Showing results for 
Search instead for 
Did you mean: 
Anupam Datta

LMS 3.2 with RME 4.3.1 not Archiving configuration

HI ,

I am facing problem in Ciscoworks in Fetching config Archieve from Cisco ASA-5510 Adaptive Security Appliance . I am using LMS 3.2 and RME 4.3.1

SSH is enable in the device, and from LMS server I am able to connect through Putty. Also from Management station to Device it showing SSH is up for both version. But from RME its failing Its giving below mentioned error

  Device: COGINHYDGCBDFHRTF1       Status:   Failed
*** Device Details for COGINHYDGCBDFHRTF1 ***
Protocol ==> Unknown / Not Applicable
Selected Protocols with order ==> SSH,Telnet,TFTP,RCP,SCP,HTTPS
Execution Result:
CM0151 PRIMARY RUNNING Config fetch failed for COGINHYDGCBDFHRTF1 Cause: Couldnot enter ENABLE Mode from USER Mode on Failed to establish TELNET connection to - Cause: Connection refused.
Action: Check if protocol is supported by device and required device package is installed. Check device credentials. Increase timeout value, if required.

I have tried from LMS server by telneting to port 22, its giving below output------SSH-1.99-Cisco-1.25

When I have tried to test device credentials for SSH and SSH Enable mode, then below output I am getting. SSH remains blank status.

Device Name SSH Enable
by SSH

Pls help to resolve this.

Joe Clarke
Hall of Fame Cisco Employee

The problem is that RME cannot enter enable mode on the ASA.  Check the enable password in DCR for this device.  Make sure you can login to the ASA using SSH with the username/password and enable password combination found in DCR.  If in doubt, re-enter the credentials in DCR.


As I have described I am properly able to login with the same credential from LMS server with Putty, but from LMS its not happening.Rather when I am I am checking Device Credential for SSH , its showing the output as I have mentioned my earier post. It seems LMS is not trying to login for some reason.

Please help

Joe Clarke
Hall of Fame Cisco Employee

According to the output you've shown thus far, it appears there isn't any enable password entered in DCR for this device.  Go to Common Services > Device and Credentials > Device Management, select this device, and click Edit Credentials.  Re-enter the correct enable password.  Then see if the config archive works.  If not, enable ArchiveMgmt Service debugging under RME > Admin > System Preferences > Application Loglevel Settings, re-run the sync archive, then post the dcmaservice.log.

I have checked and found that Authenticaion from Putty is Ok , But only Sh run Authorization given for this Userid. Is this the problem ? Which commands should be authorized ?

Joe Clarke
Hall of Fame Cisco Employee

Yep, that's the most likely problem.  You will need to authorize "show privilege level", "terminal length 0", "terminal width 0", "show running-config brief", "show running-config", and "show startup-config".

This is for cisco ASA firewall, where "show running-config" and   "show startup-config".The devive has been integrated with ACS where Privillege level 3 is given and "show running-config" is permitted only. With same Privillege level Switches are working properly, for ASA what all other commands need to permit Please suggest

Hi Anupam,

For ASA you should also use pager line 0 / ter pager 0 additional to commands suggested by Joe.

best regards // Rajiv

Please find the Debug files and please suggest