Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Prime Collabaration Assurance - ESXi Credentials Not Being Changed.

Dear forum users

I have a very simple problem and obviously you can provide a simple solution.

ESXi Hypervisors – 5.0 SU3

Prime Collaboration Assurance - 10.5.1.0.53684

I have 7 ESXi Hypervisors running 5.0SU3. They have SNMP communities configured for integration into PCA. The customer asked us to update the SNMP communities on the Hypervisors after a security audit.

This has been completed successfully but the PCA device work centre is still using the old community despite the fact I must have changed it over 100 times. I know this because if I put the old community back on the Hypervisor and verify the device from Device Work Centre, it passes.

I have deleted the Profile and re-added it with the new SNMP community. I have created a new profile and tried to discover the Hypervisors with this profile. I have re-booted the whole Prime appliance.

Does anyone have any ideas, this should be the simplest thing and it is driving me crazy.

 

Thanks. 

10 REPLIES
VIP Purple

Hi Tim, I was just looking

Hi Tim,

 

I was just looking for the bugs. I am not confident whether the below bug is associated/helpful for your problem of CPA.

If it is not that critical, let us see if somebody replies else open TAC case.

 

Check for SNMP pids in init script
CSCuc68665
Symptom:
An SNMP Gateway will fail to start due to a previous pid file already existing.

Conditions:
Intermittently occurs when stopping and starting processes on EC.

Workaround:
1. Stop EC: "/etc/ini.t/nco stop"
2. Remove the pid files: "rm -f /opt/IBM/tivoli/netcool/omnibus/var/*.pid"
3. Start EC: "/etc/init.d/nco start"

regds,

aman 

VIP Purple

Hi Tim, If u don't mind, can

Hi Tim, 

If u don't mind, can u please share the snapshots ?

 

regds,

aman

New Member

Dear all.I logged a TAC case

Dear all.

I logged a TAC case this morning, as the client wants this resolved ASAP.  I will let you know what they say.

VIP Purple

Would wait for your reply. 

Would wait for your reply.

 

 

regds,

aman

New Member

I did some fault finding with

I did some fault finding with the TAC. It would seem from Wireshark analysis that PCA was only using the SNMP RO string and not the RW. The ESXi hosts were only configured for the RW community thus they were not responding to the PCA SNMP requests. I changed PCA RO string to also be the RW and now the devices are managed.

 

It is strange because we had it working before. The TAC case manager has asked the question of the developers why PCA is only using RO and not RW.

VIP Purple

Hi Tim,thanks for updates[+5

Hi Tim,

thanks for updates[+5]

Can u explain more in detail what u had configured earlier and what is working now for SNMP in PCA?

 

regds,

aman

New Member

Hi Aman.OK, so PCA was

Hi Aman.

OK, so PCA was configured for two SNMP strings the device work centre, manage credentials. One string was for RO, the other for RW. The customer asked me to change the RW string only following a security audit. After I changed it on the Hypervisors and PCA, they could not be managed because the SNMP credentials were incorrect. After analysis of Wireshark, it would seem that PCA is only using the RO string for management and not the RW. This is strange for two reasons:-

  1. It was using the SNMP RW before because the Hypervisors were only ever configured with the RW string, not the RO so there is no other way it could of been managed. Why has it changed?
  2. Why have the SNMP RW credential for an ESXi server if PCA does not use it?

Does that make sense?

 

VIP Purple

Thanks for update. No idea

Thanks for update.

 

No idea why it is like this.Cisco TAC did not comment on this behaviour.

 

regds,

aman

Cisco Employee

Hello Tim.I am not quite sure

Hello Tim.

I am not quite sure it will make you feel any better, but I just tryied that scenario in my lab with same release of PCA and it works OK. Only difference is I am not using ESXi update 3 but update 1 instead. If you send me an email to pbeaupie@cisco.com I can send you the screenshots of that test. Thanks. /Phil

New Member

Hi Phil, just sent you an e

Hi Phil, just sent you an e-mail.

94
Views
5
Helpful
10
Replies
CreatePlease to create content