Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2049
Views
0
Helpful
14
Replies

sync archive failing

Bruce Summers
Level 1
Level 1

‎04-01-2010 07:23 AM

hey folks..

Have an issue with my archive sync.

we recently moved from local accounts on our devices to a TACACS appliance.  I setup a TACACS account for my LMS to use to perform the sync archive.  It is a security level 15 account.

i setup the appropriate credentials in device credentials section, removing the old local account, and placing the TACACS account.

Each time I attempt a sync, I am returned the following error:

*** Device Details for <DEVICE> ***
Protocol ==> Unknown / Not Applicable
Selected Protocols with order ==> SSH
Execution Result:


CM0151 PRIMARY RUNNING Config fetch failed for <DEVICE> Cause: Couldnot enter ENABLE Mode from USER Mode on Device. Action: Check if protocol is supported by device and required device package is installed. Check device credentials. Increase timeout value, if required.

SSH is the only protocol configured for use on the switch i'm attempting to archive and is the configured protocol within LMS.  I can SSH from the machine in which LMS is running and enter configuration mode without a problem.  I have increased the SNMP timeout value.

what am I missing here?

Labels:
0 Helpful
14 Replies 14

Bruce Summers
Level 1
Level 1

‎04-01-2010 07:40 AM

an additional note:

I performed a "Check Device Credential" and was returned the following as a result:

        "Enable username credential missing"

within the credential edit location, there is only 1 place to put a username, so i'm not real clear what this error means.

thanks

Bruce 

0 Helpful

yjdabear
VIP Alumni
VIP Alumni
In response to Bruce Summers

‎04-01-2010 09:09 AM

Both point to the enable password being missing in DCR for the device.

0 Helpful

Bruce Summers
Level 1
Level 1
In response to yjdabear

‎04-01-2010 09:17 AM

hmmm..

and if placing the credentials by editing device credentials doesnt get the credentials in the appropriate area, what does?

how can i confirm your theory...

bruce

0 Helpful

yjdabear
VIP Alumni
VIP Alumni
In response to Bruce Summers

‎04-01-2010 09:39 AM

To verify whether the enable password is populated, you could choose Export from DCR - Device Mamanagent, either in CSV or XML format (don't forget to tick the "Export Device Credentials" box if on LMS 3.2). Then examine the line for the problem device.

Also, you could set up a sniffer session, or use the Packet Capture tool bundled with LMS, to capture the conversions during a Sync Archive job (scheduled or ad-hoc) against the problem device. That could shed some light, depending on what protocol you've selected (less with SSH).

Lastly, you can examine the Sync Archive job logs or post them here. For example, on Solaris, it's located in /var/adm/CSCOpx/files/rme/jobs/ArchiveMgmt/[jobID]/. Of course, having debug on would be much better, so you may want to schedule an ad-hoc Sync Archive after enabling debug on ArchiveMgmt in RME.

0 Helpful

Bruce Summers
Level 1
Level 1
In response to yjdabear

‎04-01-2010 12:25 PM

I turned on debugging, looked at the txt file that is generated and it says the same thing as the error that is displayed

Actually, its not an error concerning the password.  It is stating that the enable username is missing in one section of LMS

but seems to manifest itself in RME as an authentication failure.

"Could not enter ENABLE Mode from USER Mode on Device"

0 Helpful

yjdabear
VIP Alumni
VIP Alumni
In response to Bruce Summers

‎04-01-2010 12:31 PM

Now I'm starting to suspect you device is running one of the IOS versions affected by CSCsu21040.

Basically, the buggy IOS asks for "Username: " again after receiving "enable", which throws RME for a loop.

Some of the affected IOS I've seen:
12.2(17r)SX3
12.2(17r)SX5
12.2(33)SXH3


Fixed-In

12.2(33.3.12)SXH
12.2(33)SXH4

http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCsu21040

CSCsu21040 Bug Details

Enable authentication prompts for username/password instead of just pass
Symptom:

With enable authentication configured, the router/switch prompts for both username and password instead of just password.

Conditions:

This problem has been seen on IOS 12.2(33)SXH3.

Workaround:

Enter both username and password when prompted

0 Helpful

Bruce Summers
Level 1
Level 1
In response to yjdabear

‎04-01-2010 12:44 PM

Understood...some buggy IOS's, but how do I work around it? I cant upgrade all my IOS's (very large datacenter).

Is there a method to do so?

Bruce

0 Helpful

yjdabear
VIP Alumni
VIP Alumni
In response to Bruce Summers

‎04-01-2010 12:45 PM

No workaround that I'm aware of from the LMS end.

0 Helpful

Bruce Summers
Level 1
Level 1
In response to yjdabear

‎04-01-2010 12:45 PM

i responded via email a bit ago...

However, a follow on to that email...this problem only occurred when i changed TACACS appliances.  We were using TACACS on one appliance and are now using it on another appliance...

same configuration, just different user accounts...

bruce

0 Helpful

yjdabear
VIP Alumni
VIP Alumni
In response to Bruce Summers

‎04-01-2010 12:48 PM

Then I wouldn't attribute the problem to the bug unless one could manually duplicate the symptom of getting the extraneous "username: " prompt upon trying to enter enable mode. It could be another cause entirely.

0 Helpful

Bruce Summers
Level 1
Level 1
In response to yjdabear

‎04-01-2010 12:50 PM

Agreed.

And I am not being prompted when I merely SSH into the devices...so,

probably not the bug you reference causing it...

I am perplexed...

Bruce

0 Helpful

Bruce Summers
Level 1
Level 1
In response to yjdabear

‎04-01-2010 07:11 PM

Anybody have any other thoughts?

I've removed a device, added back in, restarted all the services for LMS, reinventoried the device,  I have validated and revalidated the credentials and nothing seems to point to the problem.

is there a log that would give some indication of what is happening between LMS and the device...Nothing apparent is in the switch log.

thanks.

bruce

0 Helpful

Bruce Summers
Level 1
Level 1
In response to yjdabear

‎04-01-2010 09:23 AM

hmm..but, now that we are talking about it,

the credentials are present for the initial ssh login process...

its not really saying the password is in correct, its saying the Enable Username is missing.

bruce

0 Helpful

fredareid
Level 1
Level 1

‎01-26-2011 08:49 AM

Has anyone found a solution to this issue? I am experiencing the same thing.

Even my credential check is telling me it fails for "Enable username credential missing."

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents