cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
311
Views
4
Helpful
3
Replies

IDS sensor won't register with IEV?

s.carruthers
Level 1
Level 1

Any ideas??? I install IDS device manager on a Windows 2000 client. I am able to manage the IDS sendor thru IDM without any issues. I download IDS event viewer from IDM onto the same Windows 2000 client and install it. When I add the sensor as a new device into IEV, I get a PostOffice protocol error and it tells me to reboot my client. After a reboot, I right click on the IDS sensor in IEV and try to look at the status and IEV reports it cannot contact the sensor??????

3 Replies 3

marcabal
Cisco Employee
Cisco Employee

When you say "I install IDS device manager on a Windows 2000 client" what do you mean. The IDS device manager runs on the sensor itself and can be accessed through a web browser so their is nothing to install on a Windows 2000 client.

If instead of IDM you meant that you installed IDS MC (part of the VMS bundle which is an additional purchase), then you can't install IDS MC and IEV on the same machine because it will give you postoffice errors.

What version of IEV and what version of the Sensor are you running?

I'm sorry you are correct, I do not install IDM on the 2000 client, just access it through a web browser on this client. The version is 3.1.

Things to consider and try:

If you are running Active Directory on your 2000 client then be aware of DDTS Issue CSCdy14263.

Adding or removing sensors will require a reboot of the IEV machine in order to sync configurations because of problems caused by Active Directory.

You will be able to monitor, but will not be able to query postoffice for sensor communication status.

Firewalls between the sensor and IEV are often causes of communication problems.

Try logging into the sensor as user netrangr and executing nrconns. If the connection is not established then it is often because the firewall is blocking UDP port 45000 between the 2 machines. (IDM may be working because it uses TCP on port 80 or 443 so it's port may be open)

If the connection shows Established then look at the end of the status line. Sometimes it will show Established but will also say something like "Syn not received" at the end. This is sometimes seen when the firewall is allowing packets from IEV to the sensor, but not from the sensor to IEV. So in effect only half the connection is established.

You can paste the output from "nrconns" on the sensor into your reply and I can tell if you are maybe in this situation.

On very rare occasions you may even try restarting the services on the sensor (nrstop followed by nrstart).

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: