Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

FWSM authentication error using RME

During Config Archive, I'm encountering the following error when trying to connect using RME to a Cisco Catalyst 6513 FWSM.

"CM00139 Could not archive config, Cause: Action: Verify that device is managed and credentials are correct. Increase timeout value, if required."

I ran the credential verification using both the ssh protocol and the "SSH Enable Mode User Name and Password" check. It passes the protocol check, but fails with "Enable username credential missing." However, I do have the enable password set in device management/edit device credentials.

thanks

Bruce

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: FWSM authentication error using RME

So your problems with the FWSM fetch are now resolved?

65 REPLIES
Cisco Employee

Re: FWSM authentication error using RME

There is a problem entering enable mode. In order to fetch the config from an FWSM, RME must be able to enter enable mode, enter config mode, configure "no pager", then exit config mode. Can the credentials specified in DCR perform these steps? Try to perform those steps manually. what does the transaction look like?

Community Member

Re: FWSM authentication error using RME

to answer the question about the credentials that are in DCR, yes...the account that i'm using is able to enter enable mode, config mode and then is able to make the change to "no pager"...

I'm not clear what you mean by "what does the transaction look like".

Bruce

Cisco Employee

Re: FWSM authentication error using RME

From the LMS server, connect to the FWSM with SSH using the same credentials that are configured in DCR. Enter enable mode using the same enable password that is in DCR. Run the command "show pager". Then enter config mode, and configure "no pager". Then exit config mode. What does that transaction look like?

Community Member

Re: FWSM authentication error using RME

login as:

password:

Type help or '?' for a list of available commands.

FWSM> en

Password: ****

FWSM# sho pager

no pager

FWSM>#

so, as you can see, from the LMS server, ssh to the FWSM is working...and works when you do the credentials check within RME...but, config arch is bombing on me...

bruce

Cisco Employee

Re: FWSM authentication error using RME

You missed a step. You need to go into configure mode, and type "no pager". Also, enable ArchiveMgmt Service debugging under RME > Admin > System Preferences > Application Loglevel Settings, perform another Sync Archive to this FWSM, and post the dcmaservice.log.

Community Member

Re: FWSM authentication error using RME

sorry...i took from the show pager, that no pager was already set (from previously running the command). here is the output from the command:

fwsm> config t

fwsm(config)# no pager

fwsm(config)# exit

fwsm># sho pager

no pager

after setting debug mode, i ran the config arch again, and attached is the output fo the dcmaservice.log from that run...I didnt want to include it all (WAY too much)....

Cisco Employee

Re: FWSM authentication error using RME

The problem is in your use of privilege levels. RME is expecting enable level to be 15, but you are currently at privilege level 2. That said, you appear to be hitting a code path that should be impossible. What patches have you applied to LMS?

Community Member

Re: FWSM authentication error using RME

"code path" not sure what you mean...I have applied no patches to LMS since installation. Im running LMS Portal 1.1.0, RME 4.2.0, CV 6.1.8, CM5.1.0, DFM 3.1.0

Cisco Employee

Re: FWSM authentication error using RME

Nevermind, I found the problem. I can provide a patch if you want to test it. You will need to open a TAC service request to get it.

Community Member

Re: FWSM authentication error using RME

absolutely...I'll have to get approval before applying it, but give me the bug fix number and i'll vet it out thru my leadership and get the tac case submitted...is it an LMS issue or a firewall issue? that will point me to which way i need to submit the tac case...

thanks J

Cisco Employee

Re: FWSM authentication error using RME

I don't have a bug yet. I'll file the bug when I get confirmation that my fix is the right one. The problem is with the FWSM code in RME.

Community Member

Re: FWSM authentication error using RME

roger....shall i wait to hear back from you or submit the tac case now?

Cisco Employee

Re: FWSM authentication error using RME

Open the case now. Your engineer can get the patch from me.

Community Member

Re: FWSM authentication error using RME

ok...thanks...am I a test platform then?

Cisco Employee

Re: FWSM authentication error using RME

Since you are the only one seeing the problem, and have the privilege level setup, yes.

Community Member

Re: FWSM authentication error using RME

lol...roger...let me tell the boss...

if the privledge level were increased to 15, would we still be seeing this problem?

Cisco Employee

Re: FWSM authentication error using RME

No.

Community Member

Re: FWSM authentication error using RME

roger...i'll get back with you directly...well, it will probably be in the a.m. Gotta confer with the boss...

Community Member

Re: FWSM authentication error using RME

J, Whats your first name...didnt have it to give to TAC.

Community Member

Re: FWSM authentication error using RME

J, Also, when I started this thread, I said this is a 6513...My apologies, it is a CAT 6509...Hope that doesnt make a difference...

Bruce

Community Member

Re: FWSM authentication error using RME

J,

here is my TAC case number:

SR 610699025

thanks

Bruce

Community Member

Re: FWSM authentication error using RME

J,

I submitted the support request, but have gotten nothing back from those folks...

Shall we continue to wait, or can we proceed?

Cisco Employee

Re: FWSM authentication error using RME

Your engineer just contacted me, and I sent him the patch. Another customer has since received it, but I have not heard back on the results.

Community Member

Re: FWSM authentication error using RME

roger...I'll contact Jose and get back with you directly.

Bruce

Community Member

Re: FWSM authentication error using RME

J,

I'm about to deploy the patch...I understand that what needs to be done is to drop the SharedDcmaSC.zip file into the following path:

MDC/tomcat/webapps/rme/WEB-INF/lib/pkgs/

No extraction has to be performed.

then restart the Daemon Manager.

Correct?

Cisco Employee

Re: FWSM authentication error using RME

There is much more to it than that. Hopefully your engineer explained how to backup the original file and verify the MD5 checksum of the new file.

That said, the zip file does go into this directory, and it must not be extracted.

Community Member

Re: FWSM authentication error using RME

Yes, I'm sorry...Yes, he said to backup the old file, also he sent a checksum MD5 number for verification and advised it must be RME 4.2

I've verified the MD5 checksum and have backed up the old file...

bout to drop and go

Cisco Employee

Re: FWSM authentication error using RME

The file must be backed up to SharedDcmaSC.zip.orig. The name is important. If the backup retains the .zip extension, then RME will load the old file, and override the patch.

Community Member

Re: FWSM authentication error using RME

roger...i actually saved it haredDcmaSC.zip.OLD...same difference...

375
Views
0
Helpful
65
Replies
作成コンテンツを作成するには してください