 To determine if the time is correct, enter the command:
# date
Step 4 To determine the state of the cron job, enter the command:
# /etc/rc.d/init.d/crond restart
Example:
# /etc/rc.d/init.d/crond restart
Stopping cron daemon: [ OK ]
Starting cron daemon: [ OK ]
#
How to Use the showversion Command
Use the showversion command to list all the current RPMs (package managers) loaded on your CNS 2100 Series system. This command is located in the /opt/CSCOcnsie/bin directory.
Use the showversion command to get the following listing:
Internal directory mode.
anaconda-images Version:7.3 Release:6
compat-libs Version:6.2 Release:3
glibc-profile Version:2.2.5 Release:43
indexhtml Version:7.3 Release:3
libmng-static Version:1.0.3 Release:2
man-pages Version:1.48 Release:2
rmt Version:0.4b27 Release:3
ACE Version:5.2.4 Release:0
basesystem Version:7.0 Release:2
bdflush Version:1.5 Release:17
chkconfig Version:1.3.5 Release:3
cracklib Version:2.7 Release:15
db2 Version:2.4.14 Release:10
e2fsprogs Version:1.27 Release:3
expat Version:1.95.2 Release:2
glib Version:1.2.10 Release:5
glib2 Version:2.0.1 Release:2
hdparm Version:4.6 Release:1
IBMJava2-SDK Version:1.4 Release:0.0
krbafs Version:1.1.1 Release:1
libaio Version:0.3.12 Release:1
libdbi Version:0.6.4 Release:2
libjpeg Version:6b Release:19
libole2 Version:0.2.4 Release:1
libtool-libs Version:1.4.2 Release:7
libungif Version:4.1.0 Release:10
libusb Version:0.1.5 Release:3
mailx Version:8.1.1 Release:22
mktemp Version:1.5 Release:14
ncurses4 Version:5.0 Release:5
open Version:1.4 Release:14
parted Version:1.4.24 Release:3
pcre Version:3.9 Release:2
popt Version:1.6.4 Release:7x.18
reiserfs-utils Version:3.x.0j Release:3
setserial Version:2.17 Release:5
slang Version:1.4.5 Release:2
netconfig Version:0.8.11 Release:7
setuptool Version:1.8 Release:2
syslinux Version:1.52 Release:2
expect Version:5.32.2 Release:67
termcap Version:11.0.1 Release:10
bash Version:2.05a Release:13
crontabs Version:1.10 Release:1
CSCOcnsimgs Version:1.4 Release:0
iproute Version:2.4.7 Release:1
groff Version:1.17.2 Release:12
lockdev Version:1.0.0 Release:16
MAKEDEV Version:3.3 Release:4
info Version:4.1 Release:1
cpio Version:2.4.2 Release:26
diffutils Version:2.7.2 Release:5
fileutils Version:4.1 Release:10.1
CSCOcnspki Version:1.3 Release:0
findutils Version:4.1.7 Release:4
grep Version:2.5.1 Release:1
less Version:358 Release:24
libgtop Version:1.0.12 Release:8
libxml10 Version:1.0.0 Release:8
mgetty Version:1.1.30 Release:0.7
bind-utils Version:9.2.1 Release:1.7x.2
openssl-perl Version:0.9.6b Release:32.7
pdksh Version:5.2.14 Release:16
procmail Version:3.22 Release:5
psmisc Version:20.2 Release:3.73
raidtools Version:1.00.2 Release:1.3
ftp Version:0.17 Release:13
readline2.2.1 Version:2.2.1 Release:4
redhat-release Version:7.3 Release:1
routed Version:0.17 Release:8
console-tools Version:19990829 Release:40
ntp Version:4.1.1 Release:1
slocate Version:2.6 Release:1
tar Version:1.13.25 Release:4.7.1
tcsh Version:6.10 Release:6
telnet Version:0.17 Release:20
dev Version:3.3 Release:4
mouseconfig Version:4.25 Release:1
time Version:1.7 Release:16
tmpwatch Version:2.8.3 Release:1
CSCOcnscommon Version:1.3 Release:0
unzip Version:5.50 Release:11
hotplug Version:2002_04_01 Release:3
vim-common Version:6.1 Release:18.7x.2
wget Version:1.8.2 Release:4.73
words Version:2 Release:18
pam Version:0.75 Release:46.7.3
cyrus-sasl Version:1.5.24 Release:25
cyrus-sasl-plain Version:1.5.24 Release:25
openldap Version:2.0.27 Release:2.7.3
passwd Version:0.67 Release:1
krb5-libs Version:1.2.4 Release:11
krb5-workstation Version:1.2.4 Release:11
modutils Version:2.4.18 Release:3.7x
mkinitrd Version:3.3.10 Release:1
mkbootdisk Version:1.4.3 Release:1
pam_krb5 Version:1.55 Release:1
SysVinit Version:2.84 Release:2
vim-enhanced Version:6.1 Release:18.7x.2
zip Version:2.3 Release:12
file Version:3.39 Release:8.7x
dhcpcd Version:1.3.22pl1 Release:7
libgcj Version:2.96 Release:29
libpng Version:1.0.14 Release:0.7x.4
libtiff Version:3.5.7 Release:2
libglade Version:0.17 Release:5
librsvg Version:1.0.2 Release:1
libglade2 Version:1.99.9 Release:2
mod_auth_any Version:1.2.2 Release:2
mod_dav Version:1.0.3 Release:5
mod_put Version:1.3 Release:4
mod_roaming Version:1.0.2 Release:4
mod_throttle Version:3.1.2 Release:5
apacheconf Version:0.8.2 Release:2
libxslt-python Version:1.0.15 Release:1
ibm_directory Version:5.1.1 Release:0
rpm-perl Version:4.0.4 Release:7x.18
anaconda Version:7.3 Release:7
rpmfind Version:1.7 Release:7
Tibco Version:7.1 Release:0
CSCOImgwDeviceServer Version:1.4 Release:0.0
CSCOdat Version:1.3 Release:0
CSCOTools Version:1.2 Release:0
initscripts Version:6.67 Release:1
hwcrypto Version:1.0 Release:3
kernel Version:2.4.20 Release:19.7
kernel-smp Version:2.4.20 Release:19.7
lokkit Version:0.50 Release:8
openssh-askpass Version:3.5p1 Release:1
openssh-server Version:3.5p1 Release:1
portmap Version:4.0 Release:41
quota Version:3.03 Release:1
vixie-cron Version:3.0.1 Release:64
xinetd Version:2.3.11 Release:1.7x
tftp-server Version:0.28 Release:2
ypbind Version:1.10 Release:7
ypserv Version:2.5 Release:2.7x
IBM_db2msen81 Version:8.1.0 Release:16
IBM_db2cucs81 Version:8.1.0 Release:16
IBM_db2icuc81 Version:8.1.0 Release:16
IBM_db2jhen81 Version:8.1.0 Release:16
IBM_db2sp81 Version:8.1.0 Release:16
IBM_db2cj81 Version:8.1.0 Release:16
IBM_db2ca81 Version:8.1.0 Release:16
IBM_db2crte81 Version:8.1.0 Release:16
IBM_db2engn81 Version:8.1.0 Release:16
IBM_db2wssg81 Version:8.1.0 Release:16
ldap-clientd Version:5.1 Release:1
ldap-msg_en_US Version:5.1 Release:1
lincimom Version:1.0 Release:1
mpcim Version:1.0 Release:01
asmlxag Version:3.1.1 Release:0
SysAvailAgent Version:3.11 Release:1
anaconda-help Version:7.3 Release:2
anaconda-runtime Version:7.3 Release:7
glibc-common Version:2.2.5 Release:43
hwdata Version:0.14.1 Release:1
libelf Version:0.7.0 Release:2
mailcap Version:2.1.9 Release:2
redhat-logos Version:1.1.3 Release:1
setup Version:2.5.12 Release:1
filesystem Version:2.1.6 Release:2
glibc Version:2.2.5 Release:43
bzip2-libs Version:1.0.2 Release:2
compat-libstdc++ Version:6.2 Release:2.9.0.16
db1 Version:1.85 Release:8
db3 Version:3.3.11 Release:6
eject Version:2.0.12 Release:4
gdbm Version:1.8.0 Release:14
glib10 Version:1.0.6 Release:10
gmp Version:4.0.1 Release:3
hesiod Version:3.0.2 Release:18
iputils Version:20020124 Release:3
ksymoops Version:2.4.4 Release:1
libcap Version:1.10 Release:8
libghttp Version:1.0.9 Release:2
libjpeg6a Version:6a Release:8
libsigc++ Version:1.0.3 Release:5
libtool-libs13 Version:1.3.5 Release:2
libunicode Version:0.4 Release:6
losetup Version:2.11n Release:12.7.3
mingetty Version:1.00 Release:1
mm Version:1.1.3 Release:11
net-tools Version:1.60 Release:4
pam_smb Version:1.1.6 Release:2
patch Version:2.5.4 Release:12
perl Version:5.6.1 Release:34.99.6
pwdb Version:0.61.2 Release:2
rsh Version:0.17 Release:5
shadow-utils Version:20000902 Release:9.7
newt Version:0.50.35 Release:1
ntsysv Version:1.3.5 Release:3
specspo Version:7.3 Release:4
tcl Version:8.3.3 Release:67
tcllib Version:1.0 Release:67
libtermcap Version:2.0.8 Release:28
bzip2 Version:1.0.2 Release:2
CSCOcnscfgs Version:1.4 Release:0
dhcp Version:2.0pl5 Release:8
libstdc++ Version:2.96 Release:113
libungif-progs Version:4.1.0 Release:10
logrotate Version:3.6.4 Release:1
ncurses Version:5.2 Release:26
binutils Version:2.11.93.0.2 Release:11
cpp Version:2.96 Release:113
ed Version:0.2 Release:25
at Version:3.1.8 Release:23
CSCOImgwConfig Version:1.4 Release:0.0
gawk Version:3.1.0 Release:4
grub Version:0.91 Release:4
gzip Version:1.3.3 Release:1
libtool Version:1.4.2 Release:7
man Version:1.5j Release:7.7x.0
openssl Version:0.9.6b Release:32.7
libesmtp Version:0.8.12 Release:0.7.x
patchutils Version:0.2.11 Release:2
perladdon Version:1.0 Release:1
procps Version:2.0.7 Release:12
pxe Version:0.1 Release:31.99.7.3
readline Version:4.2a Release:4
librep Version:0.15.1 Release:3
readline41 Version:4.1 Release:10
rootfiles Version:7.2 Release:1
sed Version:3.02 Release:11
kbdconfig Version:1.9.15 Release:2
sharutils Version:4.2.1 Release:9
sysklogd Version:1.4.1 Release:8
tclx Version:8.3 Release:67
metamail Version:2.7 Release:28
textutils Version:2.0.21 Release:1
mount Version:2.11n Release:12.7.3
tftp Version:0.28 Release:2
Tivoli Version:93 Release:1
tomcat Version:4.1.18 Release:0
CSCOcnsnsm Version:1.5 Release:0
usbutils Version:0.9 Release:5
utempter Version:0.5.2 Release:6
vim-minimal Version:6.1 Release:18.7x.2
which Version:2.13 Release:3
cracklib-dicts Version:2.7 Release:15
authconfig Version:4.2.8 Release:4
cyrus-sasl-md5 Version:1.5.24 Release:25
gpm Version:1.19.3 Release:21
libuser Version:0.50.2 Release:1
sh-utils Version:2.0.11 Release:14
krb5-server Version:1.2.4 Release:11
krbafs-utils Version:1.1.1 Release:1
kudzu Version:0.99.52 Release:1
lilo Version:21.4.4 Release:14
nscd Version:2.2.5 Release:43
sendmail Version:8.11.6 Release:25.73
usermode Version:1.53 Release:2
xerces Version:1.5 Release:0
zlib Version:1.1.4 Release:8.7x
apache Version:1.3.27 Release:2
gnupg Version:1.0.6 Release:5
libmng Version:1.0.3 Release:2
glibc-utils Version:2.2.5 Release:43
libxml Version:1.8.17 Release:3
libgtkhtml9 Version:0.9.2 Release:10
libxml2 Version:2.4.19 Release:4
libxslt Version:1.0.15 Release:1
mod_bandwidth Version:2.0.3 Release:3
mod_perl Version:1.26 Release:5
mod_python Version:2.7.8 Release:1
mod_ssl Version:2.8.12 Release:2
python Version:1.5.2 Release:43.73
libxml2-python Version:2.4.19 Release:4
rpm Version:4.0.4 Release:7x.18
rpm-build Version:4.0.4 Release:7x.18
rpm-python Version:4.0.4 Release:7x.18
rpm2html Version:1.7 Release:6
rpmlint Version:0.38 Release:5
CSCOcnses Version:1.9 Release:0
CSCOimgw Version:1.4 Release:0.0
CSCOencryption Version:1.4 Release:1
util-linux Version:2.11n Release:12.7.3
bind Version:9.2.1 Release:1.7x.2
ipchains Version:1.3.10 Release:13
iptables Version:1.2.5 Release:3
kernel-utils Version:2.4 Release:7.4
iptables Version:1.2.5 Release:3
kernel-utils Version:2.4 Release:7.4
libpcap Version:0.6.2 Release:17.7.3.2
openssh Version:3.5p1 Release:1
openssh-clients Version:3.5p1 Release:1
pciutils Version:2.1.9 Release:2
nfs-utils Version:0.3.3 Release:5
timeconfig Version:3.2.7 Release:1
anacron Version:2.3 Release:17
telnet-server Version:0.17 Release:20
wu-ftpd Version:2.6.2 Release:11.73.1
yp-tools Version:2.6 Release:4
zCSCOcnssetup Version:1.5 Release:0
IBM_db2cliv81 Version:8.1.0 Release:16
IBM_db2conv81 Version:8.1.0 Release:16
IBM_db2icut81 Version:8.1.0 Release:16
IBM_db2repl81 Version:8.1.0 Release:16
IBM_db2chen81 Version:8.1.0 Release:16
IBM_db2jdbc81 Version:8.1.0 Release:16
IBM_db2rte81 Version:8.1.0 Release:16
IBM_db2das81 Version:8.1.0 Release:16
IBM_db2smpl81 Version:8.1.0 Release:16
IBM_db2cc81 Version:8.1.0 Release:16
ldap-serverd Version:5.1 Release:1
How to Use the cns-send and cns-listen Commands
Use the cns-send and cns-listen commands to send and receive test messages to the event gateway in the Cisco CNS Configuration Engine 1.4. These commands are located in the /opt/CSCOcnsie/tools directory.
cns-send
The syntax for the cns-send command is:
cns-send -version
or
cns-send [-service <service>] [-network <network>] [-daemon <daemon>] [-file <filename>] <subject> [<message>]
Syntax Description
To use the cns-send command, follow these steps:
Step 1 Log into the CNS 2100 Series system as root.
Step 2 Change directories to /opt/CSCOcnsie/tools.
Step 3 Type ./cns-send -file <filename> <subject>
Note The cns-send command sends messages in the opaque data format.
cns-listen
The syntax for the cns-listen command is:
cns-listen -version
or
cns-listen [-service <service>] [-network <network>] [-daemon <daemon>] <subject_list>
Syntax Description
To use the cns-listen command, follow these steps:
Step 1 Log into the CNS 2100 Series system as root.
Step 2 Change directories to /opt/CSCOcnsie/tools.
Step 3 Type ./cns-listen <subject_list>
Usage Guidelines
Use the greater than symbol (>) for a wildcard.
Examples
./cns-listen "cisco.cns.config.load"
./cns-listen "cisco.cns.>"
How to Re-activate IBM Director Agent After Setup
In this release, one of the IBM Director agents is disabled at the end of Setup. This happens to release unused CPU cycles.
To re-activate this agent follow these steps:
Step 1 Login as root.
Step 2 Type the following command string:
cp /etc/TWGagent/TWGagent.orig /etc/TWGagent/TWGagent
/opt/CSCOcnsie/bin/TWGagent start
Note This procedure must be run after each Setup.
Feedback