cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
115
Views
0
Helpful
6
Replies
Highlighted
Cisco Employee

Device connection fails after HA failover

 

Hi Team,

 

 

I have NSO 4.1.1 system install. I have two nodes configured in HA mode. From the master node I was able to successfully connect to my  CSR 1000v cisco-ios device. I did an HA failover. Now from my slave i.e. (the new master) I am issuing the command,

 

“request device device <device-name> connect”

 

 

I am getting the error: failed to authentication towards device …… : Bad password for local/remote user admin/admin Auth failed.

 

 

I checked I had the correct Authgroups. Eventually from my new master I had to set the password in the Authgroup again. Once I did this I was able to connect.

 

 

Is this a known issue or some pre-req needed ?

 

 

Thanks

 

Georgy

 

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Cisco Employee

 

Hi Georgy,

 

 

You will need to make sure the encryption keys are the same on both systems.

 

 

-Dan

 

View solution in original post

6 REPLIES 6
Highlighted
Cisco Employee

 

Hi Georgy,

 

 

You will need to make sure the encryption keys are the same on both systems.

 

 

-Dan

 

View solution in original post

Highlighted
Cisco Employee

 

Hi Dan,

 

 

Thanks for the prompt response. That worked.

 

 

Thanks

 

Georgy

 

Highlighted
Cisco Employee

 

Hi Fatih,

 

Its because the encryption keys must be the same on the master and slave nodes 

-Dan

 

Highlighted
Cisco Employee

 

Hi Dan,

 

 

I have the following in ncs.conf:

 

<encrypted-strings>

    <DES3CBC>

      <key1>0cde838a5de7390f</key1>

      <key2>2d86163f13a623c5</key2>

      <key3>c2b9ca51f172ee3a</key3>

      <initVector>9c8e3266fc365f0d</initVector>

    </DES3CBC>

    <AESCFB128>

     <key>e116f5ada7a0d904c20cb0ef219e55fd</key>

     <initVector>0d11f464bea7a2f3d01497abc3bbc067</initVector>

    </AESCFB128>

  </encrypted-strings>

 

Which ones do I need to copy-paster to slave? Only the values within <key> ?

 

 

Regards,

 

-Fatih

 

Highlighted
Cisco Employee

 

A rule of thumb is that the slave and master should have identical ncs.confs

 

Highlighted
Cisco Employee

 

Got that. Thanks Dan and Simon.

 

 

Regards,

 

-Fatih

 

Content for Community-Ad

This widget could not be displayed.