Solved: LMS 3.1 Vlan Download Problem

zztopping · ‎02-09-2009

We are running LMS3.1 and many switches are reporting as "partially successful" due to the VLAN download failing with this error:

"Command failedTELNET: Failed to establish TELNET connection to X.X.X.X - Cause: Authentication failed on device 3 times" (where x.x.x.x is our real ip)

Credentials have been checked (running and startup configs are being downloaded successfully)

Another user is having a similar problem, and jclarke reported they are hitting bug CSCsq66458, but that seems to only apply to devices without a vlan.dat in the flash, while many of ours do have a vlan.dat, yet still fail.

Any ideas?

Joe Clarke · ‎02-09-2009

That's the problem. If you disable this, vlan.dat fetch will work.

View solution in original post

Joe Clarke · ‎02-09-2009

I've been helping another user with a similar problem. While your issue may be different, you should try some of the things I've outlined in this post:

http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Network%20Infrastructure&topic=Network%20Management&topicID=.ee71a02&fromOutline=&CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.2cc2eb54

zztopping · ‎02-09-2009

I am currently set to SSH first then TELNET as a fallback. TFTP is not allowed at all for config fetching.

If I just sync the archive for one device i get the following error output:

*** Device Details for XXXXXX ***

Protocol ==> SSH

Selected Protocols with order ==> SSH,Telnet

Execution Result:

RUNNING

Primary Login Succeeded

/ Primary Enable Succeeded

CM0061 PRIMARY RUNNING Config fetch SUCCESS for XXXXXX, no change in configuration.

VLAN

CM0151 VLAN RUNNING Config fetch failed for XXXXXXX Cause: Command failedCommand failed Action: Check if protocol is supported by device and required device package is installed. Check device credentials. Increase timeout value, if required.

****************

I guess the logical next step would be to sniff the traffic, but that is fairly difficult for me...anything else I should try before that?

Joe Clarke · ‎02-09-2009

You can enable ArchiveMgmt Service debugging under RME > Admin > System Preferences > Application Loglevel Settings, and re-run the job. The dcmaservice.log will have the transaction.

zztopping · ‎02-09-2009

Ah. I see the problem:

[ Mon Feb 09 16:18:42 EST 2009 ],DEBUG,[Thread-502],com.cisco.nm.xms.xdi.transport.cmdsvc.LogAdapter,debug,31,Returning from interact('copy flash:vlan.dat tftp:'):

{

Address or name of remote host []? XXX.XXX.XXX.XXX

TFTP: error code 2 received - 16739

%Error opening tftp://XXX.XXX.XXX.XXX/vlan.dat (Permission denied)

XXXXXXXXXX#}

The IP in X's is the IP of Ciscoworks server. Any idea why its saying permission denied?

Joe Clarke · ‎02-09-2009

Do you have "file prompt quiet" configured?

zztopping · ‎02-09-2009

Actually, yes we do.

Joe Clarke · ‎02-09-2009

That's the problem. If you disable this, vlan.dat fetch will work.

zztopping · ‎02-09-2009

Thanks, that appears to be the exception to the rule for our config standards.