07-09-2014 07:59 AM - edited 03-01-2019 11:44 AM
Hello,
I have UCS Manager Version 2.2(1c)
I set up configuration backup via SCP, and Im getting error.
Destination is accessible from other computer in same VLAN via WinSCP.
I need help what exactly is causing that error from UCS Manager, and how to solve this issue.
I tried to delete and again add backup job operation.
Severity: Critical
[FWS:FAILED]: internal system backup
Type: fsm
Cause: fsm-failed
Code: F999723
I am waiting for quick replay.
Cheers.
Solved! Go to Solution.
07-11-2014 03:27 AM
Looking at the logs you posted there is a mismatch in algorithms betwen scp server and ucs system. Server is accepting aes-ctr and ucs is using aes-cbc ?
Maybe try adding
"Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc" to /etc/ssh/sshd_conf
07-09-2014 08:38 AM
Does scp work from the host you connect to UCSM ?
What OS for scp server
any firewall ?
I assume you never get to the point, where you have to enter a pw ?
07-09-2014 11:42 AM
Hello wdey,
I am able to connect from some other server (Windows Server) to that SCP backup server (Linux)
Both hosts I mean UCS Manager, Backup Linux server, and Windows Server are in the same VLAN. (management). So there is no firewall.
What do you mean
"I assume you never get to the point, where you have to enter a pw ?"
Cheers and I am waiting for quick replay.
07-09-2014 11:58 AM
Can you please post a screenshot of the backup configuration, as well as the full error message !
Would you mind trying this with CLI
SSH to the Fabric Interconnect
Change to the system scope by typing “scope system”
create backup scp://ucsbackup@ucs-allbackup.domain.com/home/ucsbackup/fabricInterconnectName_all_configuration.bak all-configuration enabled
Go back to the scope system (type exit)
Note: ucsbackup is the username you login to your SCP server with. After each create backup command is issued you will be required to put in the password, this is a onetime process.
07-09-2014 12:25 PM
Hey wdey,
Yes, I sorry, i forgot provide output from CLI.
I tried to push
FABRIC(local-mgmt)# copy workspace:/techsupport/some_date_here.tar scp://ucsbackup@some_IP_address
no matching cipher found: client aes128-cbc,3des-cbc,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se server aes128-ctr,aes192-ctr,aes256-ctr
lost connection
With your hints, i did and ...
FABRIC /system # create backup scp://ucsbackup@here_is_IP_ADDRESS/home/ucsbacku p/fabricInterconnectName_all_configuration.bak all-configuration enabled
Password: [here i typed password of course]
FABRIC /system/backup* #
FABRIC /system/backup* # exit
from server
[ucsbackup@some_backup_server ~]$ ls -la
total 28
drwx------ 3 ucsbackup ucsbackup 4096 Jul 8 16:41 .
drwxr-xr-x. 9 root root 4096 Jul 3 14:30 ..
-rw------- 1 ucsbackup ucsbackup 176 Jul 9 19:56 .bash_history
-rw-r--r-- 1 ucsbackup ucsbackup 18 Jul 9 2013 .bash_logout
-rw-r--r-- 1 ucsbackup ucsbackup 176 Jul 9 2013 .bash_profile
-rw-r--r-- 1 ucsbackup ucsbackup 124 Jul 9 2013 .bashrc
As you can see, empty
07-09-2014 12:35 PM
Hi
If I understand you correctly, with CLI, you can connect to the scp server (therefore network connectivity is ok), enter a pw, and the backup finishes without an error message, the proper file is created, but it is empty ? correct ?
07-09-2014 12:37 PM
Hey,
Wdey, that is correct, after typed password i suppose t see some progress % % %
But I didnt see....
07-09-2014 12:42 PM
Not sure, that one sees a progress bar !
Did you just out of curiosity try another method, like ftp, tftp,.....or even to the local system.
I know scp has been done in the past; not myself however !
07-09-2014 12:50 PM
Hi Wdey,
I didnt check other methods.
Could you provide some example of local system...
Maybe there is a problem with ssh certificates ? on ucs side ? maybe same linux side, i dont know....
07-11-2014 03:27 AM
Looking at the logs you posted there is a mismatch in algorithms betwen scp server and ucs system. Server is accepting aes-ctr and ucs is using aes-cbc ?
Maybe try adding
"Ciphers aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc" to /etc/ssh/sshd_conf
07-09-2014 01:21 PM
Wdey, take a look on error log
07-09-2014 01:04 PM
any idea ?
07-10-2014 02:07 AM
I would open a TAC case ! strange that CLI doesn't bring you the same error !
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide