IOS-XR: %IP-TELNETD-3-ERR_CONNECT メッセージが出力される

ysakakur · ‎2014-10-23

Cisco IOS-XR で動作しているルータにおいて、下記のメッセージが出力される場合があります。

出力されるメッセージ例
"%IP-TELNETD-3-ERR_CONNECT : Failed to obtain a VTY for a session: ''tty-server' detected the 'resource not available' condition 'There are no TTYs available to handle the connection''"

上記メッセージはルータが VTY resource に空きがないためにTelnet による接続を拒否したことを表しておりますが、ルータに VTY ACL が設定されている場合は、ACL にて deny されるアドレスからの接続要求があった場合にも出力されるメッセージとなります。（上記動作は IOS XR の仕様動作となります。）

よって、VTY ACL の設定をされている場合は、VTY の resource を確認するだけでなく、不正アクセスの可能性についても考慮する必要があります。

GIANRICO FICHERA · ‎2015-02-07

The error message "'tty-server' detected the 'resource not available' condition 'There are no TTYs available to handle the connection'' is also related to the bug CSCuj61034 (IOS-XR 4.2.3/4.3.2).

The bug only refers to ssh sessions but I have also had the same problem with telnet access.

If that's your case, you could try the command: "process restart devc-vty" to work around the problem.

One symptom of this problem is the presence of a number of processes named "devc-vty" equal to the maximum number of sessions enabled (for example with the command: "telnet vrf default ipv4 server max-servers <n>").

RP/0/RSP0/CPU0:test_9001#sh process | include vty

Fri Feb  6 13:29:43.699 UTC
183    1    0   44K  10 Receive        0:00:00:0371    0:00:20:0490 devc-vty
183    2    2   44K  10 Receive     1873:19:03:0834    0:00:00:0000 devc-vty
183    3    1   44K  10 Sigwaitinfo    1:45:02:0585    0:00:00:0185 devc-vty
183    4    2   44K  10 Receive        0:00:18:0767    0:00:48:0586 devc-vty
183    5    1   44K  10 Sem         1873:19:03:0186    0:00:00:0001 devc-vty

You may also not be able to connect via SSH and have messages like this one:

"RP/0/RSP0/CPU0:Feb 6 13:40:05.014 : SSHD_[65722]: %SECURITY-SSHD-3-ERR_GENERAL : Failed to allocate pty"

In this case I think that you can solve the problem only through a console connection.

Gianrico Fichera

ITESYS SRL

ysakakur · ‎2015-02-13

Hi, GIANRICO

Thank you for the comment and information.

The document I uploaded is not a trouble, but a FYI. I just want to announce that the message, "%IP-TELNETD-3-ERR_CONNECT : Failed to obtain a VTY for a session: ''tty-server' detected the 'resource not available' condition 'There are no TTYs available to handle the connection'' can be displayed if VTY resource is available. You can also see the message if someone is disconnected by VTY ACL. This behavior can confuse the users, so I uploaded it.

marcelogontad · ‎2015-06-02

Hi ysakakur,

I have the same behavior than you have, but i'm running IOS XR 5.1.2.

Every time one not allowed host is trying to get access to the router this both message shows up:

RP/0/RP0/CPU0:Jun 1 14:49:25.163 : devc-vty[181]: %MGBL-TTY-6-CONNECTION_DENY_ACL_ERROR : Connection denied by ACL mismatch. Source Add 82.212.145.88. Dest Add 190.94.176.114. Source Port 59853. Dest port 23. Acl VTY-management-access.
RP/0/RP0/CPU0:Jun 1 14:49:25.253 : TELNETD_[65749]: %IP-TELNETD-3-ERR_CONNECT : Failed to obtain a VTY for a session: ''tty-server' detected the 'resource not available' condition 'There are no TTYs available to handle the connection

ysakakur · ‎2015-06-02

Hi, marcelogontad

Thank you for the comment.

If you configure VTY ACL, and user who is not allowed to access the router by VTY ACL tried to access, IOX router displayed "resource not availanble" message as well.

So it's expected.