03-25-2010 08:47 AM
I have multiple 6509's that fail to archive their configurations. 50% of them succeed and the other half fail with this job status:
*** Device Details for 140_6509 *** |
Protocol ==> Unknown / Not Applicable |
Selected Protocols with order ==> SSH |
Execution Result: |
CM0151 PRIMARY RUNNING Config fetch failed for 140_6509 Cause: Unable to enter ENABLE mode from USER mode Action: Check if protocol is supported by device and required device package is installed. Check device credentials. Increase timeout value, if required. |
All the 6509's are setup identically in CW as far as I am able to determine. I've removed one that was failing from DCR and re-added it but got the same error.
A device credential check shows the ssh enable username is missing...I'm not sure what that is because other 6509's pass with the same set of credentials.
03-25-2010 12:14 PM
I would double check all credentials that have failed , one letter wrong and it won't pass. Especially your Enable mode password credentials. If you use a local username that also must be entered into Common Services / Device Management
03-26-2010 06:03 AM
When I see the " Enable username credential missing" what exactly does that mean? Where would I go to fill in that missing username? I've looked under the credential setting sbut don't see an enable username specifically.
03-26-2010 07:06 AM
Hi,
Under Common Services, which is the first and only area you should enter
device credentials. CiscoWork will automatically distribute these
credentials to the appropriate modules within the application e.g. RME,
DFM..etc
Jeff
Jeff Johnson
Network Communication CSD
Network Analyst
Sargent & Lundy LLC
55 E. Monroe Street Suite 27V17
Chicago, Ill 60603
Office 312-269-7180
Cell 312-315-6780
From: ckeithjones
To: Jeff Johnson
Date: 03/26/2010 08:03 AM
Subject: New message: "Ciscoworks Archive
jefferyj40,
A new message was posted in the Discussion thread "Ciscoworks Archive
Management Failures":
https://supportforums.cisco.com/message/3042821#3042821
Author : ckeithjones
Profile : https://supportforums.cisco.com/people/ckeithjones
Message:
03-26-2010 07:25 AM
Ok, I was just getting there from Device Center. Looking in a failed job log I see this:
"[ Fri Mar 26 10:12:27 EDT 2010 ],DEBUG,[Thread-0],com.cisco.nm.rmeng.util.rmedaa.RMERepository,getAttr,165, Cache for: PRIMARY_ENABLE_USERNAME not available. Getting from System"
When I remove the enable password from the device in Common Services the credential check returns a "No value to test" under Enable by SSH. However when I reenter the password then I get "Enable username credential missing.". But the username is right there and I know it's correct because the plain SSH test passes with "OK(Primary Successful)".
03-26-2010 07:38 AM
I also see this in the job log "[ Fri Mar 26 10:34:44 EDT 2010 ],DEBUG,[Thread-0],com.cisco.nm.rmeng.util.rmedaa.RMERepository,getAttr,131, Got value for x.x.x.x|PRIMARY_USERNAME Value : ***(masked)"
04-01-2010 07:32 PM
did you ever find a resolution to this? I'm experiencing exactly this problem.
thanks
bruce
04-03-2010 03:35 AM
No. I'm off work this week but next week I'm going to open a TAC case for it.
04-03-2010 08:14 AM
I've found a work around for this.
if you add the following on your switches, it will no longer prompt for the enable login.
aaa authorization exec default group tacacs+ if-authenticated
Once I added this aaa statement, CW could then login directly to exec mode...
I would think there would be another method for getting cisco works to function without having to add this to every switch, but if you're in a bind and need to get your configs archived, you could use this...
Bruce
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: