Management
Reply
Contributor
joepope
Posts: 18
Registered: ‎11-14-2007
0
Accepted Solution

NSM 2009.1r1 and RMA

We upgraded from 2008.2r2 to 2009.1r1.  Our two IDP-75s and some (but not all) SSG5/5GT's showed down.  Per the release notes, we tried RMA'ing the IDP-75 and then tried activating them but then never connect.

The DevSvr and GUISvr are both running, and on the IDP's the agent is running.  We rebooted the IDP's and NSM Server but they never complete the 1st connect.

 

Anyone else have this problem?

Distinguished Expert
muttbarker
Posts: 2,377
Registered: ‎01-29-2008

Re: NSM 2009.1r1 and RMA

Hey Joe - I just finished upgrading my NSM to 2009.1 - I had the same problem with my IDP 75. I ended up selecting the "device is not reachable" option and then did whole "cut and paste" routine. After doing so and a reboot of the IDP it came up fine and is now in an up state.

 

I would suggest you do that with both the IDP and the SSG5's.

Kevin Barker
JNCIP-SEC
JNCIS-ENT, FWV, SSL, WLAN
JNCIA-ER, EX, IDP, UAC, WX
Juniper Networks Certified Instructor
Juniper Networks Ambassador

Juniper Elite Reseller
J-Partner Service Specialist - Implementation

If this worked for you please flag my post as an "Accepted Solution" so others can benefit. A kudo would be cool if you think I earned it.
Contributor
joepope
Posts: 18
Registered: ‎11-14-2007
0

Re: NSM 2009.1r1 and RMA

What is the "cut and paste" solution?
Contributor
joepope
Posts: 18
Registered: ‎11-14-2007
0

Re: NSM 2009.1r1 and RMA

Nerver Mind!  I figured it out  and it work perfect!

Now all I have to do is get the Update Attack Database to work (it's broke after the upgrade!).

 

Thanks again!

Regular Visitor
Support
Posts: 7
Registered: ‎01-03-2008
0

Re: NSM 2009.1r1 and RMA

Hello,

 

I'm having the same problem with SRX 210 gateway.

 

Can you explain the "cat and paste" routine please ?

 

Thanks in advance,

 

Mounira REMINI

Security Engineer

Distinguished Expert
muttbarker
Posts: 2,377
Registered: ‎01-29-2008
0

Re: NSM 2009.1r1 and RMA

Mounira - "cut and paste" as I used it refered to selecting the device is not reachable as your install option. You then have to "cut and "paste" some commands from the NSM to the ScreenOS box.

 

For the SRX210 the "device is not reachable" install method is the one you should be using. You select that option, fill in the type and version and then take the commands displayed, enter them into the SRX and the SRX should communicate with the NSM and be reachable. From that point you do an import of the config.

 

Did that part work, or do you need to do that still?

Kevin Barker
JNCIP-SEC
JNCIS-ENT, FWV, SSL, WLAN
JNCIA-ER, EX, IDP, UAC, WX
Juniper Networks Certified Instructor
Juniper Networks Ambassador

Juniper Elite Reseller
J-Partner Service Specialist - Implementation

If this worked for you please flag my post as an "Accepted Solution" so others can benefit. A kudo would be cool if you think I earned it.
Regular Visitor
Support
Posts: 7
Registered: ‎01-03-2008
0

Re: NSM 2009.1r1 and RMA

hello muttbarker,

 

Thank you for your reply. 

 

I didn't know that you call this operation "cut and paste"   :smileyhappy:

I already did that on the creation of my SRX gateway, and it worked successfully, but unfortunately it's still not working for me when RMA'ing and activating the device.

 

I opened a case on Juniper and I did a secure meeting with a Juniper engineer, we didn't find a solution.

Actually he is trying to reproduce the problem. 

The error message that we are getting on NSM is as follow " No record found in database for this incoming connection. Could be wrong device-id or it is removed by user." ...If someone can help

 

N.B. : the device id is correctly configured !

 

I'll update this post as soon as we find a solution

 

Thanks

 

Mounira REMINI

Security Engineer

 

 

 

New User
gear
Posts: 1
Registered: ‎01-10-2010
0

Re: NSM 2009.1r1 and RMA

For what it is worth, I am experiencing exactly the same problem.  This is with 2009.1r1 and both 10.0.R1.8 and 10.0.R2.10 on an SRX240. I have an up to date schema and have tried both the "reachable" and "unreachable" methods for adding the device.  In both cases I get the same error in the logs: "No record found in database for this incoming connection. Could be wrong device-id or it is removed by user."

 

Did you ever get a resolution to this?

New User
Mikael_Johnsson
Posts: 2
Registered: ‎02-01-2010
0

Re: NSM 2009.1r1 and RMA

Hi,

 

Just got the same problem with an SRX210 and NSM 2008.r2a.

Did anyone find a solution to the "No record found in database for this incoming connection. Could be wrong device-id or it is removed by user." problem?

 

Regards

Contributor
mounira_remini
Posts: 11
Registered: ‎03-22-2010
0

Re: NSM 2009.1r1 and RMA

Hello,

 

Here is the explanation that I got from Juniper support about this issue :

 

The root cause is that,  when we RMA an SRX device, NSM changes its device ID of the SRX
in its DB. While activating, NSM still supplies the old device id in UI, which goes to
SRX along with the commands. And then SRX tries to connect with the old device id. So,
the connection will fail in NSM.
This behavior is changed in the latest release, and the issue is resolved

The issue seems to be resolved in NSM 2010. I haven't test it yet .

 

Mounira

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.