Solved: CISCO MSE web service port configuration

singhmanishp · ‎06-08-2012

Hi,

I recently configured CISCO 3310 box with MSE version 7.2. Services are up and running in the box, I could add the MSE to WCS and also able to track the location using WCS. However, I could not connect the third party software to MSE web services to get the location information there. When I hit the server url "https://<my mse>" I get list of possible services like:

Error 404 - Not Found.

No service matched or handled this request.

Known services are:

http://my server:8880/hs/

http://my server:8880/mdp/

http://my server:8880/admin/

http://my server:8880/wips/

http://my server:8880/location/

http://my server:8880/subscription/

http://my server:8880/aaa/

http://127.0.0.1:8180/localadmin/

https://127.0.0.1:8443/localadmin/

https://my server:8843/mdp/

https://my server:8843/wips/

https://my server:8843/hs/

https://my server:8843/admin/

https://my server:8843/location/

https://my server:8843/subscription/

https://my server:8843/aaa/

I browsed through the documentation (CAS_71.pdf) and found a text saying:

NotePort 80 will be enabled on the MSE if the enablehttp command was entered on MSE. Ports 8880 and 8843 will be closed on the MSE when the CA-issued certificates are installed on the MSE.

I am running the test system so I do not really want to install CA signed certificate, so I used self signed certificate and restarted the server, but it did not help.

Any pointer on how can I make the web services up and running on port 443 would be great!!

Cheers,

Manish

Amjad Abdullah · ‎06-09-2012

Hi Manish,

what is the output of this command:

/etc/init.d/msed status

does it show you that your HTTPs is enabled or disabled?

Regards,

Amjad

Rating useful replies is more useful than saying "Thank you"

View solution in original post

Amjad Abdullah · ‎06-09-2012

Hi Manish,

Thank you for the answer. I wouldn't yet expect it to be a certificate issue though. Your answer is very helpful I guess for anyone face this problem

Please mark your prevoius post as the correct answer to better help people identify answered questions.

Regards,

Amjad

Rating useful replies is more useful than saying "Thank you"

View solution in original post

Amjad Abdullah · ‎06-09-2012

Hi Manish,

what is the output of this command:

/etc/init.d/msed status

does it show you that your HTTPs is enabled or disabled?

Regards,

Amjad

Rating useful replies is more useful than saying "Thank you"

singhmanishp · ‎06-09-2012

Hi Amjad,

Here is the output log:

STATUS:

Starting MSE Platform, Waiting to check the status.

MSE Platform is up, getting the status

-------------

Server Config

-------------

Product name: Cisco Mobility Service Engine

Version: 7.0.220.0

Hw Version: V01

Hw Product Identifier: XXXXXXXXXXX

Hw Serial Number: XXXXXXXXXXX

Use HTTP: false

Legacy HTTPS: false

Legacy Port: 8001

Log Modules: -1

Log Level: INFO

Days to keep events: 2

Session timeout in mins: 30

DB backup in days: 2

-------------

Services

-------------

Service Name: Context Aware Service

Service Version: 7.0.200.122

Admin Status: Enabled

Operation Status: Up

Service Name: Wireless Intrusion Protection Service

Service Version: 1.0.2079.0

Admin Status: Disabled

Operation Status: Down

--------------

Server Monitor

--------------

Server start time: Fri Jun 08 14:33:56 EEST 2012

Server current time: Sun Jun 10 00:42:51 EEST 2012

Server timezone: Europe/Helsinki

Server timezone offset: 7200000

Restarts: 1

Used Memory (bytes): 97782344

Allocated Memory (bytes): 146145280

Max Memory (bytes): 477233152

DB virtual memory (kbytes): 0

DB virtual memory limit (bytes): 0

DB disk memory (bytes): 1739966016

DB free size (kbytes): 0

-------------

Context Aware Service

-------------

Total Active Elements(Wireless Clients, Tags, Rogue APs, Rogue Clients, Interfer

ers, Wired Clients): 0

Active Wireless Clients: 0

Active Tags: 0

Active Rogue APs: 0

Active Rogue Clients: 0

Active Interferers: 0

Active Wired Clients: 0

Active Elements(Wireless Clients, Rogue APs, Rogue Clients, Interferers, Wired C

lients, Tags) Limit: 100

Active Sessions: 0

Wireless Clients Not Tracked due to the limiting: 233

Tags Not Tracked due to the limiting: 0

Rogue APs Not Tracked due to the limiting: 0

Rogue Clients Not Tracked due to the limiting: 0

Interferers Not Tracked due to the limiting: 0

Wired Clients Not Tracked due to the limiting: 0

Total Elements(Wireless Clients, Rogue APs, Rogue Clients, Interferers, Wired Cl

ients) Not Tracked due to the limiting: 233

-------------------------

Context Aware Sub Services

-------------------------

Subservice Name: Aeroscout Tag Engine

Admin Status: Disabled

Operation Status: Down

Subservice Name: Cisco Tag Engine

Admin Status: Enabled

Operation Status: Up

Regards,

Manish

singhmanishp · ‎06-09-2012

Hi Amjad,

I am able to run the webservices now!

The problem was with the installation of the certificates. My certificate validation was failing as I did not decrypt the private key before appending it to the certificate.

Here is the procedure to follow:

Generate the certificate signing request using the Certmgmt.sh.

Get the certificate signed

Decrypt the private key and append it to the signed certificate. I used .pem format,

Convert CA certificates (I got them in .der format) into .pem

using Certmgmt.sh:

Install CA certificates

Install server certiface

press option 10 (exit)

the msed reboots and now apache deamon is started.

Thanks

Manish

Amjad Abdullah · ‎06-09-2012

Hi Manish,

Thank you for the answer. I wouldn't yet expect it to be a certificate issue though. Your answer is very helpful I guess for anyone face this problem

Please mark your prevoius post as the correct answer to better help people identify answered questions.

Regards,

Amjad

Rating useful replies is more useful than saying "Thank you"

GERALD LECAILLIER · ‎10-04-2012

Hello,

It seems i have the same problem: the Prime Infrastruture 1.2 cant reach the MSE 7.3.101.0 (WLC same version).

With scan port, I can see that my MSE is opened on port 8001 and SSH

/etc/init.d/msed status

STATUS:

Health Monitor is running

Starting MSE Platform, Waiting to check the status.

MSE services are up, getting the status

-

Server Config

-

Product name: Cisco Mobility Service Engine

Version: 7.3.101.0

Health Monitor Ip Address: 1.1.1.1

High Availability Role: 1

Hw Version: V01

Hw Product Identifier: AIR-MSE-VA-K9

Hw Serial Number: S-CISCO-MSE-1.xxxxxxxxxx

Use HTTP: true

Legacy HTTPS: false

Legacy Port: 8001

Log Modules: -1

Log Level: INFO

Days to keep events: 2

Session timeout in mins: 30

DB backup in days: 2

-

Services

-

Service Name: Context Aware Service

Service Version: 7.3.0.40

Admin Status: Enabled

Operation Status: Up

Service Name: Wireless Intrusion Protection Service

Service Version: 1.0.4038.0

Admin Status: Disabled

Operation Status: Down

Service Name: MSAP Service

Service Version: 1.1.0.38

Admin Status: Disabled

Operation Status: Down

-

Server Monitor

-

Server start time: Thu Oct 04 20:16:02 CEST 2012

Server current time: Thu Oct 04 20:19:30 CEST 2012

Server timezone: Europe/Paris

Server timezone offset: 3600000

Restarts: 2

Used Memory (bytes): 19686320

Allocated Memory (bytes): 160956416

Max Memory (bytes): 477233152

DB virtual memory (kbytes): 0

DB virtual memory limit (bytes): 0

DB disk memory (bytes): 1932920448

DB free size (kbytes): 0

-

Active Sessions

-

Session ID: 32429

Session User ID: 2

Session IP Address: 10.2.199.2

Session start time: Thu Oct 04 20:16:36 CEST 2012

Session last access time: Thu Oct 04 20:18:35 CEST 2012

-

Context Aware Service

-

Total Active Elements(Wireless Clients, Tags, Rogue APs, Rogue Clients, Interferers, Wired

Clients): 0

Active Wireless Clients: 0

Active Tags: 0

Active Rogue APs: 0

Active Rogue Clients: 0

Active Interferers: 0

Active Wired Clients: 0

Active Elements(Wireless Clients, Rogue APs, Rogue Clients, Interferers, Wired Clients, Ta

gs) Limit: 100

Active Sessions: 1

Wireless Clients Not Tracked due to the limiting: 0

Tags Not Tracked due to the limiting: 0

Rogue APs Not Tracked due to the limiting: 0

Rogue Clients Not Tracked due to the limiting: 0

Interferers Not Tracked due to the limiting: 0

Wired Clients Not Tracked due to the limiting: 0

Total Elements(Wireless Clients, Rogue APs, Rogue Clients, Interferers, Wired Clients) Not

Tracked due to the limiting: 0

-

Context Aware Sub Services

-

Subservice Name: Aeroscout Tag Engine

Admin Status: Disabled

Operation Status: Down

Subservice Name: Cisco Tag Engine

Admin Status: Enabled

Operation Status: Up

#

The enablehttp command in ssh doesn't solve the problem...

Thanks a lot if you have any idea.

Regards,

Gérald.

GERALD LECAILLIER · ‎10-05-2012

Hello,

These are the logs from the Prime Infrastruture:

10-05-2012 12:23:39 Local0.Error 10.2.199.2 10/05/12 12:23:40.333 ERROR [aesMse] [http-443-21] Error when trying to add Server Engine S-CISCO-MSE-1

10-05-2012 12:23:39 Local0.Error 10.2.199.2 at java.lang.Thread.run(Unknown Source)

10-05-2012 12:23:39 Local0.Error 10.2.199.2 at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)

10-05-2012 12:23:39 Local0.Error 10.2.199.2 at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:588)

10-05-2012 12:23:39 Local0.Error 10.2.199.2 at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:859)

10-05-2012 12:23:39 Local0.Error 10.2.199.2 at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298)

10-05-2012 12:23:39 Local0.Error 10.2.199.2 at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)

10-05-2012 12:23:39 Local0.Error 10.2.199.2 at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:554)

10-05-2012 12:23:39 Local0.Error 10.2.199.2 at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)

10-05-2012 12:23:39 Local0.Error 10.2.199.2 at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)

10-05-2012 12:23:39 Local0.Error 10.2.199.2 at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)

10-05-2012 12:23:39 Local0.Error 10.2.199.2 at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)

10-05-2012 12:23:39 Local0.Error 10.2.199.2 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)

10-05-2012 12:23:39 Local0.Error 10.2.199.2 at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)

10-05-2012 12:23:39 Local0.Error 10.2.199.2 at com.cisco.webui.common.LicenseFilter.doFilter(LicenseFilter.java:86)

10-05-2012 12:23:39 Local0.Error 10.2.199.2 at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)

10-05-2012 12:23:39 Local0.Error 10.2.199.2 at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)

10-05-2012 12:23:39 Local0.Error 10.2.199.2 at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:167)

10-05-2012 12:23:39 Local0.Error 10.2.199.2 at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:237)

10-05-2012 12:23:39 Local0.Error 10.2.199.2 at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:150)

10-05-2012 12:23:39 Local0.Error 10.2.199.2 at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:356)

10-05-2012 12:23:39 Local0.Error 10.2.199.2 at org.springframework.security.web.session.ConcurrentSessionFilter.doFilter(ConcurrentSessionFilter.java:108)

No logs on the MSE, except if I voluntary hit a wrong id/password:

10-05-2012 12:23:16 Kernel.Error 10.2.199.3 [Cisco MSE: CAS SE & Admin Module] - ERROR - Login failed for user admin

mohamed.fadel · ‎07-16-2015

dears,

i have the same problem but i cannot solve it any ideas ??

Server Config
-------------

Product name: Cisco Mobility Service Engine
Version: 8.0.110.0
Health Monitor Ip Address: 1.1.1.1
High Availability Role: 1
Hw Version: V01
Hw Product Identifier: AIR-MSE-VA-K9
Hw Serial Number: xxxxx
HTTPS: null
Legacy Port: 8001
Log Modules: -1
Log Level: INFO
Days to keep events: 2
Session timeout in mins: 30
DB backup in days: 2

-------------
Services

Harish Chopra · ‎11-29-2013

Hi,

I am going through the same issue and even after several times restarting the msed service the https is not coming up. Need help on this.

------------

Server Config

-------------

Product name: Cisco Mobility Service Engine

Version: 7.4.100.0

Health Monitor Ip Address: 1.1.1.1

High Availability Role: 1

Hw Version: V01

Hw Product Identifier: AIR-MSE-VA-K9

Hw Serial Number: xxxx-mse.cisco.com

Use HTTP: false

Legacy HTTPS: false

Legacy Port: 8001

Log Modules: -1

Log Level: INFO

Days to keep events: 2

Session timeout in mins: 30

DB backup in days: 2

-------------

Services

-------------

Service Name: Context Aware Service

Service Version: 7.4.0.38

Admin Status: Enabled

Operation Status: Up

Service Name: WIPS

Service Version: 1.0.4041.0

Admin Status: Enabled

Operation Status: Up

Service Name: Mobile Concierge Service

Service Version: 2.0.0.37

Admin Status: Enabled

Operation Status: Up

Service Name: Location Analytics Service

Service Version: 1.0.0.12

Admin Status: Enabled

Operation Status: Up

--------------

Server Monitor

--------------

Server start time: Fri Nov 29 17:45:07 UTC 2013

Server current time: Fri Nov 29 17:45:15 UTC 2013

Server timezone: Universal

Server timezone offset: 0

Restarts: 19

Used Memory (bytes): 76636608

Allocated Memory (bytes): 514523136

Max Memory (bytes): 1908932608

DB virtual memory (kbytes): 0

DB virtual memory limit (bytes): 0

DB disk memory (bytes): 6211282560

DB free size (kbytes): 0

----------------------------

Default Trap Destinations

----------------------------

Trap Destination - 1

-----------------

IP Address: 10.105.1.90

Last Updated: Wed Mar 13 17:47:15 UTC 2013

-------------

Context Aware Service

-------------

Total Active Elements(Wireless Clients, Tags, Rogue APs, Rogue Clients, Interferers, Wired Clients): 0

Active Wireless Clients: 0

Active Tags: 0

Active Rogue APs: 0

Active Rogue Clients: 0

Active Interferers: 0

Active Wired Clients: 0

Active Elements(Wireless Clients, Rogue APs, Rogue Clients, Interferers, Wired Clients, Tags) Limit: 100

Active Sessions: 0

Wireless Clients Not Tracked due to the limiting: 0

Tags Not Tracked due to the limiting: 0

Rogue APs Not Tracked due to the limiting: 0

Rogue Clients Not Tracked due to the limiting: 0

Interferers Not Tracked due to the limiting: 0

Wired Clients Not Tracked due to the limiting: 0

Total Elements(Wireless Clients, Rogue APs, Rogue Clients, Interferers, Wired Clients) Not Tracked due to the limiting: 0

-------------------------

Context Aware Sub Services

-------------------------

Subservice Name: Aeroscout Tag Engine

Admin Status: Disabled

Operation Status: Down

Subservice Name: Cisco Tag Engine

Admin Status: Enabled

Operation Status: Up

[root@mse ~]#

Oscar Cardiel · ‎11-29-2013

Hi,

Try to enable http by console or ssh on MSE typing:

root@mse ~]# enablehttp

after that try to connect MSE to Prime NCS.

Regards

Harish Chopra · ‎11-29-2013

Hi Oscar,

That didn't worked. I tried that option too but when I typed enablehttp and hit enter it doesn't gives any output and goes in kind of hanged state. I checked the /etc/init.d/msed status after that and its still the same as above.

Any other suggestion ?

GERALD LECAILLIER · ‎11-29-2013

Helllo,

Did you try to clear ip tables to re-open the ports ?

Clear iptables

Harish Chopra · ‎11-29-2013

Hi Gerald,

I cleared the iptables and then tried to check the status of msed but it is still the same.

Other thing I want to know, Is it mandatory to get the https status as true before trying to add it on PI ?

[root@spwifi-mse ~]#

[root@spwifi-mse ~]# /etc/init.d/msed status

STATUS:

Health Monitor is running

Starting MSE Platform, Waiting to check the status.

MSE services are up, getting the status

-------------

Server Config

-------------

Product name: Cisco Mobility Service Engine

Version: 7.4.100.0

Health Monitor Ip Address: 1.1.1.1

High Availability Role: 1

Hw Version: V01

Hw Product Identifier: AIR-MSE-VA-K9

Hw Serial Number: spwifi-mse.cisco.com_a6379172-8b68-11e2-8e30-000c29761c2d

Use HTTP: false

Legacy HTTPS: false ----------------------------<<<<<<<

Legacy Port: 8001

Log Modules: -1

Log Level: INFO

Days to keep events: 2

Session timeout in mins: 30

DB backup in days: 2

Oscar Cardiel · ‎11-29-2013

Hi,

Https is not necessary but you can use it if http doesn’t work. I see http is down in your capture. In my case using "enablehttp" got http up and join it with Prime.

Anyway, does ping from MSE to Prime work?

Enable HTTP on MSE that runs version 6.0 software release

root@mse ~]# enablehttp

Enable HTTP on MSE that runs version 5.x software release
[root@mse ~]# getdatabaseparams
This command returns the db password. Use this password in this command:
[root@ mse ~]# /opt/mse/locserver/bin/tools/solid/solsql "tcp 2315" dba
Solid SQL Editor (teletype) v.06.00.1049
Copyright ©) Solid Information Technology Ltd 1993-2008
Connected to 'tcp 2315'.
Execute SQL statements terminated by a semicolon.
Exit by giving command: exit;
update AESSERVERINFO set USEHTTP=1;
Command completed successfully, 1 rows affected.
commit work;
Command completed successfully, 0 rows affected.
Press Control-C to exit the database shell. Perform

: Log onto MSE through ssh/console. Issue this command:

Harish Chopra · ‎11-29-2013

Hi Oscar,

The command doesn't work in my device. I also tried finding the directory but couldn't find it anywhere.

[root@spwifi-mse ~]# getdatabaseparams

hx+CPZ3y2UDwzhu

[root@spwifi-mse ~]#

[root@spwifi-mse ~]# /opt/mse/locserver/bin/tools/solid/solsql "tcp 2315" dba hx+CPZ3y2UD9bzhu

-bash: /opt/mse/locserver/bin/tools/solid/solsql: No such file or directory

[root@spwifi-mse ~]# cd /opt/

[root@spwifi-mse opt]# cd mse

[root@spwifi-mse mse]# cd locserver

[root@spwifi-mse locserver]# cd bin/tools

[root@spwifi-mse tools]# cd solid

-bash: cd: solid: No such file or directory

[root@spwifi-mse tools]# ls

[root@spwifi-mse tools]#

[root@spwifi-mse tools]# cd\

>

[root@spwifi-mse ~]#

[root@spwifi-mse ~]# find / -name solsql

[root@spwifi-mse ~]# find / -name solid

[root@spwifi-mse ~]# find / -name mysql

[root@spwifi-mse ~]# find / -name sql

/opt/oracle/base/product/11.2.0/dbhome_1/.patch_storage/12534745_May_23_2011_02_15_51/files/sysman/admin/emdrep/sql

/opt/oracle/base/product/11.2.0/dbhome_1/.patch_storage/12534745_May_23_2011_02_15_51/original_patch/files/sysman/admin/emdrep/sql

/opt/oracle/base/product/11.2.0/dbhome_1/.patch_storage/12534748_May_23_2011_02_15_55/files/sysman/admin/emdrep/sql

/opt/oracle/base/product/11.2.0/dbhome_1/.patch_storage/12534748_May_23_2011_02_15_55/original_patch/files/sysman/admin/emdrep/sql

/opt/oracle/base/product/11.2.0/dbhome_1/.patch_storage/NApply/2013-03-12_12-16-24PM/backup/sysman/admin/emdrep/sql

/opt/oracle/base/product/11.2.0/dbhome_1/.patch_storage/12534747_May_23_2011_02_15_53/files/sysman/jlib/emDB.jar/oracle/sysman/emo/perf/bean/sql

/opt/oracle/base/product/11.2.0/dbhome_1/.patch_storage/12534747_May_23_2011_02_15_53/original_patch/files/sysman/jlib/emDB.jar/oracle/sysman/emo/perf/bean/sql

/opt/oracle/base/product/11.2.0/dbhome_1/oc4j/j2ee/oc4j_applications/applications/em/em/images/database/sql

/opt/oracle/base/product/11.2.0/dbhome_1/oc4j/j2ee/oc4j_applications/applications/em/em/database/instance/sql

/opt/oracle/base/product/11.2.0/dbhome_1/j2ee/OC4J_EM/applications/em/em/ecm/sql

/opt/oracle/base/product/11.2.0/dbhome_1/sysman/admin/emdrep/sql

/opt/oracle/base/product/11.2.0/dbhome_1/nls/csscan/sql

/opt/oracle/base/product/11.2.0/dbhome_1/owb/wf/sql

/opt/oracle/base/product/11.2.0/dbhome_1/owb/wf/admin/sql

/opt/oracle/base/product/11.2.0/dbhome_1/owb/rtp/sql

/opt/mse/install/dbpatches/12419278/12534747/files/sysman/jlib/emDB.jar/oracle/sysman/emo/perf/bean/sql

/opt/mse/install/dbpatches/12419278/12534748/files/sysman/admin/emdrep/sql

/opt/mse/install/dbpatches/12419278/12534745/files/sysman/admin/emdrep/sql

[root@spwifi-mse ~]#