06-27-2018 03:56 PM - edited 03-12-2019 07:51 AM
I have set up a specific ID for use with SNTC that was granted specific permissions to access the CLI commands that are in the standard data collection profile. When I test it with "Verify Device Access" and then look at the result report I see that while it works fine for 126 of my devices, there's about 81 of them that under SSHv2 give the error "Failed to verify Enable Password". When I try to log into some of those devices I get a ">" prompt, and upon then entering the "en" command and reusing the same password I get a "% Access Denied" error. I have taken that up with internal support. But with others, when I use the credentials I get in fine and get a "#" prompt that permits me access to the commands I need. I have tried running the report both with and without having the ID and password repeated in the "Enable User Name" and "Enable User Password" fields in the "Add/Import Credentials" wizard.
What is causing this? What is the effect? What is the fix?
06-28-2018 10:10 AM
06-28-2018 12:27 PM
A WS-C6509-E running IOS 15.1(2)SY7
A WS-C4948E running IOS 15.0(2)SG8
06-28-2018 12:29 PM
A WS-C4500-X running IOS-XE 03.06.04.E
06-28-2018 12:35 PM
A WS-C3750V2-48PSS running IOS 12.2(50)SE5
07-05-2018 08:58 AM
07-05-2018 10:47 AM
I've updated and am now running 2.7.4, so we'll see.
07-06-2018 09:27 AM
That did not work - I still have the same devices showing "Failed to verify Enable Password". Does this affect accurate and complete data collection? And in any case, how can this be corrected?
07-06-2018 09:52 AM
"When you run your SNTC Collection profile, do you know if the CLI Commands for a device showing the error are still being collected?"
There appear to be 15 CLI commands that are being run. What I see is (and there should be a way to run this as a report):
1. show running-config Successful
2. show startup-config Successful
3. show ap summary Not Applicable
4. show ap inventory all Not Applicable
5. show c7200 Not Applicable
6. show diag Integrity Check Failed with the Condition: does not match the expression ^%\s*Incomplete
7. show gsr chassis-info Not Applicable
8. show hardware Not applicable
9. show idprom all Successful
10. show inventory Successful
11. show module Successful
12. show rsp chassis-info Not Applicable
13. show version Successful
14. show version brief Not Applicable
15. show version system Not Applicable
That is the complete list of CLI commands that this collection profile is attempting to run. "Not Applicable" error messages always show that the command is "not applicable to this device". I'm presuming looking at this that this means that the commands are being properly run and that the error message of "Failure to Verify Enable Password" does not reflect an actual error in data collection or processing?
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: