Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
18677
Views
15
Helpful
21
Replies

CISCO MSE web service port configuration

Go to solution
singhmanishp
Level 1
Level 1

‎06-08-2012 06:31 AM - edited ‎07-03-2021 10:16 PM

Hi,

I recently configured CISCO 3310 box with MSE version 7.2. Services are up and running in the box, I could add the MSE to WCS and also able to track the location using WCS. However, I could not connect the third party software to MSE web services to get the location information there. When I hit the server url "https://<my mse>" I get list of possible services like:

Error 404 - Not Found.

No service matched or handled this  request.

Known services are:

http://my server:8880/hs/

http://my server:8880/mdp/

http://my server:8880/admin/

http://my server:8880/wips/

http://my server:8880/location/

http://my server:8880/subscription/

http://my server:8880/aaa/

http://127.0.0.1:8180/localadmin/

https://127.0.0.1:8443/localadmin/

https://my server:8843/mdp/

https://my server:8843/wips/

https://my server:8843/hs/

https://my server:8843/admin/

https://my server:8843/location/

https://my server:8843/subscription/

https://my server:8843/aaa/

I browsed through the documentation (CAS_71.pdf) and found a text saying:

NotePort 80 will be enabled on the MSE if the enablehttp command was entered on MSE. Ports 8880 and 8843 will be closed on the MSE when the CA-issued certificates are installed on the MSE.

I am running the test system so I do not really want to install CA signed certificate, so I used self signed certificate and restarted the server, but it did not help.

Any pointer on how can I make the web services up and running on port 443 would be great!!

Cheers,

Manish

2 people had this problem
Labels:
0 Helpful
21 Replies 21

Go to solution
julio.vergara
Level 1
Level 1
In response to singhmanishp

‎10-31-2012 05:23 PM

Manish Singh

Ihave the same problem, but i try to create the CA and send this error

Certificate Management Options

                1: Import CA Certificate

                2: Import Server Certificate

                3: Enable Client Certificate Validation

                4. Disable Client Certificate Validation

                5: OCSP Settings

                6: Import a CRL

                7: Create a CSR (Certificate Signing request)

                8: Clear Certificate Configuration

                9: Show Certificate Configuration

                10: Exit

Please enter your choice (1-10)

1

Do you want to file(0) or scp(1) transfer (0/1) 0

Enter the full path of the CA certificate file /root/mseservercsr.pem

Successfully transferred the file

Import CA Certificate failed:

certutil: could not obtain certificate from file: security library failure.

Can yo help me for this, do you have more information for create the CA?

Thanks

0 Helpful

Go to solution
vuonghongvu
Level 1
Level 1
In response to singhmanishp

‎07-31-2013 11:33 PM

Dear Manish Singh

I had the error same your. Please detail guide for me fix it.

This is output command line mse status

STATUS:

Starting MSE Platform, Waiting to check the status.

MSE Platform is up, getting the status

-------------

Server Config

-------------

Product name: Cisco Mobility Service Engine

Version: 7.0.240.0

Hw Version: V03

Hw Product Identifier: XXXXXXXXXXX

Hw Serial Number: XXXXXXXXXXX

Use HTTP: false

Legacy HTTPS: false

Legacy Port: 8001

Log Modules: -1

Log Level: INFO

Days to keep events: 2

Session timeout in mins: 30

DB backup in days: 2

Thank you so much

0 Helpful

Go to solution
Harish Chopra
Cisco Employee
Cisco Employee
In response to Amjad Abdullah

‎04-22-2015 12:34 AM

Hi Amjad,

I am facing the same issue. I understand that generally it goes after clearing the iptables but this time it is not getting off. Can you pls. help me to resolve this problem.

 

Here's the output -

 

[root@MSE76 framework]#
[root@MSE76 framework]# getserverinfo
Health Monitor is running
Retrieving MSE Services status.
MSE services are up, getting the status


-------------
Server Config
-------------

Product name: Cisco Mobility Service Engine
Version: 7.6.100.0
Health Monitor Ip Address: 1.1.1.1
High Availability Role: 1
Hw Version: V01
Hw Product Identifier: AIR-MSE-VA-K9
Hw Serial Number: MSE76_5
HTTPS: null
Legacy Port: 8001
Log Modules: -1
Log Level: INFO
Days to keep events: 2
Session timeout in mins: 30
DB backup in days: 2

-------------
Services
-------------

Service Name: Context Aware Service
Service Version: 7.6.1.33
Admin Status: Enabled
Operation Status: Up

Service Name: WIPS
Service Version: 2.0.7092.0
Admin Status: Disabled
Operation Status: Down

Service Name: Mobile Concierge Service
Service Version: 4.0.0.10
Admin Status: Disabled
Operation Status: Down

Service Name: CMX Analytics
Service Version: 2.1.0.62
Admin Status: Disabled
Operation Status: Down

Service Name: CMX Browser Engage
Service Version: 1.0.0.2
Admin Status: Disabled
Operation Status: Down

Service Name: HTTP Proxy Service
Service Version: 1.0.0.1
Admin Status: Disabled
Operation Status: Down

--------------
Server Monitor
--------------


Server start time: 1429704763547
Server current time: Wed Apr 22 08:22:14 EDT 2015
Server timezone: America/New_York
Server timezone offset: -18000000
Restarts: 2
Used Memory (bytes): 31470992
Allocated Memory (bytes): 514523136
Max Memory (bytes): 4294967296
DB disk memory (bytes): 12875490944

-------------
Context Aware Service
-------------

Total Active Elements(Wireless Clients, Tags, Rogue APs, Rogue Clients, Interferers, Wired Clients): 0
Active Wireless Clients: 0
Active Tags: 0
Active Rogue APs: 0
Active Rogue Clients: 0
Active Interferers: 0
Active Wired Clients: 0
Active Elements(Wireless Clients, Rogue APs, Rogue Clients, Interferers, Wired Clients, Tags) Limit: 100
Active Sessions: 0
Wireless Clients Not Tracked due to the limiting: 0
Tags Not Tracked due to the limiting: 0
Rogue APs Not Tracked due to the limiting: 0
Rogue Clients Not Tracked due to the limiting: 0
Interferers Not Tracked due to the limiting: 0
Wired Clients Not Tracked due to the limiting: 0
Total Elements(Wireless Clients, Rogue APs, Rogue Clients, Interferers, Wired Clients) Not Tracked due to the limiting: 0
[root@MSE76 framework]#

 

 

When I am trying to enable the http service using enablehttp command it gives an error -

root@MSE76 framework]# enablehttp
[main] INFO com.cisco.ciscossl.provider.ciscojce.CiscoJCEProvider - CiscoJCE turning on FIPS...
[main] INFO com.cisco.ciscossl.provider.ciscojce.CiscoJCEProvider - CiscoJCEProvider version 1.0020130407 loading...
[main] INFO com.cisco.ciscossl.provider.ciscojce.CiscoJCEProvider - Executing Java version = 1.6.0_45

[main] WARN com.cisco.ciscossl.provider.ciscojce.CiscoJCEProvider - Allowing non-FIPS compliant instance Blowfish of class Cipher because environment variable CISCOJ_PERMIT_NON_FIPS_CIPHER_BLOWFISH set
[main] WARN com.cisco.ciscossl.provider.ciscojce.CiscoJCEProvider - Allowing non-FIPS compliant instance ARCFOUR of class Cipher because environment variable CISCOJ_PERMIT_NON_FIPS_CIPHER_ARCFOUR set
[main] WARN com.cisco.ciscossl.provider.ciscojce.CiscoJCEProvider - Allowing non-FIPS compliant instance RC4 of class Cipher because environment variable CISCOJ_PERMIT_NON_FIPS_CIPHER_ARCFOUR set
[main] WARN com.cisco.ciscossl.provider.ciscojce.CiscoJCEProvider - Allowing non-FIPS compliant instance 1.2.840.113549.3.4 of class Cipher because environment variable CISCOJ_PERMIT_NON_FIPS_CIPHER_ARCFOUR set
[main] WARN com.cisco.ciscossl.provider.ciscojce.CiscoJCEProvider - Allowing non-FIPS compliant instance PBEWithMD5AndDES of class Cipher because environment variable CISCOJ_PERMIT_NON_FIPS_CIPHER_PBEWithMD5AndDES set
[main] WARN com.cisco.ciscossl.provider.ciscojce.CiscoJCEProvider - Allowing non-FIPS compliant instance 1.2.840.113549.1.5.3 of class Cipher because environment variable CISCOJ_PERMIT_NON_FIPS_CIPHER_PBEWithMD5AndDES set
[main] WARN com.cisco.ciscossl.provider.ciscojce.CiscoJCEProvider - Allowing non-FIPS compliant instance OID.1.2.840.113549.1.5.3 of class Cipher because environment variable CISCOJ_PERMIT_NON_FIPS_CIPHER_PBEWithMD5AndDES set
[main] WARN com.cisco.ciscossl.provider.ciscojce.CiscoJCEProvider - Allowing non-FIPS compliant instance SSL of class SSLContext because environment variable CISCOJ_PERMIT_NON_FIPS_SSLCONTEXT_SSL set
[main] WARN com.cisco.ciscossl.provider.ciscojce.CiscoJCEProvider - Allowing non-FIPS compliant instance HmacMD5 of class Mac because environment variable CISCOJ_PERMIT_NON_FIPS_MAC_HMACMD5 set
[main] WARN com.cisco.ciscossl.provider.ciscojce.CiscoJCEProvider - Allowing non-FIPS compliant instance 1.3.6.1.5.5.8.1.1 of class Mac because environment variable CISCOJ_PERMIT_NON_FIPS_MAC_HMACMD5 set
[main] WARN com.cisco.ciscossl.provider.ciscojce.CiscoJCEProvider - Allowing non-FIPS compliant instance Alg.Alias.Mac.1.3.6.1.5.5.8.1.1 of class OID because environment variable CISCOJ_PERMIT_NON_FIPS_MAC_HMACMD5 set
[main] WARN com.cisco.ciscossl.provider.ciscojce.CiscoJCEProvider - Allowing unimplemented or untested FIPS compliant instance ECDSA of class KeyFactory because environment variable CISCOJ_PERMIT_UNIMPLEMENTED_KEYFACTORY_ECDSA set
[main] INFO com.cisco.ciscossl.provider.ciscojce.CiscoJCEProvider - Installing handler KeyFactory.ECDSA/com.cisco.ciscossl.provider.ciscojce.trust.ECKeyFactory$ECDSA to allow KeyFactory.ECDSA
ERROR: Error in connecting to MSE JMX Service. Server may not be up yet, please check again in some time.
 

 

 

0 Helpful

Go to solution
GERALD LECAILLIER
Level 1
Level 1

‎10-08-2012 06:19 AM

Hello,

In fact, as soon as I had the MSE to the Prime Infrastrucutre, I have this message int the Syslog:

10-08-2012          15:13:41          Local0.Error          10.2.199.2          10/08/12 15:13:40.696 ERROR [aesMse] [http-443-10] Handling ServerEngineUnreachableException, reason:

10-08-2012          15:13:41          Local0.Error          10.2.199.2          10/08/12 15:13:40.786 ERROR [aesMse] [http-443-10] Handling ServerEngineUnreachableException, reason:

10-08-2012          15:13:41          Local0.Error          10.2.199.2          10/08/12 15:13:40.789 ERROR [wnbu] [http-443-10] THROW

the a lot of messages "apache"

It seems the Prime Infrastructure anf the MSE VA can't communicate, or there is something wrong with the services...

I'm sticked with this problem...

If someone have any idea...

Thanks a lot,

Regards,

Gérald

0 Helpful

Go to solution
GERALD LECAILLIER
Level 1
Level 1
In response to GERALD LECAILLIER

‎10-09-2012 02:46 AM

Hello,

the problem has been solved by the TAC:

> need to clear the ip table

> the PI doesn't connect to the physical eth0, but a virtual IP !

0 Helpful

Go to solution
Mehmet Emin Yagci
Level 1
Level 1
In response to GERALD LECAILLIER

‎03-19-2013 12:52 AM

Hello

How can we do these 2 steps ? I have similar problem , any still cant add MSE in NCS.

How can we avoid NCS trying to communicate via virtual IP ?

0 Helpful

Go to solution
GERALD LECAILLIER
Level 1
Level 1
In response to Mehmet Emin Yagci

‎08-01-2013 01:01 AM

Hello,

> to clear the iptables:

Clear iptables

> if you want or not a virtual IP, launch again the wizard, it should ask if you wan to install in HA:

if you say NO: no virtual IP

if you say yes: virtual IP

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card