LMS 4.0.1 user tracking acquisition problem

Unanswered Question
May 29th, 2011

Hi all,

I have a problem with user tracking as I see IP phones only on a few of my switches.

Credential Check runs without any issues, DNS is working for the devices (both name -> IP and IP -> name)

I have deleted and readded the devices and run a discovery afterwards.

What I found is: going to acquisition (Admin> Collection  Settings> User Tracking> Acquisition  Action) and do a Device Selection I can select the switches but when I then start the acquisition I get an error "unreachable Device".

Deivce Unreachable Report shows no unreachable devices.

Do I miss something?

Thanks

Frank

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 0 (0 ratings)
Joseph Clarke Sun, 05/29/2011 - 09:15

This error means ANIServer was unable to identify any layer 2 VLAN ports on the device in question.  This can happen if the device in question is not a layer 2 switch or if all of the ports are in a layer 3 interface mode.  This can also happen if Data Collection did not complete.  You should run a new full Data Collection then see if you can acquire the end hosts.

If you have any etherchannel ports in your network that are terminated on Cat2K, Cat3K, or Cat5K switches, you will encounter CSCto06189.  A patch is available at http://www.cisco.com/cisco/software/release.html?mdfid=283434800&flowid=19062&softwareid=280775103&os=Windows&release=4.0.1&relind=AVAILABLE&rellifecycle=&reltype=latest to fix this.

fbender Sun, 05/29/2011 - 10:03

Thanks for the hint!

I have an issue with the ANI sever, when I try to connect from my browser it stops at about 30% percent and then timeouts somewhen - wanted to look into it later...

I did a full data collection but it did not change anything - and I get the data from some devices but not all. All devices in questions (working and not working) are 4507R connected by L3 Etherchannels to the same pair of 6513s.

I also get the info from all 3550s, 3560s and 3750s at remot sites.

Regards

Frank

Joseph Clarke Sun, 05/29/2011 - 11:14

The Connecting to ANISerber hang is most likely due to a firewall between your client and the server.  TCP ports 42342 and 43242 must be open between the client and server.  You can test this by telneting to those ports from the client.  If the connections hang then timeout, you will need to talk to your network security team to get those ports opened up.

You might still try applying the Data Collection patch I mentioned.  Any etherchannel terminated on an affected switch will cause Data Collection to crash, thus not properly processing all the devices.

fbender Sun, 05/29/2011 - 12:12

No fw - I can telnet to the ports - my client is Win7 64bitJave 1.6.0_24 while the server is Win2003 64bit with Java 1.6.0_22.

When I run the Topology Services in a RDP session from the server it is working and showing the boxes as reachable.

I also installed the patch run the datacollection again but still fails with device unreachable for the acquisition.

Joseph Clarke Sun, 05/29/2011 - 12:23

You must use a 32-bit version of the Java Runtime.  It's best to install the JRE that comes with LMS (from NMSROOT/htdocs/plugin).  This version includes the necessary CORBA files.  You also need to make sure the short hostname of the LMS server is resolvable on the client.  That is, the following command executed on the client should give you a blinking cursor at the top of the DOS terminal:

telnet HOSTNAME 42342

Where HOSTNAME is the short hostname of the server.

How do these unreachable switches appear on the Topology Map?

fbender Sun, 05/29/2011 - 12:38

I am not sure what you mean by Topology Map - sorry I am a newbie

I have attached n-hop view, topology services view L2, device center view

all are looking normla to me

Attachment: 
Joseph Clarke Sun, 05/29/2011 - 13:00

Start a packet capture session using Device Center and the Packet Capture tool.  Filter on all traffic to this device.  Then try to perform device-level acquisition.  Post the resulting sniffer trace file.

fbender Sun, 05/29/2011 - 13:29

sorry cannot find a packet capture tool - but if I want to start acquisition I get an unreachable will it start anyway?

Joseph Clarke Sun, 05/29/2011 - 13:40

The packet capture tool is in Device Center under the star icon above the device summary.  There should be some querying of the device.

Joseph Clarke Sun, 05/29/2011 - 13:50

This doesn't appear to be showing any of the packets that would be sent after starting a device acquisition.  There should be at least one query for sysObjectID, and that is not here.  You need to run the trace for a few seconds after the acquisition is started.

fbender Sun, 05/29/2011 - 14:25

might it be it is not startting at all because of the status "unreachable"

I installed winpcap and restarted the serber but it seems I cannot start packet capture - no reaction on hidding "OK" - I have attached the window I see

Joseph Clarke Sun, 05/29/2011 - 15:47

Post the vlanData.xml and portsData.xml files from NMSROOT/campus/etc/cwsi.

fbender Mon, 05/30/2011 - 02:08

PS: port data is aveilable for:

nlse-def2ri12.2(31)SGA10.49.48.211.3.6.1.4.1.9.1.501

but not for

nlse-def4ri12.2(31)SGA10.49.48.411.3.6.1.4.1.9.1.501


both are 4507Rs, same IOS, same connectivity (L3 port channel)

fbender Mon, 05/30/2011 - 02:25

there are obviously more issues and I am not sure they are related:

10.49.48.22 is a 4507 with a Gig interface - here is a cdp nei from 10.49.48.1

nlsc-de1001#sh cdp nei gi 12/15
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
                  S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone,
                  D - Remote, C - CVTA, M - Two-port Mac Relay

Device ID        Local Intrfce     Holdtme    Capability  Platform  Port ID
nlse-def2le      Gig 12/15         179             R S I  WS-C4507R Gig 1/1
nlsc-de1001#

Joseph Clarke Mon, 05/30/2011 - 09:09

There are truly no ports discovered on this switch.  Now that you have the port channel patch installed, reinitialize the ANI database as described in this document:

https://supportforums.cisco.com/docs/DOC-8796

Then run a new full Data Collection.  Then run a new full User Tracking acquisition.  See if your missing end hosts show up.

fbender Mon, 05/30/2011 - 14:48

unfortunately it did not help

As I am still at an earlier stage of my deployment I decided to do a full db reset, but it seems I have an issue with the RME DB (tried 2 times)

C:\Program Files (x86)\CSCOpx>bin\perl.exe bin\dbRestoreOrig.pl dsn=rmeng dmpref
ix=RME

WARNING: Existing contents of rmeng database will be lost.
Do you want to continue [y/n]?y
INFO: Starting the DataBase
    Starting database engine rmengEng
INFO: Process created
INFO: Started the Database engine : rmengEng Retry 0
INFO: Started the Database engine : rmengEng Retry 1
INFO: Started the Database engine : rmengEng Retry 2
INFO: Started the Database engine : rmengEng Retry 3
INFO: Started the Database engine : rmengEng Retry 4
INFO: Started the Database engine : rmengEng Retry 5
INFO: Started the Database engine : rmengEng Retry 6
INFO: Started the Database engine : rmengEng Retry 7
INFO: Started the Database engine : rmengEng Retry 8
INFO: Started the Database engine : rmengEng Retry 9
INFO: Getting message

INFO: Connect the database dsn=rmeng
ERROR: Failed to authenticate [rmeng] database.
Database engine 'rmengEng' could not be started on database 'rmengdb' in Bulk mode.INFO: mergeFile= C:/PROGRA~2/CSCOpx/temp/rmeCleanupFileMerge.txt
INFO: inputFile C:\PROGRA~2\CSCOpx\rigel\scripts\rme\removeJrmJobs.txt
INFO: inputFile C:\PROGRA~2\CSCOpx\rigel\scripts\rme\createJobs.txt
INFO: inputFile C:\PROGRA~2\CSCOpx\rigel\scripts\rme\importOOTBXml.txt
The command is C:\PROGRA~2\CSCOpx\bin\perl.exe -I C:\PROGRA~2\CSCOpx\objects\pe
rl5\lib  C:\PROGRA~2\CSCOpx\dbupdate\dbupdate.pl C:/PROGRA~2/CSCOpx/temp/rmeClea
nupFileMerge.txt
Opening C:\PROGRA~2\CSCOpx/dbupdate/CSCOdbupdate.log for logging
    Starting database engine cmfEng
INFO: Process created
INFO: Started the Database engine : cmfEng Retry 0
INFO: Started the Database engine : cmfEng Retry 1
INFO: Started the Database engine : cmfEng Retry 2
INFO: Started the Database engine : cmfEng Retry 3
INFO: Started the Database engine : cmfEng Retry 4
INFO: Started the Database engine : cmfEng Retry 5
INFO: Started the Database engine : cmfEng Retry 6
INFO: Started the Database engine : cmfEng Retry 7
INFO: Started the Database engine : cmfEng Retry 8
INFO: Started the Database engine : cmfEng Retry 9
INFO: Getting message

INFO: Connect the database DSN=cmf
INFO: Connected the Database
INFO: Command Executed
    Starting database engine rmengEng
INFO: Process created
INFO: Started the Database engine : rmengEng Retry 0
INFO: Started the Database engine : rmengEng Retry 1
INFO: Started the Database engine : rmengEng Retry 2
INFO: Started the Database engine : rmengEng Retry 3
INFO: Started the Database engine : rmengEng Retry 4
INFO: Started the Database engine : rmengEng Retry 5
INFO: Started the Database engine : rmengEng Retry 6
INFO: Started the Database engine : rmengEng Retry 7
INFO: Started the Database engine : rmengEng Retry 8
INFO: Started the Database engine : rmengEng Retry 9
INFO: Getting message

INFO: Connect the database DSN=rmeng
Failed to create the system jobs
Failed to create system jobs
Data cleanup for rmeng failed
rmeng database initialization failed.

C:\Program Files (x86)\CSCOpx>

Joseph Clarke Mon, 05/30/2011 - 21:02

Resetting all of the DBs was likely excessive.  However, since you've started, you need to finish the job.  Set the Daemon Manager service to Manual start, then reboot the server.  When it comes back up, reinitialize all of the databases.  After that, set the Daemon Manager service back to Automatic, then reboot again.

fbender Tue, 05/31/2011 - 09:43

finally I managed to clear the db and rediscovered everything.

But the same issue: I get user trackinng info from all my 35xx but not the 45xx.

fbender Tue, 05/31/2011 - 15:08

there is a job which is running since 10h while jobs normally run only for a few minutes - does this mean anything?

Joseph Clarke Tue, 05/31/2011 - 15:18

It appears Data Collection is completing.  Troubleshooting further will require the full running configuation from this switch as well as the output of "show interface status" and some debugging on the ANIServer side.  This will obviously contain some sensitive information.  As such, you may want to open a TAC service request using the "Open Service Request" link in the actions panel of this discussion.

andrea.meconi@c... Wed, 12/28/2011 - 03:19

Hello Frank.

Did you solve it?

I'm facing same issue with a 3750 stack with IP routing enabled.

I'm going to apply the patch for CSCto0618 bug.

Regards.

Andrea

andrea.meconi@c... Wed, 01/11/2012 - 04:58

Hello Joseph.

I have the same issue: LMS 4.0.1 with all consolidated patch is not able to track users connected to a 3750 stack with IP routing enabled.

I'm trying with LMS 4.1 demo and all works fine!

Any ideas?

Thanks.

Regards.

Andrea

Actions

Login or Register to take actions

This Discussion

Posted May 29, 2011 at 2:48 AM
Stats:
Replies:28 Avg. Rating:
Views:1994 Votes:0
Shares:0
Tags: No tags.
Categories: Cisco Prime
+

Discussions Leaderboard

Rank Username Points
1 2,483
2 1,624
3 1,445
4 861
5 578