Cisco Community
English
Register
Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
230
Views
0
Helpful
5
Replies
Highlighted
khgrant
khgrant Cisco Employee
Cisco Employee
‎10-12-2016 12:26 PM
‎10-12-2016 12:26 PM

Adding netsim devices to system install : Access check failed

 

Hi all;
Never seen this error before… anyone got any ideas?

#ncs-netsim cli-i asr9k_0
Access check failed

 

 

 

 

I trying to add a netsim device to an existing system install:

 



I have created a authgroup “netsim” like this, but I don’t think the problem is here:
devices authgroups group netsim

 

umap admin

 

  remote-name               admin

 

  remote-password           $8$8l6Hbgrl0MqyJvKLroZmtfQ4SvpjUhuyt0gyG/2vHt4=

 

  remote-secondary-password $8$MuYyhbc3qqPZp9VCVQH6fvcEEnCXjzYSUcOAF27JbcE=

 

!

 

!

 



Have checked the logs: No log file is touched.

Best Regards
Paulo Oliveira

 

0 Helpful
Reply
1 ACCEPTED SOLUTION

Accepted Solutions
khgrant
khgrant Cisco Employee
Cisco Employee
‎10-12-2016 01:58 PM
‎10-12-2016 01:58 PM

Re: Adding netsim devices to system install : Access check failed

 

Paulo,

 

 

Problem solved:

This configuration was present in ncs.conf
<ncs-ipc-access-check>

 

    <enabled>true</enabled>

 

    <filename>${NCS_DIR}/etc/ncs/ipc_access</filename>

 

</ncs-ipc-access-check>

 


After changing it to false and removing the environment variable NCS_IPC_ACCESS_FILE
 … everything back to normal, netsim devices added and also reachable.

 

 

But you have also turned off IPC security, so don't do this in a production system.

 

 

Best Regards,

 

/jan

 

View solution in original post

0 Helpful
Reply
5 REPLIES 5
khgrant
khgrant Cisco Employee
Cisco Employee
‎10-12-2016 01:55 PM
‎10-12-2016 01:55 PM

Re: Adding netsim devices to system install : Access check failed

 

Can you turn on traces?

 

Roque

 

0 Helpful
Reply
khgrant
khgrant Cisco Employee
Cisco Employee
‎10-12-2016 01:56 PM
‎10-12-2016 01:56 PM

Re: Adding netsim devices to system install : Access check failed

 

Thanks Roque;

 

Enable trace to the device:
admin@ncs(config)# devices device asr9k_0 trace raw

 


Tried to connect:
admin@ncs# devices device asr9k_0 connect

 

result false

 

info Failed to connect to device asr9k_0: connection refused: ned_external_error ned_connect_cli: unknown device

A file was created: ned-cisco-ios-xr-asr9k_0.trace

 

 

File content is:

 

>> 6-Oct-2016::12:08:39.606 CLI CONNECT to asr9k_0-127.0.0.1:10022 as admin (Trace=true) 

<< 6-Oct-2016::12:08:39.608 SET-TIMOUT 

<< 6-Oct-2016::12:08:39.934 ERROR: Network Element Driver error econnrefused for device asr9k_0: ned_external_error ned_connect_cli: unknown device

 

0 Helpful
Reply
khgrant
khgrant Cisco Employee
Cisco Employee
‎10-12-2016 01:57 PM
‎10-12-2016 01:57 PM

Re: Adding netsim devices to system install : Access check failed

 


This configuration was present in ncs.conf
<ncs-ipc-access-check> 

    <enabled>true</enabled>

<filename>${NCS_DIR}/etc/ncs/ipc_access</filename>

</ncs-ipc-access-check>

 


After changing it to false and removing the environment variable NCS_IPC_ACCESS_FILE
… everything back to normal, netsim devices added and also reachable.

 



Best Regards
Paulo Oliveira

 

0 Helpful
Reply
khgrant
khgrant Cisco Employee
Cisco Employee
‎10-12-2016 01:58 PM
‎10-12-2016 01:58 PM

Re: Adding netsim devices to system install : Access check failed

 

Paulo,

 

 

Problem solved:

This configuration was present in ncs.conf
<ncs-ipc-access-check>

 

    <enabled>true</enabled>

 

    <filename>${NCS_DIR}/etc/ncs/ipc_access</filename>

 

</ncs-ipc-access-check>

 


After changing it to false and removing the environment variable NCS_IPC_ACCESS_FILE
 … everything back to normal, netsim devices added and also reachable.

 

 

But you have also turned off IPC security, so don't do this in a production system.

 

 

Best Regards,

 

/jan

 

View solution in original post

0 Helpful
Reply
khgrant
khgrant Cisco Employee
Cisco Employee
‎10-12-2016 01:59 PM
‎10-12-2016 01:59 PM

Re: Adding netsim devices to system install : Access check failed

 

 

IMHO, the IPC access check should only be used during certain circumstances. In particular only when you have non trusted shell users on the NSO host.

 

 

If you don't - there is no need to use the IPC access ctl, it'll just add to the confusion if you do.

 

 

By shell users, I mean actual user logins to the NSO hosts, and you don't want those users to have access to NSO, or you want those users to have to abide by the NACM rules.

 

 

/klacke

 

0 Helpful
Reply
Latest Contents
Archived : Idea stage
Created by nivmanoh on 05-22-2018 02:53 AM
1
0
1
0
archive this
Reviewed Idea stage
Created by nivmanoh on 05-22-2018 02:53 AM
1
0
1
0
test the stage
Rejected stage Idea
Created by nivmanoh on 05-22-2018 02:52 AM
1
0
1
0
Test
Delivered stage - the idea
Created by nivmanoh on 05-22-2018 02:39 AM
1
0
1
0
Please test
Achieve the test ideas
Created by nivmanoh on 05-21-2018 11:22 PM
1
0
1
0
modes
Related Content
Blogs
Documents
Events
Videos
Ideas
Content for Community-Ad
August's Community Spotlight Awards
This widget could not be displayed.