Solved: CiscoWorks 3.0 RME Software Distribution Issue

blevins-m · ‎10-22-2008

Hello,

We are having a problem with our newly upgraded CiscoWorks server. The problem is that when we try to push a new IOS image to one of our many routers or switches a tftp timeout occurs. But the timeout is server side and not device side. Telnet establishes with no problem to a switch, but when CiscoWorks tries to back up vlat.dat to the C:/PROGRA~1/CSCOpx/tftpboot/ directory we get %Error opening tftp://10.1.14.5/C:/PROGRA~1/CSCOpx/tftpboot/rep_sw_775180948730410997 (Timed out)

Details:

Job Results

Trying to backup flash:vlan.dat from the device using TFTP

Copying flash:vlan.dat to C:/PROGRA~1/CSCOpx/tftpboot/rep_sw_775180948730410997 using TFTP.

Copying vlan.dat from flash to tftp://10.1.14.5/C:/PROGRA~1/CSCOpx/tftpboot/rep_sw_775180948730410997

Failed to import the image vlan.dat from device.

See C:\PROGRA~1\CSCOpx\files\rme\jobs\swim\2215\C2950-Amarillo-183_telnet.log for the output from the device on which the image transfer failed.

Image Copy Operation Failed

Output of C2950-Amarillo-183_telnet.log

C2950-Amarillo-183#

C2950-Amarillo-183#dir /all flash:

Directory of flash:/

2 -rwx 1048 Jun 20 2007 16:19:48 +00:00 multiple-fs

4 -rwx 836 Mar 01 1993 00:00:18 +00:00 vlan.dat

5 -rwx 3117954 Nov 08 2006 16:00:18 +00:00 c2950-i6q4l2-mz.121-22.EA8a.bin

6 -rwx 77 Jun 20 2007 16:19:48 +00:00 private-config.text

7 -rwx 279 Nov 08 2006 18:44:45 +00:00 env_vars

8 -rwx 4681 Jun 20 2007 16:19:48 +00:00 config.text

7741440 bytes total (4613632 bytes free)

C2950-Amarillo-183#

C2950-Amarillo-183#copy flash:vlan.dat tftp://10.1.14.5/C:/PROGRA~1/CSCOpx/tftpboot/rep_sw_775180948730410997

Address or name of remote host [10.1.14.5]? 10.1.14.5

Destination filename [C:/PROGRA~1/CSCOpx/tftpboot/rep_sw_775180948730410997]? C:/PROGRA~1/CSCOpx/tftpboot/rep_sw_775180948730410997

.....

%Error opening tftp://10.1.14.5/C:/PROGRA~1/CSCOpx/tftpboot/rep_sw_775180948730410997 (Timed out)

C2950-Amarillo-183#

Tftp service is running server side and image imports work normally. Any ideas on where we should be looking to resolve this issue?

Thanks in advance,

Mark B.

Joe Clarke · ‎10-22-2008

This typically indicates a firewall or access-list blocking udp/69 from device to server. The way TFTP works in this model is that the switch will send a TFTP write request to udp/69 on the server, sourced from a high UDP port. The server will ACK, and the copy will occur over two high UDP ports (one being the original source port from the switch). So, you need to make sure there are no firewalls or ACLs that could be blocking that traffic. A sniffer trace on the server will tell you what packets are making it to the server, and which are being dropped.

View solution in original post

Joe Clarke · ‎10-22-2008

This typically indicates a firewall or access-list blocking udp/69 from device to server. The way TFTP works in this model is that the switch will send a TFTP write request to udp/69 on the server, sourced from a high UDP port. The server will ACK, and the copy will occur over two high UDP ports (one being the original source port from the switch). So, you need to make sure there are no firewalls or ACLs that could be blocking that traffic. A sniffer trace on the server will tell you what packets are making it to the server, and which are being dropped.

blevins-m · ‎10-22-2008

Yes sir, you were exactly right. The problem was with the Windows firewall. Thanks so much.