Solved: LMS 3.2 issues

dionjiles · ‎11-25-2009

Hi all,

I'm having huge problems with LMS 3.2.....after doing a discovery I didn't like what was imported into the DCR.

So I deleted the devices out of Common Services, and re-imported the file so I can get an accurate number of devices

I am managing. Now RME doesn't seem to like/or find the Default credentials I configured in CS.

I'm checked all the devices in CS and told it to use the default credentials and it still not working, Inventory is failing, device credential

verification is not working. I'm trying my best to migrate from my old server with LMS 3.1 to the new server with LMS 3.2 as quickly

as possible. I also re-initalized the DB for RME and DFM.

Joe Clarke · ‎11-30-2009

It's not a question of credentials. It's a question of the privacy algorithm of AES-128. The device does not like this algorithm. Check the "show snmp user" output from the device for cscowrkspriv3. Make sure you're using the correct algorithm.

View solution in original post

Joe Clarke · ‎12-01-2009

Well this is consistent with the fact that LMS 3.1 is working. It really sounds like you had applied credential sets to those imported devices to fill in the gaps (i.e. where LMS 3.1 did not have credentials). The gaps that were filled in caused the RME to use invalid credentials when communicating with devices. You may consider diversifying the credential sets (i.e. creating a policy for SNMPv3 devices and one for SNMPv1/v2c devices). This way, you can conditionally apply default credentials to future devices.

View solution in original post

Joe Clarke · ‎11-25-2009

Are you sure the failures are due to a credential problem? If so, select all the devices from DCR, and click the Update Credentials button. Manually re-enter the correct credentials, and see if that corrects the RME problems.

dionjiles · ‎11-25-2009

Okay I think I done that.....but I will try again....

I just re-imported the devices so I'm letting RME do its Inventory and Device Mgmt collection in RME.

If I encounter the same issue as before I will try manually typing the credentials again, its funny though some devices are fine and a majority or not.

dionjiles · ‎11-25-2009

Alright I followed your recommendations and tried to re-run inventory collection and the devices are immediately failing.

Transport session to device failed. Cause:Authentication failed on device.

Joe Clarke · ‎11-25-2009

Export the devices from DCR under Common Services > Device and Credentials > Device Management, and look at the CSV file to see if DCR has the correct credentials.

dionjiles · ‎11-27-2009

I have verified that all the right credentials are entered in the device export.

This is the exactly same files as used from my server with LMS 3.1 installed.....I configured the server with

LMS 3.2 to mirror this server and it worked a couple of weeks ago. I don't understand why some of the devices

are working and some or not....I have 25 out of 425 devices that are able to get a success inventory collection

This is mind boggling.....

dionjiles · ‎11-27-2009

I'm thinking of Re-initializing the DB for CS to see if this solves the problem.....obviously since anything else isn't working.

dionjiles · ‎11-27-2009

The thing that concerns me is in RME the Configs are getting archived, but the Ineventory Collection is failing.

I had the exact same problem a couple of weeks ago and I opened a TAC, but ended up rebooting the server and got everything

working problem. This is not the case now.

Joe Clarke · ‎11-27-2009

Start a sniffer trace filtering on udp/161 traffic to ONE failing device. Then perform a new inventory collection for that device. When it fails, post the sniffer trace and the IC_Server.log.

dionjiles · ‎11-30-2009

Hi,

Please see attachment.

Please advise my next steps to perform.

Joe Clarke · ‎11-30-2009

It looks like you have misconfigured SNMPv3 authPriv in DCR. What are the configured SNMPv3 parameters on the device, and what do you have configurered in DCR?

dionjiles · ‎11-30-2009

I verified the credentials and validated that I am using the right credentials in the DCR as well as the device.

I also have a large number of number of devices that have SNMP1 and 2 configured that are failing as well.

I just ran an sniff on a device and it appears to be trying to use SNMP V3 versus 1 and 2.

Joe Clarke · ‎11-30-2009

This is probably due to a DCR misconfiguration. Export the DCR credentials for this device, then post the resulting CSV file.

dionjiles · ‎11-30-2009

Here you go.....

Joe Clarke · ‎11-30-2009

The reason it is using SNMPv3 is because you have configured SNMPv3 in DCR. You are saying that this device is configured for SNMPv3 authPriv with SHA-1 hashing and AES-128 encryption. The device is saying that it does not support or is not configured for AES-128 encryption. If you want to use SNMPv1 or v2c, then unconfigure the SNMPv3 parameters in DCR.