11-25-2009 09:04 AM
Hi all,
I'm having huge problems with LMS 3.2.....after doing a discovery I didn't like what was imported into the DCR.
So I deleted the devices out of Common Services, and re-imported the file so I can get an accurate number of devices
I am managing. Now RME doesn't seem to like/or find the Default credentials I configured in CS.
I'm checked all the devices in CS and told it to use the default credentials and it still not working, Inventory is failing, device credential
verification is not working. I'm trying my best to migrate from my old server with LMS 3.1 to the new server with LMS 3.2 as quickly
as possible. I also re-initalized the DB for RME and DFM.
Solved! Go to Solution.
11-30-2009 11:57 AM
Hi JClarke,
I have a majority of my routers configured with SNMP V3 that supports it, I also have a number of devices using SNMP V1 and V2.
I have a total of 5 or 6 routers that have had no problem with RME inventory collection. These devices are all configured the same....the same devices are also configured on the server running LMS 3.1 and I have absolutely zero problems.
11-30-2009 12:02 PM
All I can say is what the sniffer trace tells me, and that is that SNMPv3 authPriv is not working as you have configured it. Beyond that, more analysis of the devices and configs would be required. If you want to follow this through, then I suggest you open a TAC service request.
11-30-2009 12:11 PM
I will double check DCR again and type them slowly and figure out why the rest of the devices are not working as they do not use
SNMP V3.
I will keep you posted
11-30-2009 12:15 PM
It's not a question of credentials. It's a question of the privacy algorithm of AES-128. The device does not like this algorithm. Check the "show snmp user" output from the device for cscowrkspriv3. Make sure you're using the correct algorithm.
11-30-2009 12:37 PM
Hi....I finally took the time to actually log into the device.
This device is not configure for V3 this is a 6509...I was thinking it was a Router.
It should be using V1 and V2.
11-30-2009 12:46 PM
11-30-2009 12:57 PM
Default credentials has nothing to do with devices already in DCR. In that case, you must edit the credentials for those devices in DCR, and make the necessary changes. That is, go to Common Services > Device and Credentials > Device Management, select the devices, and click Edit Credentials. Make the required changes.
11-30-2009 02:59 PM
Hi JClarke,
I performed the steps you recommended and still encountering the same problems.....should I go ahead and open a TAC?
11-30-2009 03:00 PM
Post the new DCR export and new sniffer trace.
11-30-2009 03:19 PM
11-30-2009 03:28 PM
The DCR data remains unchanged, but the sniffer trace is now showing an SNMPv3 unknown username error. I assume that you want to disable SNMPv3 for these devices in LMS. If that is the case, go to Common Services > Device and Credentials > Device Management. Check the boxes next to both devices, and click the Edit Credentials button. Click the Next button twice. On the SNMP screen, check the SNMPv3 box (if it isn't check already), and clear out the Authentication Username and Password fields, set the Auth and Privacy algorithms to None, and clear out the Privacy password and Engine ID fields. Then uncheck the SNMPv3 box, and click finish.
Then export the credentials again, and verify the SNMPv3 fields are empty. Then, once that is confirmed, perform a new inventory collection. It should succeed using the configured SNMP RO community string.
11-30-2009 03:46 PM
Those steps you just suggested are a little different in LMS 3.2 When I go to device management and check the box next to the device and select next
it goes to a Credential Set Selection and I choose the template I created to be used as teh default credentials I choose apply only missing device credentials then next and uncheck snmpv3
Now by me unchecking smpv3 for those two devices it is working now......So I am assuming I have to go through all my devices that SNMP V3 is configured I have to edit devices credentials to tell it whether or not to use V3.
Why I didnt encounter this issue when I first set this server with LMS 3.2 and imported the list from my old Ciscoworks server this worked before?
11-30-2009 04:32 PM
The steps I provided were from an LMS 3.2 server. I had wanted you to bypass the credential set screen, and manipulate the credentials directly. As to why this worked initially, I cannot say. I was not there when you did the initial setup, and I did not see the initial DCR import/export.
12-01-2009 09:00 AM
Oh ok.....after bangin my head against the desk numerous amounts of times. I deleted the devices in DCR and reimported the export file from my server with LMS 3.1 and chose *no default* credentials it imported into the RME inventory Collection successfully.
12-01-2009 10:03 AM
Well this is consistent with the fact that LMS 3.1 is working. It really sounds like you had applied credential sets to those imported devices to fill in the gaps (i.e. where LMS 3.1 did not have credentials). The gaps that were filled in caused the RME to use invalid credentials when communicating with devices. You may consider diversifying the credential sets (i.e. creating a policy for SNMPv3 devices and one for SNMPv1/v2c devices). This way, you can conditionally apply default credentials to future devices.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide