Re: Failed to verify Enable Password

RonF · ‎06-27-2018

I have set up a specific ID for use with SNTC that was granted specific permissions to access the CLI commands that are in the standard data collection profile. When I test it with "Verify Device Access" and then look at the result report I see that while it works fine for 126 of my devices, there's about 81 of them that under SSHv2 give the error "Failed to verify Enable Password". When I try to log into some of those devices I get a ">" prompt, and upon then entering the "en" command and reusing the same password I get a "% Access Denied" error. I have taken that up with internal support. But with others, when I use the credentials I get in fine and get a "#" prompt that permits me access to the commands I need. I have tried running the report both with and without having the ID and password repeated in the "Enable User Name" and "Enable User Password" fields in the "Add/Import Credentials" wizard.

What is causing this? What is the effect? What is the fix?

Jarrett Pomeroy · ‎06-28-2018

Hello,
Can you please also include what device types you are having the DAV issues with?
Thank you,
Jarrett

RonF · ‎06-28-2018

A WS-C6509-E running IOS 15.1(2)SY7

A WS-C4948E running IOS 15.0(2)SG8

RonF · ‎06-28-2018

A WS-C4500-X running IOS-XE 03.06.04.E

RonF · ‎06-28-2018

A WS-C3750V2-48PSS running IOS 12.2(50)SE5

Jarrett Pomeroy · ‎07-05-2018

Hello,
Thank you for the details. Can you please let me know what version of CSPC you are using as well? I was able to see some changes were recently made for devices that go directly into enable mode for CSPC 2.7.2 which may help solve your issue. When you run your SNTC Collection profile, do you know if the CLI Commands for a device showing the error are still being collected?
Thank you,
Jarrett

RonF · ‎07-05-2018

I've updated and am now running 2.7.4, so we'll see.

RonF · ‎07-06-2018

That did not work - I still have the same devices showing "Failed to verify Enable Password". Does this affect accurate and complete data collection? And in any case, how can this be corrected?

RonF · ‎07-06-2018

"When you run your SNTC Collection profile, do you know if the CLI Commands for a device showing the error are still being collected?"

There appear to be 15 CLI commands that are being run. What I see is (and there should be a way to run this as a report):

1. show running-config Successful
2. show startup-config Successful

3. show ap summary Not Applicable

4. show ap inventory all Not Applicable

5. show c7200 Not Applicable

6. show diag Integrity Check Failed with the Condition: does not match the expression ^%\s*Incomplete

7. show gsr chassis-info Not Applicable

8. show hardware Not applicable

9. show idprom all Successful

10. show inventory Successful

11. show module Successful

12. show rsp chassis-info Not Applicable

13. show version Successful

14. show version brief Not Applicable

15. show version system Not Applicable

That is the complete list of CLI commands that this collection profile is attempting to run. "Not Applicable" error messages always show that the command is "not applicable to this device". I'm presuming looking at this that this means that the commands are being properly run and that the error message of "Failure to Verify Enable Password" does not reflect an actual error in data collection or processing?