Security

Hi Guys,

After upgrading my NSMExpress 2010.2n29 to schema version 160, all my devices are now marked as down.

I've tried removing devices and re-adding them, but I never receive the initial SSH key from the device.

I've also tried RMA'ing the devices and re-activateing them, but I have the same issue.

Looking at the message logs, the devices (EXs and SRXs running 10.0r3 and r4) were reporting "Did not receive authentication string from 10.21.253.16", which sounds like some sort of SSH issue.

The problem is I can still SSH to the devices just fine from the NSMExpress console, and back the other way from the devices on the DMI port, so I'm sure this isn't a network/routing/firewall issue.  I was still receiving traffic logs from the "down" devices too which makes this problem even more frustrating.

Just to be sure, I factory defaulted the NSM and re-built it from scratch with 2010.4 and applied the 160 schema again.  I still cannot add any new devices (SSH times out) only now I'm not even seeing a connection attempt by the NSM to my devices.

Any thoughts while I wait to hear from JTAC?

As an update to this issue - I just found KB13555 and rolled back to schema 158 (the default for 2010.4) and I can now connect to devices.

Hope this helps anyone else who gets stuck on this issue

2010.2 has very poor SRX/EX/JUNOS device support.. not sure what all is in the n29 release but I am running 2010.3p22 and most things work well there are also p releases for 2010.4 now that I am looking into..