Guest

Preview Tool

Cisco Bug: CSCta32007 - CSA is causing Cisco CAR Scheduler jobs to fail in CUCM

Last Modified

Apr 29, 2010

Products (1)

  • Cisco Unified Communications Manager (CallManager)

Known Affected Releases

6.1(102.1.1) 8.0(0.30600.11)

Description (partial)

Symptom:
One or more CAR scheduler jobs can fail, with "CARSchedulerJobFailed" alarms being caught in RTMT and /var/log/active/syslog/CiscoSyslog file.  Example jobs like 'CARIDSAlarm', 'TaskMonitor', 'DailyCdrLoad'. 

In CiscoSyslog, one can usually see an alarm of 'SyslogSeverityMatchFound' right before the alarm of 'CARSchedulerJobFailed'. For example: 

Jun 22 01:01:50 sw097b-cm1 local7 2 : 7634: sw097b-cm1.cisco.com: Jun 22 2009 06:01:50.37 UTC : %UC_RTMT-2-RTMT_ALERT: %[AlertName=SyslogSeverityMatchFound][AlertDetail= At Mon Jun 22 01:01:50 CDT 2009 on node sw097b-cm1, the following SyslogSeverityMatchFound events generated:  SeverityMatch : Critical MatchedEvent : Jun 22 01:01:20 sw097b-cm1 local4 2 : 21: sw097b-cm1: Jun 22 2009 01:01:20.470 -0500: %CSA-2-EVENT_APCR_DENY: %[PID=4480][component=CiscoSecurityAgent] : The current application '/usr/local/cm/bin/carschlr' (as user ccmservice(513) group ccmbase(506)) attempted to execute the new application '/usr/bin/sudo'. The operation was denied. [rule 81] AppID : Cisco Syslog Agent ClusterID :  NodeID : sw097b-cm1  TimeStamp : Mon Jun 22 01:01:20 CDT 2009][AppID=Cisco AMC Service][ClusterID=][NodeID=sw097b-cm1]: RTMT Alert
Jun 22 01:01:50 sw097b-cm1 local7 3 : 7635: sw097b-cm1.cisco.com: Jun 22 2009 06:01:50.38 UTC : %UC_RTMT-3-RTMT_ALERT: %[AlertName=CARSchedulerJobFailed][AlertDetail= FailureDetail : [TaskMonitor] job failed, check the CAR Scheduler logs for details. FailureCause : Major Exception caught while running the job [TaskMonitor]. JobName : TaskMonitor AppID : Cisco CAR Scheduler ClusterID :  NodeID : sw097b-cm1  TimeStamp : Mon Jun 22 01:01:20 CDT 2009. The alarm is generated on Mon Jun 22 01:01:20 CDT 2009.][AppID=Cisco AMC Service][ClusterID=][NodeID=sw097b-cm1]: RTMT Alert

Conditions:
Whenever CAR scheduler service (carschlr) job runs commands such as '/bin/cat' or '/usr/bin/sudo', the operation was denied and blocked by CSA (CiscoSecurityAgent). Problem can be seen in CUCM running 8.0.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.