Solved: Re: LMS 3.2 issues - Page 2

dionjiles · ‎11-25-2009

Hi all,

I'm having huge problems with LMS 3.2.....after doing a discovery I didn't like what was imported into the DCR.

So I deleted the devices out of Common Services, and re-imported the file so I can get an accurate number of devices

I am managing. Now RME doesn't seem to like/or find the Default credentials I configured in CS.

I'm checked all the devices in CS and told it to use the default credentials and it still not working, Inventory is failing, device credential

verification is not working. I'm trying my best to migrate from my old server with LMS 3.1 to the new server with LMS 3.2 as quickly

as possible. I also re-initalized the DB for RME and DFM.

dionjiles · ‎11-30-2009

Hi JClarke,

I have a majority of my routers configured with SNMP V3 that supports it, I also have a number of devices using SNMP V1 and V2.

I have a total of 5 or 6 routers that have had no problem with RME inventory collection. These devices are all configured the same....the same devices are also configured on the server running LMS 3.1 and I have absolutely zero problems.

Joe Clarke · ‎11-30-2009

All I can say is what the sniffer trace tells me, and that is that SNMPv3 authPriv is not working as you have configured it. Beyond that, more analysis of the devices and configs would be required. If you want to follow this through, then I suggest you open a TAC service request.

dionjiles · ‎11-30-2009

I will double check DCR again and type them slowly and figure out why the rest of the devices are not working as they do not use

SNMP V3.

I will keep you posted

Joe Clarke · ‎11-30-2009

It's not a question of credentials. It's a question of the privacy algorithm of AES-128. The device does not like this algorithm. Check the "show snmp user" output from the device for cscowrkspriv3. Make sure you're using the correct algorithm.

dionjiles · ‎11-30-2009

Hi....I finally took the time to actually log into the device.

This device is not configure for V3 this is a 6509...I was thinking it was a Router.

It should be using V1 and V2.

dionjiles · ‎11-30-2009

I unchecked SNMP V3 from the DCR for SNMP default credentials and the same amount of devices are failing in RME.

I was not experiencing none of this until I deleted devices from DCR and reimported my file.

Device 172.18.243.244 should be using V2.

See attached

Joe Clarke · ‎11-30-2009

Default credentials has nothing to do with devices already in DCR. In that case, you must edit the credentials for those devices in DCR, and make the necessary changes. That is, go to Common Services > Device and Credentials > Device Management, select the devices, and click Edit Credentials. Make the required changes.

dionjiles · ‎11-30-2009

Hi JClarke,

I performed the steps you recommended and still encountering the same problems.....should I go ahead and open a TAC?

Joe Clarke · ‎11-30-2009

Post the new DCR export and new sniffer trace.

dionjiles · ‎11-30-2009

Hi

Please see attached.....jp01ncsw07 is a device that successfully entered into inventory collection on November 27th now it is failing.

Joe Clarke · ‎11-30-2009

The DCR data remains unchanged, but the sniffer trace is now showing an SNMPv3 unknown username error. I assume that you want to disable SNMPv3 for these devices in LMS. If that is the case, go to Common Services > Device and Credentials > Device Management. Check the boxes next to both devices, and click the Edit Credentials button. Click the Next button twice. On the SNMP screen, check the SNMPv3 box (if it isn't check already), and clear out the Authentication Username and Password fields, set the Auth and Privacy algorithms to None, and clear out the Privacy password and Engine ID fields. Then uncheck the SNMPv3 box, and click finish.

Then export the credentials again, and verify the SNMPv3 fields are empty. Then, once that is confirmed, perform a new inventory collection. It should succeed using the configured SNMP RO community string.

dionjiles · ‎11-30-2009

Those steps you just suggested are a little different in LMS 3.2 When I go to device management and check the box next to the device and select next

it goes to a Credential Set Selection and I choose the template I created to be used as teh default credentials I choose apply only missing device credentials then next and uncheck snmpv3

Now by me unchecking smpv3 for those two devices it is working now......So I am assuming I have to go through all my devices that SNMP V3 is configured I have to edit devices credentials to tell it whether or not to use V3.

Why I didnt encounter this issue when I first set this server with LMS 3.2 and imported the list from my old Ciscoworks server this worked before?

Joe Clarke · ‎11-30-2009

The steps I provided were from an LMS 3.2 server. I had wanted you to bypass the credential set screen, and manipulate the credentials directly. As to why this worked initially, I cannot say. I was not there when you did the initial setup, and I did not see the initial DCR import/export.

dionjiles · ‎12-01-2009

Oh ok.....after bangin my head against the desk numerous amounts of times. I deleted the devices in DCR and reimported the export file from my server with LMS 3.1 and chose *no default* credentials it imported into the RME inventory Collection successfully.

Joe Clarke · ‎12-01-2009

Well this is consistent with the fact that LMS 3.1 is working. It really sounds like you had applied credential sets to those imported devices to fill in the gaps (i.e. where LMS 3.1 did not have credentials). The gaps that were filled in caused the RME to use invalid credentials when communicating with devices. You may consider diversifying the credential sets (i.e. creating a policy for SNMPv3 devices and one for SNMPv1/v2c devices). This way, you can conditionally apply default credentials to future devices.