Hi Joseph -
Thanks for spending time trying to solve our issues. Even though we didn't find out what exactly was wrong and how to solve the problem by fixing it, TAC seems to agree with you - their course of action at this time is to completely rebuild our LMS server.
I seems face the same problem with you, Can you please mention me how you resolve this problem?
There appears to be a documentation problem for LMS 3.2 - it all came down to undocumented ports not being open in the Windows firewall.
The DFM engine seems to be performing its own connectivity testing during the discovery process. It is expecting simple ICMP return packets, and while the LMS installation routine added dozens of ports to the Windows firewall configuration it did not add ports required for this type of traffic. If you completely disable the Windows firewall (not an option for us) then the discovery works fine.
Took Cisco TAC two months to figure this out.
Thanks for following up back to the community. I was helping your engineer identify the root cause here. Yes, ICMP was not being allowed back into the server. DFM requires ICMP connectivity between itself and the management IP of each device before it will manage the device.
I tried to disable windows firewall, it works... Before disable firewall, I add firewall inbound / outbound rule to allow snmp & snmp trap ( udp port 161, 162 ), but it did not work. Can you please tell me how to add inbound / outbound rule to allow the DFM work?
You need to allow IPv4 ICMP (i.e. ping traffic) on the inbound path. That is, enable inbound ICMP echo replies.
The ping between ciscoworks server and network device is ok, the windows firewall outbound rule is allow all, and I have allow udp port 161 & 162 in inbound rule. but I still fail to import. I installed WireShark at Ciscoworks server, I can see several icmp request / reply packets, but I can not see the following snmp query packets send from ciscoworks server. ( if disable windows firewall, I can see snmp query packets send from ciscoworks server, and import is success )
You must add an explicit rule allowing in ICMP. Windows ping will work, but DFM will not until you add this rule.