cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
806
Views
0
Helpful
1
Replies

Prime Sync Archive partially successful: telnet credential without username

drvbaysued
Level 1
Level 1

Hello!

With Cisco Prime v.4.2.2 we try to realize a sync archive of Cisco configs (Configuration > Configuration Archive > Synchronization). Now several components show a result of "partially successful". The reason for that result is that the Execution result is

"No change in PRIMARY RUNNING/STARTUP config, config fetch not required" but for VLAN the Execution result is

"VLAN RUNNING Config fetch failed for <switch-name> Cause: (...)

TELNET: Failed to establish TELNET connection to <ip-address> - Cause: Authentication failed on device 3 times."

When I examine the credentials for the componentes, I realize that the telnet credentials for this components have only password and enable password entries but no entries for the username. Reason for this is that the component only asks for password and enable password, but not for username for login.

Question now is if Prime needs a username credential for telnet login - that would meen that we have to change configuration for all components that show an error for Sync Archive.

Thank you in advance for your kind help!

Jakob

1 Reply 1

drvbaysued
Level 1
Level 1

Hello!

Meanwhile together with the Cisco Support I could  solve the problem. The devices with Sync Archive message "partially  successful" had associated the wrong credential sets (and so using the  wrong password - as can be seen with packet capture). Reason for this  was that in "Default Credential Sets Policy Configuration" there was one  entry with (f.ex.) "10.*.*.*" and other entries with (f.ex.) "10.1.*.*"  and "10.2.*.*".

With this configuration the credentials for the entries with  f.ex. "10.1.*.*" are not used but the credentials for the entry  "10.*.*.*" are used instead.

After deleting the policy entry  "10.*.*.*" and configuring policy entries (f.ex.) "10.100.*.*" and  "10.101.*.*" instead of using the policy entry "10.*.*.*" I thought that  the problem should be solved.

But as can be seen in

     Inventory > Device Administration > Add / Import / Manage Devices > Edit Credentials

still the wrong credentials were associated with the devices in question.

After deleting and rediscovering the problematic devices the correct credentials were associated with the devices.

Another problem was that for tftp our firewall between the Prime server and the problematic devices was not opened.

After solving this two problems Sync Archive is running now with status "Successful".

Jakob

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: