cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1335
Views
0
Helpful
8
Replies

Several devices out of Sync LMS 2.6

bstevens85
Level 1
Level 1

I have several devices out of sync. The only difference is Crypto-Crypto PKI-Crypto PKI Certificate chain TP-self-signed-2826016128. I've followed the advice of previous posts. I have telnet and ssh used in that order. All devices are able to use "show running brief", I've verified on each device. Thanks in advance for any help or suggestions.

1 Accepted Solution

Accepted Solutions

You have the string "not found" in your config which is tripping up RME. If you remove this, it should detect that "show run brief" works.

View solution in original post

8 Replies 8

Joe Clarke
Cisco Employee
Cisco Employee

You may have a string within the config which is tricking the code into thinking that "show run brief" does not work. Post the full show run.

Attached is the full show run from one of the devices. Thank you.

You have the string "not found" in your config which is tripping up RME. If you remove this, it should detect that "show run brief" works.

Thank you Mr. Clarke, that worked.

How did you know that this specific string "not found" was tripping the "sh running-config brief" lookup by RME? Are there other strings we should be concerns?

There are a set of hard-coded strings in RME that RME looks for to see if an error occurred.  The list is as follows:

            "% Invalid input detected", "% Incomplete", "% Error:",             "Unknown command", "%Error", "is in use by the crypto-map",
             "% Please define a domain-name first","ERROR:",             "Enter TEXT message.  End with the character",
             "is not a valid encrypted secret", "not found","Must delete",             "Cannot","Query interval must be greater than Query response interval",
             "Bad mask","% Please define a hostname other than Router",             "Invalid encrypted password:", "must be","does not exist","Incorrect",
             "Bad IP range","not configured","not allowed","%Invalid",             "Mobile IP is not running","HA is not enabled",
             "already configured","already exists","too long",
             "already defined","Ambiguous","Not Enough",             "IP address range overlaps with pool","No MN entry",
             "No visitor entry for","Hardware interface is missing",             "FA service could not be enabled","Only standard access-lists are support
ed",             "Overlapping mobile host entry","No mobility binding","Invalid client netmask",
             "Service CDMA PDSN is not enabled","%%Accounting time-of-day has not been initialized",
             "Unable to start PDSN UDP service","%%Session with MSID %s does not exist
.\n\", imsi_input",             "is not valid user directory name","failed to retrieve intermediate regis
tration","Permission denied",
             "%%MD5 key in hex must be %d chars\", IPMOBILEMD5CHARLEN",
             "%%Insufficient resources to store PCF information","%%Insufficient resou
rces to store PDSN Selection",
             "%% cdma pdsn selection is not enabled.","%%CDMA PDSN Redundancy is not e
nabled",
             "%% Radius disconnect should be turned on PDSN","%ERROR:","Command author
ization failed.","Command rejected:","already mapped","command rejected","Diagnostic[]
: Error.","Error.","% Please delete your existing CA certificate first.",                "overlaps with","% Failed to create VLANs","VLAN(s) not available in P
ort Manager",
                "%Error: Invalid function input.","%Error: Invalid Function name.",
                "% Could not remove trigger mapping.","does not exist.","% Trigger does not exist.","Invalid cron string or time out of range"

JClark, I am not clear on who this function is affecting the Out-of-Sync, Certificate issue.  In addition I open up a TAC and the engineer recommended that I exclude these command from the Config-Fetch Process under RME>Admin>Config-Management>Exclude commands.  But I would like to see if there is any strings in my config that might be tripping RME, but I am not clear as to how to look for them?

Thanks in advance for your reply.

Erick

Go through the list I posted previously, and compare each quoted string against your config.  Do this in a case-insensitive manner.  If any of those strings match, you will need to remove them from the config to allow RME to think the config fetch was successful.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: