Registration with CSA-MC!

Unanswered Question
Apr 14th, 2008

Hi,

When I have just removed and installed new CSAgent on Solaris server, after reboot this host can't still register with CSA-MC, as below:

bash-2.05# opt/CSCOcsa/bin/csactl status

200-Status:

200- Management server: tstbd13-csamc52

200- Registration time: not registered

200- Host id: {0FCE14BD-7749-4119-8C4C-AB56C8099F91}

200- Last poll time:

200- Last download time:

200- Events in queue: 9

200- Software update: installed version is up to date

200- Testmode: On

200- Security level: Medium


And on CSA-MC, I see the Field of Host is ON. How can I register this Server with CSA-MC???

Many thks!!


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (4 ratings)
Loading.
tsteger1 Mon, 04/14/2008 - 10:52

Do you have other Solaris servers registered with the MC?

Do you have enough server licenses?

Can the Solaris box find the MC in DNS?


Tom

vdkhoa83csm Mon, 04/14/2008 - 11:42

Hi,

We have enough server licenses to installing. I mention that before upgrade to new CSAgent, my system still operate normally.

I just removed and installed new CSAgent, but I don't know how can register again with CSA-MC.

Tks!!!

tsteger1 Mon, 04/14/2008 - 12:55

So you didn't use:

# /opt/CSCOcsa/bin/csactl swupdate, you removed the old agent and installed the new one, correct?


Does the MC still show the server registered with the old agent kit?


If so, try deleting the old server registration from the MC and try:


# /opt/CSCOcsa/bin/csactl poll


and see what you get.


Sometimes you can't register the same machine again until you delete the old one.


Tom

vdkhoa83csm Tue, 04/15/2008 - 06:18

Tks for your supporting! I have moved Host to Recycle Bin and purged it from the MC, then try to Poll host again but still fail:


bash-2.05# /opt/CSCOcsa/bin/csactl poll

300 Poll of management server failed


Vo

tsteger1 Tue, 04/15/2008 - 11:34

Weird. What logs are available for the Solaris agent?


On Windows hosts it's C:\Program Files\Cisco Systems\CSAgent\log\csalog.txt and it contains any error codes generated when the agent fails to poll or register.


Tom

vdkhoa83csm Wed, 04/16/2008 - 20:24

Hi,

I have just solved this issue by fix some files in the packet update.

There are MGMTSERVER and MGMTSERVER_IP fields on "agent.bundle" file incorrect with my system. And I must change "sslca.crt" CA file to accommodate.

Tks for your supporting.

Vo

tsteger1 Thu, 04/17/2008 - 12:10

Thanks for the update. I'll remember it if I ever have to support Solaris agents.


Tom

vdkhoa83csm Thu, 04/17/2008 - 20:47

Hi Tom,

Although the re-register processing success, MC have detected that Host. But the Host Status on MC, I see "No security policies enforced (waiting for upgrade)". I polled and generated policy again but not successful. Please show me how can!

Vo

tsteger1 Mon, 04/28/2008 - 09:44

Hi, sorry I didn't see your post until just now.


Try :# /opt/CSCOcsa/bin/csactl swupdate


to get the latest version.


Tom

vdkhoa83csm Mon, 04/28/2008 - 21:11

Hi, I had running swupdate & poll from agent but still received unexpected result. CSA-MC still notify that:

- Policy version: No security policies enforced (waiting for upgrade)


But, on Host Agent:

bash-2.05# /opt/CSCOcsa//bin/csactl status

200-Status:

200- Management server: qtsc-mc

200- Registration time: 2008-04-17 10:39:37

200- Host id: {B6C07FA9-1B78-4D02-A379-459A2E63817C}

200- Last poll time: 2008-04-29 11:29:26

200- Last download time: 2008-04-17 10:45:10

200- Software update: installed version is up to date

200- Testmode: On

200- Security level: Medium


The version use on MC is 5.2-0 build 203, and on Agent is 5.2-0 build 251 testmode. Are there any wrong here, maybe they mismatch.

Tks, Vo.

tsteger1 Tue, 04/29/2008 - 13:14

Yep, it's a version mismatch all right. The version on the host is newer than the one on the MC so it isn't recognized.


Until you upgrade the MC to the version that the host has you won't get any policy enforcement.


Where did the agent kit come from if not from the MC? I don't even see a 5.2.0.251 listed on the hotfix page.


Tom

vdkhoa83csm Tue, 04/29/2008 - 20:10

It's just a test patch to fix the server crash which was supplied by Cisco. Also, we will wait for new release for both MC and Agents.

Tks for your supporting. Happy Labor day to you!

Vo.

TradeSecrets Thu, 06/26/2008 - 11:56

Verify the following

1) Host entry of the csa-mc on the agent host file and/or have csa-mc in DNS.

2) Verify firewalls between csa-mc and agent are not blocking you.

3) Make sure you are not over license.

4) The CSA-MC has registration control. Make sure the subnet is in the list. The default is allow anyone IP to register with CSA-MC

vdkhoa83csm Mon, 07/07/2008 - 20:17

Thanks for your interest!

Now it was fixed when we upgrade both MC and Agent to match the version. That issue maybe cause the Agent's version is newer than MC's version so MC don't recognize.

Actions

This Discussion