cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1620
Views
0
Helpful
11
Replies

LMS 3.2 with RME 4.3.1 not Archiving configuration

Anupam Datta
Level 1
Level 1

HI ,

I am facing problem in Ciscoworks in Fetching config Archieve from Cisco ASA-5510 Adaptive Security Appliance . I am using LMS 3.2 and RME 4.3.1

SSH is enable in the device, and from LMS server I am able to connect through Putty. Also from Management station to Device it showing SSH is up for both version. But from RME its failing Its giving below mentioned error

  Device: COGINHYDGCBDFHRTF1       Status:   Failed
*** Device Details for COGINHYDGCBDFHRTF1 ***
Protocol ==> Unknown / Not Applicable
Selected Protocols with order ==> SSH,Telnet,TFTP,RCP,SCP,HTTPS
Execution Result:
RUNNING
CM0151 PRIMARY RUNNING Config fetch failed for COGINHYDGCBDFHRTF1 Cause: Couldnot enter ENABLE Mode from USER Mode on 10.241.44.220.TELNET: Failed to establish TELNET connection to 10.241.44.220 - Cause: Connection refused.
Action: Check if protocol is supported by device and required device package is installed. Check device credentials. Increase timeout value, if required.

I have tried from LMS server by telneting to port 22, its giving below output------SSH-1.99-Cisco-1.25

When I have tried to test device credentials for SSH and SSH Enable mode, then below output I am getting. SSH remains blank status.

Device Name SSH Enable
by SSH
1.COGINHYDGCBDFHRTF1Did Not Try


Pls help to resolve this.

11 Replies 11

Joe Clarke
Cisco Employee
Cisco Employee

The problem is that RME cannot enter enable mode on the ASA.  Check the enable password in DCR for this device.  Make sure you can login to the ASA using SSH with the username/password and enable password combination found in DCR.  If in doubt, re-enter the credentials in DCR.

Hi,

As I have described I am properly able to login with the same credential from LMS server with Putty, but from LMS its not happening.Rather when I am I am checking Device Credential for SSH , its showing the output as I have mentioned my earier post. It seems LMS is not trying to login for some reason.

Please help

According to the output you've shown thus far, it appears there isn't any enable password entered in DCR for this device.  Go to Common Services > Device and Credentials > Device Management, select this device, and click Edit Credentials.  Re-enter the correct enable password.  Then see if the config archive works.  If not, enable ArchiveMgmt Service debugging under RME > Admin > System Preferences > Application Loglevel Settings, re-run the sync archive, then post the dcmaservice.log.

I have checked and found that Authenticaion from Putty is Ok , But only Sh run Authorization given for this Userid. Is this the problem ? Which commands should be authorized ?

Yep, that's the most likely problem.  You will need to authorize "show privilege level", "terminal length 0", "terminal width 0", "show running-config brief", "show running-config", and "show startup-config".

This is for cisco ASA firewall, where "show running-config" and   "show startup-config".The devive has been integrated with ACS where Privillege level 3 is given and "show running-config" is permitted only. With same Privillege level Switches are working properly, for ASA what all other commands need to permit Please suggest

Hi Anupam,

For ASA you should also use pager line 0 / ter pager 0 additional to commands suggested by Joe.

best regards // Rajiv

Please find the Debug files and please suggest

],DEBUG,[Thread-778],com.cisco.nm.xms.xdi.transport.cmdsvc.LogAdapter,debug,31,Returning from Session.send('terminal width 0

')

[ Thu Oct 28  15:02:28 GMT+05:30 2010 ],DEBUG,[Thread-778],com.cisco.nm.xms.xdi.transport.cmdsvc.LogAdapter,debug,31,in trimPrompt(), prompt == 'ASA-F1# '

[ Thu Oct 28  15:02:28 GMT+05:30 2010 ],DEBUG,[Thread-778],com.cisco.nm.xms.xdi.transport.cmdsvc.LogAdapter,printStackTrace,51,stacktracecom.cisco.nm.lib.cmdsvc.CmdSvcException: Unhandled SSHv2 message: SSH_MSG_CHANNEL_REQUEST(98)

                Channel ID: UInt32[ 0 ]

                Channel Request Type: exit-status

                Want Reply: true

                Timeout (msec): 0

                Exit Status: UInt32[ 0 ]

What i deduce from this output is may be "ter width 0" is un-authorised for the user or is not supported by the particular code that you are currently running in the box.

Best Regards // Rajiv

This looks like CSCtg43958.  What version of ASA OS is this?

Actually, on closer look, I think this is something else.  Make sure the following commands are authorized:

conf t

terminal width 0

terminal no monitor

Here's the problem.  The terminal width 0 command needs to be entered in config mode.  Since it doesn't look like RME can enter config mode, terminal width 0 gets entered in enable mode, then RME calls "exit" to leave config mode.  This triggers the session to exit.  Once "conf t" is allowed, then config fetch should work.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco