cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
769
Views
5
Helpful
14
Replies

cisco vms 2.3 can't query to IDSM-2

mylove142
Level 1
Level 1

Hi all,

I use Catalyst 6513 (Router IOS) + IDSM-2 and use Cisco VMS 2.3 to manage IDSM-2. I upgrade IDSM-2 from version 4 to version 5. However, after updating completely, I use Cisco VMS 2.3 to query to IDSM-2, I see a error:

"status: Error importing configuration files from the sensor - Unable to get sensor version from the sensor. Possible reason: X.509 certificate is invalid or sensor version was downgraded. "

14 Replies 14

edwakim
Cisco Employee
Cisco Employee

Hi,

Normally doing the following fixes the problem.

You need to regenerate the IDSMC Certificate and add the VMS as the trusted host to the sensor.

To generate the certificate do the following.

c:\progra~1\cscopx\mdc\apache\gencert.bat

where c: drive is the drive you installed your VMS.

After this is done, please restart the CiscoWorks Daemon Manager.

You will also need to generate tls key as well as manually re-install the TLS certificate on your sensor.

tls trusted-host from the IPS CLI and specify your VMS's IP address.

tls generate-key

no tls trusted-host ip-address (vms server ip)

tls trusted-host ip-address (vms server ip)

Thanks.

Edward

Thank you for your answer, however, I can't do that because when I type:

E:\>CSCOpx\MDC\Apache\gencert.bat

E:\>\openssl.exe req -config \conf\ssl\openssl.conf -new -nodes -out \conf\ssl\s

erver.csr -keyout \conf\ssl\server.key

'\openssl.exe' is not recognized as an internal or external command,

operable program or batch file.

E:\>\openssl.exe x509 -in \conf\ssl\server.csr -out \conf\ssl\server.cert -req -

signkey \conf\ssl\server.key -days 365

'\openssl.exe' is not recognized as an internal or external command,

operable program or batch file.

If you know the cause, please answer me early.

Thanks

Hi,

Could you search your drives to see where the 'openssl.exe' file is?

Thank you.

Edward

I see openssl in

1) E:\CSCOpx\MDC\apache

2) E:\CSCOpx\lib\web

openssl.exe-CSCec43722-1 in E:\CSCOpx\MDC\apache

Now, what I must do ?

Thanks,

Duy Khang

Could you look at the gencert.bat file?

If the batch file does not have correct path, please correct them.

Thank you.

Edward

The batch file has correct path

Could you post the batch file content?

Thank you.

Edward

The content of batch file:

%1\openssl.exe req -config %1\conf\ssl\openssl.conf -new -nodes -out %1\conf\ssl\server.csr -keyout %1\conf\ssl\server.key

%1\openssl.exe x509 -in %1\conf\ssl\server.csr -out %1\conf\ssl\server.cert -req -signkey %1\conf\ssl\server.key -days 365

Hi,

Try to build another batch file with this content and try the batch file. Please note that there are 3 lines. (1 short one and 2 long ones)

set PATH=E:\CSCOpx\bin;%PATH%

E:\CSCOpx\MDC\Apache\openssl req -config E:\CSCOpx\MDC\Apache\conf\ssl\openssl.conf -new -nodes -out E:\CSCOpx\MDC\Apache\conf\ssl\server.csr -keyout E:\CSCOpx\MDC\Apache\conf\ssl\server.key

E:\CSCOpx\MDC\Apache\openssl x509 -in E:\CSCOpx\MDC\Apache\conf\ssl\server.csr -out E:\CSCOpx\MDC\Apache\conf\ssl\server.cert -req -signkey E:\CSCOpx\MDC\Apache\conf\ssl\server.key -days 365

When I run the batch file, it asks me 2 question:

1) Click the program you want to use to open "server.csr"

2) Click the program you want to use to open "server.csrt"

I don't know to choose which programs to open 2 above file?

Hi,

You may see 5 lines from the output but there are only 3 lines.

Please make them to 3 lines and try it again.

Thank you.

Edward

Dear Sir,

I have done what you said. However, I can't import IDSM-2 from Cisco VMS. I see the same error like the fist post.

I have updated complete with the first IDSM-2 but I can't updated for the second IDSM-2. I use Cisco VMS to manage both IDSM-2.

At the first time, when I install IPS v5 at the first IDSM-2, I see the change of Graphical interface of Cisco VMS v2.2 from v4 to v5.

At the second time, when I install IPS v5 at the second IDSM-2, I don't see the the change of Graphical interface of Cisco VMS v2.2, the graphical interface is still version 4.

Maybe VMS v2.2 has error to connect to IDSM-2?

Hi,

Could you delete the sensor from the IPSMC and try to re-add the sensor?

Thank you.

Edward

thank you very much

I have updated finish. I delete the sensor and then import the sensor

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: