LMS 3.2 with RME 4.3.1 not Archiving configuration

Anupam Datta · ‎10-21-2010

HI ,

I am facing problem in Ciscoworks in Fetching config Archieve from Cisco ASA-5510 Adaptive Security Appliance . I am using LMS 3.2 and RME 4.3.1

SSH is enable in the device, and from LMS server I am able to connect through Putty. Also from Management station to Device it showing SSH is up for both version. But from RME its failing Its giving below mentioned error

Device: COGINHYDGCBDFHRTF1 Status: Failed

*** Device Details for COGINHYDGCBDFHRTF1 ***

Protocol ==> Unknown / Not Applicable

Selected Protocols with order ==> SSH,Telnet,TFTP,RCP,SCP,HTTPS

Execution Result:

RUNNING

CM0151 PRIMARY RUNNING Config fetch failed for COGINHYDGCBDFHRTF1 Cause: Couldnot enter ENABLE Mode from USER Mode on 10.241.44.220.TELNET: Failed to establish TELNET connection to 10.241.44.220 - Cause: Connection refused.

Action: Check if protocol is supported by device and required device package is installed. Check device credentials. Increase timeout value, if required.

I have tried from LMS server by telneting to port 22, its giving below output------SSH-1.99-Cisco-1.25

When I have tried to test device credentials for SSH and SSH Enable mode, then below output I am getting. SSH remains blank status.

	Device Name	SSH	Enable by SSH
1.	COGINHYDGCBDFHRTF1		Did Not Try

Pls help to resolve this.

Joe Clarke · ‎10-23-2010

The problem is that RME cannot enter enable mode on the ASA. Check the enable password in DCR for this device. Make sure you can login to the ASA using SSH with the username/password and enable password combination found in DCR. If in doubt, re-enter the credentials in DCR.

Anupam Datta · ‎10-25-2010

Hi,

As I have described I am properly able to login with the same credential from LMS server with Putty, but from LMS its not happening.Rather when I am I am checking Device Credential for SSH , its showing the output as I have mentioned my earier post. It seems LMS is not trying to login for some reason.

Please help

Joe Clarke · ‎10-25-2010

According to the output you've shown thus far, it appears there isn't any enable password entered in DCR for this device. Go to Common Services > Device and Credentials > Device Management, select this device, and click Edit Credentials. Re-enter the correct enable password. Then see if the config archive works. If not, enable ArchiveMgmt Service debugging under RME > Admin > System Preferences > Application Loglevel Settings, re-run the sync archive, then post the dcmaservice.log.

Anupam Datta · ‎10-26-2010

I have checked and found that Authenticaion from Putty is Ok , But only Sh run Authorization given for this Userid. Is this the problem ? Which commands should be authorized ?

Joe Clarke · ‎10-26-2010

Yep, that's the most likely problem. You will need to authorize "show privilege level", "terminal length 0", "terminal width 0", "show running-config brief", "show running-config", and "show startup-config".

Anupam Datta · ‎10-27-2010

This is for cisco ASA firewall, where "show running-config" and "show startup-config".The devive has been integrated with ACS where Privillege level 3 is given and "show running-config" is permitted only. With same Privillege level Switches are working properly, for ASA what all other commands need to permit Please suggest

Rajiv Dasmohapatra · ‎10-27-2010

Hi Anupam,

For ASA you should also use pager line 0 / ter pager 0 additional to commands suggested by Joe.

best regards // Rajiv

Anupam Datta · ‎10-28-2010

Please find the Debug files and please suggest