Apache Service not starting in CiscoWorks LMS 3.1

Answered Question
Aug 13th, 2009
User Badges:

Hi,


The CiscoWorks LMS 3.1 Apache service does not start, even when the CiscoWorks daemon manager is restarted (net stop, net start)or server rebooted. The Daemon manager takes around 45 minutes to start the rest of the services.


Rebooted Server (Win 2k3 SP1), Reset casuser, removed Sophos, re-attempted, certificate renewed, rebooted, all without success.


Been advised that removing the server from the domain might help? but can't really see how if casuser is in correct User Assignment Rights.


Any help would be appreciated. Thank you.




Correct Answer by Joe Clarke about 7 years 11 months ago

Okay, do this:


NMSROOT\bin\perl.exe NMSROOT\MDC\Apache\ConfigSSL.pl -enable


That will fully enable SSL. Then, disable it:


NMSROOT\bin\perl.exe NMSROOT\MDC\Apache\ConfigSSL.pl -disable


Since SSL was fully enabled first, the script should then detect that it needs to be disabled, and remove all of the hooks. Then you should be able to access the pages with HTTP.

Correct Answer by Joe Clarke about 7 years 11 months ago

As I said, you can change the port with the changeport.exe utility. For example, to change the port to tcp/1751, use the command:


NMSROOT\MDC\Apache\changeport.exe 1751 -s


As for the forbidden error, I need to see a good output of pdreg -l Apache. The previous output was bad since Daemon Manager hadn't fully initialized.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Joe Clarke Thu, 08/13/2009 - 05:28
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

Post the NMSROOT\MDC\Apache\logs\error.log as well as any relevant errors from the Windows Event Viewer. These kind of cases typically point to an Apache config problem, so please post the output of:


NMSROOT\MDC\Apache\Apache.exe -t NMSROOT\MDC\Apache


As well as the output of pdreg -l Apache and the output of netstat -a -n -o -b.

max_gbp777 Thu, 08/13/2009 - 06:33
User Badges:

Hi Jclarke,


Thank you for the quick response.


Attached as requested.


eventvwr:

*****************************

Event Type: Error

Event Source: Apache Service

Event Category: None

Event ID: 3299

Date: 13/08/2009

Time: 15:24:46

User: N/A

Computer: CENTAUR

Description:

The Apache service named D:\PROGRA~1\CSCOpx\MDC\Apache\Apache.exe reported the following error:

>>> [Thu Aug 13 15:24:46 2009] [warn] pid file d:/program files/cscopx/mdc/apache/logs/httpd.pid overwritten -- Unclean shutdown of previous Apache run? <<<

before the error.log file could be opened.

More information may be available in the error.log file. **********************************

Kind Regards

Max



Joe Clarke Thu, 08/13/2009 - 06:37
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

You did not post the error.log, but from the netstat output, I see you're already running a web server on tcp/443 (IIS). I'm not sure what TCP port you configured for LMS for HTTPS, but if it is also 443, then that would prevent Apache from starting. The error.log would say for certain, but if you're using tcp/443 for LMS, you need to either shutdown IIS, or use the NMSROOT\MDC\Apache\changeport.exe tool to change the port. For example, to change the HTTPS port to tcp/1751:


changeport.exe 1751 -s

max_gbp777 Thu, 08/13/2009 - 06:57
User Badges:

Hi Jclarke,


we use http not https for CiscoWorks. It does however show that it is attempting to bind with port 443 in the error log. How should I change this.


Please advise.


Thank you,





max_gbp777 Thu, 08/13/2009 - 07:22
User Badges:

Hi Jclarke,


Disabled IIS (required for HP Openview) and the Apache service started. Hooray!


But now have the error below.


Please advise which ports to change to allow both IIS and Aapche services to run together and why I get a forbidden message.


Thank you,


*******************

Forbidden

You don't have permission to access /login.html on this server.


Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.

*******************

Correct Answer
Joe Clarke Thu, 08/13/2009 - 07:26
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

As I said, you can change the port with the changeport.exe utility. For example, to change the port to tcp/1751, use the command:


NMSROOT\MDC\Apache\changeport.exe 1751 -s


As for the forbidden error, I need to see a good output of pdreg -l Apache. The previous output was bad since Daemon Manager hadn't fully initialized.

max_gbp777 Thu, 08/13/2009 - 07:46
User Badges:

Hi Jclarke,


I attempted to revert to previous port 1741 with command: changeport.exe 1741 -s and without '-s'


but this gave an error.


ERROR: An attempt was made to access a socket in a way forbidden by its access permissions.


Attached error.log as well.


Please advise.


Thank you,



Joe Clarke Thu, 08/13/2009 - 07:55
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

You can't do that. First, LMS ALWAYS uses HTTPS. Even if you select to only use HTTP, you have to also have Apache listening for HTTPS connections for inter-process communication and authentication. So, make sure you pick a TCP port other than 443 or 1741 for LMS HTTPS. Also, make sure you run the changeport.exe utility as a local Administrator.


As for the forbidden error, this typically has to do with an Apache registration issue. That is why I want to see the good output from pdreg -l Apache when Daemon Manager is running

Joe Clarke Thu, 08/13/2009 - 08:19
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

I need to see the output of pdreg -l Apache. What you should do now that the Apache HTTPS port has been changed is reboot the server. After it comes back up, run the pdreg -l Apache command. It should return quickly, and show details about how the Apache daemon is registered is Daemon Manager. I would also like to see the new output from pdshow.

max_gbp777 Thu, 08/13/2009 - 08:42
User Badges:

Hi Jclarke,


Attached as requested.


I have to go to an appointment now.


Thank you for your help so far, i will reply when I get back or tomorrow if it is to late.


Thank you,


Kind Regards

Max



Attachment: 
Joe Clarke Thu, 08/13/2009 - 08:45
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

I figured this was the problem. Do the following, and you should be set:


* Shutdown Daemon Manager

* Run NMSROOT\bin\perl NMSROOT\MDC\Apache\ConfigSSL.pl -disable

* Restart Daemon Manager

max_gbp777 Fri, 08/14/2009 - 05:46
User Badges:

Hi Jclarke,


I tried the above and it produced a notepad file (ConfigSSL.pl attached)when I ran the command 'ConfigSSL.pl -disable'.


The login page does come up on port 1751, but i am unable to login using my AD account and the CiscoWorks admin account but it produces the 'Forbidden' error below when accessed.


*******************************

Forbidden

You don't have permission to access /cwhp/LiaisonServlet on this server.


Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.

*******************************


Please advise,


Thank you,



Attachment: 
Joe Clarke Fri, 08/14/2009 - 08:45
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

You missed an important part of the command. You need to run ConfigSSL.pl through the perl interpreter:


NMSROOT\bin\perl.exe NMSROOT\MDC\Apache\ConfigSSL.pl -disable

max_gbp777 Mon, 08/17/2009 - 00:38
User Badges:

Hi Jclarke,


Ran with command instructed but still get the error below.


*******************************

Forbidden

You don't have permission to access /cwhp/LiaisonServlet on this server.


Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.

***********************************


Please advise


Thank you,

Joe Clarke Mon, 08/17/2009 - 00:46
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

Post the new output of pdreg -l Apache plus a screenshot of the Services control panel showing the CiscoWorks services.

Correct Answer
Joe Clarke Mon, 08/17/2009 - 01:19
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

Okay, do this:


NMSROOT\bin\perl.exe NMSROOT\MDC\Apache\ConfigSSL.pl -enable


That will fully enable SSL. Then, disable it:


NMSROOT\bin\perl.exe NMSROOT\MDC\Apache\ConfigSSL.pl -disable


Since SSL was fully enabled first, the script should then detect that it needs to be disabled, and remove all of the hooks. Then you should be able to access the pages with HTTP.

max_gbp777 Mon, 08/17/2009 - 04:46
User Badges:

Hi Jclarke,


Yahoo! now able to log-in to CiscoWorks via web.


Checked RME and all devices are still available. Unable to view Syslog information from report generator.


Thank you for all your help, you are a life saver!


How do I find out what caused the problem as I do not want to do this again..... also I removed Sophos in the troubleshooting process do you think this had anything to do with it? Can I re-install it or do you recommend an alternate antivirus software?


Please advise,


Thank you,



Attachment: 
Joe Clarke Mon, 08/17/2009 - 08:37
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

Sophos most likely had nothing to do with this issue. The initial problem was that IIS was occupying tcp/443. That directly prevented Apache from starting. then, it looks as though someone had enabled SSL at one point, but when it was disabled, something went wrong. We corrected that with ConfigSSL.pl.


So, as long as you do not add another daemon to the system which uses the CiscoWorks ports, and as long as you do not re-enable SSL, you should be fine going forward.

max_gbp777 Tue, 08/18/2009 - 01:45
User Badges:

Hi Jclarke,


I re-installed Sophos last night and all is still working.


Do you have any suggestions on how to retrieve the historical Syslog information?


Please advise,


Thank you,

Joe Clarke Tue, 08/18/2009 - 04:41
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

Go ahead and start a new thread for the syslog issue.

Actions

This Discussion