cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2143
Views
5
Helpful
16
Replies

SSH archive sync problem RME 4.3.1

Lasse Nylander
Level 1
Level 1

HI

SSH archive sync fails!

If credentials are edited with all devices selected in the device selector, then Archive sync fails with this error:

Could not enter ENABLE from USER mode.

If I edit credentials for just one device(same credentials).

The archive sync job will succeed.

How can I solve this without editing every device one by one.

BR

Lasse

1 Accepted Solution

Accepted Solutions

Joe Clarke
Cisco Employee
Cisco Employee

I haven't seen a problem editing credentials in bulk before, but try this.  Go to Common Services > Device and Credentials > Device Management, select all devices, then click Edit Credentials.  Go to the enable password, and clear the value.  Save the changes.  Then repeat the process, but this time fill in the correct enable password.  Again, click Finish to save the changes.  See if that sets the proper enable password.  You can confirm by clicking the Export button, exporting the credentials for all devices, then checking the CSV file.

View solution in original post

16 Replies 16

Joe Clarke
Cisco Employee
Cisco Employee

I haven't seen a problem editing credentials in bulk before, but try this.  Go to Common Services > Device and Credentials > Device Management, select all devices, then click Edit Credentials.  Go to the enable password, and clear the value.  Save the changes.  Then repeat the process, but this time fill in the correct enable password.  Again, click Finish to save the changes.  See if that sets the proper enable password.  You can confirm by clicking the Export button, exporting the credentials for all devices, then checking the CSV file.

It seems I still have some problems with SSH and getting enablemode from user mode.

The ssh credentials are OK according to the export

TFTP and TELNET are not possible with this device.

can I provide you with further info ??

Enable Archive Mgmt Service debugging under RME > Admin > System Preferences > Application Loglevel Settings, repeat the sync archive job, then post the dcmaservice.log.

HI Joseph

An example on the behavior is device with IP 172.30.8.7

I failed to inform you about the fact that we authenticate against Cisco ACS server with TACACS+

Lasse

This looks like a prompt handling issue.  Edit NMSROOT/objects/cmf/data/cmdsvc.properties, and uncomment the line:

TuneSleepMillis=50

Change the value to 500, save the file then re-run the sync archive job.

Thanks this almost solved my problems, but I still have about 15 devices that fail to enter enable mode.

ACS server log states - that it receives no password at all for the enable request!!!

BR

Lasse

ON the ACS server I see from the log:

normal login OK all is good

Then there is request to change from login functionality to change password functionality???

and then ACS revives no password?

Does any of this make sense? I'm down to 10 devices not syncing...

Post the new dcmaservice.log after reproducing the issue for one of these other devices.

Hi Joseph

Dcmaservice log attached.

br

Lasse

It appears the enable password is genuinely wrong for this device in DCR.  Try re-entering it.

Checked device 172.30.5.6, corrected password and checked the export all is OK

now I get:

enable username credentials missing

Seems like much the same issue here: https://supportforums.cisco.com/message/3046435#3046435

Thanks

Lasse

Post the new dcmaservice.log and the show ver from this device.

HI Joeseph

Attached file containing info on device version and requested log output.

Lasse

It appears you need to increase tuning sleep time in cmdsvc.properties.  Instead of 500, bump it up to 1000, then see if you can sync this device.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: