-
Troubleshooting Guide
-
Preface
-
Chapter 1 - Troubleshooting Overview
-
Chapter 2 - Audit Troubleshooting
-
Chapter 3 - Billing Troubleshooting
-
Chapter 4 - Call Processing Troubleshooting
-
Chapter 5 - Configuration Troubleshooting
-
Chapter 6 - Database Troubleshooting
-
Chapter 7 - Maintenance Troubleshooting
-
Chapter 8 - Operations Support System Troubleshooting
-
Chapter 9 - Security Troubleshooting
-
Chapter 10 - Signaling Troubleshooting
-
Chapter 11 - Statistics Troubleshooting
-
Chapter 12 - System Troubleshooting
-
Chapter 13 - Network Troubleshooting
-
Chapter 14 - General Troubleshooting
-
Chapter 15 - Diagnostic Tests
-
Chapter 16 - Disaster Recovery Procedures
-
Chapter 17 - Disk Replacement
-
Appendix A - Recoverable and Nonrecoverable Error Codes
-
Appendix B - System Usage of MGW Keepalive Parameters
-
Glossary
-
Feedback
Table Of Contents
Start or Stop of Signaling System 7 - Circuit Identification Code Audit - Audit (2)
Call Exceeds a Long-Duration Threshold - Audit (4)
Critical Internal Audit Failure - Audit (5)
Major Internal Audit Failure - Audit (6)
Minor Internal Audit Failure - Audit (7)
Warning From Internal Audit - Audit (8)
Softswitch Audit SIP CCB Release - Audit (9)
Memory Audit Complete Status - Audit (10)
Critical Network Time Protocol Service Failure - Audit (11)
Major Network Time Protocol Service Failure - Audit (12)
Minor Network Time Protocol Service Failure - Audit (13)
Network Time Protocol Service Warning - Audit (14)
Critical Index Shared Memory Error - Audit (15)
Process Heap Memory Usage Exceeds Minor Threshold Level - Audit (16)
Process Heap Memory Usage Exceeds Major Threshold Level - Audit (17)
Process Heap Memory Usage Exceeds Critical Threshold Level - Audit (18)
Recovered Memory of Stale Call - Audit (19)
Audit Found Lost Call Data Record - Audit (20)
Critical Internal Audit Failure - Audit (5)
Major Internal Audit Failure - Audit (6)
Minor Internal Audit Failure - Audit (7)
Critical Network Time Protocol Service Failure - Audit (11)
Major Network Time Protocol Service Failure - Audit (12)
Minor Network Time Protocol Service Failure - Audit (13)
Critical Index Shared Memory Error - Audit (15)
Process Heap Memory Usage Exceeds Minor Threshold Level - Audit (16)
Process Heap Memory Usage Exceeds Major Threshold Level - Audit (17)
Process Heap Memory Usage Exceeds Critical Threshold Level - Audit (18)
Audit Found Lost Call Data Record - Audit (20)
Audit Troubleshooting
Revised: July 22, 2009, OL-8000-32Introduction
This chapter provides the information needed to monitor and troubleshoot Audit events and alarms. This chapter is divided into the following sections:
•
Audit Events and Alarms - Provides a brief overview of each Audit event and alarm.
•
•
Audit Events and Alarms
This section provides a brief overview of the Audit events and alarms for the Cisco BTS 10200 Softswitch in numerical order. Table 2-1 lists all of the audit events and alarms by severity.
Note
AUDIT (1)
For additional information, refer to the "Test Report - Audit (1)" section.
DESCRIPTION
Test Report
SEVERITY
Information (INFO)
THRESHOLD
100
THROTTLE
0
PRIMARY
CAUSEThis event is used for testing the new "Audit" category.
PRIMARY
ACTIONNo action is necessary.
AUDIT (2)
For additional information, refer to the "Start or Stop of Signaling System 7 - Circuit Identification Code Audit - Audit (2)" section.
AUDIT (3)
To monitor and correct the cause of the event, refer to the "Signaling System 7 Circuit Identification Code Audit Terminated Before Successful Completion - Audit (3)" section.
AUDIT (4)
To monitor and correct the cause of the event, refer to the "Call Exceeds a Long-Duration Threshold - Audit (4)" section
AUDIT (5)
To troubleshoot and correct the cause of the alarm, refer to the "Critical Internal Audit Failure - Audit (5)" section.
AUDIT (6)
To troubleshoot and correct the cause of the alarm, refer to the "Major Internal Audit Failure - Audit (6)" section.
AUDIT (7)
To troubleshoot and correct the cause of the alarm, refer to the "Minor Internal Audit Failure - Audit (7)" section.
AUDIT (8)
To monitor and correct the cause of the event, refer to the "Warning From Internal Audit - Audit (8)" section.
AUDIT (9)
To monitor and correct the cause of the event, refer to the "Softswitch Audit SIP CCB Release - Audit (9)" section.
Refer to the "Obtaining Documentation and Submitting a Service Request" section on page liii for detailed instructions on contacting Cisco TAC and opening a service request.
AUDIT (10)
For additional information, refer to the "Memory Audit Complete Status - Audit (10)" section.
AUDIT (11)
To troubleshoot and correct the cause of the alarm, refer to the "Critical Network Time Protocol Service Failure - Audit (11)" section.
AUDIT (12)
To troubleshoot and correct the cause of the alarm, refer to the "Major Network Time Protocol Service Failure - Audit (12)" section.
AUDIT (13)
To troubleshoot and correct the cause of the alarm, refer to the "Minor Network Time Protocol Service Failure - Audit (13)" section.
AUDIT (14)
To monitor and correct the cause of the event, refer to the "Network Time Protocol Service Warning - Audit (14)" section.
AUDIT (15)
To troubleshoot and correct the cause of the alarm, refer to the "Critical Index Shared Memory Error - Audit (15)" section.
AUDIT (16)
To troubleshoot and correct the cause of the alarm, refer to the "Process Heap Memory Usage Exceeds Minor Threshold Level - Audit (16)" section.
AUDIT (17)
To troubleshoot and correct the cause of the alarm, refer to the "Process Heap Memory Usage Exceeds Major Threshold Level - Audit (17)" section.
AUDIT (18)
To troubleshoot and correct the cause of the alarm, refer to the "Process Heap Memory Usage Exceeds Critical Threshold Level - Audit (18)" section.
AUDIT (19)
To monitor and correct the cause of the event, refer to the "Recovered Memory of Stale Call - Audit (19)" section.
Refer to the "Obtaining Documentation and Submitting a Service Request" section on page liii for detailed instructions on contacting Cisco TAC and opening a service request.
AUDIT (20)
To troubleshoot and correct the cause of the alarm, refer to the "Audit Found Lost Call Data Record - Audit (20)" section.
Refer to the "Obtaining Documentation and Submitting a Service Request" section on page liii for detailed instructions on contacting Cisco TAC and opening a service request.
Monitoring Audit Events
This section provides the information needed to monitor and correct Audit events. Table 2-2 lists all Audit events in numerical order and provides cross reference to each subsection in this section.
Table 2-2 Cisco BTS 10200 Softswitch Audit Events
AUDIT(1)
INFO
AUDIT(2)
Start or Stop of Signaling System 7 - Circuit Identification Code Audit - Audit (2)
INFO
AUDIT(3)
WARNING
AUDIT(4)
WARNING
AUDIT(5)
CRITICAL
AUDIT(6)
MAJOR
AUDIT(7)
MINOR
AUDIT(8)
WARNING
AUDIT(9)
WARNING
AUDIT(10)
INFO
AUDIT(11)
CRITICAL
AUDIT(12)
MAJOR
AUDIT(13)
MINOR
AUDIT(14)
WARNING
AUDIT(15)
CRITICAL
AUDIT(16)
Process Heap Memory Usage Exceeds Minor Threshold Level - Audit (16)
MINOR
AUDIT(17)
Process Heap Memory Usage Exceeds Major Threshold Level - Audit (17)
MAJOR
AUDIT(18)
Process Heap Memory Usage Exceeds Critical Threshold Level - Audit (18)
CRITICAL
AUDIT(19)
WARNING
AUDIT(20)
MAJOR
Test Report - Audit (1)
The Test Report event is used for testing the audit event category. The event is informational and no further action is required.
Start or Stop of Signaling System 7 - Circuit Identification Code Audit - Audit (2)
The Start or Stop of Signaling System 7 - Circuit Identification Code Audit event occurs as part of normal Cisco BTS 10200 Softswitch operation. The event is informational and no further action is required.
Signaling System 7 Circuit Identification Code Audit Terminated Before Successful Completion - Audit (3)
The Signaling System 7 Circuit Identification Code Audit Terminated Before Successful Completion event serves as a warning that a higher priority SS7 CIC audit has interrupted and terminated a lower priority SS7 CIC audit. To control the occurrence of this event an SS7 remote termination audit should not be scheduled to occur while a periodic SS7 local termination audit is executing.
Call Exceeds a Long-Duration Threshold - Audit (4)
The Call Exceeds a Long-Duration Threshold event serves as a warning that a call has exceeded the current the Cisco BTS 10200 Softswitch system long-duration threshold. If there is reason to believe the call is no longer valid, the associated trunk facility should be released.
To check the current threshold setting for Long Duration calls, proceed as follows:
Step 1
# grep LongDuration /opt/OptiCall/`ls /opt/OptiCall | grep CA`/bin/platform.cfgStep 2
Example results:
Args=-ems_pri_dn blg-asys07EMS.mssol.cisco.com -ems_sec_dn blg-asys07EMS.mssol.cisco.com -port 15260-QCheckInterval1 1000 -QCheckInterval2 4500 -RecordGenTime 00:00:00 -LongDurationAllowance 1440-QCheckInterval3 60 -MyCaBillingDn blg-asys07CA.mssol.cisco.com
Note
Critical Internal Audit Failure - Audit (5)
The Critical Internal Audit Failure alarm (critical) indicates that a critical internal audit failure has occurred. To troubleshoot and correct the cause of the Critical Internal Audit Failure alarm, refer to the "Critical Internal Audit Failure - Audit (5)" section.
Major Internal Audit Failure - Audit (6)
The Major Internal Audit Failure alarm (major) indicates that a major internal audit failure has occurred. To troubleshoot and correct the cause of the Major Internal Audit Failure alarm, refer to the "Major Internal Audit Failure - Audit (6)" section.
Minor Internal Audit Failure - Audit (7)
The Minor Internal Audit Failure alarm (minor) indicates that a minor internal audit failure has occurred. To troubleshoot and correct the cause of the Minor Internal Audit Failure alarm, refer to the "Minor Internal Audit Failure - Audit (7)" section.
Warning From Internal Audit - Audit (8)
The Warning From Internal Audit event serves as a warning that a problem with an internal audit has occurred. To correct the internal audit problem refer to the failure details (220), probable cause (80), and corrective actions (80) listed in the data field. Additionally, refer to the previous critical, major, and minor internal audit failure sections.
Softswitch Audit SIP CCB Release - Audit (9)
The Softswitch Audit SIP CCB Release event serves as a warning that one side of the BTS 10200 was inactive. To correct the primary cause of the event, let the SIA determine whether a network error or DNS error has occurred. The secondary cause of the event is that a software error has occurred. To correct the secondary cause of the event, contact Cisco TAC. Refer to the "Obtaining Documentation and Submitting a Service Request" section on page liii for detailed instructions on contacting Cisco TAC and opening a service request.
Memory Audit Complete Status - Audit (10)
The Memory Audit Complete Status event serves as an informational alert that a SIP memory audit pass has been completed. The call data memory audit information should be checked to see if any call blocks have been cleared as a result of the audit. An investigation for root cause may be useful.
Critical Network Time Protocol Service Failure - Audit (11)
The Critical Network Time Protocol Service Failure alarm (critical) indicates that a critical Network Time Protocol (NTP) service failure has occurred. To troubleshoot and correct the cause of the Critical Network Time Protocol Service Failure alarm, refer to the "Critical Network Time Protocol Service Failure - Audit (11)" section.
Major Network Time Protocol Service Failure - Audit (12)
The Major Network Time Protocol Service Failure alarm (major) indicates that a major NTP service failure has occurred. To troubleshoot and correct the cause of the Major Network Time Protocol Service Failure alarm, refer to the "Major Network Time Protocol Service Failure - Audit (12)" section.
Minor Network Time Protocol Service Failure - Audit (13)
The Minor Network Time Protocol Service Failure alarm (minor) indicates that a minor NTP service failure has occurred. To troubleshoot and correct the cause of the Minor Network Time Protocol Service Failure alarm, refer to the "Minor Network Time Protocol Service Failure - Audit (13)" section.
Network Time Protocol Service Warning - Audit (14)
The Network Time Protocol Service Warning event serves as a warning that a problem with a NTP service has occurred. To correct the NTP service problem refer to the failure details (220), probable cause (80), and corrective actions (80) listed in the data field. Additionally, refer to the previous critical, major, and minor NTP service warning sections.
Critical Index Shared Memory Error - Audit (15)
The Critical Index Shared Memory Error alarm (critical) indicates that a critical shared memory index (IDX) error has occurred. To troubleshoot and correct the cause of the Critical Index Shared Memory Error alarm, refer to the "Critical Index Shared Memory Error - Audit (15)" section.
Process Heap Memory Usage Exceeds Minor Threshold Level - Audit (16)
The Process Heap Memory Usage Exceeds Minor Threshold Level alarm (minor) indicates that a process heap memory usage minor threshold level crossing has occurred. To troubleshoot and correct the cause of the Process Heap Memory Usage Exceeds Minor Threshold Level alarm, refer to the "Process Heap Memory Usage Exceeds Minor Threshold Level - Audit (16)" section.
Process Heap Memory Usage Exceeds Major Threshold Level - Audit (17)
The Process Heap Memory Usage Exceeds Major Threshold Level alarm (major) indicates that a process heap memory usage major threshold level crossing has occurred. To troubleshoot and correct the cause of the Process Heap Memory Usage Exceeds Major Threshold Level alarm, refer to the "Process Heap Memory Usage Exceeds Major Threshold Level - Audit (17)" section.
Process Heap Memory Usage Exceeds Critical Threshold Level - Audit (18)
The Process Heap Memory Usage Exceeds Critical Threshold Level alarm (critical) indicates that a process heap memory usage critical threshold level crossing has occurred. To troubleshoot and correct the cause of the Process Heap Memory Usage Exceeds Critical Threshold Level alarm, refer to the "Process Heap Memory Usage Exceeds Critical Threshold Level - Audit (18)" section.
Recovered Memory of Stale Call - Audit (19)
The Recovered Memory of Stale Call event serves as a warning that recovery of memory from a stale call has occurred. The primary cause of the warning is that a loss of communication with originating or terminating side occurred. To correct the primary cause of the warning, check if adjacent network element link is up and that the adjacent network element is properly communicating with the Cisco BTS 10200 Softswitch. The secondary cause of the warning is that an adjacent network device has a protocol error. To correct the secondary cause of the warning, check the adjacent network device protocol compatibility with the Cisco BTS 10200 Softswitch. The ternary cause of the warning is an internal software error. If a internal software error has occurred, contact Cisco to obtain technical assistance. Refer to the "Obtaining Documentation and Submitting a Service Request" section on page liii for detailed instructions on contacting Cisco TAC and opening a service request.
Audit Found Lost Call Data Record - Audit (20)
The Audit Found Lost Call Data Record alarm (major) indicates that an audit process has found a lost call data record. To troubleshoot and correct the cause of the Audit Found Lost Call Data Record alarm, refer to the "Audit Found Lost Call Data Record - Audit (20)" section.
Troubleshooting Audit Alarms
This section provides the information needed to troubleshoot and correct Audit alarms. Table 2-3 lists all Audit alarms in numerical order and provides cross reference to each subsection in this section.
Table 2-3 Cisco BTS 10200 Softswitch Audit Alarms
AUDIT(5)
CRITICAL
AUDIT(6)
MAJOR
AUDIT(7)
MINOR
AUDIT(11)
CRITICAL
AUDIT(12)
MAJOR
AUDIT(13)
MINOR
AUDIT(15)
CRITICAL
AUDIT(16)
Process Heap Memory Usage Exceeds Minor Threshold Level - Audit (16)
MINOR
AUDIT(17)
Process Heap Memory Usage Exceeds Major Threshold Level - Audit (17)
MAJOR
AUDIT(18)
Process Heap Memory Usage Exceeds Critical Threshold Level - Audit (18)
CRITICAL
AUDIT(20)
MAJOR
Critical Internal Audit Failure - Audit (5)
The Critical Internal Audit Failure alarm (critical) indicates that a critical internal audit failure has occurred. To find the probable causes of the alarm, review the data field "Failure Details" and "Probable Causes" datawords. For the corrective actions for the alarm, review the data field "Corrective Actions" dataword. Once the "Corrective Actions" dataword has been reviewed, proceed with the corrective actions listed.
Major Internal Audit Failure - Audit (6)
The Major Internal Audit Failure alarm (major) indicates that a major internal audit failure has occurred. To find the probable causes of the alarm, review the data field "Failure Details" and "Probable Causes" datawords. For the corrective actions for the alarm, review the data field "Corrective Actions" dataword. Once the "Corrective Actions" dataword has been reviewed, proceed with the corrective actions listed.
Minor Internal Audit Failure - Audit (7)
The Minor Internal Audit Failure alarm (minor) indicates that a minor internal audit failure has occurred. To find the probable causes of the alarm, review the data field "Failure Details" and "Probable Causes" datawords. For the corrective actions for the alarm, review the data field "Corrective Actions" dataword. Once the "Corrective Actions" dataword has been reviewed, proceed with the corrective actions listed.
Critical Network Time Protocol Service Failure - Audit (11)
The Critical Network Time Protocol Service Failure alarm (critical) indicates that a critical NTP service failure has occurred. To find the probable causes of the alarm, review the data field "Failure Details" and "Probable Causes" datawords. For the corrective actions for the alarm, review the data field "Corrective Actions" dataword. Once the "Corrective Actions" dataword has been reviewed, proceed with the corrective actions listed.
Major Network Time Protocol Service Failure - Audit (12)
The Major Network Time Protocol Service Failure alarm (major) indicates that a major NTP service failure has occurred. To find the probable causes of the alarm, review the data field "Failure Details" and "Probable Causes" datawords. For the corrective actions for the alarm, review the data field "Corrective Actions" dataword. Once the "Corrective Actions" dataword has been reviewed, proceed with the corrective actions listed.
Minor Network Time Protocol Service Failure - Audit (13)
The Minor Network Time Protocol Service Failure alarm (minor) indicates that a minor NTP service failure has occurred. To find the probable causes of the alarm, review the data field "Failure Details" and "Probable Causes" datawords. For the corrective actions for the alarm, review the data field "Corrective Actions" dataword. Once the "Corrective Actions" dataword has been reviewed, proceed with the corrective actions listed.
Critical Index Shared Memory Error - Audit (15)
The Critical Index Shared Memory Error alarm (critical) indicates that a critical shared memory index error has occurred. To find the probable causes of the alarm, review the data field "Failure Details" and "Probable Causes" datawords. For the corrective actions for the alarm, review the data field "Corrective Actions" dataword. Once the "Corrective Actions" dataword has been reviewed, proceed with the corrective actions listed.
Process Heap Memory Usage Exceeds Minor Threshold Level - Audit (16)
The Process Heap Memory Usage Exceeds Minor Threshold Level alarm (minor) indicates that a process heap memory usage minor threshold level crossing has occurred. The primary cause of the alarm is that the increase in heap usage is due to a high call volume of traffic or a maintenance operation. Frequently monitor heap usage and see whether it is approaching major threshold level.
Process Heap Memory Usage Exceeds Major Threshold Level - Audit (17)
The Process Heap Memory Usage Exceeds Major Threshold Level alarm (major) indicates that a process heap memory usage major threshold level crossing has occurred. The primary cause of the alarm is that the increase in heap usage is due to a high call volume of traffic, a maintenance operation, a software problem. To isolate and correct the primary cause of the alarm, schedule a switchover during a maintenance window.
Process Heap Memory Usage Exceeds Critical Threshold Level - Audit (18)
The Process Heap Memory Usage Exceeds Critical Threshold Level alarm (critical) indicates that a process heap memory usage critical threshold level crossing has occurred. The primary cause of the alarm is that the increase in heap usage is due to a high call volume of traffic, a maintenance operation, a software problem. To isolate and correct the primary cause of the alarm, schedule a switchover during a maintenance window as soon as possible.
Audit Found Lost Call Data Record - Audit (20)
The Audit Found Lost Call Data Record alarm (major) indicates that an audit process has found a lost call data record. The primary cause of the alarm is that a software error has occurred; however, the orphaned records are recovered on detection 2d. To correct the primary cause of the alarm, contact Cisco TAC. Refer to the "Obtaining Documentation and Submitting a Service Request" section on page liii for detailed instructions on contacting Cisco TAC and opening a service request.
