Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
6432
Views
16
Helpful
25
Replies

Cannot SSH / console to CSPC

Go to solution
krinaldo-wab
Level 1
Level 1

‎10-19-2015 11:01 AM

Suddenly I am unable to gain console access to the CSPC appliance via SSH nor local console.  When I log in, credentials for the "admin" account are accepted and then the following is displayed:

#########################################################################
#     This system is hardened and for the use of authorized users only. #
#     Individuals using this computer system without authority, or in   #
#     excess of their authority, are subject to having all of their     #
#     activities on this system monitored and recorded by system        #
#     personnel.                                                        #
#                                                                       #
#     In the course of monitoring individuals improperly using this     #
#     system, or in the course of system maintenance, the activities    #
#     of authorized users may also be monitored.                        #
#                                                                       #
#     Anyone using this system expressly consents to such monitoring    #
#     and is advised that if such monitoring reveals possible           #
#     evidence of criminal activity, system personnel may provide the   #
#     evidence of such monitoring to law enforcement officials.         #
#########################################################################
java.net.ConnectException: Connection refused
        at java.net.PlainSocketImpl.socketConnect(Native Method)
        at java.net.AbstractPlainSocketImpl.doConnect(Unknown Source)
        at java.net.AbstractPlainSocketImpl.connectToAddress(Unknown Source)
        at java.net.AbstractPlainSocketImpl.connect(Unknown Source)
        at java.net.SocksSocketImpl.connect(Unknown Source)
        at java.net.Socket.connect(Unknown Source)
        at java.net.Socket.connect(Unknown Source)
        at java.net.Socket.<init>(Unknown Source)
        at java.net.Socket.<init>(Unknown Source)
        at com.cisco.ca.ss.adminshell.client.ShellClient.main(ShellClient.java:63)
Error occured: could not connect to the command server

 

I have tried power cycling the CSPC.

Anyone have a suggestion to remedy this?

 

2 people had this problem
Labels:
0 Helpful
25 Replies 25

Go to solution
bwalsh
Level 1
Level 1
In response to Lynden Price

‎12-15-2015 09:46 AM

I'm having this same problem.

I've changed the admin password and now am getting the exact error stating "could not connect to the command server"

What is the way to remedy this issue?  I have deployed this collector and have a bunch of inventory already setup it in.

 

I see in previous answers, people have been asked to redeploy - is that the only answer?

 

And if that is the only answer, and I do have to redeploy, can I name it the same and also have the same IP address, etc as the one I've already deployed?  Or will there be some licensing issues doing that?

Also - the recommended method of creating a root and collector login account will only last for 180 days - what happens after 180 days?  Will be in the same problem?

 

Is there a bug ID we can track so that we know when this is resolved?

0 Helpful

Go to solution
Jarrett Pomeroy
Cisco Employee
Cisco Employee
In response to bwalsh

‎12-16-2015 09:05 AM

Hello Brian,

Unfortunately redeploying a new VM is the only solution to correcting the problem.  We do have a patch now available to fix this issue.  So once you deploy the new appliance, please go ahead and upgrade the latest 2.0.4 patch and you may then continue to update your admin password. 

To your second question, yes you may reuse the same IP and Licensing information on the new deployed VM.  (To use the same IP, just make sure the original VM is powered off)

After 180 days has passed for Collectorlogin and root, your next login attempt will require a new password to be set.

Thank you,

Jarrett

0 Helpful

Go to solution
bwalsh
Level 1
Level 1
In response to Jarrett Pomeroy

‎12-16-2015 09:26 AM

Hi Jarrett,

Thank you for the response.  Glad to hear the bug is fixed.

Couple follow up questions:

1. Where do I find the patch file you mentioned in your post?  I've looked in the following menu (Downloads->Products->Cloud and Systems MGMT->Services->Smartnet Total Care)

2. I originally installed SNTC-CSPC2.5.2.1-OVF10.ova (seems odd I would be looking for a 2.0.4 patch when the version I originally installed was 2.5.2.1)

 

I haven't looked yet for the directions, but I'm assuming from the GUI there's an upgrade/patch process that I can follow?

 

Thank you.

0 Helpful

Go to solution
Jarrett Pomeroy
Cisco Employee
Cisco Employee
In response to bwalsh

‎12-16-2015 09:46 AM

Hello Brian,

The patch files can be found by logging into the "admin" CLI ssh user and running the command "check update".  The full name of the patch is called "sp-2.0.4-0-0-lnx64" that you will want to install.

The difference in the patch name is because the patch itself contains it's own version numbering with updates for CSPC software, OS Updates, Security fixes and other components of the appliance.

Thank you,

Jarrett

Go to solution
bwalsh
Level 1
Level 1
In response to Jarrett Pomeroy

‎12-16-2015 10:07 AM

Hello Jarrett,

Once again, thanks for the response.

I'll give that a try soon.

What is the timing of an updated install (ova) file where the patch will be included?  We understand for the time being we should install the file named  SNTC-CSPC2.5.2.1-OVF10.ova and patch it via the process you outlined above, but just wanted to know if/when there will be a version where this manual "check update" process won't be necessary.

 

Thanks

0 Helpful

Go to solution
Jarrett Pomeroy
Cisco Employee
Cisco Employee
In response to bwalsh

‎12-16-2015 10:38 AM

Hello Brian,

At this time we do not have a ETA on the next full OVA/ISO release with our latest patches up to date. 

Thank you,

Jarrett

0 Helpful

Go to solution
Sandy Breeze
Level 1
Level 1
In response to Jarrett Pomeroy

‎12-13-2016 08:06 AM

Hi Jarrett,

Reviving an old thread...

I appear to be hitting the same issue described affected in 2.4, but in my deployment running 2.5.2.1.  After deploying (~April '16), I immediately changed admin UI password as everyone sane should :)  /opt/cisco/ss/adminshell/bin/clishell still fails with same exception above, hence limiting my access to even retrieve sp-2.0.4-0-0-lnx64 patch.

I thought I might find this patch slipstreamed with the latest ISO (2.6.1) so I mounted that and found sp-2.0.5-0-0-lnx64.zip.  I tried patching via the UI with both this and jeos-20.0.1-1-lnx64.zip, but according to the UI, they're invalid patches, though they are in the correct file format for a patch and contents look valid to me.

I still have root access to the collector though, so I went further and tried to patch by hand, running through the sequences in install.sh from application-package.  Amongst other things, I see this trying to reset the sql password to the original, but its not made any difference.

Given I've come this far to try and save a redeployment, can you not either release the 2.0.4 patch as standalone to save me and others the pain, or, advise where this is failing so we can hand fix?

Cheers!

Sandy

0 Helpful

Go to solution
Lynden Price
Cisco Employee
Cisco Employee
In response to Sandy Breeze

‎12-16-2016 07:04 AM

Hi Sandy,

If I understand correctly, your initial version was 2.5 and you are trying to upgrade to 2.6, but you are not able to SSH into your 2.5 collector with the admin username?

Thanks,

Lynden

0 Helpful

Go to solution
Sandy Breeze
Level 1
Level 1
In response to Lynden Price

‎12-19-2016 02:24 AM

Hi Lynden,

Thats right.  Currently running 2.5 (not from an upgrade, initial install was 2.5) and trying to get to 2.6.  When trying to SSH to the box with user 'admin' I'm given the same error at the top of this thread:

java.net.ConnectException: Connection refused
 at java.net.PlainSocketImpl.socketConnect(Native Method)
 at java.net.AbstractPlainSocketImpl.doConnect(Unknown Source)
 at java.net.AbstractPlainSocketImpl.connectToAddress(Unknown Source)
 at java.net.AbstractPlainSocketImpl.connect(Unknown Source)
 at java.net.SocksSocketImpl.connect(Unknown Source)
 at java.net.Socket.connect(Unknown Source)
 at java.net.Socket.connect(Unknown Source)
 at java.net.Socket.<init>(Unknown Source)
 at java.net.Socket.<init>(Unknown Source)
 at com.cisco.ca.ss.adminshell.client.ShellClient.main(ShellClient.java:63)
Error occured: could not connect to the command server

I can still gain elevated access via the collectorlogin account, and if I run the shell that admin user should get (/opt/cisco/ss/adminshell/bin/clishell), I get the same error.

Sandy

0 Helpful

Go to solution
CC Cisco
Cisco Employee
Cisco Employee
In response to Sandy Breeze

‎12-19-2016 07:02 AM

Since you have root access, give this a try:

https://supportforums.cisco.com/discussion/12927451/unable-login-cli-cspc

Cesar

Go to solution
Sandy Breeze
Level 1
Level 1
In response to CC Cisco

‎12-19-2016 07:11 AM

The patch: casp1.6.0.4_securitypatch.zip works!

Thanks for the support Cesar!

Sandy

Customers Also Viewed These Support Documents