Integrate vRealize Network Insight with vRealize Log Insight

As of vRealize Network Insight (will be recalled as vRNI) v3.8, we have a new feature integrating with vRealize Log Insight(will be recalled as vRLI) by adding it as data source. The question is, why do we need this?

Firstly, let me remind you vRNI collector should connect NSX manager in every 10 minutes and poll the changes (such as security groups, firewall rules, etc). It’s also possible that NSX manager has too much load on it and this polling period might be extended. When we need real time information, syslog comes to our minds. So, it will be great if we work syslog and vRNI collector together. Because of this, we integrate vRLI and vRNI.

In a data center where NSX works, we monitor NSX Security Groups. Whenever a security group is created or modified by adding or removing any VM, the logs of NSX are sent to vRealize Log Insight which in turn sends an alert. After receiving the alert, vRealize Network Insight polls the NSX Manager on which the security group was created and fetches the corresponding data for the changed security groups. By doing this, we will see the changes in NSX environment much more faster.

Note: at the time of writing, it’s only supported to use this feature only monitoring the security groups.

Which products are supported?

  • vRealize Network Insight should be min v3.8
  • vRealize Log Insight should be min. v4.5
  • NSX manager should be min. V6.2

How to do it?

1. First, you should have installed the NSX Content Pack for vRealize Network Insight in vRealize Log Insight.

2. On vRNI, Settings -> Accounts and Data Sources -> Add Source -> Log Insight should be selected and added as a data source.

  • Collector: Select the IP address of the data collector that you have deployed for the data collection process.
  • IP Address: Enter the IP address or the FQDN of vRLI
  • Username/password: Enter username/password to connect vRLI
  • Authentication provider: Select the respective authentication provider for the credentials that you have provided

3. After you click Submit, it will give you an URL and we will complete the necessary steps by connecting vRLI.

After we completed the necessary steps on vRLI, then we should be finished the integration part. After that, vRLI should be tracking the changes of NSX environment and then send this information to vRNI.

Thanks for reading!

Cisco Unity Connection (CUC) Media Master Issue

Last month, I came across a problem in CUC when I tried to upload new greeting record. Firstly I thought it was probably based on wrong file format. But after I checked it, I understood the file format was not the source of my problem.

CUC_media_master_issue1

So I gave it some time to resolve it and then I saw it was originated from JAVA !!
I will write down the steps that I used to resolve my issue, respectively.

Close all of the browsers

– Verify that all processes are cleared in Task Manager [Ctrl+Shift+Escape]] or type in the search start menu “view running processes with Task Manager”; you should not see any processes like specified below.

* firefox.exe
* iexplore.exe
* chrome.exe

Remove existing Java that is installed

– uninstall Java 6,7,8
– delete all the sub-folders in “C:\Program Files\Java” or “C:\Program Files (x86)\Java”
– clear cache and browser history
– download Java from the official site – 1.7.0_71

http://www.oracle.com/technetwork/java/javase/downloads/jre7-downloads-1880261.html

Windows x86 Offline 28.09 MB jre-7u71-windows-i586.exe

CUC_media_master_issue2

– run install file as Administrator
– verify that Java is installed successfully

Disable Java security

– after Java installation type “Configure Java” at the Windows search start menu and you will see similar output to the below.

CUC_media_master_issue3

Clear temporary files in the Java

CUC_media_master_issue4

CUC_media_master_issue5

Set the security level and exceptions

– Security Level = Medium
– Exception site list. Add the CUC sites for PUB and SUB. Edit Site List.

http://10.1.1.1:443
http://10.1.1.1:8443

CUC_media_master_issue6

Disable security verification in Java

Mixed code disabled = DISABLE VER
Perform certificate revocation checks = Do not check
Advanced security settings = ALL
CUC_media_master_issue7

Permit access for CUC nodes to local Java modules by editing java policy file

notepad++
– open “C:\Program Files\Java\jre7\lib\security\java.policy” as administrator
– open “C:\Program Files (x86)\Java\jre7\lib\security\java.policy” as administrator

– after a line below
permission java.net.SocketPermission “localhost:0”, “listen”;

– add lines below and then save a file
permission java.net.SocketPermission “10.1.1.1:8443”, “connect,resolve”;
permission java.net.SocketPermission “10.1.1.2:8443”, “connect,resolve”;
permission java.net.SocketPermission “10.1.1.1:443”, “connect,resolve”;
permission java.net.SocketPermission “10.1.1.2:443”, “connect,resolve”;

Verify Java is running and enabled on Mozilla

In the example I used Java v7u67. Verify Java v7u67 is running and enabled on Mozilla. You should see “Java(TM) Platform SE 7 U65” or different version. JDK (Java Deployment Kit) is not required.

CUC_media_master_issue8

– open Mozilla as administrator
– clear cache and browser history
– verify that Java IMMApplet starts
– you will see at least Java logo below and maybe some security warnings

If instantly you will see some error message then it means that Java is not enabled for this browser. Error message next is really common one – “Init MMApplet Instance Failed To Get Instance”. Make sure that Java was installed with browser process not running in the background.

CUC_media_master_issue9

 

CUCM Secondary Node(Subscriber,CUPS) Installation Problem

You may come across a problem installing a secondary node for cucm such as the subscriber node or CUPS. You check and try&try again. You probably don’t see any mistake but couldn’t pass this step.

cucm_2nd_node1

 

Solution: If every credential is correct, I mean publisher cucm hostname, ip address, security password, dns settings, etc. , you added the new nodes to the publisher and then the problem is mostly originated from not being restarted publisher at least one time after you installed. One time restart of CUCM Publisher will solve the problem.

 

 

CUCM LDAP Connection Problem || Error while connecting to ldap://ip-address:389, null

Last week, one of my customers has changed their domain controller infrastructure and so ldap server ip address has been changed basically. I’m  not only synchronizing the phone users over this ldap server, but also managing user authentications from it. After that, they send me the new ldap server ip address and I tried to synchronize users over the ldap server.

The problem started at this point. This system was working perfectly so long time but I cannot make ldap initiating.

It gave an error like this:

Error while connection to ldap://ip-address:389, null

cucm_ldap_problem1

It seems like ldap server can’t let me make lookup. So I did these steps:

  • Tried changing admin password,
  • Tried these formats:
    • username@domain.local,
    • username@domain.com,
    • DOMAIN\username
    • Full canonical name(cn=username, ou=users, dc=domain, dc=local)
  • Tried changing admin account’s credentials (it was under domain admin group, also added to administrators group),
  • Tried another admin account,
  • Tried another search base,
  • Tried with/without ldap custom filter

Nothing solved my problem.

By the way, I was able to connect successfully by ( C:\ telnet LDAP-SERVER-IP 389).
Also I can verify myself as I could make a lookup but no answer came back from ldap server by writing username or password wrong.

cucm_ldap_problem2

 

So, to define whether I can access successfully LDAP server or not, I tried a 3rd party LDAP browser software named “Softerra LDAP Browser”.

cucm_ldap_problem3

It says “A stronger authentication method is required for this server.”

After a quick search, I found nothing to resolve my issue clearly on cisco support and configuration webpages. But, I found an issue effected websense. I basically apply this solution to my case, then everything was perfect both synchronization and authentication.

cucm_ldap_problem4

It says we need to change Domain controller: LDAP server signing requirements to NONE and Network security:LDAP client signing requirements to NEGOTIATE.

 

 

 

cucm_ldap_problem5

 

 

I hope this would be helpful and informative for you. If you encounter this, I firstly suggest you to check all those above steps under the first picture.

PS: I also opened a TAC case and an engineer investigated the problem. He said “this is a server issue and you should forward this to your server administrator or solve yourself.”