cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
9332
Views
15
Helpful
21
Replies

Failed to authenticate with the device at ip.ip.ip.ip using TELNET

Arturo Bianchi
Level 1
Level 1

Hi!

I can no longer use CCA :-)

I tried everything, but when I enter user and password after waiting a few tens of seconds I get the following error window: "Failed to authenticate with the device at ip.ip.ip.ip using TELNET. TELNET access is required for access to voice configuration. Cannot continue. Exiting CCA."

Given that I do not understand the need to use the 'telnet', I verified that UC500 was reachable from the PC via telnet. But CCA 2.2.5 don't work and I find no reason, even logging on to see go console error messages or anything else that turn me to the solution. Before removing CCA and back to 2.2.4, I see if I could solve the problem somehow.

I tried to see what was going on the network with wireshark:

Time          Source          Destination     Protocol     Info
-------------     --------------     ---------------     ---------     ----------------------------------------------------------------------------
722.508214     pc.pc.pc.128     uc.uc.uc.1     TELNET     Telnet Data ... (the password in clear text!!!!)
722.713551     uc.uc.uc.1     pc.pc.pc.128     TCP     telnet > xs-openstorage [ACK] Seq=80 Ack=37 Win=4092 Len=0
722.713606     pc.pc.pc.128     uc.uc.uc.1     TELNET     Telnet Data ... (a '/r/n' after send user pwd on previus pkt)
722.911528     uc.uc.uc.1     pc.pc.pc.128     TCP     telnet > xs-openstorage [ACK] Seq=80 Ack=39 Win=4090 Len=0
724.608892     pc.pc.pc.128     uc.uc.uc.1     TCP     xs-openstorage > telnet [FIN, ACK] Seq=39 Ack=80 Win=65456 Len=0
724.611192     uc.uc.uc.1     pc.pc.pc.128     TCP     telnet > xs-openstorage [ACK] Seq=80 Ack=40 Win=4090 Len=0
724.721538     uc.uc.uc.1     pc.pc.pc.128     TELNET     Telnet Data ... (a '/r/n')
724.721589     pc.pc.pc.128     uc.uc.uc.1     TCP     xs-openstorage > telnet [RST, ACK] Seq=40 Ack=82 Win=0 Len=0

...but do not understand why the PC ends the connection!

NB: Obviously the username and password are correct and the UC does not report login errors.

Can anyone give me a hint? 1k thanks

73,

Arturo

1 Accepted Solution

Accepted Solutions

""

When we fail to authenticate to device using TELNET  using username/password  provided during discovery we show this dialog and exit and we don't log this exception to the log.

""

Can we check if the "login delay" is configured or not?

CCA does not support this.

View solution in original post

21 Replies 21

Steven DiStefano
VIP Alumni
VIP Alumni

Hints yes.   But a TAC case may be required.

So when you connect to a UC500 via CCA, you can connect via the IP address, or as a 'site'.  The site allows you to accumulate multiple elements in a community if you will and it saves this on your PC in Documents and Settings / .configurationassistant / communities

The behavior is that if all the user ids and PWs are all the same for all the devices, CCA prompts you once every time you connect to that site (community).   If they are different, it prompts per IP address of the element.  If you enter one wrong more than 3 times, it kicks you out.

I would guess that you are trying to connect to a site?  And maybe in that site, you are prompted for a network element that is in the community, but different that the one you are thinking you are entering credentials for?

Try to connect via IP of the device (dont use the saved site) and see if that makes a difference.

Try to telnet directly to the element and see if you can enter credentials that way.

sdistef ha scritto:

I would guess that you are trying to connect to a site?

Yes,

only with 1 IP or device!

sdistef ha scritto:

Try to connect via IP of the device (dont use the saved site) and see if that makes a difference.

Idem,

'Failed to authenticate....'

sdistef ha scritto:

Try to telnet directly to the element and see if you can enter credentials that way.

~$ telnet gw.lab
Trying uc.uc.uc.1...
Connected to gw.lab.
Escape character is '^]'.


User Access Verification

Username: admin
Password:

cme#

73,

Arturo.

Is this a UC500 you are trying to connect to?  Your prompt says CME.  CCA doesnt support ISR.

Also, is your PC directly connected to the UC500 LAN port?

Obviously, I would not open the thread here ... CME is simply the hostname,,,


The problem occurs over internet via VPN, via WiFi, via LAN through a telephone, I don't tried to connect the PC directly @ lan port of UC540W but I guess that is not a link problem.

NB: Could be a timeout issue? FIN, ACK is sent after 2 seconds.... That the CCA was impatient?

73

OK, you didnt really say it was a UC500, so wasnt obvious. :-)

Connecting via WiFi of the UC500 or the Phone answers my question, AS LONG AS the phone is on the UC500 and the WiFi is from the UC500 or APs connected directly to it.   Something gave me the impression that you had some hops between your PC and the UC500 in your connection screen shots.

Should be no different than direct connect, where as the remote connection opens a different set of potential issues.

Do me a favor and connect it locally to a UC500 switch port and try again.  If/When if fails,

send the CCA Log File from Help:Support: GenerateLogFile.  Maybe there is a hint in there.

No,

I tried a direct connection and the problem is still here!

I am unable to generate log, when CCA go in error I can push only OK button and CCA die!

73

You may be able to grab the application log from the PC manually please...

C:\Program Files\Cisco Systems\CiscoSMB\Cisco Configuration Assistant

Most files are 0 bytes long, only Application_Log report some output:

++: DEBUG:  : User Preference Settings App Version=2.2 (5)
++: DEBUG:  : Current App Version=2.2 (5)
++: DEBUG:  : *** Site name: DIM - Lab
++: DEBUG:  : *** Remove site from history list: DIM - Lab
++: DEBUG:  : Last used connection string: http://DIM+-+Lab:80/
++: DEBUG:  : Filtered connection string: DIM+-+Lab
++: DEBUG:  : SiteName : DIM+-+Lab DecodedName: DIM - Lab
++: DEBUG:  : DIM - Lab is customer site name: true
++: DEBUG:  : Set connection string to: ---.---.---.---
++: DEBUG:  : Filtered connection string: DIM+-+Lab
++: DEBUG:  : Duration for [upd Mirror<--Device() @ com.cisco.cpnm.features.defn.connect.ConnectDialogTask] = [1265] msec.
++: DEBUG:  : *** Site name: DIM - Lab
++: DEBUG:  : *** Remove site from history list: DIM - Lab
++: DEBUG:  : Last used connection string: http://DIM+-+Lab:80/
++: DEBUG:  : Filtered connection string: DIM+-+Lab
++: DEBUG:  : SiteName : DIM+-+Lab DecodedName: DIM - Lab
++: DEBUG:  : DIM - Lab is customer site name: true
++: DEBUG:  : Set connection string to: ---.---.---.---
++: DEBUG:  : Filtered connection string: DIM+-+Lab
++: DEBUG:  : Filtered connection string: DIM+-+Lab
++: DEBUG:  : Filtered connection string: DIM+-+Lab
++: DEBUG:  : WDTask::setHierarchy .TroubleshootingLogsTask
++: DEBUG:  : Duration for [create() @ com.cisco.cpnm.features.defn.logs.TroubleshootingLogsTask] = [78] msec.

NB: I understand that the program tries to connect using something invented name of the site?

I create another site with a valid DNS name and I try to connect... Last log lines are:

++: DEBUG:  : conn string: HTTP://valid.name.tld:80/
++: DEBUG:  : ConnectionMediator:connect() : http://valid.name.tld:80/
++: DEBUG:  : URL After Decoding :http://valid.name.tld:80/
++: DEBUG:  : ConnectionMediator:isFederation() : http://valid.name.tld:80/
++: DEBUG:  : initAppMode():http://valid.name.tld:80/
++: DEBUG:  : ConnectionMediator:isFederation() : http://valid.name.tld:80/
++: DEBUG:  : initAppWithConnection():http://valid.name.tld:80/
++: DEBUG:  : Found Module For device type : UC540W-BRI-K9
++: DEBUG:  : *** RouterInfo.ShVer.Fields=[UC540W-BRI-K9, cme, 1 day  23 hours  49 minutes, flash:uc500-advipservicesk9-mz.150-1.XA2, , 15.0(1)XA2, N, N, , UC500-ADVIPSERVICESK9-M, , 1 ]
++: DEBUG:  : AuthGrp@1978622: getAuthCreds() called for: telnet://uc.uc.uc.1:23; realm: null
++: DEBUG:  : AuthGrp@1978622: getAuthCreds() called for: telnet://uc.uc.uc.1:23; realm: null
++: DEBUG:  : AuthGrp@1978622: getAuthCreds() called for: telnet://uc.uc.uc.1:23; realm: null

73

while the logs are looked at, can you tell us if User Password is the same as "enable" password?

I am told, if not, thats the problem, as CCA wants them to be the same.

yes, it is.

73

""

When we fail to authenticate to device using TELNET  using username/password  provided during discovery we show this dialog and exit and we don't log this exception to the log.

""

Can we check if the "login delay" is configured or not?

CCA does not support this.

Also, we want to see whether there is anything in the line vty area that blocks TELNET.

If you can snip that in here?

yes... 'login delay 2' ...but this did not bother to version 2.2.4 .

Now, I can enter!!!

I d'on't understand why CCA indicates a problem with the CUE ('Voicemail may not working normally... yes or no'); but that's another story (thread!?)

Very thanks,

Arturo.

We are happy to help,

please remember a system not configured with CCA cannot be supported by CCA.

There are just too many variables.....like this one.

:-)