Several devices out of Sync LMS 2.6

Answered Question
Nov 11th, 2009

I have several devices out of sync. The only difference is Crypto-Crypto PKI-Crypto PKI Certificate chain TP-self-signed-2826016128. I've followed the advice of previous posts. I have telnet and ssh used in that order. All devices are able to use "show running brief", I've verified on each device. Thanks in advance for any help or suggestions.

I have this problem too.
0 votes
Correct Answer by Joe Clarke about 7 years 2 months ago

You have the string "not found" in your config which is tripping up RME. If you remove this, it should detect that "show run brief" works.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Joe Clarke Wed, 11/11/2009 - 12:06

You may have a string within the config which is tricking the code into thinking that "show run brief" does not work. Post the full show run.

Correct Answer
Joe Clarke Wed, 11/11/2009 - 12:43

You have the string "not found" in your config which is tripping up RME. If you remove this, it should detect that "show run brief" works.

Joe Clarke Mon, 10/18/2010 - 13:55

There are a set of hard-coded strings in RME that RME looks for to see if an error occurred.  The list is as follows:

            "% Invalid input detected", "% Incomplete", "% Error:",             "Unknown command", "%Error", "is in use by the crypto-map",
             "% Please define a domain-name first","ERROR:",             "Enter TEXT message.  End with the character",
             "is not a valid encrypted secret", "not found","Must delete",             "Cannot","Query interval must be greater than Query response interval",
             "Bad mask","% Please define a hostname other than Router",             "Invalid encrypted password:", "must be","does not exist","Incorrect",
             "Bad IP range","not configured","not allowed","%Invalid",             "Mobile IP is not running","HA is not enabled",
             "already configured","already exists","too long",
             "already defined","Ambiguous","Not Enough",             "IP address range overlaps with pool","No MN entry",
             "No visitor entry for","Hardware interface is missing",             "FA service could not be enabled","Only standard access-lists are support
ed",             "Overlapping mobile host entry","No mobility binding","Invalid client netmask",
             "Service CDMA PDSN is not enabled","%%Accounting time-of-day has not been initialized",
             "Unable to start PDSN UDP service","%%Session with MSID %s does not exist
.\n\", imsi_input",             "is not valid user directory name","failed to retrieve intermediate regis
tration","Permission denied",
             "%%MD5 key in hex must be %d chars\", IPMOBILEMD5CHARLEN",
             "%%Insufficient resources to store PCF information","%%Insufficient resou
rces to store PDSN Selection",
             "%% cdma pdsn selection is not enabled.","%%CDMA PDSN Redundancy is not e
             "%% Radius disconnect should be turned on PDSN","%ERROR:","Command author
ization failed.","Command rejected:","already mapped","command rejected","Diagnostic[]
: Error.","Error.","% Please delete your existing CA certificate first.",                "overlaps with","% Failed to create VLANs","VLAN(s) not available in P
ort Manager",
                "%Error: Invalid function input.","%Error: Invalid Function name.",
                "% Could not remove trigger mapping.","does not exist.","% Trigger does not exist.","Invalid cron string or time out of range"

JClark, I am not clear on who this function is affecting the Out-of-Sync, Certificate issue.  In addition I open up a TAC and the engineer recommended that I exclude these command from the Config-Fetch Process under RME>Admin>Config-Management>Exclude commands.  But I would like to see if there is any strings in my config that might be tripping RME, but I am not clear as to how to look for them?

Thanks in advance for your reply.


Joe Clarke Tue, 10/19/2010 - 07:23

Go through the list I posted previously, and compare each quoted string against your config.  Do this in a case-insensitive manner.  If any of those strings match, you will need to remove them from the config to allow RME to think the config fetch was successful.


This Discussion