Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

Cisco Threat Response Errors

I am evaluating CTR 2.0 (have VMS 2.1 in production). I am attempting to get alarm feeds going from CSIDS appliance sensors (4210's and 4230's) as well as ISS Real Secure event collectors. One of my CSIDS sensors is successfully sending alert information to the CTR system, but all of the other sensors report "Alarm feed inactive" & states that configuration errors were detected. All of the sensors' management and control interfaces reside on the same network as the CTR system.

Does anyone have any ideas on where to start looking to resolve the problem? I really do like the potential that CTR has.


Re: Cisco Threat Response Errors

Please see bug CSCea63034 'Continuously receiving "Alarm feed inactive" events in the Alarm display window'. You might need to install Microsoft JDBC Drivers. The proceess is described in detail in the release notes.

New Member

Re: Cisco Threat Response Errors

I was also receiving continuous "Alarm feed inactive" between localhost and the 4235. Looking at another event window showed me "Reconnect failed (Will try once every 60 seconds) Remote host closed connection during handshake."

This turned out to be an ACL issue on the 4235. This was corrected with

entering service host, networkparams and adding:

accesslist ipaddress netmask

New Member

Re: Cisco Threat Response Errors

I was also getting these errors and put the accesslist comment into my sensors and now I get the same error but with the context "Invalid or insufficient username/password for Cisco Secure IDS Event Subscriber (HOST@IP_ADDRESS) HTTP error code = 401"

I have encryption and TLS enabled on both my sensors and CTR server. I can get data to IDSMC just fine, but CTR seems to be dead in the water. If anyone has any suggestions, I could really use them. I've been waiting on the TAC for 3 days now and they don't seem to be much help at this point.

CreatePlease to create content