cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
230
Views
0
Helpful
5
Replies
Highlighted
Cisco Employee

Adding netsim devices to system install : Access check failed

 

Hi all;

Never seen this error before… anyone got any ideas?

#ncs-netsim cli-i asr9k_0
Access check failed

 

 

 

 

I trying to add a netsim device to an existing system install:

 



I have created a authgroup “netsim” like this, but I don’t think the problem is here:
devices authgroups group netsim

 

umap admin

 

  remote-name               admin

 

  remote-password           $8$8l6Hbgrl0MqyJvKLroZmtfQ4SvpjUhuyt0gyG/2vHt4=

 

  remote-secondary-password $8$MuYyhbc3qqPZp9VCVQH6fvcEEnCXjzYSUcOAF27JbcE=

 

!

 

!

 



Have checked the logs: No log file is touched.

Best Regards
Paulo Oliveira

 

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: Adding netsim devices to system install : Access check failed

 

Paulo,

 

 

Problem solved:

This configuration was present in ncs.conf
<ncs-ipc-access-check>

 

    <enabled>true</enabled>

 

    <filename>${NCS_DIR}/etc/ncs/ipc_access</filename>

 

</ncs-ipc-access-check>

 


After changing it to false and removing the environment variable
NCS_IPC_ACCESS_FILE
… everything back to normal, netsim devices added and also reachable.

 

 

But you have also turned off IPC security, so don't do this in a production system.

 

 

Best Regards,

 

/jan

 

View solution in original post

5 REPLIES 5
Cisco Employee

Re: Adding netsim devices to system install : Access check failed

 

Can you turn on traces?

 

Roque

 

Cisco Employee

Re: Adding netsim devices to system install : Access check failed

 

Thanks Roque;

 

Enable trace to the device:
admin@ncs(config)# devices device asr9k_0 trace raw

 


Tried to connect:
admin@ncs# devices device asr9k_0 connect

 

result false

 

info Failed to connect to device asr9k_0: connection refused: ned_external_error ned_connect_cli: unknown device

A file was created: ned-cisco-ios-xr-asr9k_0.trace

 

 

File content is:

 

>> 6-Oct-2016::12:08:39.606 CLI CONNECT to asr9k_0-127.0.0.1:10022 as admin (Trace=true) 

<< 6-Oct-2016::12:08:39.608 SET-TIMOUT 

<< 6-Oct-2016::12:08:39.934 ERROR: Network Element Driver error econnrefused for device asr9k_0: ned_external_error ned_connect_cli: unknown device

 

Cisco Employee

Re: Adding netsim devices to system install : Access check failed

 


This configuration was present in ncs.conf
<ncs-ipc-access-check> 

    <enabled>true</enabled>

<filename>${NCS_DIR}/etc/ncs/ipc_access</filename>

</ncs-ipc-access-check>

 


After changing it to false and removing the environment variable
NCS_IPC_ACCESS_FILE
… everything back to normal, netsim devices added and also reachable.

 



Best Regards
Paulo Oliveira

 

Cisco Employee

Re: Adding netsim devices to system install : Access check failed

 

Paulo,

 

 

Problem solved:

This configuration was present in ncs.conf
<ncs-ipc-access-check>

 

    <enabled>true</enabled>

 

    <filename>${NCS_DIR}/etc/ncs/ipc_access</filename>

 

</ncs-ipc-access-check>

 


After changing it to false and removing the environment variable
NCS_IPC_ACCESS_FILE
… everything back to normal, netsim devices added and also reachable.

 

 

But you have also turned off IPC security, so don't do this in a production system.

 

 

Best Regards,

 

/jan

 

View solution in original post

Cisco Employee

Re: Adding netsim devices to system install : Access check failed

 

 

IMHO, the IPC access check should only be used during certain circumstances. In particular only when you have non trusted shell users on the NSO host.

 

 

If you don't - there is no need to use the IPC access ctl, it'll just add to the confusion if you do.

 

 

By shell users, I mean actual user logins to the NSO hosts, and you don't want those users to have access to NSO, or you want those users to have to abide by the NACM rules.

 

 

/klacke

 

Content for Community-Ad
August's Community Spotlight Awards
This widget could not be displayed.