"nothing to decrypt" in ut.log

Unanswered Question
May 7th, 2007

what is the meaning of "nothing to decrypt" in ut.log; there are quite a lot of lines with just this entry..

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Joe Clarke Mon, 05/07/2007 - 08:21

This comes from our Blowfish cipher engine. When the cipher is handed an unencrypted string to decrypt, it aborts early, and prints that message. This is nothing to worry about.

Martin Ermel Mon, 05/07/2007 - 10:02

thanks for the info!

i am troubleshooting a system with a never ending UT; around 5000 devices win 2000(SP4), 4 GB RAM 2 CPU;

LMS 2.6 (CM 4.08)

in the old ut.log the timeline seems to be until the following entries:

[...]

DBConnecton-Reaper ani MESSAGE DBConnection: Closed Databse connection [hashCode = 6915075]

Members after [email protected]

Common trust user is: admin

User name in security context is: admin

log4j:ERROR No appenders could be found for category (CTM.common) .

log4j:ERROR Please initialize the log4j system properly.

Nothing to decrypt

Nothing to decrypt

Nothing to decrypt

Nothing to decrypt

[...]

== HERE STARTS TROUBLE ==

2007/04/26 17:30:45 main ani MESSAGE DCRDevWrapper: Closing DCRProxy

2007/04/26 17:36:18 EvalTask-vmpsadmi-12 ani WARNING VmpsAdminSMFGetIpxlateTable: snmp error encountered

com.cisco.nm.lib.snmp.futureapi.SnmpReqTimeoutException: SnmpRequestTimeout on x.x.x.x while performing Snmpwalk(*) at index = -1

2007/04/26 17:36:36 EvalTask-vmpsadmi-12 ani WARNING VmpsAdminSMFGetIpv6xlateTable: snmp error encountered

com.cisco.nm.lib.snmp.futureapi.SnmpReqTimeoutException: SnmpRequestTimeout on x.x.x.x while performing Snmpwalk(*) at index = -1

[...]

2007/04/27 22:03:22 EvalTask-vmpsadmi-06 ani WARNING VmpsAdminSMFGetIpxlateTable: snmp error encountered

com.cisco.nm.lib.snmp.futureapi.SnmpReqTimeoutException: SnmpRequestTimeout on y.y.y.y while performing Snmpwalk(*) at index = -1

2007/04/26 22:03:40 EvalTask-vmpsadmi-06 ani WARNING VmpsAdminSMFGetIpv6xlateTable: snmp error encountered

com.cisco.nm.lib.snmp.futureapi.SnmpReqTimeoutException: SnmpRequestTimeout on y.y.y.y while performing Snmpwalk(*) at index = -1

== this comes for several devices ==

== and the last entry is: ==

java.lang.OutOfMemoryError

<< no stack trace available >>

java.lang.OutOfMemoryError

<< no stack trace available >>

What I found:

DeviceDiscovery.properties does not have the switches

nameserver.updaeDCRDisplayName

nameserver.updateDopmainNameSuffix

I checked 2 devices for which SNMP errors occured:

both are NOT resolved in DNS and have a different IP as displayName that is used as a mgmtIP

both devices are currently NOT reachable and are also marked as UNREACHABLE in DeviceDiscovery list

So UT should not touch theses devices because they should be excluded in the preprocess of vmpsadmin (UT).

Are these errors still from the Major Acquisition or is it triggered by teh Minor Acq. of UT?

Currently I stopped crmdgmtd, added the 2 switches in DeviceDiscovery.properties, Disabled IPv6 disco in ANiServer.properties and enabled debug for vmpsadmin and restartet crmdmgtd and re-run a Major Acq.

I am wondering if there should still be

NMSROOT\objects\dmgt\dmgtd.conf

in LMS 2.6;

in previous versions there was the possibility to augment the max Java memory value, but I can't find that file any more ...

Joe Clarke Mon, 05/07/2007 - 10:06

Upping the heap size of UT is most likely not going to help. The unreachable devices must be in DCR or UT would not try and query them. If this network has 5000 devices, you are pushing the limits for Campus Manager. How many end hosts should UT be acquiring?

Martin Ermel Mon, 05/07/2007 - 10:18

yes that is correct, the unreachable devs are in DCR, but I thought because they have the flag unreachable UT would not query them. With debug vmpsadmin enabled in ani.log I could see 'skip unreachable device x.x.x.x 'for the VmpsServiceModule when I did start UT for one device.

I think UT will reach its limit for 100 000 devices if it finishes ever.

4918 devs are in DCR, 4756 are used by DataCollection

Joe Clarke Mon, 05/07/2007 - 10:28

If the devices are in DCR, then UT will attempt to use them. At this point, I think you are overtaxing Campus Manager. When all of LMS is installed on a single server, the device capacity goes down dramatically. Try adding Data Collection filters into Campus Manager > Admin > Campus Data Collection > Data Collection Filters to limit Data Collection to around 3000 devices. Then reinitialize the ANI database:

NMSROOT\bin\perl NMSROOT\bin\dbRestoreOrig.pl dsn=ani

Re-run Data Collection, then see if UT can finish.

Martin Ermel Mon, 05/07/2007 - 10:43

sorry, it is not a complete LMS, DFM is not installed on the system.- do you think it is still necessary to force the device number down to 3000?

Currently I also consider that it was an initial installation of LMS 2.5. It was in production and I assume that the customer installed all the patches on top and never did a reinit of the DBs. There were some issues with UT in LMS 2.5 and if I remeber well, even if applying all patches one could only be sure to have solved the problems in CM (UT) if he reinitialized ani db.

So do you think that just reinit the DB could do the trick?

What happened to dmgtd.conf ?

Joe Clarke Mon, 05/07/2007 - 10:48

If this was an upgrade, and the ANI database has not been reinitialized since moving to CM 4.0.6, then that would be a good place to start. Even without DFM, having RME on this server will force your device limit down. The 5000 number assumes CM and CS alone on a server. But try the reinit by itself, and see where that gets you.

As for dmgtd.conf, this file never existed on Windows. Daemon management data is stored in the Windows Registry.

Joe Clarke Mon, 05/07/2007 - 15:40

You should also either remove these unreachable devices from DCR, or at least filter them out with Campus Data Collection filters. Even though they are unreachable, they will take resources, and having Campus try and communicate with them will delay Data Collection and UTM.

Martin Ermel Mon, 05/14/2007 - 23:32

neither the reinit of ani db nor turning off all other campus tasks (discrepancy reports, UTminor acquisition, auto disco and dataColl) and filtering out unreachable devices let UT finish. I didn't reduced the number of devices yet because I found some FATALs in CampusOGS.log and it seems there is another problem. See the attached excerpt from CampusOGS.log.

As the customer defined a bunsh of "user defined groups" for device selector I yet avoided to reinit cmf db. Is there a way to export the user defined groups an reimport the rules after a reinit ?

I also consider to backup all the dbs and do a fresh installation and restore the information afterwards. But because customer installed LMS on Win2k (english) but with localized settings for Germany I am not sure if the data will be ok for a restore?

Joe Clarke Tue, 05/15/2007 - 07:51

The OGS rules cannot be exported. If you reinit the CMF database, you will lose all of your user-defined groups for Common Services, Campus Manager, and DFM.

A German localization is not supported, and you may run into other problems using the application. The only two supported locales are en_US and ja_JP (US English and Japanese).

FATAL errors in OGS will not keep UT from acquiring the network. Are you still getting the OutOfMemoryErrors during acquisition?

Martin Ermel Tue, 05/15/2007 - 09:48

for the OGS rules: it?s a pity, but thanks for the info what else gets lost!

I know that German localization is not supported, the question is how to get out of this. If I find that situation, usually I go the short way and do a reinstall of the OS and LMS, but with customizations for more than 4000 devices it is not nice. I have no good feeling to do a backup of these databases, reinstall the OS (with correct localization) and LMS and use the backup for a restore because the data inside the DB are localized as well, but I thought I could ask...- so if I understand correct I should kick it all?

I spoke to the customer and I think we will do a new installation and spread the apps across 2 Win2003 servers. But this needs a little time.

[...]

The last time UT stopped after around 36 hours, These are the last entrys:

2007/05/11 21:44:48 EvalTask-vmpsadmin-01 ani VmpsAdminSMFGetBridgeTable: switch 10.131.8.9 mac 00-04-ac-5a-ca-cc port Fa0/2 in vlan Kasse domain 3010_10.131.8.9(T)

2007/05/11 21:44:48 EvalTask-vmpsadmin-01 ani VmpsAdminSMFGetBridgeTable: switch 10.131.8.9: Reject mac 00-04-ac-5b-43-e0 port Gi0/2 (Link) vlan Kasse

java.lang.OutOfMemoryError

<>

[EOF]

but I also found some before:

2007/05/11 21:40:13 EvalTask-vmpsadmin-09 ani VmpsAdminSMFGetBridgeTable: Total number of VLANs supported by the device 10.133.240.4 is 4096

java.lang.OutOfMemoryError

<>

2007/05/11 21:40:32 EvalTask-vmpsadmin-12 ani VmpsAdminSMFGetBridgeTable: switch 10.156.32.5: Reject mac 00-00-0c-07-ac-01 port Gi0/2 (Link) vlan default

I thought that the CMF problem will also consume some memory and could slow down UTM;

To speed up the server, I defragmented the filesystem where LMS is installed and the pagefile and the other system files as well; augmented the pagefile size to 4095 MB fixed ( was 2048 - 4096 MB dynamic); Currently I make a test by adding a second pagefile (4 GB);

Joe Clarke Tue, 05/15/2007 - 10:50

You can backup the data, then restore it after you reinstall the server the way you like. The localization should not affect the data.

Adding more memory or more swap to this server will most likely not help this problem. The most likely cause (assuming no bugs) is too many devices/users being managed. In this case, reducing the single-server device count will help. You might also try applying the Daylight Savings Time patch. I know it's not required for Germany, but it does bring with it new JVM versions which have known memory bugs fixed.

Actions

This Discussion