User tracking not finding any hosts in Ciscoworks LMS 3.1

Unanswered Question
Jan 13th, 2010

L.S.


Our test-configuration is as follows:

Application versions:

Ciscoworks LMS 3.1

Ciscoworks Common Services 3.2.0

Campus Manager 5.1.4


We have 31 managed devices in Campus Manager (data has been collected on all),

Edit: All of them show up green in the topology window.


The device are: 2 6509 cores (running IOS s72033_rp-IPSERVICESK9_WAN-M version 12.2(18)SXF8), 1 ASA firewall (running ASA-OS version 8.0.5) and 29 switches (2960 and 3560 models both running ios version 12.2(52)SE). The switches are connected as follows:

User tracking jobs are running normally, but aren't finding any end-hosts or IP phones at all (I suspect around 250-500 hosts+ on these switches)

We are running SNMP v3 on the switches and have added the following configuration items to all the switches:


snmp-server group readonly v3 auth context vlan-1

<repeat for all present snmp-contexts as shown in show snmp context output>

...

snmp-server group readonly v3 auth context vlan-83


Debugging is enabled in CM->Admin->Debugging Options->User Tracking Server

This is the UT.log file of the last major acquisition:


messages will remian logged to file: D:\PROGRA~1\CSCOpx\log\ut.log
2010/01/13 14:00:01 main MESSAGE ProcessInitializer: Properties will be read from D:\PROGRA~1\CSCOpx\campus\etc\cwsi\ut.properties
I= 0value *.*.*.*
I= 1value 6
I= 2value 1
2010/01/13 14:00:01 main MESSAGE DBConnection: Created new Database connection [hashCode = 10969598]
PartialOrderNode tree dump: time base = VMPSMajor
<root>
    VMPSMajor: <root>
    VMPSMajor:     VMPSMajor.GetXMLData
    VMPSMajor:         VMPSMajor.PingSweep
    VMPSMajor:         VMPSMajor.PopulateFromDCR
    VMPSMajor:             VMPSMajor.GetPortStatus
    VMPSMajor:                 VMPSMajor.GetBridgeTable
    VMPSMajor:             VMPSMajor.Sweep
    VMPSMajor:                 VMPSMajor.GetIpXlateTable
    VMPSMajor:                 VMPSMajor.GetIpv6XlateTable
    VMPSMajor:                     VMPSMajor.GenerateTable6
    VMPSMajor:                         VMPSMajor.GenerateTable


SMFunction evaluation order: time base = VMPSMajor
  VMPSMajor.GetXMLData  Major
  VMPSMajor.PingSweep  Minor
  VMPSMajor.PopulateFromDCR  Major
  VMPSMajor.GetPortStatus  Minor
  VMPSMajor.Sweep  Major
  VMPSMajor.GetBridgeTable  Minor
  VMPSMajor.GetIpXlateTable  Minor
  VMPSMajor.GetIpv6XlateTable  Minor
  VMPSMajor.GenerateTable6  Major
  VMPSMajor.GenerateTable  Major


Time base VMPSMajor has 5 major nodes and 3 minor traversals.


log4j:ERROR No appenders could be found for category (CTM.common).
log4j:ERROR Please initialize the log4j system properly.
In classlist loader
In classlist loader processing sub classes
updation done
In classlist loader completed
2010/01/13 14:00:03 main MESSAGE DBConnection: Created new Database connection [hashCode = 12524859]
Calling default
Subnet to SubnetData Map Size :73
2010/01/13 14:01:31 DBConnecton-Reaper MESSAGE DBConnection: Closed Database connection [hashCode = 12524859]
2010/01/13 14:01:31 DBConnecton-Reaper MESSAGE DBConnection: Closed Database connection [hashCode = 10969598]
2010/01/13 14:04:50 main MESSAGE DCRDevWrapper: Closing DCRProxy


I'm slowly getting to a dead end here. What am I missing?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Joe Clarke Wed, 01/13/2010 - 09:38

There is no "user tracking" debugging enabled in this log (that is the module that needs to be enabled).  It sounds like you've done the SNMP configuration correctly.  Try enabling acquisition for all subnets under Campus Manager > Admin > User Tracking > Acquisition > Configure Subnet Acquisition.  then run a full major acquisition from the Campus Manager homepage.  If you still don't find any end hosts, post the NMSROOT/campus/etc/cwsi/portsData.xml and vlanData.xml files.

Marcel Verbrugg... Thu, 01/14/2010 - 01:58

Hi Joe,


Thanks for your reply.

Acquisition was already enabled for all subnets in Campus Manager > Admin > User Tracking > Acquisition > Configure Subnet Acquisition


I indeed forgot to activate to correct module in the debugging, shame on me.

I have done so now and ran a new major acquisition. The new ut.log file is attached. It is significantly larger noew.

In the ut.log file, the acquisition does seem to detect a large number of hosts (some output has been truncated by me to save filesize), but why exactly they aren't turning up in LMS is still a bit strange to me.


I have also attached the other files you requested.

Attachment: 
Joe Clarke Fri, 01/15/2010 - 13:54

There appears to be a problem with your SNMPv3 configuration.  It would be helpful to see the running config from 172.16.0.14 (for example) to confirm configuration is correct.  It would also be good to see a sniffer trace of all SNMP (udp/161) traffic between the Campus server and this switch while performing a major acquisition.  If the config is right, it could be that the cached v3 parameters are not, and this is triggering an SNMPv3 violation.

Joe Clarke Sat, 01/23/2010 - 09:39

That will be required along with the output of "show snmp user".  Something you might also try is to empty out the contents of NMSROOT/campus/etc/cwsi/UTSnmpv3EngineParam.txt.  Then run a new UT acquisition, and see if users show up.

Marcel Verbrugg... Mon, 01/25/2010 - 00:50

I have attached the output of show snmp user on the 172.16.0.14 switch.


The file you refer to (NMSRoot/campus/etc/cwsi/UTSnmpv3EngineParam.txt) does not exist. The only file that comes close in name and possible function is NMSRoot/conf/csdiscovery/SNMPv3CacheParam.properties


I will run the capture later today

kerklaanm Tue, 01/26/2010 - 05:14

Hi,

We are experiencing the same problem. IP Phones are detected normal workstations are not.

Regards Marco

Marcel Verbrugg... Mon, 02/08/2010 - 06:01

Well, our problem was resolved finally through a weird coincendence after having a websession with a Cisco TAC engineer (TAC case SR 613376661)


We changed the

snmp-server group readonly v3 auth context vlan-xxxx


commands in the switches to:


snmp-server group writeonly v3 auth context vlan-xxxx


that is: use the writestring in the snmp-server groups instead of the read string.


After we changed that, all of the User Tracking mysteriously started working.

As far as I know, the writestring should not be needed, but apparently it is....

Is there any explanation for this?

kerklaanm Mon, 02/08/2010 - 07:11

But this only adds snmp group with the name write-only the specs for the group are the same. Or am i missing something?


Regards Marco

Marcel Verbrugg... Mon, 02/08/2010 - 07:19

You are missing the part in the configuration file posted earlier:


snmp-server group readonly v3 auth read allxs
snmp-server group writeonly v3 auth write allxs

snmp-server view allxs internet included

Actions

This Discussion

Related Content