Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

Prime 2.0 Partial Collection Failure


I have set up the following in a lab:

Prime Infrastructure 2.0 (

Cisco Secure ACS

Windows 2003 Domain Controller för AD Authentication

Goal: Admin access to network devices requires Authentication via TACACS+ to ACS (-> Active Directory). Network devices need to be managed by Prime. SSH access to Network Devices via putty and authentication against ACS/AD works just fine.

Problem: During device discovery in Prime, I get a "Partial Collection Failure" with possible cause "Could not connect to device via CLI (SSH/telnet). Check device credentials and SSH/telnet reachability". The device gets inserted into the device work center with blank SSH credentials If SSH redentials are configured manually, the device synch is successful. So basically the discovered devices need to be manually configured with SSH credentials in the device work center in order for the synch to work, which is a pain in a large environment.

Troubleshooting done:

- I have double-checked the credentials, and everything seems fine.

- Same result with local ACS user.

- Installed the latest patch

- tacacs debug on network devices shows PASS

Network Device TACACS+ config:

aaa new-model



aaa authentication login default local

aaa authentication login LOGINLIST group tacacs+ line

aaa authentication enable default group tacacs+ enable

aaa accounting exec default start-stop group tacacs+

aaa accounting commands 1 default start-stop group tacacs+

aaa accounting commands 7 default start-stop group tacacs+

aaa accounting commands 15 default start-stop group tacacs+

aaa accounting system default start-stop group tacacs+



aaa session-id common


tacacs-server host x.x.x.x

tacacs-server directed-request

tacacs-server key ************


line vty 0 4

password 7 ************

logging synchronous

login authentication LOGINLIST

length 20

width 200

transport input ssh

CreatePlease to create content