cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3188
Views
0
Helpful
10
Replies

Prime LMS 4.1 Credential Verification - Nexus SSH Fails

Joshua Hall
Level 1
Level 1

I recently installed and configured the Prime LMS 4.1 Soft Appliance. After discovering the devices on the network I ran a credential verification check on everything. All of my devices passed accept for the Nexus 7010s and Nexus 5020s -- these show up in the failed device report with a BLANK value for SSH and "Did Not Try" under Enable by SSH. I have verified SSH is enabled and accessible outside of Prime, and that there are no access lists preventing access. All other tests pass for these devices.

I've also visited the troubleshooting workflow section for these devices, and when I test the connectivity, SSHv2 passes.

I've downloaded all of the updates available for the device packages and have tried other credentials. All other aspects seem to be working properly.

Has anyone else experienced this problem? What did you do to fix it? Thanks!

10 Replies 10

Michel Hegeraat
Level 7
Level 7

No Nexus 5k and 7k  work fine on SSH.

Do  an export of one of the failing devices to csv with the credentials included

Do they match with what you thought they were?

Cheers,

Michel

Michel,

I know SSH works fine...and as I stated, the SSH connectivity test passes. I will reverify the credentials with your method mentioned and post back. Thank you!

As expected the credentials are as they should be. I just want to make clear -- I do not know for certain that the SSH credentials are actually "failing". The SSH box is simply empty in the report.

Empty?.... if verification settings say SSH is to be checked then it should say OK, FAIL or  No value to test.

Strange indeed. Do post the report. Someone must have a clue.

Cheers,

Michel


NAMESNMP ROSNMP RWTELNETEnable by TELNETSSHEnable by SSH
8.us-map-dc3-7k3CoreOkOkOk(Primary Successful)Ok(Primary Successful)
Did Not Try
9.us-map-dc3-5k8OkOkOk(Primary Successful)Ok(Primary Successful)
Did Not Try
10.us-map-dc3-5k7OkOkOk(Primary Successful)Ok(Primary Successful)
Did Not Try
11.us-map-dc3-5k6OkOkOk(Primary Successful)Ok(Primary Successful)
Ok(Primary Successful)
12.us-map-dc3-5k5OkOkOk(Primary Successful)Ok(Primary Successful)
Did Not Try
13.us-map-dc3-5k4OkOkOk(Primary Successful)Ok(Primary Successful)
Did Not Try
14.us-map-dc3-5k3OkOkOk(Primary Successful)Ok(Primary Successful)
Did Not Try
17.us-map-dc2-5k2OkOkOk(Primary Successful)Ok(Primary Successful)
Did Not Try
18.us-map-dc2-5k1OkOkOk(Primary Successful)Ok(Primary Successful)
Did Not Try

If you look at like #11, you can see where SSH is still blank, but the Enable by SSH field shows success... So weird.

What are you device credential verification setting?

is SSH checked? Or just the enable by one?

Cheers,

Michel

Everything is checked except for SNMPv3 as we do not use that. All non-Nexus devices come back with at least something in the SSH field.

There is the credential verification report, this is what you showed here above, and there is the credential verification job.

If the job has never run for ssh for the nexus, then it is empty.

Try to run a verification job, not a report job, for the nexus just for ssh.

Maybe I'm mistaken but I don't see how else the field can be empty

Cheers,

Michel

Sorry Michel, but the report wouldn't be populated had I not ran the job And yes, I've re-ran it specifically just for SSH on the Nexus equipment. I realize this really isn't a big deal, but my concern is if Prime is doing stuff like this, what else is it doing?

Thanks for your help and suggestions thus far.

You are welcome Jushua,

Actually you can also set the system to verify credentials when you add or alter device credentials.

LMS fires its own CDA jobs then.

If you would not check the SSH checkbox  there it would not check SSH credentials in the automatic jobs.

This could give the results as we see here.

However I trust that if you ran credentials jobs manually that LMS should have populated the SSH field in the report.

Depending on how important config history for the nexus is, you could export de nexus from the DCR to a cvs file, delete de nexus and do a bulkimport to get them back as new devices.

I found that delete re-add of a device clears too many problem in LMS. There clearly are little or no sanity checks in the code. I often feel LMS was build for a perfect world.....

Cheers,

Michel

Review Cisco Networking for a $25 gift card