Release Notes for Cisco Secure User Registration Tool Release 2.0.7

Transcription

1 Release Notes for Cisco Secure User Registration Tool Release These release notes are for use with User Registration Tool (URT) release These release notes provide the following information: New Features, page 2 Documentation Roadmap, page 2 Additional Information Online, page 3 Installation Issues, page 3 Known and Resolved Problems, page 5 Obtaining Documentation, page 14 Obtaining Technical Assistance, page 16 Corporate Headquarters: Cisco Systems, Inc., 170 West Tasman Drive, San Jose, CA USA Copyright Cisco Systems, Inc. All rights reserved.

2 New Features New Features URT release contains the following new features: Improved client logon. If the Quit when logon failure occurs option is enabled and the URT Client fails to log on, the URT Client will not try to recover until you log on again. Added support for Catalyst switches 2950 and 3550 with the following software versions: C2950 series v ea2a C3550 series v ea1a Documentation Roadmap Note Although every effort has been made to validate the accuracy of the information in the printed and electronic documentation, you should also review the User Registration Tool documentation on Cisco.com for any updates. The following documents are provided in PDF on your product CD: Installing the User Registration Tool Using the User Registration Tool URT Developer s Guide Note Adobe Acrobat Reader 4.0 or later is required. Use these publications to learn how to install and use URT: Installing the User Registration Tool (DOC =) Describes how to plan for URT deployment and install URT. This publication is available on the CD-ROM in PDF format. The file is urt_ig.pdf. 2

3 Additional Information Online Using the User Registration Tool (DOC =) Describes how to configure and use URT, and how to troubleshoot network problems related to URT. This publication is available on the CD-ROM in PDF format. The file is urt_user.pdf. URT online help Contains all of the information available in Using the User Registration Tool. This ensures you have complete information even if you do not have the manual readily available while using URT. To access online help, click the Help button while running the URT Administrative Client Interface. Additional Information Online For information about URT supported devices, refer to the following URL, or check the documentation on Cisco.com for the correct location: user_reg/index.htm Installation Issues Installing the URT Logon Script To ensure the correct Client Module version is detected, you must install the URT Logon Script. To install the URT Logon Script: Step 1 Step 2 Step 3 Install the URT Administrative Server. Start User Registration Tool. From the main menu, select Configure > Install URT Logon Script. This pushes the urt.bat file to all domain controllers. This ensures that the correct Client Module version is detected, and updated if required. 3

4 Installation Issues Installing the VPS Server from the VPS Recovery CD Use the command line interface to install the VPS from the VPS Recovery CD. Note In HyperTerminal, the flow control must be set to Xon / Xoff. Note You need to either insert the recovery CD in the CD-ROM drive or copy the appropriate files to the PC that you are working on. Step 1 Step 2 Step 3 Step 4 Step 5 Console into the VPS. Reboot the VPS. While the VPS is rebooting, press the ESC key. This puts you in configuration mode. Wait for the VPS Server to finish rebooting. From the menu that appears, select Choice 1 Change boot order to Boot Flash and select Choice 3 Save Changes and exit. At the prompt that appears, type reimage Note The IP address belongs to the host PC that launches the autorun.bat file, which is part of the URT Recovery CD image. Step 6 Step 7 Step 8 Press the Enter key. Type Yes to the following prompt: This script will re-initialize the system disk. Enter the IP address information for the following: VPS Server Subnet Mask Default Gateway DNS Server. 4

5 Known and Resolved Problems Note The VPS Server information is only used during this process, but this information must be real, located on the local network. Note If you make a mistake typing the IP address and need to backspace, hold down the Ctrl key and then press the backspace key. Pressing only the backspace key causes unwanted characters to appear. Step 9 Type yes to the following prompt: do you wish to reload and start the install? The screen will keep refreshing during this process. When it reboots re-imaging is complete. Known and Resolved Problems Known problems (bugs) in URT are graded according to severity level. These release notes contain descriptions of: All severity level 1 or 2 bugs. Significant severity level 3 bugs. All customer-found bugs (regardless of severity level). You can search for problems using the Cisco bug tracking tool, Bug Navigator II. To access Bug Navigator: Step 1 Log into Cisco.com. Step 2 Select Service & Support>Technical Support Help Cisco TAC>Tool Index. Step 3 In the Jump to: links at the top of the page, click the letter S. 5

6 Known and Resolved Problems Step 4 Select Software Bug Toolkit/Bug Watcher>Bug Navigator II. You can also access Bug Navigator by entering the following URL in your web browser: Table 1 describes the problems known to exist in this release; Table 2 describes the problems resolved since the last release of URT. Known Problems Table 1 URT Known Problems Bug ID (Severity) Summary Explanation None After performing the recovery process, the Software Update Status window erroneously reports that the URT release is 2.0 and not This occurs after using the VPS Recovery CD to reinstall the URT VPS Server. When using CiscoWorks2000 to check the software update status, the URT release is erroneously reported to be release 2.0 and not To work around this problem, after reading the VPS Server under the URT VPS Servers folder, go to the URT Administrative Interface and double-click its IP address. The URT VPS Configuration box opens, displaying the correct URT release that was installed during the recovery process. 6

7 Known and Resolved Problems Table 1 URT Known Problems (continued) Bug ID (Severity) Summary Explanation None CSCdw46686 (3) Cannot use the NET USE command to map a drive to an NT server from a Windows 95/98 machine. The client is not assigned to a user VLAN, when using a Catalyst 1900 or 2820 as the access layer switch. Known issue with Novell; refer to Novell document ID on the Novell web site. For Windows 95/98ME Novell Clients, the appropriate drive mapping command to include in a DOS batch file that is run from the NetWare Server volume is: "MAP [drive_letter:] =server_name\volume\directory\subdirectory" For Windows NT/2000, the drive mapping command within the DOS batch file is: "NET USE [drive_letter:] \\computername\sharename\" When using a Catalyst 1900 (v ) or 2820 (v ) as an access layer switch, the client is not assigned to a user VLAN. This occurs when the client machine is on port one through nine. The logon user is assigned to a logon VLAN, but is not assigned to a user VLAN. CSCdw65436 (4) In the Administrative Interface, event times re not sorted chronologically. To workaround this problem, use port 10 or higher for all client machines. In the Administrative Interface, select View > History > Select All. The Time Of Event column displays the times in non-chronological order. There is no workaround. 7

8 Known and Resolved Problems Table 1 URT Known Problems (continued) Bug ID (Severity) Summary Explanation CSCdw67479 (4) CSCdw67827 (4) CSCdw68416 (4) Cannot check the CiscoWorks2000 Systems Status information. More than one instance of the Administrative Interface can be opened. The Administrative Interface accepts invalid MAC addresses. When logged on to the CiscoWorks2000 Logon Manager, selecting Server Configuration > Application Management > Software Management > Application Status > Systems Status results in the following error: An error was encountered while processing the request. Information regarding the error is as follows: Description java.net.connectexception: Connection refused Code 112 Additional Information Cannot process PerfMon response. To work around this problem, start the PerfMon process using the CiscoWork2000 interface. The process will remain running until the system is restarted. PerfMon is disabled by default. (See also bug ID CSCdw48789.) Multiple instances (as many as the host machine's memory can handle) of the URT Administrative Interface can be opened at one time, without triggering a warning message. Do not open more than one Administrative Interface at one time. The Administrative Interface accepts invalid MAC addresses. The MAC address must be entered in the format

9 Known and Resolved Problems Table 1 URT Known Problems (continued) Bug ID (Severity) Summary Explanation CSCdw79430 (4) Group Refresh Order > Install Script dialog box is misleading. The install script dialog box that appears when you choose a specific Windows Domain Controller (DC) within the same domain states that the URT Logon Script (URT.bat) is installed on the DC you have chosen. The script is also installed on all of the selected DC peers within the same domain. The install script should state: CSCdw81489 (3) CSCin03687 The UrtVmpsServerAttributes.xml file should be placed in a subfolder. The VPS Server goes down when installing from the VpsServerRecovery CD The Logon Script will be installed on [Name_Of_Domain_Controller] and all of its domain peers. The UrtVmpsServerAttributes.xml file, in the VPS Servers data directory, is a critical file. If this file is inadvertently removed, the VPS will not receive updated data files from the Administrative Server. To recover, you must remove and then re-add the IP address of the VPS within the URT Administrative Interface > URT VPS folder. The VPS Server goes down, when installing the VPS Server image using the web browser from the VPS Recovery CD. When installing the VPS Server from the VPS Recovery CD, use the command line interface only. (See the Installing the VPS Server from the VPS Recovery CD section on page 4.) 9

10 Known and Resolved Problems Resolved Problems Table 2 URT Resolved Problems Bug ID (Severity) Summary Additional Information CSCds77648 CSCdv26428 (3) CSCdv52970 (3) CSCdv59306 When a VPS appliance was connected to a Catalyst 6500, a UDP Socket overflow on port 1589 caused a memory leak to occur on the URT VPS. The URT Administrative Server was caching previous VPS attribute information. The problem was with the URT Administrative Server caching the data while running. The GUI removed the data, but did not notify the URT Administrative Server. If the VPS received a SYNC packet from the user while the user updated group entries, a logon VLAN was not assigned until VPS received the next SYNC packet from the user. UrtDevices.xml did not sync version number after update. Adding switches into the URT Administrative Interface, either manually or by importing through CiscoWorks2000, caused the UrtDevices.xml file version numbers of the URT Administrative Server and the primary (active) VPS appliance to not synchronize. Running CatOS 6.3(3) on the Catalyst 6500 fixes the UDP socket overflow and decreases the memory usage on the URT VPS. (See also bug ID CSCdw11978.) A check is performed to verified if the VPS Server exists before a keepalive is performed on it. The tables are now locked on a group refresh. A problem with the device versions not being updated has been fixed. In addition, the XML file format for parsing and saving XML version information is now correct. 10

11 Known and Resolved Problems Table 2 URT Resolved Problems (continued) Bug ID (Severity) Summary Additional Information CSCdv59339 CSCdv67496 CSCdv67515 CSCdv75122 CSCdv76255 Importing a large (800+) switch network environment into the URT Administrative Interface via CiscoWorks2000 appeared to function correctly, but when the data was saved and pushed to the primary (active) VPS appliance, the corresponding UrtDevices.xml file was corrupted. When a network contained a large number (800+) of devices, the VPS server took about 30 minutes to load the local XML files before attempting to synchronize the data from the Administrative Server. Any new client logon requests received OPCODE_BUSY replies, and clients were not switched to user VLAN until the loading was completed. If three or more VPS servers were restarted or upgraded at approximately the same time, the Administrative Server failed, with an OutOfMemory exception. If the VPS server received multiple VQP packets when the Administrative Server went down, the client PC was not assigned to a VLAN or a logon VLAN. The client PC could not log on normally until the VPS server recognized that the Administrative Server was down. Client logon failed if the host did not receive a DHCP server IP address. Also, the UrtVmpsServer.log file showed that the client was assigned a null VLAN, even though a VLAN was assigned in the Administrative Interface. Synchronization points have been place in the code to prevent the data from overwriting each other during the update process. The code has been changed, so that the device data is now loaded more efficiently. There was a memory leak when loading multiple VPS servers. The code has been improved to load and send data more efficiently. The memory leak has been resolved. A keepalive packet is now sent to the URT Administrative Server every 10 minutes. The VPS will no longer reply if the VLAN is null for the switch. The VPS will start communicating only when the table is loaded. 11

12 Known and Resolved Problems Table 2 URT Resolved Problems (continued) Bug ID (Severity) Summary Additional Information CSCdv80664 (1) CSCdv85408 CSCdv88130 (3) CSCdw11978 If the VPS appliance was disconnected from the network (for example, if the network cable was disconnected) the urtdevices.xml file became out of sync. When the VPS Server processed VQP from a switch reconfirm, the server created multiple "No response" errors on the switch. When more than one URT Administrative Server existed in the same network, the VPS appliances would receive a Group Memberships update from an unknown URT Administrative Server. This occurred even though the IP address of the URT Administrative Server did not exist in the VPS appliance's UrtVmpsServerAttributes.xml or UrtVmpsServers.xml file. The VPS appliance should receive updates from a known URT Administrative Server only. The URT VPS would leak memory when any of the following occurred: The VPS appliance was attached to a Catalyst 6500 running CatOS release 6.2 Many clients were connected to the Catalyst 6500 The ports on the Catalyst 6500 were configured as static ports A keepalive packet is now sent to the URT Administrative Server every 10 minutes. The number of switch threads has been increased to handle more switches simultaneously. Also, an event queue handler has been added to handle events added to a queue. The VPS now receives updates from the current URT Administrative Server only. If another URT Administrative Server attempts to send an update, the message is ignored. The VPS will not accept updates until the other URT Administrative Server adds the URT VPS Server. A new option has been added to the domain options for NT and NDS. This new option allows the client to try to log on as usual. If the logon fails, the client will not attempt to synchronize or send a discover message again, until the client attempts another logon. (See also bug ID CSCds77648.) 12

13 Known and Resolved Problems Table 2 URT Resolved Problems (continued) Bug ID (Severity) Summary Additional Information CSCdw20785 (1) CSCdw23307 CSCdw47475 CSCdw48768 CSCdw48789 CSCdw61176 (1) CSCdw67970 (3) TheUrtVtpDomains.xml file on the VPS appliance would reset its values to null after disconnecting the Administrative Server from the network. Loading a large number of MAC-to-VLAN associations required a significant amount of memory. The memory was not released until later in the process, by which time a memory exception occurred. The Administrative Server did not run on Intel Pentium 4 processors because Java Runtime Environment was not the latest version. Importing 20,000+ MAC-to-VLAN assignment mappings using the command line interface caused the CPU usage to increase to 100%, and the memory usage would jump to MB, causing an Out of Memory error. In large networks, the PerfMon process on the VPS appliance caused the CPU usage to immediately rise to greater than 95%. On the VPS Server, an excessive load of malformed and oversized packets would cause the SNMP daemon to crash because of a buffer overflow. The JRE update on the URT Administrative Server was not the same as the version on the VPS appliance. The file no longer resets its value to null. The memory is now released sooner and more frequently when loading associations. JRE v1.2.2 has been upgraded to version The importing process has been modified so that it correctly notifies the VPS Servers of the updates. The process can be started if required, but it is not enabled by default. A new SNMP daemon agent has been added to the URT VPS appliance system. To correspond with the JRE update version on the URT Administrative Server, the JRE version on the VPS appliance was also updated to version (See also bug ID CSCdw47475.) 13

14 Obtaining Documentation Table 2 URT Resolved Problems (continued) Bug ID (Severity) Summary Additional Information CSCdw69067 CSCdw70078 The urtgui CLI command for assigning a VLAN to a MAC address was not operating correctly. Invalid or nonexisting VPS server information was being updated in the UrtVmpsServers.xml file. When the VLAN association of the MAC address was changed, the MAC address VLAN changed. This does not occur for a logged on user unless the Retain MAC to VLAN association option is set. When a VPS Server does not establish contact, its information is no longer being saved to the UrtVmpsServers.xml file. Obtaining Documentation The following sections explain how to obtain documentation from Cisco Systems. World Wide Web You can access the most current Cisco documentation on the World Wide Web at the following URL: Translated documentation is available at the following URL: 14

15 Obtaining Documentation Ordering Documentation Cisco documentation is available in the following ways: Registered Cisco Direct Customers can order Cisco product documentation from the Networking Products MarketPlace: Registered Cisco.com users can order the Documentation CD-ROM through the online Subscription Store: Nonregistered Cisco.com users can order documentation through a local account representative by calling Cisco corporate headquarters (California, USA) at or, elsewhere in North America, by calling NETS (6387). Documentation Feedback If you are reading Cisco product documentation on Cisco.com, you can submit technical comments electronically. Click Feedback at the top of the Cisco Documentation home page. After you complete the form, print it out and fax it to Cisco at You can your comments to bug-doc@cisco.com. To submit your comments by mail, use the response card behind the front cover of your document, or write to the following address: Cisco Systems Attn: Document Resource Connection 170 West Tasman Drive San Jose, CA We appreciate your comments. 15

16 Obtaining Technical Assistance Obtaining Technical Assistance Cisco provides Cisco.com as a starting point for all technical assistance. Customers and partners can obtain documentation, troubleshooting tips, and sample configurations from online tools by using the Cisco Technical Assistance Center (TAC) Web Site. Cisco.com registered users have complete access to the technical support resources on the Cisco TAC Web Site. Cisco.com Cisco.com is the foundation of a suite of interactive, networked services that provides immediate, open access to Cisco information, networking solutions, services, programs, and resources at any time, from anywhere in the world. Cisco.com is a highly integrated Internet application and a powerful, easy-to-use tool that provides a broad range of features and services to help you to Streamline business processes and improve productivity Resolve technical issues with online support Download and test software packages Order Cisco learning materials and merchandise Register for online skill assessment, training, and certification programs You can self-register on Cisco.com to obtain customized information and service. To access Cisco.com, go to the following URL: 16

17 Obtaining Technical Assistance Technical Assistance Center Cisco TAC Web Site The Cisco TAC is available to all customers who need technical assistance with a Cisco product, technology, or solution. Two types of support are available through the Cisco TAC: the Cisco TAC Web Site and the Cisco TAC Escalation Center. Inquiries to Cisco TAC are categorized according to the urgency of the issue: Priority level 4 (P4) You need information or assistance concerning Cisco product capabilities, product installation, or basic product configuration. Priority level 3 (P3) Your network performance is degraded. Network functionality is noticeably impaired, but most business operations continue. Priority level 2 (P2) Your production network is severely degraded, affecting significant aspects of business operations. No workaround is available. Priority level 1 (P1) Your production network is down, and a critical impact to business operations will occur if service is not restored quickly. No workaround is available. Which Cisco TAC resource you choose is based on the priority of the problem and the conditions of service contracts, when applicable. The Cisco TAC Web Site allows you to resolve P3 and P4 issues yourself, saving both cost and time. The site provides around-the-clock access to online tools, knowledge bases, and software. To access the Cisco TAC Web Site, go to the following URL: All customers, partners, and resellers who have a valid Cisco services contract have complete access to the technical support resources on the Cisco TAC Web Site. The Cisco TAC Web Site requires a Cisco.com login ID and password. If you have a valid service contract but do not have a login ID or password, go to the following URL to register: 17

18 Obtaining Technical Assistance Cisco TAC Escalation Center If you cannot resolve your technical issues by using the Cisco TAC Web Site, and you are a Cisco.com registered user, you can open a case online by using the TAC Case Open tool at the following URL: If you have Internet access, it is recommended that you open P3 and P4 cases through the Cisco TAC Web Site. The Cisco TAC Escalation Center addresses issues that are classified as priority level 1 or priority level 2; these classifications are assigned when severe network degradation significantly impacts business operations. When you contact the TAC Escalation Center with a P1 or P2 problem, a Cisco TAC engineer will automatically open a case. To obtain a directory of toll-free Cisco TAC telephone numbers for your country, go to the following URL: Before calling, please check with your network operations center to determine the level of Cisco support services to which your company is entitled; for example, SMARTnet, SMARTnet Onsite, or Network Supported Accounts (NSA). In addition, please have available your service agreement number and your product serial number. 18

19 Obtaining Technical Assistance This document is to be used in conjunction with the documents listed in the Documentation Roadmap section. Copyright 2002, Cisco Systems, Inc. All rights reserved. 19

20 Obtaining Technical Assistance 20