Error with device discovery..

Unanswered Question
Jun 16th, 2008
User Badges:

I'm not sure whether I can post this question in this forum, but still if someone can help me, it will be great.


Actually I have recently installed the CSM (Cisco security manager) 3.1, I have installed the cisco security manager client also.. and now I'm trying add my Firewall and IPS devices into it..


I have the following devices which I wanted to add to the CSM..


ASA

FWSM

AIP-SSM

IDSM-2


When I try add these devices, the AIP-SSM and IDSM-2 devices get added without any issues... but the ASA and FWSM devices doesn't get added and gives the following error..



For ASA the error is as below..


Please verify the device "IP address","Host Name", "Port Number" and "Domain Name" are correct, there is network connectivity between the CS Manager server and the device, and the device is configured to accept https connections, the device is running, and then retry this operation.


I have verified the connectivity by manually connecting to the ASA using the same credentials what I have provided and it is working fine, so there is really no connectivity issue but still I don't know why this error is being displayed....



For FWSM the error is as below....


If this error occurred during deployment, please refer to the deployment transcript for details. If this error occurred during discovery, please check the "vmsbesvcs.log" and "vmssharedsvcs.log" log files in the "NMSROOT\MDC\log\operation" directory on the CS Manager server for details If you are unable to resolve the problem using this information, please contact Cisco Technical Assistance Center.



I checked the log files and I could not understand anything from it, I have attached the same here also...




Can someone help me to solve this issue...





  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
pari082007 Tue, 09/16/2008 - 02:53
User Badges:

hi ...


we also used the csm in version 3.1.1 SP1 and made an update to version 3.2.1 SP1. After the update we cant do an hitcount discover anymore. i also looked at the same logfile "vmssharedsvcs.log" and found a lot of different error messages.


The hitcount always starts and ended up at 44%. The CSM Server go to 100% cpu load and doesnt do anymore. The only solution is to reboot the whole server. It doesnt matter which kind of firewall (5520 / 5510 / 5505) i want to discover.


The vmssharedsvcs.log i have attached is from the csm 3.2.1 SP1 server.


The next thing i have done is we rstored the "old" 3.1.1 SP1 CSM Server, because i want to make the update process again. i thought it was the update but as is looked at the old vmssharedsvcs.log on the old 3.1.1 SP1 server we had errors also. But the hitcount discover is successful - only the error messages are written to the log.


Please give me some advice for fixing this. What i also want to know - can we work with the CSM 3.2.1 SP1 is it better to fix the broblem with 3.1.1 SP1 and updating afterwards.


regards

PICC/TW



dradhika Tue, 09/16/2008 - 20:15
User Badges:
  • Cisco Employee,

From 3.1.1 SP1 log I can see "PolicyNotFound" Exception. So just giving suggestion - Restart the services, move the workflow mode;check if there are any activities which are not in discard or approved mode. If so then discard all the activities. Try discovery with a fresh activity. Guess it will work.


Thanks,

Radhika

dradhika Tue, 09/16/2008 - 20:10
User Badges:
  • Cisco Employee,

Below message from the log (CSM 3.1 logs) says that the device 10.0.100.17 is unreachable - https://10.0.100.17/config.

The device [10.0.100.17] is unreachable. Check IP address/hostname and https connectivity.

Can you please check if the device is reachable from the machine on which the server is installed and if it is reachable and you can https into the device from the server machine.


Thanks,

Radhika

Actions

This Discussion