Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
664
Views
0
Helpful
0
Comments

After the Cisco CallManager server 4.2(3) is rebooted, the CSA Alert dialog box reads: "A problem was detected. Are you modifying the IIS server or system configuration? If not, this operation is suspicious."

TCC_2
Level 10
Level 10

‎06-22-2009 04:39 PM - edited ‎03-12-2019 08:44 AM

Core Issue

In this case, the security log shows this error:

The process 'C:\WINNT\system32\inetsrv\inetinfo.exe' (as user NT AUTHORITY\SYSTEM) attempted to access 'C:\Program Files\Cisco\WebKnight\Loaded.xml'. The attempted access was a write (operation = OPEN/WRITE).

This issue occurs with Cisco CallManager 4.2(3) and Cisco Security Agent (CSA)  version 2.0(5)(V4.5-1 build 655).

It is most likely a result of the fix provided for Cisco bug ID CSCsb68657.

A new caveat is filed for this issue, CSCsg03341.

Resolution

Track the progress towards a resolution of this bug through the Bug Tool on cisco.com.

The only workaround as of now is to answer "Yes" to the query at the CSA Alert dialog box prompt, or to open a Virtual Network Computing (VNC) session to the Cisco CallManager after a reboot.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents