02-22-2012 12:19 PM
I recently installed and configured the Prime LMS 4.1 Soft Appliance. After discovering the devices on the network I ran a credential verification check on everything. All of my devices passed accept for the Nexus 7010s and Nexus 5020s -- these show up in the failed device report with a BLANK value for SSH and "Did Not Try" under Enable by SSH. I have verified SSH is enabled and accessible outside of Prime, and that there are no access lists preventing access. All other tests pass for these devices.
I've also visited the troubleshooting workflow section for these devices, and when I test the connectivity, SSHv2 passes.
I've downloaded all of the updates available for the device packages and have tried other credentials. All other aspects seem to be working properly.
Has anyone else experienced this problem? What did you do to fix it? Thanks!
02-22-2012 12:53 PM
No Nexus 5k and 7k work fine on SSH.
Do an export of one of the failing devices to csv with the credentials included
Do they match with what you thought they were?
Cheers,
Michel
02-22-2012 12:55 PM
Michel,
I know SSH works fine...and as I stated, the SSH connectivity test passes. I will reverify the credentials with your method mentioned and post back. Thank you!
02-22-2012 01:05 PM
As expected the credentials are as they should be. I just want to make clear -- I do not know for certain that the SSH credentials are actually "failing". The SSH box is simply empty in the report.
02-22-2012 01:43 PM
Empty?.... if verification settings say SSH is to be checked then it should say OK, FAIL or No value to test.
Strange indeed. Do post the report. Someone must have a clue.
Cheers,
Michel
02-22-2012 01:48 PM
NAME | SNMP RO | SNMP RW | TELNET | Enable by TELNET | SSH | Enable by SSH | |
8. | us-map-dc3-7k3Core | Ok | Ok | Ok(Primary Successful) | Ok(Primary Successful) | Did Not Try | |
9. | us-map-dc3-5k8 | Ok | Ok | Ok(Primary Successful) | Ok(Primary Successful) | Did Not Try | |
10. | us-map-dc3-5k7 | Ok | Ok | Ok(Primary Successful) | Ok(Primary Successful) | Did Not Try | |
11. | us-map-dc3-5k6 | Ok | Ok | Ok(Primary Successful) | Ok(Primary Successful) | Ok(Primary Successful) | |
12. | us-map-dc3-5k5 | Ok | Ok | Ok(Primary Successful) | Ok(Primary Successful) | Did Not Try | |
13. | us-map-dc3-5k4 | Ok | Ok | Ok(Primary Successful) | Ok(Primary Successful) | Did Not Try | |
14. | us-map-dc3-5k3 | Ok | Ok | Ok(Primary Successful) | Ok(Primary Successful) | Did Not Try | |
17. | us-map-dc2-5k2 | Ok | Ok | Ok(Primary Successful) | Ok(Primary Successful) | Did Not Try | |
18. | us-map-dc2-5k1 | Ok | Ok | Ok(Primary Successful) | Ok(Primary Successful) | Did Not Try |
If you look at like #11, you can see where SSH is still blank, but the Enable by SSH field shows success... So weird.
02-23-2012 12:17 AM
What are you device credential verification setting?
is SSH checked? Or just the enable by one?
Cheers,
Michel
02-23-2012 08:37 AM
Everything is checked except for SNMPv3 as we do not use that. All non-Nexus devices come back with at least something in the SSH field.
02-23-2012 02:14 PM
There is the credential verification report, this is what you showed here above, and there is the credential verification job.
If the job has never run for ssh for the nexus, then it is empty.
Try to run a verification job, not a report job, for the nexus just for ssh.
Maybe I'm mistaken but I don't see how else the field can be empty
Cheers,
Michel
02-23-2012 02:18 PM
Sorry Michel, but the report wouldn't be populated had I not ran the job And yes, I've re-ran it specifically just for SSH on the Nexus equipment. I realize this really isn't a big deal, but my concern is if Prime is doing stuff like this, what else is it doing?
Thanks for your help and suggestions thus far.
02-24-2012 02:07 AM
You are welcome Jushua,
Actually you can also set the system to verify credentials when you add or alter device credentials.
LMS fires its own CDA jobs then.
If you would not check the SSH checkbox there it would not check SSH credentials in the automatic jobs.
This could give the results as we see here.
However I trust that if you ran credentials jobs manually that LMS should have populated the SSH field in the report.
Depending on how important config history for the nexus is, you could export de nexus from the DCR to a cvs file, delete de nexus and do a bulkimport to get them back as new devices.
I found that delete re-add of a device clears too many problem in LMS. There clearly are little or no sanity checks in the code. I often feel LMS was build for a perfect world.....
Cheers,
Michel
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide