Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

LMS 3.1 - Sync archive issue

Hi users,

A very dummy question!

I am dealing with a issue on CWLMS which is: for some devices, the configuration archive is done, but the inventory collection fails. For other devices, the configuration archive fails, but the inventory collection is done.

See attached a sample in which Config Archive is OK, but Inventory collection fails.

Does someone know why this happen? Isn't telnet used by both? I've defined telnet as the primary protocol on Archive Mgmt setttings and telnet from CWLMS server to managed devices is OK. If one (configuration archive for instance) works, the other (inventory collection for instance) shouldn'r work as well.

Thank you,

Regards

Flaviano.

13 REPLIES
Cisco Employee

Re: LMS 3.1 - Sync archive issue

This can happen for a number of reasons. You'll need to provide the errors seen when trying to perform an inventory collection.

New Member

Re: LMS 3.1 - Sync archive issue

Hi,

Which log file can be analyzed regarding these errors (on Windows)? I'm looking C:\ProgramFiles\CSCOpx\log and there are lots of log files. I've tryed to look on some of them, but can't find any information related to sync archive or Inventory collector error.

Besides, do I need to enable any debug to check this on log files?

Thank you,

Regards.

Flaviano.

Cisco Employee

Re: LMS 3.1 - Sync archive issue

The logs are IC_Server.log for inventory collection and dcmaservice.log for config collection. However, you should start with the errors you see when trying to perform these operations. They can often guide you to the next step.

New Member

Re: LMS 3.1 - Sync archive issue

Hi,

For instance, for this job showed on the attached picture, it is talking about HTTP connection! I've tryed to do sync archive and this error was showed on job Message was showed!

What can be wrong in this case?

Thank you,

Best Regards.

Flaviano.

Cisco Employee

Re: LMS 3.1 - Sync archive issue

This looks like an ACS integration problem. This message indicates that the LMS server could not connect to the ACS server using the selected protocol and ACS admin credentials. Verify your ACS integration settings are correct.

New Member

Re: LMS 3.1 - Sync archive issue

Hi Joe,

Thanks again!

Even for those devices managed by LMS which don't have a device user configured to authenticate on ACS should I have this issue? I mean, I have devices managed by ACS which have local device users configured on LMS which had the same error. Can this error also be related to this LMS -> ACS integration?

Another question: is there any way to test LMS -> ACS integration, like a button on LMS (I am not on customer site right now, so can't try to find this...)?

Thank you again,

Regards.

Flaviano.

Cisco Employee

Re: LMS 3.1 - Sync archive issue

If ACS integration is broken, and it looks like it is, then all of LMS will be affected. LMS requires all managed devices to be network clients of the integrated ACS server. If devices are missing from ACS, then LMS will not be able to manage them, and they will show up in the Common Services > Device and Credentials > Reports > Devices Not Configured in ACS report.

You can view the current ACS status by going to http://SERVER/cwhp/acsdetails.do .

New Member

Re: LMS 3.1 - Sync archive issue

Hi Joe,

Thanks again. I've asked customer to check these 2 items. All devices are configured in ACS (according to figure2.JPEG), but HTTP/HTTPS connection with ACS is like "Not Reachable", as seem in figure ACS_connection.jpeg. So, is my problem (inventory collection/config archive) related to this? Is this HTTP/HTTPS connectivity necessary to inventory collection/config archive works on CWLMS?

Thanks again,

Best Regards.

Flaviano.

Cisco Employee

Re: LMS 3.1 - Sync archive issue

Yes, HTTP/HTTPS MUST work in order for ACS integration to work. You must fix the ACS admin credentials, and allow LMS to communicate with the ACS server via HTTP/HTTPS.

New Member

Re: LMS 3.1 - Sync archive issue

Hi, Tks again.

Just to check. Regarding this, do I need to allow only 443 and 80 ports on firewall? Or are there other ports to be allowed?

Thanks,

Regards,

Flaviano.

Cisco Employee

Re: LMS 3.1 - Sync archive issue

ACS uses tcp/2002, then selects a random ephemeral TCP port from the allow range once the user starts a session. You will need to allow for all of those ports.

New Member

Re: LMS 3.1 - Sync archive issue

Hi Joe,

Thanks again.

My port range on ACS is restrict from 2001 to 2005. So, do I need to open these range on firewall only from LMS to ACS (LMS->ACS). Is it necessary to allow connection on some port from ACS to LMS, that is, the return from ACS to LMS?

I just would like to be sure before doing the request to customer, because it takes a long to then configure their firewall and allow me to test!

Thank you very much,

Best Regards.

Flaviano.

Cisco Employee

Re: LMS 3.1 - Sync archive issue

Yes, you would need to open those ports in the LMS->ACS direction. ACS will reply back to LMS on the TCP chosen when the LMS servers establishes the TCP socket to the ACS server.

352
Views
4
Helpful
13
Replies