06-08-2012 06:31 AM - edited 07-03-2021 10:16 PM
Hi,
I recently configured CISCO 3310 box with MSE version 7.2. Services are up and running in the box, I could add the MSE to WCS and also able to track the location using WCS. However, I could not connect the third party software to MSE web services to get the location information there. When I hit the server url "https://<my mse>" I get list of possible services like:
No service matched or handled this request.
Known services are:
http://my server:8880/hs/
http://my server:8880/mdp/
http://my server:8880/admin/
http://my server:8880/wips/
http://my server:8880/location/
http://my server:8880/subscription/
http://my server:8880/aaa/
http://127.0.0.1:8180/localadmin/
https://127.0.0.1:8443/localadmin/
https://my server:8843/mdp/
https://my server:8843/wips/
https://my server:8843/hs/
https://my server:8843/admin/
https://my server:8843/location/
https://my server:8843/subscription/
https://my server:8843/aaa/
I browsed through the documentation (CAS_71.pdf) and found a text saying:
NotePort 80 will be enabled on the MSE if the enablehttp command was entered on MSE. Ports 8880 and 8843 will be closed on the MSE when the CA-issued certificates are installed on the MSE.
I am running the test system so I do not really want to install CA signed certificate, so I used self signed certificate and restarted the server, but it did not help.
Any pointer on how can I make the web services up and running on port 443 would be great!!
Cheers,
Manish
Solved! Go to Solution.
10-31-2012 05:23 PM
Ihave the same problem, but i try to create the CA and send this error
Certificate Management Options
1: Import CA Certificate
2: Import Server Certificate
3: Enable Client Certificate Validation
4. Disable Client Certificate Validation
5: OCSP Settings
6: Import a CRL
7: Create a CSR (Certificate Signing request)
8: Clear Certificate Configuration
9: Show Certificate Configuration
10: Exit
Please enter your choice (1-10)
1
Do you want to file(0) or scp(1) transfer (0/1) 0
Enter the full path of the CA certificate file /root/mseservercsr.pem
Successfully transferred the file
Import CA Certificate failed:
certutil: could not obtain certificate from file: security library failure.
Can yo help me for this, do you have more information for create the CA?
Thanks
07-31-2013 11:33 PM
Dear Manish Singh
I had the error same your. Please detail guide for me fix it.
This is output command line mse status
STATUS:
Starting MSE Platform, Waiting to check the status.
MSE Platform is up, getting the status
-------------
Server Config
-------------
Product name: Cisco Mobility Service Engine
Version: 7.0.240.0
Hw Version: V03
Hw Product Identifier: XXXXXXXXXXX
Hw Serial Number: XXXXXXXXXXX
Use HTTP: false
Legacy HTTPS: false
Legacy Port: 8001
Log Modules: -1
Log Level: INFO
Days to keep events: 2
Session timeout in mins: 30
DB backup in days: 2
Thank you so much
04-22-2015 12:34 AM
Hi Amjad,
I am facing the same issue. I understand that generally it goes after clearing the iptables but this time it is not getting off. Can you pls. help me to resolve this problem.
Here's the output -
[root@MSE76 framework]#
[root@MSE76 framework]# getserverinfo
Health Monitor is running
Retrieving MSE Services status.
MSE services are up, getting the status
-------------
Server Config
-------------
Product name: Cisco Mobility Service Engine
Version: 7.6.100.0
Health Monitor Ip Address: 1.1.1.1
High Availability Role: 1
Hw Version: V01
Hw Product Identifier: AIR-MSE-VA-K9
Hw Serial Number: MSE76_5
HTTPS: null
Legacy Port: 8001
Log Modules: -1
Log Level: INFO
Days to keep events: 2
Session timeout in mins: 30
DB backup in days: 2
-------------
Services
-------------
Service Name: Context Aware Service
Service Version: 7.6.1.33
Admin Status: Enabled
Operation Status: Up
Service Name: WIPS
Service Version: 2.0.7092.0
Admin Status: Disabled
Operation Status: Down
Service Name: Mobile Concierge Service
Service Version: 4.0.0.10
Admin Status: Disabled
Operation Status: Down
Service Name: CMX Analytics
Service Version: 2.1.0.62
Admin Status: Disabled
Operation Status: Down
Service Name: CMX Browser Engage
Service Version: 1.0.0.2
Admin Status: Disabled
Operation Status: Down
Service Name: HTTP Proxy Service
Service Version: 1.0.0.1
Admin Status: Disabled
Operation Status: Down
--------------
Server Monitor
--------------
Server start time: 1429704763547
Server current time: Wed Apr 22 08:22:14 EDT 2015
Server timezone: America/New_York
Server timezone offset: -18000000
Restarts: 2
Used Memory (bytes): 31470992
Allocated Memory (bytes): 514523136
Max Memory (bytes): 4294967296
DB disk memory (bytes): 12875490944
-------------
Context Aware Service
-------------
Total Active Elements(Wireless Clients, Tags, Rogue APs, Rogue Clients, Interferers, Wired Clients): 0
Active Wireless Clients: 0
Active Tags: 0
Active Rogue APs: 0
Active Rogue Clients: 0
Active Interferers: 0
Active Wired Clients: 0
Active Elements(Wireless Clients, Rogue APs, Rogue Clients, Interferers, Wired Clients, Tags) Limit: 100
Active Sessions: 0
Wireless Clients Not Tracked due to the limiting: 0
Tags Not Tracked due to the limiting: 0
Rogue APs Not Tracked due to the limiting: 0
Rogue Clients Not Tracked due to the limiting: 0
Interferers Not Tracked due to the limiting: 0
Wired Clients Not Tracked due to the limiting: 0
Total Elements(Wireless Clients, Rogue APs, Rogue Clients, Interferers, Wired Clients) Not Tracked due to the limiting: 0
[root@MSE76 framework]#
When I am trying to enable the http service using enablehttp command it gives an error -
root@MSE76 framework]# enablehttp
[main] INFO com.cisco.ciscossl.provider.ciscojce.CiscoJCEProvider - CiscoJCE turning on FIPS...
[main] INFO com.cisco.ciscossl.provider.ciscojce.CiscoJCEProvider - CiscoJCEProvider version 1.0020130407 loading...
[main] INFO com.cisco.ciscossl.provider.ciscojce.CiscoJCEProvider - Executing Java version = 1.6.0_45
[main] WARN com.cisco.ciscossl.provider.ciscojce.CiscoJCEProvider - Allowing non-FIPS compliant instance Blowfish of class Cipher because environment variable CISCOJ_PERMIT_NON_FIPS_CIPHER_BLOWFISH set
[main] WARN com.cisco.ciscossl.provider.ciscojce.CiscoJCEProvider - Allowing non-FIPS compliant instance ARCFOUR of class Cipher because environment variable CISCOJ_PERMIT_NON_FIPS_CIPHER_ARCFOUR set
[main] WARN com.cisco.ciscossl.provider.ciscojce.CiscoJCEProvider - Allowing non-FIPS compliant instance RC4 of class Cipher because environment variable CISCOJ_PERMIT_NON_FIPS_CIPHER_ARCFOUR set
[main] WARN com.cisco.ciscossl.provider.ciscojce.CiscoJCEProvider - Allowing non-FIPS compliant instance 1.2.840.113549.3.4 of class Cipher because environment variable CISCOJ_PERMIT_NON_FIPS_CIPHER_ARCFOUR set
[main] WARN com.cisco.ciscossl.provider.ciscojce.CiscoJCEProvider - Allowing non-FIPS compliant instance PBEWithMD5AndDES of class Cipher because environment variable CISCOJ_PERMIT_NON_FIPS_CIPHER_PBEWithMD5AndDES set
[main] WARN com.cisco.ciscossl.provider.ciscojce.CiscoJCEProvider - Allowing non-FIPS compliant instance 1.2.840.113549.1.5.3 of class Cipher because environment variable CISCOJ_PERMIT_NON_FIPS_CIPHER_PBEWithMD5AndDES set
[main] WARN com.cisco.ciscossl.provider.ciscojce.CiscoJCEProvider - Allowing non-FIPS compliant instance OID.1.2.840.113549.1.5.3 of class Cipher because environment variable CISCOJ_PERMIT_NON_FIPS_CIPHER_PBEWithMD5AndDES set
[main] WARN com.cisco.ciscossl.provider.ciscojce.CiscoJCEProvider - Allowing non-FIPS compliant instance SSL of class SSLContext because environment variable CISCOJ_PERMIT_NON_FIPS_SSLCONTEXT_SSL set
[main] WARN com.cisco.ciscossl.provider.ciscojce.CiscoJCEProvider - Allowing non-FIPS compliant instance HmacMD5 of class Mac because environment variable CISCOJ_PERMIT_NON_FIPS_MAC_HMACMD5 set
[main] WARN com.cisco.ciscossl.provider.ciscojce.CiscoJCEProvider - Allowing non-FIPS compliant instance 1.3.6.1.5.5.8.1.1 of class Mac because environment variable CISCOJ_PERMIT_NON_FIPS_MAC_HMACMD5 set
[main] WARN com.cisco.ciscossl.provider.ciscojce.CiscoJCEProvider - Allowing non-FIPS compliant instance Alg.Alias.Mac.1.3.6.1.5.5.8.1.1 of class OID because environment variable CISCOJ_PERMIT_NON_FIPS_MAC_HMACMD5 set
[main] WARN com.cisco.ciscossl.provider.ciscojce.CiscoJCEProvider - Allowing unimplemented or untested FIPS compliant instance ECDSA of class KeyFactory because environment variable CISCOJ_PERMIT_UNIMPLEMENTED_KEYFACTORY_ECDSA set
[main] INFO com.cisco.ciscossl.provider.ciscojce.CiscoJCEProvider - Installing handler KeyFactory.ECDSA/com.cisco.ciscossl.provider.ciscojce.trust.ECKeyFactory$ECDSA to allow KeyFactory.ECDSA
ERROR: Error in connecting to MSE JMX Service. Server may not be up yet, please check again in some time.
10-08-2012 06:19 AM
Hello,
In fact, as soon as I had the MSE to the Prime Infrastrucutre, I have this message int the Syslog:
10-08-2012 15:13:41 Local0.Error 10.2.199.2 10/08/12 15:13:40.696 ERROR [aesMse] [http-443-10] Handling ServerEngineUnreachableException, reason:
10-08-2012 15:13:41 Local0.Error 10.2.199.2 10/08/12 15:13:40.786 ERROR [aesMse] [http-443-10] Handling ServerEngineUnreachableException, reason:
10-08-2012 15:13:41 Local0.Error 10.2.199.2 10/08/12 15:13:40.789 ERROR [wnbu] [http-443-10] THROW
the a lot of messages "apache"
It seems the Prime Infrastructure anf the MSE VA can't communicate, or there is something wrong with the services...
I'm sticked with this problem...
If someone have any idea...
Thanks a lot,
Regards,
Gérald
10-09-2012 02:46 AM
Hello,
the problem has been solved by the TAC:
> need to clear the ip table
> the PI doesn't connect to the physical eth0, but a virtual IP !
03-19-2013 12:52 AM
Hello
How can we do these 2 steps ? I have similar problem , any still cant add MSE in NCS.
How can we avoid NCS trying to communicate via virtual IP ?
08-01-2013 01:01 AM
Hello,
> to clear the iptables:
Clear iptables
> if you want or not a virtual IP, launch again the wizard, it should ask if you wan to install in HA:
if you say NO: no virtual IP
if you say yes: virtual IP
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide