Cisco Support Community
Community Member

CSM 4.4SP2

I have a situation where I have a number of ASA and IPS instances being managed from CSM 4.4sp2.

The credentials are validated via RADIUS to a Cisco ISE v1.2.

All the devices use the same account and credentials; and have been configured the same way.

The IPS responses's work fine but the ISE logs show that when the CSM attempts to logon to the ASA's it always tries a blank username first and then the correct credentials immediately (0.04s) afterwards.

The failed authentication

Any ideas!

Everyone's tags (5)
Community Member

CSM 4.4SP2

FYI and from our friends in TAC

The issue you reported is related to the legacy behavior of CSM which used the enable password with blank username.

  • •1.       There is a file located under CSCOpx\MDC\athena\config folder.
  • •2.       Please edit it and locate the following variable in there: DCS.useEnablePasswordFirstForFw=true
  • •3.       Change it to DCS.useEnablePasswordFirstForFw=false
  • •4.       Restart the CSM using 
    • •a.       net stop crmdmgtd
    • •b.       net start crmdmgtd

After the change CSM will not be attempting to first access the device with enable password if it is configured.

Here are results of the tests in my lab:

  • •1.       Username/password and enable with setting = TRUE

HTTP: Authentication username = ''

  • •2.       Username/password with setting = TRUE

HTTP: Authentication username = 'cisco'

  • •3.       Username/password and enable with setting = FALSE

HTTP: Authentication username = 'cisco'

  • •4.       Username/password with setting = FALSE

HTTP: Authentication username = 'cisco'

Community Member

CSM 4.4SP2

And I can confirm it works too.


Community Member

CSM 4.4SP2

Further for existing devices and reports:-

From the last screenshot the issue is not with adding a device to the CSM database for the first time but with periodic polling the devices by the server for report manager or HPM components for example.

What we have changed in is for initial deployment of the devices only.

With that in mind could you please do the following:

  • •1.       In CSCOpx\MDC locate a respective folder (depending on the component it is hpm or reports folders);
  • •2.       Open \config folder and locate ‘’ file;
  • •4.       Restart the server.

Thank you.

CreatePlease to create content