11-01-2012 12:32 PM
My CCO password was recenly updated and since then I'm unable to download device packages from my LMS4.2.2 or LMS3.2 application, I get error " ERROR: Invalid Cisco.com username or password".
My LMS server has direct connection to Internet (no proxy) My CCO login works fine from my browser (other than LMS application). I can create TAC case, download any devices packages from CCO etc. but cannot from within LMS.
I tried contacting cisco.com support group but they were not helpful at all.
I see the following in the psu.log. Please advise
[ Thu Nov 01 12:02:37 EDT 2012 ] INFO [SecurityHandler : getCSProxyLogin] : No proxy User Name configured
[ Thu Nov 01 12:02:37 EDT 2012 ] INFO [SecurityHandler : getCSProxyHost] : No proxy Host configured
[ Thu Nov 01 12:02:47 EDT 2012 ] INFO [SecurityHandler : getCSProxyHost] : No proxy Host configured
[ Thu Nov 01 12:02:47 EDT 2012 ] INFO [SecurityHandler : getCSProxyPort] : No proxy port confgured
[ Thu Nov 01 12:02:47 EDT 2012 ] FATAL [DevUpdate : performAdd] : IOException while trying to connect to Cisco.com.
java.io.IOException: Connection refused
at com.cisco.nm.cmf.security.CCO.isValidCCOAccount(CCO.java:284)
at com.cisco.nm.xms.psu.ui.gui.model.action.DevUpdate.performAdd(DevUpdate.java:948)
at com.cisco.nm.xms.psu.ui.gui.model.action.DevUpdate.perform(DevUpdate.java:555)
at org.apache.struts.action.ActionServlet.processActionPerform(ActionServlet.java:1786)
at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1585)
at org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:509)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:647)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:729)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:269)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
at com.cisco.nm.cmf.util.AccessLogFilter.doFilter(AccessLogFilter.java:128)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:172)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:174)
at org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:200)
at org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:291)
at org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:775)
at org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java:704)
at org.apache.jk.common.ChannelSocket$SocketConnection.runIt(ChannelSocket.java:897)
at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:689)
at java.lang.Thread.run(Thread.java:662)
[ Thu Nov 01 12:02:47 EDT 2012 ] INFO [SecurityHandler : getCSProxyHost] : No proxy Host configured
11-02-2012 01:02 AM
You may want to try and take a trace of the traffic to see what goes wrong. Just install wireshark on the server.
To my suprise there was no encryption on the connection to cco when I tried this and I could see al steps it took to get to the download.
Cisco has ditched the 'basic authentication' so now you get a tour of the servers to make sure all cisco cco sites know you are auhenticated. Often in this tour of redirecting where all servers have a taste of your cookie something goes wrong. :-)
Bear in mind that TAC does not run the CCO site. If something is broken on the wesite they cannot fix it. Its another team/group.
Cheers,
Michel
11-02-2012 05:41 AM
I see the same behavior in two different servers (LMS3.2 on Solaris and LMS4.2 on Soft appliance) therefore I don't think it is cookies related. Also If I have my co-worker login it works fine for them, so it is only my CCO account. I'm trying to find out which group handles this type of issues so I can contact them. I have tried contacting CCO support but they were not helpful. I hope someone on this forum know and direct me to the right group.
11-02-2012 06:04 AM
if you are using proxy while manually connecting to the internet then you might want to configure that in the LMS settings.
also just for checkup if there is a firewall inbetween then you might just have a look and see if its blocking something.
11-02-2012 06:07 AM
I have already mentioned in my origianl post that my server has direct connection to the Internet, no proxy or firewall. Also why would it work for other users and not with my CCO account?
11-02-2012 06:19 AM
I've not come across a cco account being able to download in the browser but not in LMS.
AFAIK you need a service contract number in your profile. You must have that, otherwise you would not see the packages in the browser.
Can you confirm this Fadi?
I suggest you take a trace of both you and one of your colleague connecting to CCO from the LMS server.
Then spot the differences. it should be all clear text in the trace.
Cheers,
Michel
11-02-2012 06:29 AM
yes Michel is correct,
sorry i didn't notice the co-worker credentials working fine.
in this case you can do as Michel said,
do sniffer capture when using the working and non working CCO's
then you can spot the difference.
if not maybe you can just check with teh Cisco account manager just to confirm that your CCO is under the right contract or someting.
Michel as always we learn from you :-)
11-02-2012 07:40 AM
If you have a service contract number, you can do as follows:
if you login to your CCO account, change the tab to "Additional Access" and go down the page to the abstract "Add Additional Access" (I am trying to translate this to english becaue I am seeing this in german...) and click on the link "Add Service Contracts to my Profile" (should be the 2nd).
On the next page you have the possibility to enter a Service Contract number, that should be associated to your profile.
If this does not help, try to contact this team by e-mail and see if they can help you:
Cisco.com Contract Associations
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide