Smarts NCM: Unable to pull config file: vlan.dat; SCP not enabled on devices
search cancel

Smarts NCM: Unable to pull config file: vlan.dat; SCP not enabled on devices

book

Article ID: 331113

calendar_today

Updated On:

Products

VMware Smart Assurance

Issue/Introduction

Symptoms:


Cannot pull vlan.dat file for some Cisco devices 

Pull config of Cisco devices fails with error: Unable to pull config file: vlan.dat;  NCM using SCP to copy the file but SCP not enabled on devices.

The pull of vlan.dat is attempted by three means - 
1)TELNET/TFTP
2)SSH/TFTP,
3)SSH/SCP

The preferred choice is Telnet/Tftp but in the logs it can be seen that ssh/scp being attempted and not anything else:
 

[vlan.dat] Action failed...
Pulling configuration file 'vlan.dat' for IDX 1785 with mechanism SSH/SCP
SCP Get failed: RTRemoteFileVar::getFile: Can't read from local file /opt/emc/smarts-ncm/data/devserver/dasl/remote_1785_remoteFile (RTRemoteFileVar.cpp#345)
SCP Get of VLAN failed
Pull of vlan.dat failed
Unable to pull config file: vlan.dat
Configuration file 'vlan.dat' for IDX 1785 failed with error code 'Unspecified Error' in 5 seconds

SCP is not mandatory and even if scp is disabled we should be able to pull the vlan.dat file using tftp which is configured on the device

Environment

VMware Smart Assurance - NCM

Cause

Found that devices were behind a firewall and communication mechanism not set to SSH/TFTP

Resolution


To resolve this without using SCP:

1. For the devices not behind firewall and with TFTP working -- select and change the communication from SSH to SSH/TFTP and pull vlan.dat
2. For the devices behind firewall and TFTP not working, set the communication be ssh. Once firewall rules are modified, change the communication to ssh/tftp
3. For the new device discovery, on the Device Server, make the following change in the custompackage/cisco/ios/configfile.inc file within the getConfigFile method 

    a) if the $VOYENCE_HOME/custompackage/cisco/ios/ does not exist, create it.
    b) copy $VOYENCE_HOME/package/cisco/ios/configfile.inc to $VOYENCE_HOME/custompackage/cisco/ios/
    c) edit the configfile.inc file and
    d) go to the getConfigFile method, alter to add ""&& SCRIPTTYPE != "DD" , so it looks the same as the following:


         {code}
         if (changedBy != "" && SCRIPTTYPE != "DD") {
         {code}

     e) save and exit the file

4. Restart the Device Server services 
>vcmaster restart 

So, the newly discovered  devices with TFTP enabled should have the mechanism set correctly as SSH/TFTP.

5. If there is an issue detected due to change in sshkeys at the device side.  
To resolve this, remove all entries for the affected device from "sshhostkeys" and "known_hosts" files from /root/.ssh directory and then retry.
e.g. - grep 10.4.128.34 /root/.ssh/* and delete the entries from the respective files

After this pull files again