The CacheFlow appliance is not receiving CachePulse updates. Uploading diagnostic information to Blue Coat is failing. The External health check for Blue Coat Update is in a warning or critical state indicating that CachePulse updates are failing Syslog is reporting CachePulse download failures Syslog is reporting errors uploading data to Blue Coat
The first thing to verify is that outbound 443 traffic is not restricted. If that does not fix the problem, try the following:
For failing CachePulse updates, ensure
1. The CacheFlow has an appliance certificate 2. The appliance is registered with Blue Coat for CachePulse updates
For diagnostic upload problems, ensure
1. A Service Request (SR) number is specified 2. The auto-upload mode is configured to send the diagnostic information
Ensuring Outbound 443 Traffic is Allowed
For Blue Coat log uploads and CachePulse updates to function properly, outbound 443 HTTPS traffic must be allowed out to Blue Coat services.
If uploads and updates were working and suddenly stop, check to see if a change in firewall rules may have blocked Blue Coat traffic. The appliance's health system keeps track of when the health states change. Check these events to see if they correspond to changes in network infrastructure.
To view the health of CachePulse updates:
Using the GUI, click on the Health tab and select External/Blue Coat Update.
In this example, Blue Coat updates are not working and are in the warning state. Clicking on Blue Coat Update displays information, such as the time that the warning state was entered and what the previous state and time was.
Using the CLI, from the enable prompt, execute the command 'show health details recent'. This command displays information similar to the GUI, which can reveal when the service became unhealthy.
CF5k#show health details recent Health Records [as of 2011-03-17 20:12:15]: Name: CachePulse Category: Blue Coat Update Current State: Warning Previous State: OK Entered: 2011-03-17 19:36:15 Entered: Boot Last Incident: 2011-03-17 19:36:15 Last Severe: Not since boot Admin Status: Enabled Threshold: 48 hours Last Attempt: 2011-03-17 20:12:10 Last Success: 2011-03-17 18:08:06 Next Attempt: 2011-03-17 20:12:00 Version: 394567
Ensuring The CacheFlow Has An Appliance Certificate
An appliance must have a Blue Coat appliance certificate in order to contact Blue Coat and download CachePulse updates.
To verify that an appliance has a certificate, execute the “#show ssl keyring appliance-key” command on the CLI. An appliance with a certificate will have output similar to the following:
Keyring ID: appliance-key Private key showability: no-show Signing request: present Certificate: present Certificate issuer: Blue Coat Systems, Inc. Certificate valid from: Mar 15 17:52:21 2011 GMT Certificate valid to: Mar 14 17:52:21 2016 GMT Certificate thumbprint: F8:A4:C8:0A:0F:B0:FB:A3:EE:43:D6:1B:40:D1:D1:A9
If an appliance is missing its certificate, the output will be the following:
Ensuring The CacheFlow Appliance Is Registered For CachePulse Downloads
The CacheFlow must be registered with Blue Coat for CachePulse downloads. This is done automatically at the time the appliance is purchased. If CachePulse updates are failing and the #(config) cachepulse check-now command returns the following error message, please contact Blue Coat Technical Support to have your CacheFlow appliance registered:
% The appliance's serial number is not registered for CachePulse downloads. Contact Blue Coat to register your appliance's serial number
Ensuring That An SR Is Specified
Diagnostic uploads to Blue Coat are linked to an SR number. In order to upload diagnostic information to Blue Coat, an SR must be specified on the CacheFlow appliance. For CacheFlow software versions 184.108.40.206 and earlier, the SR number must be configured explicitly on the appliance. To determine if an SR is specified, use the CLI “#show diagnostics configuration” command.
CF5k# show diagnostics configuration Diagnostic settings:
Diagnostics Uploads: normal Access Log Uploads: off SR Number:
In the above example, the SR number has not been specified, so the SR Number field is empty. If the SR is specified, the output will similar to the be the following:
Diagnostics Uploads: normal Access Log Uploads: off SR Number: 2-XXXXXXXXX
The 'send-diagnostics' command will also return an error if no SR is configured:
CF5k#send-diagnostics % Upload of diagnostics to Blue Coat failed. No SR is configured.
If the appliance does not have an SR number, contact Blue Coat support to obtain one and then configure it on the appliance using the “#(config diagnostics)sr-number <number>” command.
Ensuring The Auto-Upload Mode Is Configured For Diagnostic Uploads
Ensure that the relevant diagnostic auto-upload modes are not disabled. Uploading of diagnostic access-log information and other diagnostics is configured using two separate commands. Using the CLI, set the auto-upload modes to the appropriate values for your deployment.
CF5k#(config diagnostics)auto-upload diagnostics ? detailed Set diagnostics uploads to detailed mode normal Set diagnostics uploads to normal mode off Disable automatic diagnostics uploads verbose Set diagnostics uploads to verbose mode CF5k#(config diagnostics)auto-upload diagnostics verbose
CF5k#(config diagnostics)auto-upload access-log ? detailed Set access log uploads to detailed mode normal Set access log uploads to normal mode off Disable automatic access log uploads verbose Set access log uploads to verbose mode CF5k#(config diagnostics)auto-upload access-log verbose
Imported Document ID: 000016062
Subscribing will provide email updates when this Article is updated. Login is required.
Thanks for your feedback. Let us know if you have additional comments below. (requires login)
Subscribed to the Article.
Unable to subscribe
Thanks for your additional feedback !!!
Enterprise Support Virtual Agent
Rate Me :
Tell us more:
Welcome! My name is Sami, the Enterprise Support Virtual Agent answering technical support questions.