Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3719
Views
0
Helpful
19
Replies

LMS4.2.2: Cannot do archive mgmt on Nexus 5K

Bart Mars
Level 1
Level 1

‎11-23-2012 04:07 AM

Hi,

I’m currently at a loss here:

In our organisation we have multiple Nexus 5000 switches, which Cisco LMS 4.2.2 cannot get the running-config and startup-config from with the Archive Management process. When it does try to get them, I get a error as follows:

*** Device Details for SF-DERA-01 ***

Protocol   ==> Unknown / Not Applicable

Selected Protocols with order ==>   TFTP,SSH,SCP

Execution Result:

RUNNING

CM0151 PRIMARY RUNNING Config fetch failed for   SF-DERA-01 Cause: Failed to fetch config using TFTPFailed to establish SSH   connection to 172.20.253.21 - Cause: Authentication failed on device 3 times.

Action: Check if protocol is supported by   device and required device package is installed. Check device credentials.   Increase timeout value, if required. Verify if firewall configuration permits   traffic from LMS to the device and vice versa for the protocols configured in   Admin > Collection Settings > Config > Config Transport Settings.

However, I have no problems when I try to login from our LMS server (GRNAP401) to the N5K switch. Our LMS server is the Appliance version. We have a user (lmsuser) for the LMS server that is configured on numerous switches, like Catalyst and other Nexus family switches. We only have this problem with the N5K switches.

[GRNAP401/root-ade ~]# ssh -l lmsuser 172.20.254.21

Password:

Last login: Fri Nov 23 12:40:50 2012 from grnap401.nms

Cisco Nexus Operating System (NX-OS) Software

TAC support: http://www.cisco.com/tac

Copyright (c) 2002-2012, Cisco Systems, Inc. All rights reserved.

The copyrights to certain works contained in this software are

owned by other third parties and used and distributed under

license. Certain components of this software are licensed under

the GNU General Public License (GPL) version 2.0 or the GNU

Lesser General Public License (LGPL) Version 2.1. A copy of each

such license is available at

http://www.opensource.org/licenses/gpl-2.0.php and

http://www.opensource.org/licenses/lgpl-2.1.php

SF-DERB-01#

LMS has found this switch via the Discovery method, and has identified that it is a N5K-C5010P. I have the following device package:

13.

1.3.6.1.4.1.9.12.3.1.3.798

Cisco   Nexus 5010 Switch

Nexus

7.0

As far as I can tell, this is OK as a version.

I have more switches in the 172.20.254.0/24 subnet including other Nexus switches, so I can say that TFTP and SSH are working.

Can somebody help me with this?

Thanks in advance!

Labels:
0 Helpful
19 Replies 19

dpatzold1979
Level 1
Level 1
In response to Bart Mars

‎03-09-2013 03:31 PM

Bart,

Have you had any updates on this?  I have ran LMS for several years with 5k config backups completing just fine. Recently i upgraded to 4.2.3 and i am having the same exact problem you are having.  Configs are not backing up. I can see that lms attempts to login but fails . Whats more wierd is that it was working after the upgrade as recently as a few weeks ago for me. 

Similar message for validated login

SSH                          Enable by SSH

Incorrect                    Did Not Try  SSH          

0 Helpful

dpatzold1979
Level 1
Level 1
In response to dpatzold1979

‎03-09-2013 04:15 PM

I remembered dealing with this before when we first upgraded to 4.0

I found some old emails with Cisco TAC where i sent them this thread

See this link
https://supportforums.cisco.com/thread/2040551


In 4.2.3 and maybe your version (4.2.2) you can edit these settings on a per device

Admin > Collection Settings > Config > Edit the Inventory/Config Timeout and Retry Settings

I modified this for my 5k switches for TuneSleepMillis to 600ms
I also adjusted my Read Delay for these to 50ms

Dont forget to hit apply

After which i was able to run a config sync

Configuration > Configuration Archive > Synchronization

And backup was successful
Though my Device credentials validate seems to still fail

             

Hope this helps you

0 Helpful

Bart Mars
Level 1
Level 1
In response to dpatzold1979

‎03-09-2013 10:59 PM

Hi,

Unfortunately, I no longer use LMS anymore as we switched to Cisco Prime Infrastructure 1.3. We got an answer from our supplier stating that LMS 4.2.2 did not officially support Archive Management for the Nexus platform, but Prime Infrastructure did. I checked that out and migrated to Prime Infrastructure. I did not solve the problem but if you have the chance, use Prime Infrastructure. It's so much easier to setup and Nexus archive management is supported. My jobs haven't failed yet. :-)

Sent from Cisco Technical Support iPad App

0 Helpful

tobiasdreyer
Level 1
Level 1
In response to dpatzold1979

‎11-14-2013 03:56 AM

Hi dpatzold,

thanks for your hints. I had the same problems Bart Mars discribed above.

We have several N5Ks and the archive sync is working for all except 4. I checked the credentials for all N5Ks and Prime says, that the ssh credentials are incorrect and for the 4 devices that there is no value to test ssh enable.

               Read Com     RW Com     SSH          Enable by SSH

Nexus1     ok                    ok          Incorrect     Did Not Try               <-- Archive sync is working

Nexus2     ok                    ok          Incorrect     No Value to Test       <-- Archive sync is not working

Nexus3     ok                    ok          Incorrect     No Value to Test       <-- Archive sync is not working

Nexus4     ok                    ok          Incorrect     No Value to Test       <-- Archive sync is not working

Nexus5     ok                    ok          Incorrect     No Value to Test       <-- Archive sync is not working

I changed the timers as you discribed, no success.

Any ideas?


0 Helpful

tobiasdreyer
Level 1
Level 1
In response to tobiasdreyer

‎11-20-2013 03:43 AM

Ok,

I tuned the Inventory/Config Timeout and Retry Settings a little bit more and now it works.

So the the hint was usefull, but you have to try a few values.

Thanks

Tobias

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents