|
November 8, 1999
These release notes describe the caveats for the Windows NT server version of CiscoWorks2000 CD One 1st Edition.
These release notes provide the following information:
Table 1 lists the time zone acronyms that are supported in the CiscoWorks2000 applications that use the time zone feature. These time zones can be configured on Resource Manager Essentials (RME) managed devices. Details in Table 1 are:
When configuring time zones on CiscoWorks2000 servers, use the supported value in Column 3. To make sure that time zones are translated correctly---especially when your devices, servers, and clients are in different time zones---follow these guidelines:
To help you understand the importance of setting time zones correctly, these steps illustrate how time zones are converted as they are passed from devices to servers to clients in different time zones:
1. An event occurs on a managed device, and the application message (such as syslog) containing the device time zone is sent to the server.
2. An application daemon on the server reads the incoming message, converts the time zone to GMT, and stores it in the RME database.
3. When a client requests a report, the GMT stored in the RME database is converted to the CiscoWorks2000 server's time zone and is displayed in RME reports. Because Perl and Java process RME reports differently, the server time zone is displayed as either an acronym or a GMT offset (as shown in Column 4).
1 Offset from GMT | 2 Area Covered (Country/City) | 3 Time Zone Setting on Server | 4 Output in Report | |
---|---|---|---|---|
GMT | Acronym | |||
+10:00, +11:00 | Australia | Brisbane, Melbourne | GMT + Offset | AEST, AET, or EAST |
+9:30 | Australia | Adelaide |
| ACT |
+9:00 | Japan/Tokyo | Tokyo |
| JST |
+8:00 | China | Beijing |
| CST |
+3:00, +4:00 (DST1) | Russia/Moscow | Moscow | GMT +3:00, |
|
+2:00, +3:00 (DST) | Cairo, Helsinki | Cairo, Helsinki |
| GMT +2:00, |
+2:00 | Israel | Israel |
| IDT |
+1:00, +2:00 (DST) | Germany, Italy | Berlin, Rome | GMT +1:00, |
|
+1:00, +2:00 (DST) | France, Spain | Paris, Madrid | GMT +1:00, | CEST |
0 | Africa, Great Britain/ London | Greenwich Mean Time | GMT | GMT |
-5:00, -4:00 (DST) | Eastern Canada | Atlantic |
| ADT |
-5:00, -4:00 (DST) | U.S./New York | Eastern Time |
| EST, |
-6:00, -5:00 (DST) | U.S./Chicago | Central Time |
| CST, |
-7:00, -6:00 (DST) | U.S./Denver | Mountain Time |
| MST, |
-8:00, -7:00 (DST) | U.S./Los Angeles | Pacific Time |
| PST, |
-10:00 | Hawaii/Honolulu | Hawaii |
| HST |
1DST = Daylight Savings Time |
This section contains notes and caveats that apply to CiscoWorks2000 CD One 1st Edition. Caveats are categorized in the following sections, as shown:
The following information was omitted from the CiscoWorks2000 documentation.
The CiscoWorks2000 server software is not designed to be a fully secured environment in and of itself. It provides some of the security controls necessary for a web-based network management system but relies heavily on the end user's own security measures and control to provide a secure computing environment for CiscoWorks2000 applications. The CiscoWorks2000 server provides and requires the following three levels of security:
This section describes the general and server security levels. The application security levels are described in Getting Started with the CiscoWorks2000 Server.
The CiscoWorks2000 server provides an environment that allows the deployment of web-based network management applications. Web access provides an easy to use and easy to access computing paradigm that is much harder to secure than the traditional style of computing that requires a login to an operating system before applications can be executed.
The CiscoWorks2000 server provides the security mechanisms (authentication and authorization) needed to prevent unauthenticated access to the CiscoWorks2000 server and unauthorized access to CiscoWorks2000 applications. Since the CiscoWorks2000 applications are capable of changing the behavior and security of your network devices, it is critical that access to the applications and servers be limited to those personnel who need access to applications or the data that the applications provide. Limit CiscoWorks2000 logins to just the systems administrator. Limit connectivity access to the CiscoWorks2000 server by putting it behind a firewall.
The following are two aspects of CiscoWorks2000 Server security:
The CiscoWorks2000 Server uses the security mechanisms of the Windows NT system to protect the code and data files that reside on the server.
The CiscoWorks2000 Server provides the following security mechanisms:
CiscoWorks2000 foreground processes (typically cgi-bin programs or servlets) are executed under the control of the web server and the servlet engine which all run as the user localsystem. The localsystem user has special permissions on the local Windows NT system but has no network permissions.
CiscoWorks2000 provides several services for RCP, TFTP communication with devices. These services are targeted for use by CiscoWorks2000 applications but can be used for purposes other than network management.
The CiscoWorks2000 Server uses the AT command to run software update jobs for the Resource Manager Essentials Software Image Manager application.
Off-machine connectivity---The CiscoWorks2000 daemon manager will not respond to requests to start, stop, register, or show status for CiscoWorks2000 back-end processes from computers other than the CiscoWorks2000 Server.
Access to systems other than the CiscoWorks2000 Server systems used by the CiscoWorks2000 Server as remote sources of device information for importing into the Resource Manager Essentials Inventory Manager application must allow the user bin to perform remote shell operations on the user that owns the device information.
The user bin, created as part of the install process, has no special permissions or considerations on a Windows NT system so it is a "safe" user ID under which to execute the CiscoWorks2000 server and application code. Since the localsystem user on Windows NT systems is capable of performing operations that could be harmful to the system, there are a few things to consider regarding the use of the localsystem user ID for running some of the backend processes. The localsystem user ID is not capable of network operations. Because of this we recommend that the system administrator review and adopt the security recommendations in the System Administrator-Imposed Security section below.
Web servers have a long history of being susceptible to break ins. The version of the Apache web server that is in the current release of the CiscoWorks2000 Server has had many security related bug fixes. The CiscoWorks2000 Server development team knows of no specific ways to break into back doors to the server.
To maximize CiscoWorks2000 Server security, you should follow these guidelines:
ID | Summary | Explanation |
---|---|---|
CSCdm79929 | You must choose the Uninstall All option when uninstalling CD One after uninstalling RME. | If you do not select the Uninstall All option while uninstalling CD One after uninstalling RME, the uninstall completes, but the directories, files and folder still show that CD One exists, even though it has been uninstalled. To avoid this problem, click Uninstall All. |
ID | Summary | Explanation |
---|---|---|
None. | Log file location not supplied in other documentation. | The CiscoView log file can be found in <CiscoWorks2000 install directory>/www/classpath/cv.log. The location of this log file is also displayed in the CiscoView Administration Page located under Device Manager > Administration > CiscoView Server Admin > Setting debug options and display log. The client can bring up a window to display the entries in the log file at real time through the CiscoView administration page. Since this log file is on the server, it will contain trace and error messages for all the CiscoView clients. Trace and Error entries will be appended to the CiscoView log file on the server until the system administrator clears the log file explicitly through the CiscoView Administration page. |
CSCdm52416 | User cannot uninstall a package when the device is open. | When a device is opened, Device Support Utility (DSU) is launched and uninstall is selected, the uninstall continues without giving any error message. It should produce an error message. To workaround, close CiscoView and retry. |
CSCdm53849 | Launching a second CiscoView window from the desktop replaces the current CiscoView window. | When launching multiple CiscoView windows by clicking on CiscoView, the new CiscoView window replaces the current CiscoView window, as opposed to opening a new window. |
CSCdm81306 | | During an attempt to open monitor for 12 Ethernet ports, the following error message appeared: |
CSCdp14743 | It may take a long time to bring up a device view in certain cases. | Bringing up the chassis view of a selected device may take a long time. This may occur due to name service lookup failures when the device and/or the sub-devices do not have name service entries. |
ID | Summary | Explanation |
---|---|---|
CSCdm66707 | For these devices, Tx port is shown as Fx port. | None. |
ID | Summary | Explanation |
---|---|---|
CSCdm84593 | Help does not work from the Monitor Components window. | Hyperlink is incorrect for help in Monitor Components window in this device and produces Step 1 Launch CiscoView for this device. Step 2 Right click Ethernet Port, and click Monitor. Step 3 Click Help in the Monitor Components window. Step 4 When the Help window opens, and typical interface information appears, click the highlighted parameters in this window. |
CSCdp08478 | Help is showing the "How to use help" page instead of the actual help page. | After launching CiscoView, open the Catalyst device. The help page does not appear for the following selections:
|
ID | Summary | Explanation |
---|---|---|
CSCdm71801 | Cable Modem Details dialog box lacks the functionality of its counterpart in CiscoView 4.2. | The following functionality is not available in the CiscoView uBR7200 device package:
|
ID | Summary | Explanation |
---|---|---|
None. | The integration currently done with Network Node Manager (NNM) 6.0 to integrate MIBs, icons, and application registration will not be visible to web clients of NNM, and is not supported in this version of Integration Utility. | Users accessing NNM through a web browser may not see the integrated information. |
CSCdm61980 | Cannot launch CiscoView by double clicking device icon in network management system (NMS) after integration with NMS. | The application set as the default using Change Integration options may still not be invoked following a double click from topology of network management system. Consequently, if you double click on a Cisco device icon from the topology, nothing may happen. Some network management system or NMS adapters may not support this. |
CSCdm91445 | Application registration change causes full integration if you run Change Integration options and change the application parameters only (such as browser, server and port number) and integrate. | When this happens, MIB, icon and application integration happens instead of application registration only. If user runs Change Integration options and just changes the application registration information, the integration should only do application integration and not full integration. |
ID | Summary | Explanation |
---|---|---|
CSCdp17571 | Numerous popup messages appear during CA-Unicenter adapter execution. | When you integrate with CA-Unicenter in Windows NT 4.0, many popup messages appear asking for your confirmation. Though this also occurs while running Integration Utility (nmic.exe) with the -u option, this is expected behavior for the TNG adapter and does not affect the integration of TNG with CiscoWorks2000. Click OK to proceed. Note Always use the same repository name in the Select Repository dialog box. |
CSCdp17554 | Reintegration with CA-Unicenter adapter does not work. | Using Integration Utility, integrate with CA-Unicenter. If re-integration is tried after changing the parameters, then the adapter shows warnings that the applications have previously been registered. Consequently, changes in application parameters are not reflected. To work around, you must unintegrate and then re-integrate by performing the following steps: Step 1 From a DOS command line run C:\program files\cscopx\bin\nmic.exe -u Step 2 From the Start > Programs > CiscoWorks2000 menu select Change Integration Options and redo the adapter integration. Note You will continue to receive numerous popup menus as described in CSCdp17571. Click OK each time to continue. |
None. | CA-Unicenter adapter does not integrate icons and MIBs. | CA-Unicenter Adapter does not integrate Cisco device icons delivered by Cisco as part of their "nmidb" package. CA has their own Cisco icons which they use on the TNG maps. MIBs delivered by Cisco as part of the "nmidb" package is not used by the adapter. |
ID | Summary | Explanation | ||||
---|---|---|---|---|---|---|
None. | Two additional user roles (Developer and Export Data) are displayed in the security user account windows. | They are not available for general use, only for Management Connection certification and third party developers. | ||||
None. | Parameter must be set using Netscape 4.61. | MOZILLA_HOME must be set to the Netscape installation directory. | ||||
None. | Non-CiscoWorks2000 software is not supported to the supplied web server. | The CiscoWorks2000 server does not support software that is not included in the CiscoWorks2000 suite of products. | ||||
None. | Netscape 4.6.1 sometimes leaves a process running after browser is closed. | Sometimes one of Navigator 4.6.1's process continues running after the browser is closed. Any attempt to restart the browser while the process is running causes problems with the new browser window. To avoid this problem, open the Task Manager. Search the process list for all instances of netscape.exe, select them with the mouse, and click End Task. Restart Navigator. | ||||
CSCdm59501 |
| Running both Netscape and Internet Explorer sometimes causes problems with the CiscoWorks2000 browser. Also, if two instances of Internet Explorer 5.0 are running, it might interfere with the GUI. To avoid this, use only one instance of one type of browser at a time. | ||||
CSCdp15013 | Help index does not appear. | This applies to Internet Explorer 5.0 users only. The online help system's index does not work in Internet Explorer 5.0 when you log in to a CiscoWorks2000 server, log out, then log in again using the same browser instance. To avoid this, exit Internet Explorer and restart it after logging out of a CiscoWorks2000 server and before logging in to a CiscoWorks2000 server again. | ||||
CSCdp17038 | Help page is broken on double clicking the help node. | In Netscape, some help pages display a Transfer Interrupted message after double-clicking the help table of contents. To workaround, clear the cache by selecting Edit > Preferences > Advanced > Cache and selecting the Clear Memory Cache and Clear Disk Cache options. | ||||
CSCdp22109 | The CAM Admin page appears to be stuck. | Internet Explorer on Win95 and Win98 only---With the CiscoWorks2000 desktop browser window maximized, after selecting "install CAM" in the CAM Admin page, the cursor changes into an hour glass and nothing appears. The "Choose Directory to Place CAM Registry" dialog box is behind the browser window and waiting for user input. To workaround, minimize the CiscoWorks2000 desktop browser window to view the dialog box. | ||||
CSCdp25390 | If you maximize, restore, or resize the Netscape Navigator browser, the browser reloads all frames. Multiple instances of some applications might be invoked, which uses a lot of memory. | To work around this problem, avoid maximizing, restoring, or resizing the screen. Close any extra instances of applications. |
Cisco Connection Online (CCO) is Cisco Systems' primary, real-time support channel. Maintenance customers and partners can self-register on CCO to obtain additional information and services.
Available 24 hours a day, 7 days a week, CCO provides a wealth of standard and value-added services to Cisco's customers and business partners. CCO services include product information, product documentation, software updates, release notes, technical tips, the Bug Navigator, configuration notes, brochures, descriptions of service offerings, and download access to public and authorized files.
CCO serves a wide variety of users through two interfaces that are updated and enhanced simultaneously: a character-based version and a multimedia version that resides on the World Wide Web (WWW). The character-based CCO supports Zmodem, Kermit, Xmodem, FTP, and Internet e-mail, and it is excellent for quick access to information over lower bandwidths. The WWW version of CCO provides richly formatted documents with photographs, figures, graphics, and video, as well as hyperlinks to related information.
You can access CCO in the following ways:
For a copy of CCO's Frequently Asked Questions (FAQ), contact cco-help@cisco.com. For additional information, contact cco-team@cisco.com.
Cisco documentation and additional literature are available in a CD-ROM package, which ships with your product. The Documentation CD-ROM, a member of the Cisco Connection Family, is updated monthly. Therefore, it might be more current than printed documentation. To order additional copies of the Documentation CD-ROM, contact your local sales representative or call customer service. The CD-ROM package is available as a single package or as an annual subscription. You can also access Cisco documentation on the World Wide Web at http://www.cisco.com, http://www-china.cisco.com, or http://www-europe.cisco.com.
If you are reading Cisco product documentation on the World Wide Web, you can submit comments electronically. Click Feedback in the toolbar and select Documentation. After you complete the form, click Submit to send it to Cisco. We appreciate your comments.
Posted: Tue Nov 23 09:43:20 PST 1999
Copyright 1989-1999©Cisco Systems Inc.