[cisco-voip] MLA issues on 4.0(2a) SR2b, system encountered internal error

Erick Bergquist erickbe at yahoo.com
Thu Mar 30 23:23:45 EST 2006 

CSA and McAfee Anti-virus are installed - always have been for quite some time. Problem has happened before but not that often and out of blue. Nothing in CSA logs or anti-virus logs , last virus scan was done last week which was before this problem occurred. 

No registry applications that I know of were running at time, and I don't see such tools installed on the server. The service has been fine, no errors in event log about services crashing or terminating from that day or previous days.

CM CSA version 4.03 build 728 policy 119
Mcafee VirusScan version 7.1.0, scan engine 4.4.00

Thanks.

----- Original Message ----
From: Wes Sisk <wsisk at cisco.com>
To: Erick Bergquist <erickbe at yahoo.com>
Cc: ciscovoip <cisco-voip at puck.nether.net>
Sent: Thursday, March 30, 2006 7:18:23 PM
Subject: Re: [cisco-voip] MLA issues on 4.0(2a) SR2b, system encountered internal error

Personally this sequence concerns me:

2515501: Tue Mar 28 15:35:07 EST 2006: ThisSession:ENTER:
RegistryReader:->
2515502: Tue Mar 28 15:35:07 EST 2006: LDAP-Connection-Close:INFO :
Closing LDAP Connections

Looks like MLA goes off to read the registry.  In the working case  
the next line reports the reg key that is read.  In the failing case  
we don't report the registry key and instead begin to abandon any  
attempted LDAP connection.

Is CSA or an antivirus app on the server that might block registry  
access?  was a reg backup running?  had the remote registry service  
crashed or restarted on this server?

CSCeg46032 happened because the userid filed from the MLA User Group  
Config
page contain spaces. Example (from the MLA Log) :
userDn=cn=john p doe thefirst,ou=mycompany,ou=allemps
We expected to see userDn=cn=jpdoe,ou=mycompany,ou=allusers

Root causes of CSCsb89190 were:
Memory leak on the astscv.dll and astisapi.dll.  These are used by  
the Admin Serviceability Tool / RTMT. Also MLA leaks permission  
objects under certain authentication error conditions.

/Wes


On Mar 30, 2006, at 2:51 AM, Erick Bergquist wrote:

Hi, Having issue where login to CCMAdmin stops working out of blue  
and need to stop/start WWW service to get it going again.

I see the following errors in MLA trace files, and found the  
following 2 bugs it may be. Any one seen this before? When it don't  
work the web page comes up and saids access denied and a dialog box  
pops up that has "System encountered internal error" in it with OK  
button. This happened on both servers in a 2 node cluster the same  
day. Had to stop/start WWW on both.

CSCeg46032 -- MLA enable, user group configuration does not show  
users assigned
CSCsb89190 -- ASTISAPI.DLL Memory Leak Upon  
CMLAUserPermission::setUserID() Failure

Here are some trace file snippets of when it was working, and when it  
was NOT working.

DirAndUI MLA trace file

NOT WORKING:

2515495: Tue Mar 28 15:35:07 EST 2006: 674493840: DEBUG:
/CCMAdmin/Main.asp: MLA is enabled
2515496: Tue Mar 28 15:35:07 EST 2006: 674493840: DEBUG:
/CCMAdmin/Main.asp: Session object=AccessRightsObj doesn't exist
2515497: Tue Mar 28 15:35:07 EST 2006: 674493840: DEBUG:
/CCMAdmin/Main.asp: Creating Access Rights Object
2515498: Tue Mar 28 15:35:07 EST 2006: 674493840: DEBUG:
/CCMAdmin/Main.asp: Initialize()
2515499: Tue Mar 28 15:35:07 EST 2006: 674493840: DEBUG:
/CCMAdmin/Main.asp: Application
2515500: Tue Mar 28 15:35:07 EST 2006: ThisSession:INFO :
initUserGroups:user groups
base=ou=MultiLevelAdmin,ou=Admins,o=cisco.com,
userBase=ou=Users,o=cisco.com
2515501: Tue Mar 28 15:35:07 EST 2006: ThisSession:ENTER:
RegistryReader:->
2515502: Tue Mar 28 15:35:07 EST 2006: LDAP-Connection-Close:INFO :
Closing LDAP Connections
2515503: Tue Mar 28 15:35:07 EST 2006: LDAP-Connection-Close:INFO :
Closed groups context already
2515504: Tue Mar 28 15:35:07 EST 2006: LDAP-Connection-Close:INFO :
Closed users context already
2515505: Tue Mar 28 15:35:07 EST 2006: 674493840: ERROR:
/CCMAdmin/Main.asp: Error number=-2147219454description=

WORKING:

189355: Thu Mar 30 00:59:50 EST 2006: 217813486: DEBUG:
/CCMAdmin/Main.asp: MLA is enabled
189356: Thu Mar 30 00:59:50 EST 2006: 217813486: DEBUG:
/CCMAdmin/Main.asp: Session object=AccessRightsObj doesn't exist
189357: Thu Mar 30 00:59:50 EST 2006: 217813486: DEBUG:
/CCMAdmin/Main.asp: Creating Access Rights Object
189358: Thu Mar 30 00:59:50 EST 2006: 217813486: DEBUG:
/CCMAdmin/Main.asp: Initialize()
189359: Thu Mar 30 00:59:50 EST 2006: 217813486: DEBUG:
/CCMAdmin/Main.asp: Application
189360: Thu Mar 30 00:59:50 EST 2006: ThisSession:INFO :
initUserGroups:user groups
base=ou=MultiLevelAdmin,ou=Admins,o=cisco.com,
userBase=ou=Users,o=cisco.com
189361: Thu Mar 30 00:59:50 EST 2006: ThisSession:ENTER:
RegistryReader:->
189362: Thu Mar 30 00:59:50 EST 2006: ThisSession:DEBUG: Reading
registry data..
189363: Thu Mar 30 00:59:50 EST 2006: ThisSession:DEBUG: Reading
"Software\Cisco Systems, Inc.\Directory Configuration"
189364: Thu Mar 30 00:59:50 EST 2006: ThisSession:INFO :
LDAPURL=ldap://SERVER:8404
189365: Thu Mar 30 00:59:50 EST 2006: ThisSession:INFO :
MGRDN=cn=Directory Manager, o=cisco.com
189366: Thu Mar 30 00:59:50 EST 2006: ThisSession:INFO : MGRPW read and
decrypted it
189367: Thu Mar 30 00:59:50 EST 2006: ThisSession:INFO :
CISCOBASE=o=cisco.com
189368: Thu Mar 30 00:59:50 EST 2006: ThisSession:INFO : DIRTYPE=Default
189369: Thu Mar 30 00:59:50 EST 2006: ThisSession:INFO : DIRACCESS=true
189370: Thu Mar 30 00:59:50 EST 2006: ThisSession:DEBUG: Reading
Directory Manager registry key done



Permissions MLA trace

WORKING:

03/30/2006 01:00:05.434 |   CUserGroups::initialize() Successfully
obtained all IDs
03/30/2006 01:00:05.434 |-->CUserGroups::initUserGroups()
03/30/2006 01:00:05.434 |   CUserGroups::initUserGroups() Initializing
user groups context
03/30/2006 01:00:05.700 |<--CUserGroups::initUserGroups()
03/30/2006 01:00:05.700 |<--CUserGroups::initialize()
03/30/2006 01:00:05.700 |-->CUserGroups::isSuperUser()


NOT WORKING:

03/28/2006 15:35:07.705 |   CUserGroups::initialize() Successfully
obtained all IDs
03/28/2006 15:35:07.705 |-->CUserGroups::initUserGroups()
03/28/2006 15:35:07.705 |   CUserGroups::initUserGroups() Initializing
user groups context
03/28/2006 15:35:07.705 |   CUserGroups::initUserGroups() *ERROR*
CUserGroups::getUserGroups(): Invoke for method=initUserGroups failed
03/28/2006 15:35:07.705 |<--CUserGroups::initUserGroups()
03/28/2006 15:35:07.705 |<--CUserGroups::initialize()
03/28/2006 15:35:07.705 |-->CUserGroups::close(): Closing LDAP
Connections

_______________________________________________
cisco-voip mailing list
cisco-voip at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip

More information about the cisco-voip mailing list