cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2881
Views
0
Helpful
65
Replies

FWSM authentication error using RME

Bruce Summers
Level 1
Level 1

During Config Archive, I'm encountering the following error when trying to connect using RME to a Cisco Catalyst 6513 FWSM.

"CM00139 Could not archive config, Cause: Action: Verify that device is managed and credentials are correct. Increase timeout value, if required."

I ran the credential verification using both the ssh protocol and the "SSH Enable Mode User Name and Password" check. It passes the protocol check, but fails with "Enable username credential missing." However, I do have the enable password set in device management/edit device credentials.

thanks

Bruce

1 Accepted Solution

Accepted Solutions

So your problems with the FWSM fetch are now resolved?

View solution in original post

65 Replies 65

Joe Clarke
Cisco Employee
Cisco Employee

There is a problem entering enable mode. In order to fetch the config from an FWSM, RME must be able to enter enable mode, enter config mode, configure "no pager", then exit config mode. Can the credentials specified in DCR perform these steps? Try to perform those steps manually. what does the transaction look like?

to answer the question about the credentials that are in DCR, yes...the account that i'm using is able to enter enable mode, config mode and then is able to make the change to "no pager"...

I'm not clear what you mean by "what does the transaction look like".

Bruce

From the LMS server, connect to the FWSM with SSH using the same credentials that are configured in DCR. Enter enable mode using the same enable password that is in DCR. Run the command "show pager". Then enter config mode, and configure "no pager". Then exit config mode. What does that transaction look like?

login as:

password:

Type help or '?' for a list of available commands.

FWSM> en

Password: ****

FWSM# sho pager

no pager

FWSM>#

so, as you can see, from the LMS server, ssh to the FWSM is working...and works when you do the credentials check within RME...but, config arch is bombing on me...

bruce

You missed a step. You need to go into configure mode, and type "no pager". Also, enable ArchiveMgmt Service debugging under RME > Admin > System Preferences > Application Loglevel Settings, perform another Sync Archive to this FWSM, and post the dcmaservice.log.

sorry...i took from the show pager, that no pager was already set (from previously running the command). here is the output from the command:

fwsm> config t

fwsm(config)# no pager

fwsm(config)# exit

fwsm># sho pager

no pager

after setting debug mode, i ran the config arch again, and attached is the output fo the dcmaservice.log from that run...I didnt want to include it all (WAY too much)....

The problem is in your use of privilege levels. RME is expecting enable level to be 15, but you are currently at privilege level 2. That said, you appear to be hitting a code path that should be impossible. What patches have you applied to LMS?

"code path" not sure what you mean...I have applied no patches to LMS since installation. Im running LMS Portal 1.1.0, RME 4.2.0, CV 6.1.8, CM5.1.0, DFM 3.1.0

Nevermind, I found the problem. I can provide a patch if you want to test it. You will need to open a TAC service request to get it.

absolutely...I'll have to get approval before applying it, but give me the bug fix number and i'll vet it out thru my leadership and get the tac case submitted...is it an LMS issue or a firewall issue? that will point me to which way i need to submit the tac case...

thanks J

I don't have a bug yet. I'll file the bug when I get confirmation that my fix is the right one. The problem is with the FWSM code in RME.

roger....shall i wait to hear back from you or submit the tac case now?

Open the case now. Your engineer can get the patch from me.

ok...thanks...am I a test platform then?

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: