Cisco Configuration Engine Administrator Guide, 2.0

Troubleshooting

This appendix provides troubleshooting information. It contains information about:

•Contacting Cisco TAC

•Cannot Log Into the System

•System Cannot Connect to the Network

•Cannot Connect to the System Using a Web Browser

•Cannot Connect to System with SSH or SSH Interaction is Slow

•Backup and Restore not Working Properly

•How to Use the showversion Command

•Using the cns-send and cns-listen Commands

Contacting Cisco TAC

In some of the following sections, you might be advised to contact the Cisco Technical Assistance Center (TAC) for assistance. You can obtain TAC assistance online at http://www.cisco.com/tac.

Cannot Log Into the System

Problem: You cannot log into the system.

Probable causes:

•You did not run the setup program to create an initial system configuration.

•You lost all of the user account passwords.

Resolution:

Step 1 Did you run the setup program after starting the system for the first time?

If no, run the setup program as described in either Cisco Configuration Engine Linux Installation & Configuration Guide, 2.0 or Cisco Configuration Engine Solaris Installation & Configuration Guide, 2.0.

If yes, continue.

Step 2 Do you know the password for any system user accounts?

If no, reconfigure the system to create a new user account. See Chapter 4, "User Account Manager" for more information.

If yes, continue.

Step 3 If you are certain you entered a valid username and password, contact the TAC for assistance.

System Cannot Connect to the Network

Problem: The system cannot connect to the network.

Probable causes:

•The network cable is not connected to an Ethernet port.

•The Ethernet interface is disabled or misconfigured.

•The system is configured correctly, but the network is down or misconfigured.

•The system is not configured correctly.

Resolution:

Step 1 Verify that the network cable is connected to an Ethernet port and the Link light is on.

•If the network cable is not connected, connect it.

•If the network cable is connected but the Link light is not on, these are the probable causes:

–The network cable is faulty.

–The network cable is the wrong type (for example, a cross-over type, rather than the required straight-through type).

–The port on the default gateway to which the system connects is down.

If the network cable is connected and the Link light is on but the system cannot connect to the network, continue.

Step 2 Use the ping command to perform the following tests:

a. Try to connect to a well-known host on the network. A DNS server is a good target host.

If the ping command can reach another host, the system is connected to the network. If it cannot connect to a particular host, the problem is with the network configuration or that host. Contact your network administrator for assistance.

If the ping command cannot reach another host, continue.

b. Attempt to reach another host on the same subnet as the system.

If the ping command can reach a host on the same subnet, but cannot reach a host on a different subnet, the default gateway is probably down or misconfigured.

If the ping command cannot reach any hosts, continue.

Step 3 Use the ifconfig command to determine if the Ethernet interface is disabled or misconfigured.

If the Ethernet interface is disabled, enable it. If it is misconfigured, configure it correctly.

If the interface is enabled and correctly configured, continue.

Step 4 To ensure all network setting are configured correctly, run the Setup program again by entering the setup command in the shell prompt.

Note You cannot run Setup a second time by logging in as setup because that account is disabled for security reasons after it is used once successfully.

Step 5 Contact your network administrator to verify that there are no conditions on the network that prevent the system from connecting to the network.

If conditions prevent the system from connecting to the network, have your network administrator correct them.

Step 6 If no conditions are preventing the system from connecting to the network, contact TAC for assistance.

Cannot Connect to the System Using a Web Browser

Problem: You cannot connect to the system by entering its IP address in a web browser.

Probable causes:

•The system cannot connect to the network.

•Encryption is enabled (plaintext disabled).

•The HTTP service is not running.

Resolution:

Step 1 Make sure that the system can connect to the network by following the procedure in the "System Cannot Connect to the Network" section.

Step 2 When you are sure that the system is connected to the network, attempt to connect the system using a web browser.

If encryption is enabled:

•Use https://... to connect.

•Ensure the certificate is correct.

If you still cannot connect, continue

Step 3 To stop and start the web server only, enter the following commands:

/etc/rc.d/init.d/httpd stop

/etc/rc.d/init.d/httpd start

If the LDAP directory contains thousands of devices, restart and wait 20 minutes.

Step 4 Attempt to connect the system using a web browser.

If you cannot connect, continue.

Step 5 Restart the system.

If the LDAP directory contains thousands of devices, restart and wait 20 minutes.

Step 6 If you still cannot connect to the system using a web browser, contact the Cisco TAC for assistance.

Cannot Connect to System with SSH or SSH Interaction is Slow

Problem: You cannot connect to the system using SSH or SSH interaction with the system is extremely slow, even though the system is connected to the network.

Probable cause: The system cannot get DNS services from the network. The system will not function correctly without DNS. SSH problems are the most visible symptom, but the system will have more serious problems. In most cases, it will not correctly process requests from management applications that use it.

Resolution: Perform the following steps. Connect to the console if you cannot connect using SSH.

Step 1 To set up the name servers properly, edit the /etc/resolv.conf file.

Or, you can re-execute Setup.

Step 2 Verify that the system can get DNS services from the network by entering the following command:

# host <dns-name>

where <dns-name> is the DNS name of a host on the network that is registered in DNS. The command returns the IP address of the host.

Step 3 If the system cannot resolve DNS names to IP addresses, the DNS server it is using is not working properly.

Resolve the network DNS problem, then continue.

Step 4 If the system can resolve DNS names to IP addresses but you still cannot connect to the system using SSH or SSH interaction with the system is extremely slow, contact the Cisco TAC.

Cannot Connect to System Using Telnet

Problem: You cannot connect to the system using Telnet even though the system is connected to the network.

Probable cause: Telnet service is disabled on the system.

Resolution: Connect to the system with SSH.

Backup and Restore not Working Properly

Problem: Your backup and restore is not working properly.

Probable causes:

•The time base for the host system is not set to the UTC time zone.

•The time has changed.

•The cron job is not started.

Resolution: Perform the following steps:

Step 1 Connect to the console if you cannot connect using SSH.

Step 2 Log in to the host system as root.

Step 3 To determine if the time is correct, enter the command:

# date

Step 4 To determine the state of the cron job, enter the command:

# /etc/rc.d/init.d/crond restart

Example:

# /etc/rc.d/init.d/crond restart

Stopping cron daemon:                                      [  OK  ]

Starting cron daemon:                                      [  OK  ]

#

No Crontab Set for Backup Job when /var is 100% Full.

Certain system commands need some space in /var to run and crontab is such a command in order to schedule the backup job for the user. Because of this, the crontab command issued by the script (called from the GUI) fails, which results in the failure of backup job.

Clean up /var partition on the system (moved some files to /home/), then resubmit the backup schedule from the GUI.

How to Use the showversion Command

Use the showversion command to list all the current RPMs (package managers) loaded on your host system. This command is located in the /opt/CSCOcnsie/bin directory.

Using the cns-send and cns-listen Commands

Use the cns-send and cns-listen commands to send and receive test messages to the event gateway in the Cisco Configuration Engine. These commands are located in the /opt/CSCOcnsie/tools directory.

cns-send

The syntax for the cns-send command is:

cns-send -version

or

cns-send [-service <service>] [-network <network>] [-daemon <daemon>] [-file <filename>] <subject> [<message>]

Syntax Description

To use the cns-send command, follow these steps:

Step 1 Log in to the host system as root.

Step 2 Change directories to /opt/CSCOcnsie/tools.

Step 3 Type ./cns-send -file <filename> <subject>

Note The cns-send command sends messages in the opaque data format.

cns-listen

The syntax for the cns-listen command is:

cns-listen -version

or

cns-listen [-service <service>] [-network <network>] [-daemon <daemon>] <subject_list>

Syntax Description

To use the cns-listen command, follow these steps:

Step 1 Log in to the host system as root.

Step 2 Change directories to /opt/CSCOcnsie/tools.

Step 3 Type ./cns-listen <subject_list>

Usage Guidelines

Use the greater than symbol (>) for a wildcard.

Examples

./cns-listen "cisco.cns.config.load"

./cns-listen "cisco.cns.>"