cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
52
Views
0
Helpful
6
Replies
Highlighted
Cisco Employee

Device connection fails after HA failover

 

Hi Team,

 

 

I have NSO 4.1.1 system install. I have two nodes configured in HA mode. From the master node I was able to successfully connect to my  CSR 1000v cisco-ios device. I did an HA failover. Now from my slave i.e. (the new master) I am issuing the command,

 

“request device device <device-name> connect”

 

 

I am getting the error: failed to authentication towards device …… : Bad password for local/remote user admin/admin Auth failed.

 

 

I checked I had the correct Authgroups. Eventually from my new master I had to set the password in the Authgroup again. Once I did this I was able to connect.

 

 

Is this a known issue or some pre-req needed ?

 

 

Thanks

 

Georgy

 

Everyone's tags (4)
1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: Device connection fails after HA failover

 

Hi Georgy,

 

 

You will need to make sure the encryption keys are the same on both systems.

 

 

-Dan

 

6 REPLIES 6
Cisco Employee

Re: Device connection fails after HA failover

 

Hi Georgy,

 

 

You will need to make sure the encryption keys are the same on both systems.

 

 

-Dan

 

Cisco Employee

Re: Device connection fails after HA failover

 

Hi Dan,

 

 

Thanks for the prompt response. That worked.

 

 

Thanks

 

Georgy

 

Cisco Employee

Re: Device connection fails after HA failover

 

Hi Fatih,

 

Its because the encryption keys must be the same on the master and slave nodes 

-Dan

 

Cisco Employee

Re: Device connection fails after HA failover

 

Hi Dan,

 

 

I have the following in ncs.conf:

 

<encrypted-strings>

    <DES3CBC>

      <key1>0cde838a5de7390f</key1>

      <key2>2d86163f13a623c5</key2>

      <key3>c2b9ca51f172ee3a</key3>

      <initVector>9c8e3266fc365f0d</initVector>

    </DES3CBC>

    <AESCFB128>

     <key>e116f5ada7a0d904c20cb0ef219e55fd</key>

     <initVector>0d11f464bea7a2f3d01497abc3bbc067</initVector>

    </AESCFB128>

  </encrypted-strings>

 

Which ones do I need to copy-paster to slave? Only the values within <key> ?

 

 

Regards,

 

-Fatih

 

Cisco Employee

Re: Device connection fails after HA failover

 

A rule of thumb is that the slave and master should have identical ncs.confs

 

Cisco Employee

Re: Device connection fails after HA failover

 

Got that. Thanks Dan and Simon.

 

 

Regards,

 

-Fatih

 

Content for Community-Ad
August's Community Spotlight Awards
This widget could not be displayed.