My console shows that I have 51 of the 96 devices are out-of-sync. I have am running up to date IOS, but it does not seem to be tied to firmware version or to model. Many have the "VLAN:Running" is shown in the events. When I run a sync job, it states that it was successful, but there will be no reduction in the number of items in out of sync. Manual sync jobs come back successful, but the number rarely reduces. I upgraded the software to run ssh, but that had no effect.
I am running a vtp environment, is the vlan.dat necessary?
The VLAN config is required unless you run in a VTP transparent mode. If you don't want change events for vlan.dat (and many people do not). Disable them under RME > Admin > Change Audit > Config Change Filter. Check the box next to "Enable vlan Change Audit Filter". Then changes to vlan.dat will not be seen in change audit reports.
As for out-of-sync configs, what part of the config is showing as out of sync?
Ok, I found that the startup config is newer than the running config according to LMS. However, on the switch itself is a different story.
Startup - Mar 23, 2010 14:52:36 Running - Mar 22, 2010 10:41:52
The switch shows:
Startup - Mar 23, 2010 13:57 Running - Mar 23, 2010 13:57
I just changed the line
clock summer-time DST date Mar 7 2010 2:00 Nov 7 2010 2:00
from its current
clock summer-time DST date Mar 8 2009 2:00 Nov 8 2009 2:00
This did not reduce the out of syncs.
I began tracing that part down. Where is the definitive location to get the answer to that question?
I just looked one more time and found that the running config shows the certif. while the startup does not.
This certificate out-of-sync problem should be fixed in RME 4.3.1. I cannot reproduce. I took a 7206 running 12.4(24)T, and noticed quite a few config diffs between startup and running (including the cert). I did a write mem on it, then did a sync archive job in RME where I fetched both the startup and the running config. I then went to Out-of-sync Summary, and the device was gone.
What protocol are you using to fetch the config? What version of code is your device running? Have you performed a sync archive job with the "Fetch Startup Config" box checked?
I FOUND SOMETHING!!!
The 50 units that are not reporting properly have these things in common:
1. They are all running version 12.2(52)SE
2. They all see the startup-config is newer than the running-config.
3. The switches show the software at the same date and time.
4. Credentials are ok
5. They all are running SSH.
6. Deleting them and letting the discovery process pick them up does not fix the problem.
7. Units running 12.2(35) and other versions are fine.
8. The models involved are WS-C2960G-48TL-L, WS-C2960G-24TL-L, and WS-C2975GS-48PS-L.
9. I could not find a 12.2(52)SE version that was working.
Summation: It looks to be the IOS version. I am testing my hypothesis now.
I went ahead and updated an additional 2960 to 12.2(52)se. This is a K9 edition. Before upgrading this unit, the machine was not out of sync. After the out of sync count went up by one. I also upgraded a 3750, it also went from 'in-sync' to 'out of sync' after the edition.
I felt it might have something to do with ssh, or the like, but I have 2950's that are at 12.1.22.ea13. This does not have any problem with newer secure versions on 2811 routers.
Symptom: Out of syncs are 53. Sync the systems does not change this. Manual review of the equipment shows the versions to be the same. LMS shows the startup-config to be newer than the running-config. (Yes, startup is newer than running).
Credentials on all the devices are SSH enabled, and Credetials tests show no problems.
Machines at version 12.2.(46)se are fine, and show no problems.
Models seen in: WS-C2960-24TT-L, WS-C2960G-24TL-L, WS-C2960G-48TL-L, WS-C2975SX-48P, WS-C3750G-24TL-L
I have a 3550 running 12.2(52)SE in the lab. I'll see if I can reproduce this behavior. It would be helpful to see your current running and startup configs as well as the diffs you see in RME.
Hi Robert, Did you get it working? i am having the same issue, and same difference as per your attached file,
Looks like crypto keys are not getting copied.
How to fix this ?:-s i am stuck. i read all thread regarding this issue, but no resolution.