Management
Management

NSM showig device down

2 weeks ago

Hi

 

We replaced a faulty SRX650 with a new one , the faulty oe was in version 10.4

The new one is on version 12.3D90

The NSM is on version 2012.2R8

 

After the replacement we're unable to manage the new device via the NSM

Status showing down

Server monitor is up and we can manage all other devices via NSM. But only this device that has been replaced.

 

We did RMA follwoing this procedure but didn't help

https://kb.juniper.net/InfoCenter/index?page=content&id=KB4549&actp=METADATA

 

We also tried to delete ourprivate/public keys from devcfg file .. but still didn't help

 

In NSM CLI logs it is showing the follwing:

[11/27/2019 11:11:48.489] [Error] [1123680-sshPlugDb.c:1047] No record found in database for this incoming connection. Could be wrong device-id or it is removed by user.inside sshPlugDbGetLocal_S1_DMI_ID is 00000000000000000000000000000000002E5E7B02, DEVICE ID IS 0

But didn't understand anything from this article

https://kb.juniper.net/InfoCenter/index?page=content&id=KB13953&actp=METADATA

 

How to adjust the device-id and what is should be?

 

Another question, the NSM is not showing in "adjust version OS" version 12.3 , only 10.4 , 11.4 , 12.1 ...

No 12.3 showing there ... I saw some articels saying that we should update the schema or something like this ... can someone elaborate on this please ?

 

Thanks

Regards,
A'bed AL-R.
[JNCSP-SEC JNCDA JNCIS-ENT Ingenious Champion|Sec]
https://srxtech.wordpress.com
5 REPLIES 5
Management

Re: NSM showig device down

2 weeks ago
Hi Abed AL-R,

You should try to update the DMI schema in NSM: https://kb.juniper.net/InfoCenter/index?page=content&id=KB12756
Basically, SRX device version should match which was earlier in NSM i.e. 10.4 to Activate the device from RMA.

Thank you.

Regards,
-PL
Management

Re: NSM showig device down

2 weeks ago

Hi PML

 

Thanks for the reply

But what if it does not match ? like now, the new device is on 12.3 and the old one was on 10.4

The RMA will not work?

 

regarding updating schema , According to release notes , if I update to 354 which is the last one , the suppot for 10.4 will be gone . And we have another devices managed by NSM and they're on 10.4.... So I guess it is risky

 

Do you think I should downgrade the SRX To 12.1 to be supported and RMAed successfully ?

 

Those versions supported in NSM when I try to do adjust OS version:

NSM11.PNG

 

And how much the version is important so I can manage the SRX device via NSM?

 

 

Regards,
A'bed AL-R.
[JNCSP-SEC JNCDA JNCIS-ENT Ingenious Champion|Sec]
https://srxtech.wordpress.com
Management

Re: NSM showig device down

2 weeks ago
To be very frank, I dont think it is schema issue as 10 and 12 both are old version and your NSM should have supported schema already.
So you can try to downgrade your new SRX and activate it.
Make sure, you have basic connectivity from NSM to new SRX then only it will get activated.

Regards,
PL
Management

Re: NSM showig device down

2 weeks ago

Thanks for the reply

 

I tried now to activate the device the other way "device deployed but IP not reachable"

I got the following command to configure in SRX:

set system services outbound-ssh client nsm-192.168.198.101 device-id 0D73F1 
set system services outbound-ssh client nsm-192.168.198.101 secret 709006451589393 
set system services outbound-ssh client nsm-192.168.198.101 192.168.198.101 port 7804 
set system services outbound-ssh client nsm-192.168.198.101 services netconf 

I configured those statements but not NSM showing keys error messgaes:

 

[11/27/2019 12:55:11.408] [Notice] [1123680-connectionMgr.c:2316] Incoming TCP connection from SSH, device ip 192.168.198.114
[11/27/2019 12:55:11.409] [Notice] [1123680-sshPlugDb.c:1355] svrTLSDbServerGetClientData is called.
[11/27/2019 12:55:11.411] [Notice] [1123680-sessionPlug.c:3581] session returns NETPLUG_SEND_DISCONNECTED
[11/27/2019 12:55:11.414] [Notice] [1123680-sshPlugDb.c:816] sshPLUGDB: privatekey not found
[11/27/2019 12:55:11.414] [Notice] [1123680-sshPlugDb.c:832] sshPLUGDB: publicKey not found
[11/27/2019 12:55:11.414] [Notice] [1123680-sshPlugDb.c:847] sshPLUGDB: sshalgorithm not found
[11/27/2019 12:55:11.414] [Notice] [1123680-sessionPlug.c:3581] session returns NETPLUG_SEND_DISCONNECTED
[11/27/2019 12:55:12.329] [Notice] [1123680-nthConnPlug.c:1990] NTHCONN: sshLowerPlug received SSH Init message
[11/27/2019 12:55:12.329] [Notice] [1123680-nthConnPlug.c:338] NTHCONN: nsNthConnSendInitMsgToDevBrocker: domainId = 4 deviceId = 11 isFirstConn = 1 status = 0 remoteAddr = -1073751880
[11/27/2019 12:55:12.329] [Notice] [1123680-nthConnPlug.c:385] NTHCONN: device 192.168.198.114 (domainId 4, deviceId 11) successfully established secure SSH tunnel
[11/27/2019 12:55:12.330] [Notice] [1123680-nthConnPlug.c:2232] NTHCONN: sshTopPlug SSH Exchange SessionId == 63178632 mySessionId = 1
[11/27/2019 12:55:12.330] [Notice] [1123680-sshPlug.c:1064] SSHPLUG(192.168.198.114): ssh connection is established.
[11/27/2019 12:55:12.330] [Notice] [6001584-nsDdNspServer.c:380] sendLogRequestToDmiDevice: syncCmdWrite succeeded sending data to device [11 4 2] for op 17
[11/27/2019 12:55:12.330] [Notice] [1123680-nthConnPlug.c:2267] NTHCONN: sshTopPlug received SSH open channel = 2
[11/27/2019 12:55:12.332] [Notice] [5743536-nsDdNspServer.c:2870] processOneA: informing deviceMgr about dmi device [4 11] connection cmd = 0x8562ea0
[11/27/2019 12:55:12.335] [Warning] [5743536-nsDdNspServer.c:5319] dbNotifyDmiDeviceConnection: DMI device serial number = 0000000004194315
[11/27/2019 12:55:12.339] [Notice] [5743536-nsDdNspServer.c:301] sendDeviceConnectionStatus: status 1 for device [4 11] ip = 192.168.198.114
[11/27/2019 12:55:12.340] [Notice] [5743536-nsDdNspServer.c:5345] NTHCONN SSH: domainId 4, deviceId 11: ** Complete Nth Conn Success **
[11/27/2019 12:55:12.400] [Notice] [1123680-nthConnPlug.c:2038] NTHCONN: lowerPlug SSH device [4 11] successfully opened channel 2
[11/27/2019 12:55:12.400] [Notice] [1123680-nthConnPlug.c:2232] NTHCONN: sshTopPlug SSH Exchange SessionId == 63211401 mySessionId = 2
[11/27/2019 12:55:12.400] [Notice] [6001584-nsDdNspServer.c:456] sendHelloMsgDmiDevice: syncCmdWrite succeeded sending data to device [11 4 2] 
[11/27/2019 12:55:12.400] [Notice] [6001584-nsDdNspServer.c:380] sendLogRequestToDmiDevice: syncCmdWrite succeeded sending data to device [11 4 2] for op 6
[11/27/2019 12:55:12.457] [Notice] [5743536-nsDdNspServer.c:4655] sshOpenChannelRequest: device [4 11 10], previous channel state = closed
[11/27/2019 12:55:12.457] [Notice] [1123680-nthConnPlug.c:2267] NTHCONN: sshTopPlug received SSH open channel = 10
[11/27/2019 12:55:12.505] [Notice] [1123680-nthConnPlug.c:2038] NTHCONN: lowerPlug SSH device [4 11] successfully opened channel 10
[11/27/2019 12:55:12.505] [Notice] [1123680-nthConnPlug.c:2232] NTHCONN: sshTopPlug SSH Exchange SessionId == 63408015 mySessionId = 10
[11/27/2019 12:55:12.505] [Notice] [5743536-nsDdNspServer.c:4854] sshProcessOpenChannelResponse: received response 1 for device [4 11 10]
[11/27/2019 12:55:12.505] [Notice] [5743536-nsDdNspServer.c:456] sendHelloMsgDmiDevice: syncCmdWrite succeeded sending data to device [11 4 10] 
[11/27/2019 12:55:18.403] [Notice] [5743536-nsDdNspServer.c:4979] sshProcessDeviceData: received Hello msg from device [4 11] for channel 10
[11/27/2019 12:55:18.590] [Notice] [5743536-nsDdNspServer.c:4773] sshCloseChannelRequest: channel = 10, state = opened, device [4 11]
[11/27/2019 12:55:18.590] [Notice] [1123680-nthConnPlug.c:2273] NTHCONN: sshTopPlugreceived SSH_CLOSE_CHANNEL_MSG for channel = 10
[11/27/2019 12:55:18.590] [Notice] [5743536-nsDdNspServer.c:5025] processSshMessageFromDevice: received SSH_CLOSE_CHANNEL_MSG from device [4 11 10]
[11/27/2019 12:55:18.657] [Notice] [5743536-nsDdNspServer.c:301] sendDeviceConnectionStatus: status 0 for device [4 11] ip = 192.168.198.114
[11/27/2019 12:55:18.657] [Notice] [5743536-nsDdNspServer.c:2990] NTHCONN: domainId 4, deviceId 11: ** device disconnect **
[11/27/2019 12:55:18.699] [Notice] [5743536-nsDdNspServer.c:5236] sshCleanChannleCmds: device [4 11]
[11/27/2019 12:55:18.699] [Notice] [1123680-sessionPlug.c:3997] cspXportScheduleDisconnect
[11/27/2019 12:55:18.699] [Warning] [1123680-sessionPlug.c:4137] Transport -undefined-location-,08586870 Disconnected, heartbeat timeout cause:6
Regards,
A'bed AL-R.
[JNCSP-SEC JNCDA JNCIS-ENT Ingenious Champion|Sec]
https://srxtech.wordpress.com
Management

Re: NSM showig device down

2 weeks ago

.. anyway

we migrated from NSM to Junos Space

its time I guess  Smiley Tongue

Regards,
A'bed AL-R.
[JNCSP-SEC JNCDA JNCIS-ENT Ingenious Champion|Sec]
https://srxtech.wordpress.com