Security

last person joined: yesterday 

Ask questions and share experiences with Juniper Connected Security. Discuss Advanced Threat Protection, SecIntel, Secure Analytics, Secure Connect, Security Director, and all things related to Juniper security technologies.
Back to discussions
Expand all | Collapse all

NSM - Can't add device after it is removed

  • 1.  NSM - Can't add device after it is removed

    Posted 05-18-2009 13:36

     

    I added a device using the + button in the device manager

    I removed the device using the - button in the device manager

     

    Now when I try to add the same device using the same procedure that worked last time, it hangs at trying to get the SSH key. It can reach the device and there are no networking issues for this to be a problem. Does anyone know what the problem is here?



  • 2.  RE: NSM - Can't add device after it is removed

    Posted 05-18-2009 13:43

    1- Have you looked on the device to see if any errors in the log?

    2- Have you looked in the device.daemon error log file to see any errors there?

    3- Have you tried to add the device as unreachable and then let the device connect in to the NSM?

    4- What device and O/S version are you having the problem with?

    5- Did you do anything to the device since the initial add in terms of O/S upgrade?



  • 3.  RE: NSM - Can't add device after it is removed

    Posted 05-18-2009 13:48

    1- Have you looked on the device to see if any errors in the log?

    2- Have you looked in the device.daemon error log file to see any errors there?

    3- Have you tried to add the device as unreachable and then let the device connect in to the NSM?

    4- What device and O/S version are you having the problem with?

    5- Did you do anything to the device since the initial add in terms of O/S upgrade?

     

    1. no errors

    2. on the NSM?

    3. no, I just tried to add it exactly the way I added it the first time, but it hangs on the SSH key

    4. it won't add anything anymore, it hangs in the same spot. I'm trying to add EX4200's, but I just removed an ssg5 and it won't re-add that one either

    5. I upgraded the EX4200's JunOS version, but the SSG5 I did absolutely nothing to it, I simply removed it and tried to re-add it just to see if I could.

     

     



  • 4.  RE: NSM - Can't add device after it is removed
    Best Answer

    Posted 05-18-2009 14:08

    Hmm - the first thing I would do is to simply look in the NSM logs in the UI. It is in the investigate tab. Audit Log Viewer. Actually, make that the 2nd thing. That is very odd behavior. I would first do a restart on the box and then try and add again. Sounds like some process got whacked.

     

    Also the log I was talking about is actually an error log on the NSM server itself. In /usr/netscreen there is a GuiSvr and a DevSvr directory. In each of those is a /var/errorlog directory. These contain error logs. Two very good ones are deviceDaemon.0 and guiDaemon.0

     

    They are quite tough to read but if you do a "tail -f" on them and then try to do something (Add a device, or login) you can see errors and start to learn from them. They are really designed for support but can sometimes help you find a direction for a problem.

     

     

    Let's see what the restart does!



  • 5.  RE: NSM - Can't add device after it is removed

    Posted 05-18-2009 14:24

     

    I had just done a reset before reading your reply mutt and it seems to have cleared the issue up. Now I'm slapping myself for not having done it sooner haha. Thank you for the information on the logs, I'm sure that will come in handy at some point.



  • 6.  RE: NSM - Can't add device after it is removed

    Posted 05-18-2009 14:29
    Of course now it won't auto-detect the EX4200 switches with the new JunOS update heh


  • 7.  RE: NSM - Can't add device after it is removed

    Posted 05-18-2009 14:33

    Glad that the SSG5 add now worked. As for the JUNOS issue - yeah, that is a biggie - I have a spreadsheet that shows the versions of NSM that I care about (the ones I run and my customers) and I keep it updated to relfect the latest version of each product that is part of the NSM "family"

     

    That new version of SSL 6.4 might be the greatest ever, but if NSM won't talk to it, and you want to manage from NSM, then.......

     

    It is a slight pain cause you really need to read all the release notes.



  • 8.  RE: NSM - Can't add device after it is removed

    Posted 05-18-2009 14:36
    So what is recommended? JunOS 9.3?


  • 9.  RE: NSM - Can't add device after it is removed

    Posted 05-18-2009 14:45
    nsm2008.2r1 - JUNOS 9.2 or 9.3


  • 10.  RE: NSM - Can't add device after it is removed

    Posted 05-18-2009 16:34
    I gave both 9.2 and 9.3 a try and neither auto detects, even though I added these devices as reachable before. The only command the NSM is trying to run on them is "y" which isn't going to work anywhere for anything.


  • 11.  RE: NSM - Can't add device after it is removed

    Posted 05-18-2009 17:38

    Have you tried to add them as "unreachable?" NSM will generate a special ID - then specific instructions on how to add. Try that - you will see if the box can connect and if so what errors it may have when doing so.

     

    The non-reachable process has you manually pushing from the JUNOS object to NSM. It is worth trying to see the result of the add attempt. I would also do a hard save of the JUNOS config to a file to make rollbacks easier.

     

     

    Message Edited by muttbarker on 05-18-2009 05:39 PM
    Message Edited by muttbarker on 05-18-2009 05:41 PM


  • 12.  RE: NSM - Can't add device after it is removed

    Posted 05-18-2009 17:46

    Just deleted a J3450 router running 93R2.8 - could not add as reachable - added with no problem as unreachable. Then did my import and it is clean.

     

    Often the router/switch does not have all the necessary "stuff" enabled for reachable add. Unreachable makes sure the config is good.



  • 13.  RE: NSM - Can't add device after it is removed

    Posted 05-19-2009 07:36

    Forgot one thing - when adding a new JUNOS device. To add as reachable you need to make sure that you both enable ssh and enable netconf

     

    set system services netconf ssh

    set system services ssh

     

    When I deleted my device last night and could not re-add it, it was cause I did a rollback to a config that did not have netconf enabled. If you add device as "unreachable" then you enable netconf as part of the device add to NSM, not as part of the system service settings.