Re: CSCvk38018 - Switch running 3.8.1a is getting filled with aaa log errors

Computacenter NS Tech. Support · ‎02-17-2020

OS 16.12.02 Early Deployment (ED) on C9407R is also impacted by this Bug

%AAA-3-SERVER_INTERNAL_ERROR: Switch 1 R0/0: sessmgrd: Server ';(null)';: No server stats to increment access accept count! -Traceback=
1#c5722304bbbe1542f41266784cb8c2cb errmsg:FFF36C8000+1588 bi_baaa_core: ...//...

Conditions:
"server-private" configured instead of "server name"

Workaround:
Change "server-private" for "server name"

SH RUN | AAA GROUP =>
aaa group server radius NAC
server-private x.x.x.x auth-port 1812 acct-port 1813 timeout 30 key 7 <removed> server-private y.y.y.y auth-port 1812 acct-port 1813 timeout 30 key 7 <removed> ip radius source-interface Vlan1 !
aaa group server tacacs+ BNPtacacs
server-private x.x.x.x time

Leo Laohoo · ‎02-17-2020

Please post the complete output to the following commands:
1. sh run; and
2. sh log

Computacenter NS Tech. Support · ‎02-17-2020

hello

Can I attach the sh tech here ?

Computacenter NS Tech. Support · ‎02-17-2020

Here the SH TECH

includes SH RUN and logs showing same errors

log extract :

---------------------------------------------------

| Syslogs with Severity level Errors

---------------------------------------------------

Error message (Seen 81 times, the most recent at Feb 11 11:26:57.792):

AAA-3-SERVER_INTERNAL_ERROR: Server '[IP_address]': [chars]

Explanation:

This is an internal software error in the AAA server group subsystem.

lb123 · ‎03-03-2020

Anyone get a resolution on this issue? I am getting the same thing with our 9300 switches, but none of our other models. We are using server-private because we need authentication with our ISE server and to have a failover. As far as I know, server name only does failover and not encryption.