I'm using FWSM ver 3.2.10 in multiple context mode and CWLMS ver 3.1 (RME ver. 4.2).
All the context are in transparent (L2) mode.
For RME archive management the SSH is used.
Authentication Authorization and Accounting is provided by using TACACS+ (ACS ver. 4.2).
In RME we have primary and secondary credentials. When we are running âCheck Device Credentialâ in Device Center the following tests are passing successfully:
- SNMP Read Community String
- SSH Enable Mode User Name and Password
Periodic archive collection is successful but not on the all of the contexts.
When I create Sync Archive job on any of the context it is failed:
Execution Result: Unable to get results of job execution for device. Retry the job after increasing the job result wait time using the option:Resource Manager Essentials -> Admin -> Config Mgmt -> Archive Mgmt ->Fetch Settings
On ACS I can see that RME have tried to use primary and secondary ssh credentials. Four lines in passed attempts for primary credential. One line in passed attempts for secondary credential and one line in failed attempts for secondary credential.
But even on the successful context we can see that RME have tried to use both credentials:
STARTUP Secondary Login Succeeded / Primary Enable Succeeded
CM0060 PRIMARY STARTUP Config fetch SUCCESS for Pri_FW-DC2, version number 1 archived.
RUNNING Secondary Login Succeeded / Primary Enable Succeeded
CM0061 PRIMARY RUNNING Config fetch SUCCESS for Pri_FW-DC2, no change in configuration.
I assume you've added each context as a separate device in DCR? Which context succeeds?
The message about increasing the job timeout could possibly indicate CSCsv95235. However, it could be that this particular job is taking longer than the current timeout due to the way the config is fetched on security context devices. You should first try to increase the job timeout per the instructions in the error.
I have also found three issues which pertain to fetching configs from security context devices (in particular the FWSM). I have written a patch which you can obtain by contacting the TAC, and referencing bug CSCsx69504.