Running vs Startup

Answered Question
Apr 21st, 2010

A node (EDC) is always in Out-of-Sync.

The only difference is the certificate. In the RC we can see it, but in SC we can see the .cer file.

How can we save it in order didn't appear as Failed?

certificate self-signed 01 nvram:IOS-Self-Sig#XXXX.cer

certificate self-signed 01
  30820240 308201A9 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 31353839 35313530 3038301E 170D3933 30333031 30303033
  33365A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 35383935
  31353030 3830819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
........
I have this problem too.
0 votes
Correct Answer by Nael Mohammad about 6 years 7 months ago

You can list the commands that have to be excluded while comparing configuration. To do this select  Resource Manager Essentials > Admin > Config Mgmt > Archive Mgmt > Exclude Commands.  Select the device and enter the command "certificate" and save to apply changes.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3.5 (2 ratings)
Loading.
Nael Mohammad Wed, 04/21/2010 - 12:17

You most likely are hitting a known bug:

http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCsl33625

RME  Config fetch via tftp fails to exclude certificate from running conf

Symptom:

When RME is configured to exclude  'certificate' (default configuration) , devices configured with a  self-signed permanent certificate are listed on the RME 'Config-out-of  Sync' page, and the only difference between startup and running  configuration is the certificate.

Conditions:

This  problem occurs when RME is configured to use TFTP to retrieve the  configuration of the device.

Workaround:

Change RME  to use Telnet or SSH to retrieve the configuration
RME - >  Admin- > 'Config Management' - > 'Transport Settings' , select  'Application Name = "Archive Mgmt"
mserranocisco Thu, 04/22/2010 - 00:31

Hi Nael,

thank you very much, but I'm not sure this is our case, because it fas fixed in RME 4.2 and we have RME 4.3 (LMS 3.2).

Something else?

Anyway, if I delete TFTP from "Transport Settings", is it going to affect to download vlan.dat or something else????

Thanks again...

Correct Answer
Nael Mohammad Thu, 04/22/2010 - 11:50

You can list the commands that have to be excluded while comparing configuration. To do this select  Resource Manager Essentials > Admin > Config Mgmt > Archive Mgmt > Exclude Commands.  Select the device and enter the command "certificate" and save to apply changes.

Actions

This Discussion