A very dummy question!
I am dealing with a issue on CWLMS which is: for some devices, the configuration archive is done, but the inventory collection fails. For other devices, the configuration archive fails, but the inventory collection is done.
See attached a sample in which Config Archive is OK, but Inventory collection fails.
Does someone know why this happen? Isn't telnet used by both? I've defined telnet as the primary protocol on Archive Mgmt setttings and telnet from CWLMS server to managed devices is OK. If one (configuration archive for instance) works, the other (inventory collection for instance) shouldn'r work as well.
This can happen for a number of reasons. You'll need to provide the errors seen when trying to perform an inventory collection.
Which log file can be analyzed regarding these errors (on Windows)? I'm looking C:\ProgramFiles\CSCOpx\log and there are lots of log files. I've tryed to look on some of them, but can't find any information related to sync archive or Inventory collector error.
Besides, do I need to enable any debug to check this on log files?
The logs are IC_Server.log for inventory collection and dcmaservice.log for config collection. However, you should start with the errors you see when trying to perform these operations. They can often guide you to the next step.
This looks like an ACS integration problem. This message indicates that the LMS server could not connect to the ACS server using the selected protocol and ACS admin credentials. Verify your ACS integration settings are correct.
Even for those devices managed by LMS which don't have a device user configured to authenticate on ACS should I have this issue? I mean, I have devices managed by ACS which have local device users configured on LMS which had the same error. Can this error also be related to this LMS -> ACS integration?
Another question: is there any way to test LMS -> ACS integration, like a button on LMS (I am not on customer site right now, so can't try to find this...)?
Thank you again,
If ACS integration is broken, and it looks like it is, then all of LMS will be affected. LMS requires all managed devices to be network clients of the integrated ACS server. If devices are missing from ACS, then LMS will not be able to manage them, and they will show up in the Common Services > Device and Credentials > Reports > Devices Not Configured in ACS report.
You can view the current ACS status by going to http://SERVER/cwhp/acsdetails.do .
Thanks again. I've asked customer to check these 2 items. All devices are configured in ACS (according to figure2.JPEG), but HTTP/HTTPS connection with ACS is like "Not Reachable", as seem in figure ACS_connection.jpeg. So, is my problem (inventory collection/config archive) related to this? Is this HTTP/HTTPS connectivity necessary to inventory collection/config archive works on CWLMS?
Yes, HTTP/HTTPS MUST work in order for ACS integration to work. You must fix the ACS admin credentials, and allow LMS to communicate with the ACS server via HTTP/HTTPS.
Hi, Tks again.
Just to check. Regarding this, do I need to allow only 443 and 80 ports on firewall? Or are there other ports to be allowed?
ACS uses tcp/2002, then selects a random ephemeral TCP port from the allow range once the user starts a session. You will need to allow for all of those ports.
My port range on ACS is restrict from 2001 to 2005. So, do I need to open these range on firewall only from LMS to ACS (LMS->ACS). Is it necessary to allow connection on some port from ACS to LMS, that is, the return from ACS to LMS?
I just would like to be sure before doing the request to customer, because it takes a long to then configure their firewall and allow me to test!
Thank you very much,
Yes, you would need to open those ports in the LMS->ACS direction. ACS will reply back to LMS on the TCP chosen when the LMS servers establishes the TCP socket to the ACS server.