Dec. 18, 2015
Q: How do I verify that Command Center service has started properly?
A: To verify that the Command Center service has started properly, you can do one of the following:
You can also check the status of the service in the logs/wrapper.log file. Verify that the following log entry is present at the end of the file "Please connect to web client using port <port number>."
Q:Which are the weak ciphers in Command Center and how do I remove these weak ciphers from Command Center?
A: TLS_DHE_RSA_WITH_AES_128_CBC_SHA and TLS_DHE_RSA_WITH_AES_256_CBC_SHA are the weak ciphers configured by default on Command Center. Because of these weak ciphers, the Command Center login page fails to load.
To remove these ciphers from a standalone Command Center
To remove these ciphers from a Command Center HA pair
Q: I am not able to connect to the Command Center client. What are the possible causes ?
Possible Cause: Command Center service has not started properly.
Action: Check to see if the Command Center service is started. If not, start the service.
Possible Cause: You have not presented valid root-user credentials.
Action: Provide the correct credentials. If the error occurs even with the correct credentials, shut down the server and check the securitydbData.XML file. If it is empty, reinitialize the database.
Possible Cause: If the PostgreSQL service has not started, the Command Center service does not start.
Action: In wrapper.log file, if you see a " PostgreSQL doesn't start in timely fashion" entry, start the PostgreSOL service first and then start the Command Center server.
Possible Cause: To access the Command Center client, you are using Internet Explorer with compatibility mode enabled.
Action: Disable compatibility mode, and then access the client.
Other possible causes :
You are using host name that contains an underscore special character.
The Command Center client is running with a NATed IP address.
The Firewall is blocking the ports required by Command Center. If the firewall is enabled, disable it or unblock the ports needed for communication with the client.
The connection to the database has been lost. To check, view the log entry in the logs/wrapper.log file.
The host name used to access the Command Center server does not resolve to the Command Center IP address.
The browser cache was not cleared after an upgrade.
The port you are using to access the client has been modified from the default (Https 8443 or Http 9090).
Q: I am not able to access the user interface of the secondary Command Center over port 8443.
A: You can only access the primary Command Center through the GUI when configured in HA mode. The secondary Command Center only monitors the state and is not accessible through GUI.
Q: Can Command Center be monitored through any SNMP Manger?
A: Yes, since Command Center behaves as an SNMP agent on port 8161, any SNMP manager can contact Command Center through this port. Command Center can be monitored by loading NS-CC-MIB, which is in the <CC_Home>/mibs folder on any SNMP manager.
Q: Do I need to add Command Center agent as a trap destination on the devices managed by Command Center agent ?
A: No. Command Center server adds its IP address as a trap destination in the discovered devices. Command Center Agent does not add itself as a trap destination but only does the performance data collection, syslog, and entity monitoring. Traps are still handled by the Command Center server.
Q: How do I change the default ports used by Command Center ?
A: You can change the default port (8443 or 9090) to any standard TCP port by modifying the Server Port details in the Administration > Settings > Access Settings window. The changes in access settings are effective only after a restart.
Q: Can I back up and restore data?
A: You can do a data backup and restore only on a Command Center appliance.
Q: Is a license required for evaluation-mode installation of the software version of command center?
Q: I am not able to log on to the Command Center server. Where can I view the current Command Center version?
A: You can find the version information in the <CCHome>/conf/AboutDialogProps.xml file.
Q: Which Oracle JDBC driver version does Citrix Command Center use?
A: Command Center uses Oracle JDBC Driver version 10.2.0.3.0.
Q: What databases does Command Center support?
A: For detailed information about supported databases, see http://docs.citrix.com/en-us/command-center/5-2/cc-install-cc-wrapper-con/cc-install-plan-installation-con.html#cc-install-database-settings-ref-sh.
Q: Does Command Center support any database resiliency solution, such as mirroring, or any other replication methods that I can consider implementing?
A: You can replicate a MySQL database in Command Center. Use Command Center in an HA setup with MySQL two-way replication.
Q: How do I migrate from one type of database to another?
A: To migrate from one type of database to another, for example from MS SQL to Oracle:
Q:Can I configure ciphers on Command Center?
A: Yes, you can configure ciphers on Command Center.
A Command Center server or an appliance ships with a set of predefined ciphers. The default ciphers which are supported by Command Center are:
To use ciphers other than the predefined cipher, you have to explicitly define them in the server.xml and transportProvider.conf files.
Q: After installing the latest version of Command Center 5.0, I do not see the Start option under Windows Start > Programs > Command Center options. How do I start the Command Center server?
A: The Command Center server is installed and service is started automatically when you install Command Center version 5.0. You can directly access the Command Center server from the web browser by typing either of the following in the address field:
Q: Where do I view the installation log statements for Command Center version 5.0 or later ?
:<CC_HOME>\ _Citrix Command Center_installation\Logs
If you cancel the installation before the installation starts, or some error occurs during the pre-installation steps, the location depends on whether you are running windows or Linux.
Q: After installing Command Center, I am unable to start it properly. Where do I look for the log statements regarding startup and shutdown?
Q: After moving the MS SQL database to a new host, how to point the Command Center server to the new host?
In the <CCHOME>/classes/hbnlib/ hibernate.cfg.xml file search for the following line:
<property name="connection.url">jdbc:sqlserver://<dbserver IP>:1433;databaseName=<database name>/property>
To obtain the encrypted password, run the command
EncryptPassword.bat file available under <CCHOME>/bin/admintools directory.
The usage is shown below:
"Usage : EncryptPassword UserName Password EncryptPassword"
"UserName - CC UserName with admin privileges, say root"
"Password - Password of the User"
"EncryptPassword - The password to be encrypted."
<CCHome>\bin\admintools>EncryptPassword.bat root public mynewpassword
Encrypted Password for password "mynewpassword" is: ceMv9Me6gF5h6Cn1
In the < CCHOME>/classes/hbnlib/ hibernate.cfg.xml file copy the new encrypted.
The usage is shown below:
<property name="connection.encryptedpassword"> ceMv9Me6gF5h6Cn1</property>
Q: How can I change MSSQL database ports for Command Center ?
<property>com.microsoft.sqlserver.jdbc.SQLServerDriver</property> <property>jdbc:sqlserver://10.102.43.50:1443;DatabaseName=data2013</property> <property>sa</property>
Q: The Postgres database server does not start in a timely fashion. What can I do?
A: For Windows: From the Windows Service Manager, start the PostgresForCommandCenter service. Verify that the service has started, and then start the Command Center service.
For Linux: In /<CC_home>/pgsql/startup-scripts directory and run the following scripts:
If the Postgres database does not start even after restarting the service, check if the Zlib libraries are installed on the Linux system.
Q: Why am I getting a "User not authorized" message when I log on?
A: This message appears if you belongs to a group to which no permissions are assigned. Generally, a users created on the fly in an external authentication server faces this issue. To resolve the issue, the administrator has to log on to the authentication server and assign the user to a proper group.
Q: Can I control the list of tasks that are visible to the user in Command Center?
A: Yes, you can use the Custom View Scope feature in Command Center.
Q: Why am I not able to see all the groups when I use the Browse option of Add Group after choosing external Authentication?
A: The Active Directory server always returns 1000 records at a time. You can directly key in the group name in the field instead of using Browse and select option.
Q: After a force failover, why am I not able to log on if external authentication is set as RADIUS in a Command Center HA setup?
A: You have to log on to Command Center as a local user with Admin privileges and change the Client IP address to the current Command Center server IP address (which was the secondary IP address before the forced failover).
Q: Which are the wildcard characters supported in Custom View Scope?
A: Command Center supports '%' wildcard character for contains case only.
Q: What Active Directory versions does Command Center support?
A: Windows 2008, Windows 2008R2, and Windows 2012.
Q: How can I do a factory reset of root user authorization?
A: Run the following script:
Q: Does Command Center support secure LDAP?
Q: Can users belonging to a subdomain log on to Command Center?
A: Yes. Subdomain users can log on to Command Center if subdomain LDAP is configured.
Q: NetScaler discovery is failing for one particular device. What could be the cause?
A: For successful NetScaler discovery, the SNMP Manager list must be empty or Command Center must be listed as one of the SNMP Managers. Verify the SNMP Managers configured on the device.
Q: Is it possible to view the device label as a host name or system name instead of as an IP Address?
A: Yes. In Administration > Server Settings change the Device Label value to display the System Name/Host Name.
Q: Which IP address should I use to discover an SDX device?
A: Use the SVM IP address to discover the SDX device in Command Center.
Q: When I discover a CloudBridge Advanced Platform by using the SVM IP address, the CloudBridge instances on the CloudBridge Advanced Platform are not discovered in Command Center?
A: Only the CloudBridge accelerators on a CloudBridge Advanced Platform are discovered.
Q: Are NAT, SNIP, and MIP based discovery of NetScaler devices supported in Command Center?
A: Yes. But SNIP and MIP cannot be used for the discovery of a device configured in HA mode.
Q: I changed the credentials of my device; do I have to change the credentials in Command Center also?
A: Yes, you have to update the credentials in the device profile that is used to discover that device. After you update the profile, you have to rediscover the device.
Q: How can I back up the configuration files, such as ns.conf, for a device?
A: Command Center backs up the NetScaler configuration(ns.conf, the certificates, and so on) the first time the device is discovered and at regular intervals. By Default, the archive interval is 12 hours. You can back up the configuration files on demand from the page that lists the properties of that device.
Q: Where is the ns.conf file located on my Command Center ?
A: The file is located on the database as a plain text.
Q: I am trying to discover a NetScaler device with SNMP v3 profile and the discovery fails with the following error message: Problem in finding device HA Mode for this device. For input string: " " . What should I do?
A: On the NetScaler device, in the SNMP v3 view, verify if you have set the subtree value to 1. If it is not set to 1, then clear the SNMP v3 configuration (SNMP view, SNMP group, and SNMP user) from the NetScaler device. Delete the device from Command Center and re-discover.
Q: I am not able to view the configuration change history for a device.
A: Check the "Configuration Changes Duration" value you have configured. You may not be able to view the history as there may not be any configuration changes in specified duration.
Q: Can I export and mail the change management reports ?
A: Yes, you can use the Schedule option of Audit policies to schedule export and mailing of the reports.
Q: Why is the "Send Mail" action not working?
Possible Cause : The mail server credentials might be incorrect or mail server might not be accessible from Command Center.
Action : Check the mail server credentials and verify that the mail server is accessible from command center server. If the mail server credentials are not correct, edit the settings in Administration > Mail Server Settings .
You can refer to the exception logged under logs > stderr file.
Example of log entry for this exception:
Exception while sending mail notification. Sending failed; nested exception is: class javax.mail.MessagingException: Could not connect to SMTP host: 10.102.173.25, port: 25; nested exception is: java.net.ConnectException: Connection refused: connect Invalid HostName or Port, unable to connect the mail server
Possible Cause : The Events/Alarms fields are not configured correctly.
Action: Check if Event/Alarm fields are configured correctly. The Message field, should match or be a part of the message of any incoming Event/Alarm.
Example of log entry for this exception:
Failed Object, Message.
Q: Can I keep a historical log of SNMP alarms and events in Command Center ?
A: Currently, only 10000 events are displayed, due to user-interface restrictions, but, by default, the events/alarms from the past 6 months are stored in the database.
Q: Command Center is not receiving the traps sent by a device. What are the possible causes?
A: The possible reasons for not receiving traps could be:
If you enable firewall on Command Center server, it does not receive the traps
SNMP port is being used by some other application in the Command Center server system.
Event triggers are set to suppress the action.
Custom View Scope is set for the device.
Triggers are set with incorrect message fields.
Triggers have alarm age set to a high value.
If Command Center is installed on a Linux server, the iptable configuration might cause filtering of SNMP packets.
Traps from unmanaged devices are not processed by Command Center.
The default Trap port has been changed by the administrator under Administration > Settings > Trap Forward Settings.
Q: Do I need to specifically enable SNMP on Command Center? if yes, how can I do so?
A: You need not enable SNMP. It is already running on port 8161. When the Command Center service is running, Command Center behaves as an SNMP agent on port 8161, and any SNMP manager can contact Command Center through this port.
Q: Can I set triggers for all of the devices?
A: Yes. In theAdd Filters window, leave the Devices field empty. All the devices discovered are then selected.
Q: Alarm Triggers actions are not being initiated for the generic category of alarms.
A: Since Alarms are not updated for generic traps, such as reboot, you have to manually clear the alarm to reenable the alarm trigger action, or you have to create triggers for the generic category of events.
Q: Syslogs and AppFirewall reports are not generated. What are the possible causes?
Q: Since all traps are sent to both the Command Center agent and the main Command Center, does the Command Center agent ignore these or are they sent to the database through the SQL connection?
A: Traps are handled only by the Command Center server, which adds its IP address as a trap destination on the NetScaler device during NetScaler device discovery.
Q: How can I customize the purge interval?
A: You can specify the interval at which Command Center should purge syslog data. By default, Command Center stores syslog messages for the last 90 days. To customize the purge interval, navigate to Administration > Server Settingsand specify the number of days in theSyslog Clean interval (in days) field. Only the records older than the number of days that you specify are purged. For example, if you specify as 45 days, Command Center purges syslog messages that are older than 45 days.
Q: I am able to view unwanted IPs in Failure Objects.
A: The unwanted IP addresses are from AppFirewall Client IP. Create a filter to suppress AppFirewall alarms.
Q: Is it possible to export data from Command Center for Syslogs, Appfirewall and AGEE logs?
Q: Why am I not able to receive the SNMP traps from the device?
A: If the wrapper.log file contains the following entry: "WARNING : Traps cannot be received on port : 162", failure to receive the traps could have the following possible causes:
Possible Cause1 : If any other SNMP trap service is running on port 162, which is receiving the traps, Command Center might not be able to receive the SNMP traps.
C:netstat -ano| find "162"Sample Output:
TCP 0.0.0.0:49162 0.0.0.0:0 LISTENING 1892 UDP [::]:162 *:* 6340 )If you see " UDP [::]:162 *:*" in the output, it confirms that the port 162 is being used by some other application.
Possible Cause 2: Traps from unmanaged devices are not processed by Command Center.
Action: Check if to see if the trap destination and port are correctly configured on the device.
Q: Why am I not able to view the old events?
A: Explanation: By default, Command Center does not display the entire database. The default is a maximum 10,000 events, no older than 6 months.
Possible Cause 1: Command Center displays only 10,000 events in client GUI.
Action: You can change this setting by modifying the value of the EVENT_WINDOW_SIZE parameter in the NmsProcessesBE.conf file, which is in the <CC_HOME>/conf directory.
Possible Cause 2: Events older than 6 months are deleted.
Action : By default, the interval for cleaning the events is 6 months. You can change the interval by modifying the value of the CLEAN_EVENT_INTERVAL parameter in NmsProcessesBE.conf file, which is in the <CC_HOME>/conf.
Q: I am not able to view "Available Failed Objects" for a particular trap category. How do I troubleshoot the problem?
A: Explanation: When Command Center receives a trap, the failed objects become persistent in the Command Center database. The "Available Failed Objects" popup window displays that data.
Possible Cause: If Command Center has not received a trap for that category even once, you cannot see any failed objects for that particular trap.
Action: You can edit the field manually
For an entity-related event/alarm,(entityup/down, entityNameChanged, or entityofs), configure the failed object in the event/alarm trigger:
failedobject = $vserver_name OR $service_name OR $interface_name
For a Threshold event/alarm
failedobject = $counterName:$instance
Q: When I generate a report, I encounter a "No Data to Chart" message.
A: Possible Cause 1: Counters for polling are disabled.
Action: Check to see if you have enabled the counter for polling in the Configure Polled Counters interface. If you have enabled it, clear the Exclude Zero Values check box for that polled counter, and then see if the report is generated.
Check the PerformanceErr file to see if there are any error messages logged for the particular counter and device. Some of the common error messages are: Error: "Invalid instance… Dropping packet for instance with value."
Explanation : This error is generally observed in Command Center version 3.x.
Action : Upgrade to 4.0 should take care of this. Error: "Request timed Out".
Explanation : This error appears when SNMP requests to the device are timing out.
Action : You can check the network connectivity and verify the accuracy of SNMP credentials in the device profile. Error: "Could not poll… No such object in this MIB".
Explanation : This error occurs when a particular version of the device does not support the counter for which the report is being generated.
Q: The Command Center graphs and values from the NetScaler device do not match.
A: A rate-counter value is calculated as the difference between two successive poll values divided by poll interval. The graphs plotted with these counters do not match with the exact values collected from the device.
Q: Can Command Center appliances be monitored through any other SNMP Manager?
A: Yes, Command Center Appliance can be monitored by loading Command Center appliance MIB NS-CC-MIB onto any SNMP Manager. The MIB, which is in the <CC_Home>/mibs directory, currently supports only the CC appliance host name object. Contact and Location are not supported.
Note that the Command Center agent does not add itself as a trap destination; it does only performance data collection, syslog, and entity monitoring. Traps are still handled by Command Center server.
Q: Is there a process for configuring SNMP traps on a Command Center appliance?
A: No. Users cannot configure SNMP traps on a Command Center appliance.
Q: Is evaluation license supported for Command Center appliance ?
A: Yes, it is supported from Command Center version 5.0, build 35.11 onwards.