Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

After the Cisco CallManager server 4.2(3) is rebooted, the CSA Alert dialog box reads: "A problem was detected. Are you modifying the IIS server or system configuration? If not, this operation is suspicious."

Core Issue

In this case, the security log shows this error:

The process 'C:\WINNT\system32\inetsrv\inetinfo.exe' (as user NT AUTHORITY\SYSTEM) attempted to access 'C:\Program Files\Cisco\WebKnight\Loaded.xml'. The attempted access was a write (operation = OPEN/WRITE).

This issue occurs with Cisco CallManager 4.2(3) and Cisco Security Agent (CSA)  version 2.0(5)(V4.5-1 build 655).

It is most likely a result of the fix provided for Cisco bug ID CSCsb68657.

A new caveat is filed for this issue, CSCsg03341.


Track the progress towards a resolution of this bug through the Bug Tool on

The only workaround as of now is to answer "Yes" to the query at the CSA Alert dialog box prompt, or to open a Virtual Network Computing (VNC) session to the Cisco CallManager after a reboot.

Version history
Revision #:
1 of 1
Last update:
‎06-22-2009 04:39 PM
Updated by:
Labels (1)