Hi Kerim. I would need more information to be able to assist with this.  Can you please answer the following: 1.  Step-by-step, how are you trying to add the switches? 2.  Are you seeing any error messages...if so...what is the message? 3.  Have you verified credentials?  What are the results? 4. (bonus) can you *manually* telnet/ssh to the switch and snmp poll it from the NCS? Thanks, -Joe ... View more

hi rguntenaa r, I know you haven't received a response in the last few days, so thought I would chime in. The error you mentioned is definitely a problem.  I've seen it handled a couple of ways.  One is to put it back as you said (but I've only seen this applied to earlier versions of LMS), and I don't believe this would be a very "clean" way to address the problem.  The other way I've seen this issue addressed has been to update all device packages, and let the file be auto-generated in the update process.  Again, I've only seen this done on earlier versions, but it sounds to me like this might be the best way to try and address this. Good luck and let me know how it goes. Regards, -Joe ... View more

Hi Kat. LOL....looking forward to it.  Thanks, -Joe ... View more

Hi Kat. I think this is sufficiently complex enough at this point that we're going to need some debug enabled logging and possibly packet captures.  That said, I believe it would be beneficial for you to open a TAC case, and then we can get our escalation and Development Teams involved. Is opening a TAC case a possibility for you? Thanks, -Joe ... View more

Hi Kat. You've successfully confused me.  Based on what you've said, you have some devices using ACS 5.3...and the others..??? Thanks, -Joe ... View more

Hi Kat. No, don't be frustrated, this is good news!  I say that because ACS/LMS integration issues are 99% of the time just a simple misconfiguration.  And I have an excellent integration document for integrating your LMS 3.2 to ACS.  Please check this over and match it to what you are seeing: This is a very good step-by-step guide that should help you configure ACS with LMS correctly.  Look carefully at the notes as much of the problems are usually related to a mis-configuration.  Once you have this setup, you can easily modify the permissions for the users and groups.  Hope this helps.  Please let me know if you have any questions or if this is what you were looking for. ON CISCOWORKS =============== 1. Go to Common Services > Server > Security > Multi-Server Trust Management > System Identity Setup and configure a System Identity User. *Note: This System Identity User is NOT the same as the ACS admin user, it has to be different. *Note: If you get a popup error that says null, let me know because that means that you are missing the comUser.dat file and I would need to send you extra steps) 2. Ensure that the System Identity User you just created is a local user with all the roles under Server > Security > Single-Server Management > Local User Setup. ON ACS ======= 3. Define a group for CW Admin Users in ACS. 3.1. Go to GROUP SETUP. 3.2. Rename an available group to something suitable such as CWAdmins. 3.3. Edit Settings. 3.4. Set sessions available to user to 'unlimited'. 4. Add the CW system identity user (and other Admin users in CW) to ACS. 4.1. Go to USER SETUP. 4.2. Create Users for Ciscoworks including the System Identity User in ACS. 4.3. Set a password. 4.4. Assign all these Admin users to the Group created in Step 3. 5. Add a network device group with Ciscoworks as a Client. 5.1. Go to NETWORK CONFIGURATION. 5.2. Enter a Name. 5.3. Enter IP address or range with wildcard masks. 5.4. Configure a Key. 5.5. Authenticate using: TACACS+ (Cisco IOS). 5.6. Click on Submit+Restart. Note: (If NDG options are not visible, you can enable Network Device Groups in ACS under INTERFACE CONFIGURATION > ADVANCED) ON CISCOWORKS =============== 6. Change CW AAA Mode to ACS TYPE (and register CW applications with ACS). 6.1. Go to Common Services > Server > Security > AAA Mode Setup. 6.2. Select ACS type. 6.3. Fill in IP address/Hostname of ACS server 6.4. Fill in the ACS admin login information and the shared key Note: "ACS admin login" must be a user with full admin rights to ACS (i.e. one configured under Administration Control in ACS with ALL options checked) and should not be the same as the System Identity User. 6.5. Put a check mark on "Register all installed applications with ACS". 6.3. Click on apply. 6.4. Restart the daemons with these commands from a command prompt window on the LMS server: >net stop crmdmgtd >net start crmdmgtd *WARNING: Make sure that AFTER the first successful registration to any specific ACS server, you always keep this box UNCHECKED if switching between ACS and non-ACS modes on LMS server. Failure to do so will erase all custom roles (SUPERUSER) and you will need to do steps 7-8 on ACS again. ON ACS ======= 7. Add a "SUPERUSER" role for each module of Ciscoworks in ACS. 7.1. Go to SHARED PROFILE COMPONENTS. 7.2. Select a CW module (such as Common Services). 7.3. click on ADD. 7.4. Name it CWSuperUser or something similar. 7.5. Select everything under the available functionality for that module. 7.6. Repeat above procedure for Ciscoview, RME, Campus, DFM and any other Ciscoworks modules such as IPM, etc. 8. Assign the "SUPERUSER" role to the Admins Group (created in Step 3). 8.1. Go to GROUP SETUP. 8.2. Click on Edit Settings. 8.3. Select cwhp, rme, campus, dfm and any other CW components a select the "SUPERUSER" role (created in step 7). 8.4. Click on Submit+Restart. *Note: Once ACS mode is enabled on Ciscoworks, ALL devices MUST be added to the same ACS server as clients for them to be manageable in Ciscoworks. While the devices must be known (i.e. configured as clients) in the same ACS server, they do not have to use that ACS for their own AAA configuration, nor do those devices need to be configured for AAA themselves.   Here is also a link showing screenshots, it is for 4.1 but applies the same for 4.2: http://www.cisco.com/en/US/prod/collateral/netmgtsw/ps6504/ps6528/ps2425/pr​o​d_white_pape r0900aecd80613f62.html ... View more

Choose a couple of the problem devices (different device models),  Delete them from the DCR.  Re-add them. Let me know if they work properlly after that. Thanks, -Joe ... View more

Hi Orson. Do you a "Ciscoworks" user there? If so, do they have "System Administrator" access? Thanks, -Joe ... View more

Hi Lothar. I'm doubtful that you can use cwcli, however I think that maybe it can be done using jobcli, something along the lines of: C:\PROGRA~1\CSCOpx\bin\cwjava -cw C:\PROGRA~1\CSCOpx com.cisco.nm.cmf.jrm.jobcli However, I have no idea what sub-commands might be used to specifically create an inventory collection job (I've never seen it done before), and I would be very wary of proceeding further without knowing what you might be getting into!  :-) Maybe someone else will chime-in here that knows how it could be done. Good luck! -Joe ... View more

Hi. Please check that the "CiscoWorks" permissions for the Admin account are set to 'System Administrator', and then try again.  Please let me know if this resolves this problem. Regards, -Joe ... View more

Hi Andrew. Check out CSCtt26311. I think that's the likely culprit. Regards, -Joe ... View more