How to troubleshoot connectivity issues between SecureShore and X-series.SecureShore NMS server cannot re-connect to a replaced CPM module on an X-series chassis. The Diagnostic reports following error message:
Unable to discover device 'NAME': java.rmi.RemoteException: The device has rejected a management request made by this server. Please verify that the device has been configured to allow management by this server.
Tcpdump shows a short communication on TCP port 18085 between the CPM and SecureShore closed by the CPM.
Generic troubleshooting of SecureShore connectivity issues with an X-series device:
1. Verify in XOS configuration that
web-server is enabled and
management-server address is set to SecureShore NMS server IP address:
CBS# show web-server
Web Server Enabled (true/false) : t
CBS# show management-server
Management Server IP
2. Verify CPM access-lists. To allow communication between the SecureShore NMS server and the managed device, following TCP ports must be open:
TCP 18085 from the SecureShore server to the managed device
TCP 443 from the SecureShore server to the managed device
TCP 8443 from the managed device to the SecureShore server
You can use
show access-list and
show running-configto verify that access-lists assigned to CPM management interfaces allow this communication.
3. Verify that expected processes listen on ports 18085 and 5443 (cnmsd and java).
5. If all above is correct, make sure there is no routing issue (like missing route to the SecureShore host). Run tcpdump on the CPM interface eth2 to observe packets between the CPM and the SecureShore server, for example:
It should display bidirectional communication on the above TCP ports. The initial connection from SecureShore is coming on the port 18085. You can also utilize ping to verify the basic network connectivity.
This specific case was caused by a missing configuration file
/crossbeam/etc/nms.cf. This file should exist and contain the IP address of the SecureShore NMS server configured in the XOS CLI. The file likely wasn't properly created during the import of the XOS configuration on the replaced CPM. The file can be restored by refreshing the
management-serverstatement in the XOS CLI: