Solutions

Why are CachePulse updates and/or diagnostic uploads not working?

Solutions ID:    KB4346
Version:    1.0
Status:    Published
Published date:    03/24/2011
 

Problem Description

The CacheFlow appliance is not receiving CachePulse updates.
Uploading diagnostic information to Blue Coat is failing.
The External health check for Blue Coat Update is in a warning or critical state indicating that CachePulse updates are failing
Syslog is reporting CachePulse download failures
Syslog is reporting errors uploading data to Blue Coat
 

Resolution

The first thing to verify is that outbound 443 traffic is not restricted.  If that does not fix the problem, try the following:

For failing CachePulse updates, ensure

1. The CacheFlow has an appliance certificate
2. The appliance is registered with Blue Coat for CachePulse updates
 

For diagnostic upload problems, ensure

1. A Service Request (SR) number is specified
2. The auto-upload mode is configured to send the diagnostic information

 

Ensuring Outbound 443 Traffic is Allowed

For Blue Coat log uploads and CachePulse updates to function properly, outbound 443 HTTPS traffic must be allowed out to Blue Coat services.

If uploads and updates were working and suddenly stop, check to see if a change in firewall rules may have blocked Blue Coat traffic. The appliance's health system keeps track of when the health states change. Check these events to see if they correspond to changes in network infrastructure.

 

To view the health of CachePulse updates:

Using the GUI, click on the Health tab and select External/Blue Coat Update.

In this example, Blue Coat updates are not working and are in the warning state. Clicking on Blue Coat Update displays information, such as the time that the warning state was entered and what the previous state and time was.

Using the CLI, from the enable prompt, execute the command 'show health details recent'.  This command displays information similar to the GUI, which can reveal when the service became unhealthy.

CF5k#show health details recent
Health Records [as of 2011-03-17 20:12:15]:
Name:           CachePulse                  Category:       Blue Coat Update  
Current State:  Warning                     Previous State: OK                
Entered:        2011-03-17 19:36:15         Entered:        Boot              
Last Incident:  2011-03-17 19:36:15         Last Severe:    Not since boot    
Admin Status:   Enabled                     Threshold:      48 hours          
Last Attempt:   2011-03-17 20:12:10         Last Success:   2011-03-17 18:08:06
Next Attempt:   2011-03-17 20:12:00         Version:        394567

 

Ensuring The CacheFlow Has An Appliance Certificate

An appliance must have a Blue Coat appliance certificate in order to contact Blue Coat and download CachePulse updates.

To verify that an appliance has a certificate, execute the “#show ssl keyring appliance-key” command on the CLI. An appliance with a certificate will have output similar to the following:

Keyring ID:               appliance-key
Private key showability:  no-show
Signing request:          present
Certificate:              present
Certificate issuer:       Blue Coat Systems, Inc.
Certificate valid from:   Mar 15 17:52:21 2011 GMT
Certificate valid to:     Mar 14 17:52:21 2016 GMT
Certificate thumbprint:   F8:A4:C8:0A:0F:B0:FB:A3:EE:43:D6:1B:40:D1:D1:A9

If an appliance is missing its certificate, the output will be the following:

Keyring ID:               appliance-key
Private key showability:  no-show
Signing request:          present
Certificate:              absent

 

If the appliance is missing a certificate, use the following command to obtain a certificate:

CF5k#(config ssl) request-appliance-certificate

If the request-appliance-certificate command fails, please contact Blue Coat Technical Support for assistance.

 

Ensuring The CacheFlow Appliance Is Registered For CachePulse Downloads

The CacheFlow must be registered with Blue Coat for CachePulse downloads.  This is done automatically at the time the appliance is purchased.  If CachePulse updates are failing and the #(config) cachepulse check-now command returns the following error message, please contact Blue Coat Technical Support to have your CacheFlow appliance registered:

% The appliance's serial number is not registered for CachePulse downloads. Contact Blue Coat to register your appliance's serial number

 

Ensuring That An SR Is Specified

Diagnostic uploads to Blue Coat are linked to an SR number.  In order to upload diagnostic information to Blue Coat, an SR must be specified on the CacheFlow appliance. For CacheFlow software versions 2.1.4.8 and earlier, the SR number must be configured explicitly on the appliance. To determine if an SR is specified, use the CLI “#show diagnostics configuration” command.

CF5k# show diagnostics configuration
Diagnostic settings:

Diagnostics Uploads: normal
Access Log Uploads:  off
SR Number:          

In the above example, the SR number has not been specified, so the SR Number field is empty. If the SR is specified, the output will similar to the be the following:

CF5k#show diagnostics configuration
Diagnostic settings:

Diagnostics Uploads: normal
Access Log Uploads:  off
SR Number:           2-XXXXXXXXX

The 'send-diagnostics' command will also return an error if no SR is configured:

CF5k#send-diagnostics
% Upload of diagnostics to Blue Coat failed. No SR is configured.

If the appliance does not have an SR number, contact Blue Coat support to obtain one and then configure it on the appliance using the “#(config diagnostics)sr-number <number>” command.

 

Ensuring The Auto-Upload Mode Is Configured For Diagnostic Uploads

Ensure that the relevant diagnostic auto-upload modes are not disabled. Uploading of diagnostic access-log information and other diagnostics is configured using two separate commands. Using the CLI, set the auto-upload modes to the appropriate values for your deployment.

For diagnostics:

CF5k#(config diagnostics)auto-upload diagnostics ?
 detailed                     Set diagnostics uploads to detailed mode
 normal                       Set diagnostics uploads to normal mode
 off                          Disable automatic diagnostics uploads
 verbose                      Set diagnostics uploads to verbose mode
CF5k#(config diagnostics)auto-upload diagnostics verbose

For access-logs:

CF5k#(config diagnostics)auto-upload access-log ?
 detailed                     Set access log uploads to detailed mode
 normal                       Set access log uploads to normal mode
 off                          Disable automatic access log uploads
 verbose                      Set access log uploads to verbose mode
CF5k#(config diagnostics)auto-upload access-log verbose
 

 


Rate this Page

Please take a moment to complete this form to help us better serve you.

Did this document help answer your question?
 
 
If you are finished providing feedback, please click the RATE CONTENT button. Otherwise, please add more detail in the following text box and then click RATE CONTENT.
 
 

Your response will be used to improve our document content.

Ask a Question