Q: How do I verify that Command Center service has started properly?
A: To verify that the Command Center service has started properly, you can do one of the following:
Q:Which are the weak ciphers in Command Center and how do I remove these weak ciphers from Command Center?
A: TLS_DHE_RSA_WITH_AES_128_CBC_SHA and TLS_DHE_RSA_WITH_AES_256_CBC_SHA are the weak ciphers configured by default on Command Center. Because of these weak ciphers, the Command Center login page fails to load.
To remove these ciphers from a standalone Command Center
- Stop the Command Center service.
- Remove these ciphers from the following files:
- <CC_Home>/conf/ transportProvider.conf
- Start the command center service.
To remove these ciphers from a Command Center HA pair
- Stop the Command Center service on the secondary node and then stop the Command Center service on the primary node.
- Remove these ciphers from the following files on both the primary and secondary node:
- <CC_Home>/conf/ transportProvider.conf
- Start the Command Center service on the primary node and the start the Command Center service on the secondary node.
Q: I am not able to connect to the Command Center client. What are the possible causes ?
Possible Cause: Command Center service has not started properly.
Action: Check to see if the Command Center service is started. If not, start the service.
Possible Cause: You have not presented valid root-user credentials.
Action: Provide the correct credentials. If the error occurs even with the correct credentials, shut down the server and check the securitydbData.XML file. If it is empty, reinitialize the database.
Possible Cause: If the PostgreSQL service has not started, the Command Center service does not start.
Action: In wrapper.log file, if you see a " PostgreSQL doesn't start in timely fashion" entry, start the PostgreSOL service first and then start the Command Center server.
Possible Cause: To access the Command Center client, you are using Internet Explorer with compatibility mode enabled.
Action: Disable compatibility mode, and then access the client.
Other possible causes :
You are using host name that contains an underscore special character.
The Command Center client is running with a NATed IP address.
The Firewall is blocking the ports required by Command Center. If the firewall is enabled, disable it or unblock the ports needed for communication with the client.
The connection to the database has been lost. To check, view the log entry in the logs/wrapper.log file.
The host name used to access the Command Center server does not resolve to the Command Center IP address.
The browser cache was not cleared after an upgrade.
The port you are using to access the client has been modified from the default (Https 8443 or Http 9090).
Q: I am not able to access the user interface of the secondary Command Center over port 8443.
A: You can only access the primary Command Center through the GUI when configured in HA mode. The secondary Command Center only monitors the state and is not accessible through GUI.
Q: Can Command Center be monitored through any SNMP Manger?
A: Yes, since Command Center behaves as an SNMP agent on port 8161, any SNMP manager can contact Command Center through this port. Command Center can be monitored by loading NS-CC-MIB, which is in the <CC_Home>/mibs folder on any SNMP manager.
Q: Do I need to add Command Center agent as a trap destination on the devices managed by Command Center agent ?
A: No. Command Center server adds its IP address as a trap destination in the discovered devices. Command Center Agent does not add itself as a trap destination but only does the performance data collection, syslog, and entity monitoring. Traps are still handled by the Command Center server.
Q: How do I change the default ports used by Command Center ?
A: You can change the default port (8443 or 9090) to any standard TCP port by modifying the Server Port details in the Administration > Settings > Access Settings window. The changes in access settings are effective only after a restart.
Q: Can I back up and restore data?
A: You can do a data backup and restore only on a Command Center appliance.
Q: Is a license required for evaluation-mode installation of the software version of command center?
Q: I am not able to log on to the Command Center server. Where can I view the current Command Center version?
A: You can find the version information in the <CCHome>/conf/AboutDialogProps.xml file.
Q: Which Oracle JDBC driver version does Citrix Command Center use?
A: Command Center uses Oracle JDBC Driver version 10.2.0.3.0.
Q: What databases does Command Center support?
A: For detailed information about supported databases, see http://docs.citrix.com/en-us/command-center/5-2/cc-install-cc-wrapper-con/cc-install-plan-installation-con.html#cc-install-database-settings-ref-sh.
Q: Does Command Center support any database resiliency solution, such as mirroring, or any other replication methods that I can consider implementing?
A: You can replicate a MySQL database in Command Center. Use Command Center in an HA setup with MySQL two-way replication.
Q: How do I migrate from one type of database to another?
A: To migrate from one type of database to another, for example from MS SQL to Oracle:
- Stop Command Center.
- Migrate the database (for example, from MS SQL to Oracle) with the help of your database administrator.
- In the <CCHome>\bin\ directory, execute the database_switch.bat (Windows) or database_switch.sh (Linux) script. Include an argument identifying the new database.
<CCHome> \bin\database_switch.bat ORACLE
<CCHome> \bin\ sh database_switch.sh ORACLE
- Open the <CCHOME>\classes\hbnlib\hibernate.cfg.xml file in a text editor and, under <!--For Using Oracle DB , Uncomment the below tags -->, edit the following line to specify the host name, port number, and connection string of the new database:
- In the <CCHome>\bin\admintools directory, execute the EncryptPassword script and specify the user name, current password, and the new password to get the encrypted password for the new password that you specified.
On a Windows system, enter the following command:
<CCHome>\bin\admintools EncryptPassword.bat root rootpassword newpassword
On a Linux operating system, enter the following command:
<CCHome>\bin\admintools sh EncryptPassword.sh root rootpassword newpassword
<CCHome>\bin\admintools EncryptPassword.bat root public Password123
<CCHome>\bin\admintools sh EncryptPassword.sh root public Password123
The system returns the encrypted version of the new password. For example:
- In the hibernate.cfg.xml file, under <!--For Using Oracle DB , Uncomment the below tags -->, copy the new encrypted password to the property name line. For example:
- Save the changes.
- Restart Command Center and verify that it is using the new database.
Q: When Command Center is installed in "Evaluation" mode, what is the default DB size allocated to it?
A: For installation in "Evaluation" mode, there is no DB size limit for the internal DB. It depends on the available storage space of the system that the user installs on.
Q: When Command Center is installed in "Typical" mode, can we install the packaged PostgreSQL DB?
A: We do not recommend the usage of PostgreSQL DB in a production deployment.
Q:Can I configure ciphers on Command Center?
A: Yes, you can configure ciphers on Command Center.
A Command Center server or an appliance ships with a set of predefined ciphers. The default ciphers which are supported by Command Center are:
To use ciphers other than the predefined cipher, you have to explicitly define them in the server.xml and transportProvider.conf files.
To configure a cipher
- Open server.xml file located in the path <CC_HOME>\apache\tomcat\conf\backup, and include one or more ciphers as follows:
- Open transportProvider.conf file located in the path CC_HOME>\conf, and include one or more ciphers as follows:
Figure 2. TransportProvider.conf