FAQ

What troubleshooting messages can be observed when registering my SG Device with Director

FAQ ID:    FAQ1281
Version:    10.0
Status:    Published
Published date:    03/01/2011
Updated:    10/15/2013
 

Answer

There are three ways to register, or add your SG Appliance to the DIrector appliance.  Once registered, the SG can be be managed by Director.  All of the below mentioned methods, except using the the DIrector Management Console ( DMC) will need you to confirm the director's serial number, which can be retrieved with a 'show version' command in its CLI.  See the end of this article, for a link to details on how to use the CLI.

  1. Using the serial port on your SG appliance, and following the menu. Here you choose 'setup SG' and then 'R' for register with Director, which subjugates the device to the Director appliance.  This method is called subjugation, as it  gives Director, and only Director,  full administrative control over the device by pushing passwords, configurations, grouping information, and so on, as soon as the device is added to Director’s registry. This also ensures that Director is the only point of administrative control for that device.
  2. Through the SG Command line Interface (CLI) using the command " register-with-director  <ip address of Director>
    1. You can also achieve the same result through the SG User interace, under the Maintenance tab, under Service Information. This method is also called subjugation, as it  gives Director, and only Director,  full administrative control over the SG device.
  3. Through the wizard in the Director Management Console (DMC)
  4. We recomend you only name your SG devices with Alpha numeric text.

NOTE:  For both methods 1 and 2, above, you SHOULD NEVER change the password of the SG device by sending an overlay file to the SG.  Using a overlay file to change the password of the SG will not change the hash that the DIrector stores on file to login to this SG.  This overlay file may appear to work immediatly after it's applied, but that's only because the Director does not immedialy re-login to the device. After you have pushed this overlay file, the SG connection will fail once it looses the connection, and attempts to re-login to the devic with the old Hash key.  The failure will manifest in this error:

Authentication failed/SSH key error

Once you have used methods 1, and 2 above to subjugate the SG device to Director, the only proper way to change the password is to right-click on the device, and select the "set Password" option.  Using this method will also change Director's password on file for this SG.

 

TROUBLESHOOTING

To monitor the interaction your Director appliance has with the SG appliance as it registers it, follow these steps.

1: Getting access to the command line interface - CLI:

  • Open an SSH session to to the Director box..
  • Enter Enable mode by following the steps.
    • director > enable
    • Password:
    • director #
  •  Enter Configuration mode, by following these steps.
    • director # config t
    • director (config) #

2: Getting access to the shell.

  • In config mode, use the shell command.
    • director (config) # shell
  • While in the shell mode, you can user the ssh and ping  programs to see if director can even connect to the SG.
  • In the shell mode tail the messages file.
    • sh-2,05b# tail /var/log/messages -f

 

2: Registering your device through the Director Management console (DMC).

  • Once you're logged into the DMC, click on File, and chose the option to Add device.
  • Here you'll be asked to enter a device name, device id, ip address, usernames and passwords, plus a serial number.
  • Ensure you have the correct ip addresses, credentials, and serial number, entered in. and press the button "last".

 

3: Other ways to register.

  • Using the SG serial port, you can choose the option here to register your SG as you setup the appliance.
  • Connected through the SSH terminal, you can execute this command.
  • SG appliance > #register <Director IP address> [<appliance-name> [<serial-number>]]
  • There is also an option in the SG UI to register your device.
  • TIP: Using the SG to register with the Director, rather than using the DMC, subjugates the Device to Director.  To subjugate the device to director will also cause your enable passwords to be hashed, and stored in the DIrector appliance. From here on, you should NOT change these passwords manually at the SG console, or by an overlay file. The only way you should change the password is by right-clicking on the device, in your DMC, and changing it here.

 

4: Here we show you what to look for when you register a Device.  

4a: As you register the device, using the DMC wizard, you should see an output similar to the following:

Note: Below is the output in the messages file.  Using the DMC, we entered in StSG200-5GtSG200-5G  as the device name, 10.78.6.1 as the ip address. and SG402 as the device id.

Mar  1 19:57:52 Martins-Director cli[16187]: <-cli.notice> admin@::ffff:10.103.0.30: Processing command: 1299009472398973:device "SG402" address "10.78.6.2"
Mar  1 19:57:52 Martins-Director cli[16187]: <-cli.notice>
admin@::ffff:10.103.0.30: Processing command: 1299009472912429:device "SG402" authtype simple
Mar  1 19:57:53 Martins-Director cli[16187]: <-cli.notice>
admin@::ffff:10.103.0.30: Processing command: 1299009473377657:no device "SG402" comment
Mar  1 19:57:53 Martins-Director cli[16187]: <-cli.notice>
admin@::ffff:10.103.0.30: Processing a secure command...
Mar  1 19:57:53 Martins-Director cli[16187]: <-cli.notice>
admin@::ffff:10.103.0.30: Processing command: device SG402 enable-password *****
Mar  1 19:57:56 Martins-Director cli[16187]: <-cli.notice>
admin@::ffff:10.103.0.30: Processing command: 1299009476310213:device "SG402" name "StSG200-5GtSG200-5G"
Mar  1 19:57:56 Martins-Director cli[16187]: <-cli.notice>
admin@::ffff:10.103.0.30: Processing command: 1299009476782366:device "SG402" protocol sshv2 port 22
Mar  1 19:57:57 Martins-Director cli[16187]: <-cli.notice>
admin@::ffff:10.103.0.30: Processing command: 1299009477144403:device "SG402" auth simple username "admin"
Mar  1 19:57:57 Martins-Director cli[16187]: <-cli.notice>
admin@::ffff:10.103.0.30: Processing a secure command...
Mar  1 19:57:57 Martins-Director cli[16187]: <-cli.notice>
admin@::ffff:10.103.0.30: Processing command: device SG402 auth simple password *****
Mar  1 19:57:57 Martins-Director ccd: <ccd.notice> Device SG402: attempting connection using ssh on port: 22
Mar  1 19:57:58 Martins-Director cli[16187]: <-cli.notice>
admin@::ffff:10.103.0.30: Processing command: 1299009478206083:device "SG402" web-config port 8082
Mar  1 19:57:58 Martins-Director cli[16187]: <-cli.notice>
admin@::ffff:10.103.0.30: Processing command: 1299009478701829:no device "SG402" front-panel-pin
Mar  1 19:57:59 Martins-Director ccd: <ccd.notice> Device SG402: connected
Mar  1 19:57:59 Martins-Director configd: <configd.notice> Device "SG402" is now online.
Mar  1 19:57:59 Martins-Director dmd: <dmd.notice> inserted device id = SG402 and serial number = 2407063068 into DB
Mar  1 19:57:59 Martins-Director dmd: <dmd.notice> Health state for metric"SG402/12" "disconnected" changed to "ok", reason: "Device connection"
Mar  1 19:57:59 Martins-Director cli[16187]: <-cli.notice>
admin@::ffff:10.103.0.30: Processing command: 1299009479195643:no device "SG402" serial-console-password
Mar  1 19:57:59 Martins-Director cli[16187]: <-cli.notice>
admin@::ffff:10.103.0.30: Processing command: 1299009479724907:device "SG402" serial-number "2407063068"
Mar  1 19:58:00 Martins-Director cli[16187]: <-cli.notice>
admin@::ffff:10.103.0.30: Processing command: 1299009480253307:device "SG402" state "registered"
Mar  1 19:58:00 Martins-Director cli[15976]: <-cli.notice>
admin@::ffff:10.103.0.30: Processing command: 1299009480946503:write memory
Mar  1 19:58:00 Martins-Director configd: <configd.notice> Saved running configuration to /local/sys/v5-config/initial.encrypted
Mar  1 19:58:01 Martins-Director su: PAM unable to dlopen(/dir/usr/lib/pam/pam_tacplus.so)
Mar  1 19:58:01 Martins-Director su: PAM [dlerror: /dir/usr/lib/libtacplus.so: undefined symbol: MD5Init]
Mar  1 19:58:01 Martins-Director su: PAM adding faulty module: /dir/usr/lib/pam/pam_tacplus.so
Mar  1 19:58:01 Martins-Director cli[15970]: <-cli.notice>
admin@::ffff:10.103.0.30: Processing command: 1299009481651130:show configuration revision
Mar  1 19:58:02 Martins-Director cli[16187]: <-cli.notice>
admin@::ffff:10.103.0.30: Processing command: 1299009482354706:no configure
Mar  1 19:58:02 Martins-Director cli[16187]: <-cli.notice>
admin@::ffff:10.103.0.30: Leaving config mode
Mar  1 19:59:57 Martins-Director poller[1474]: <poller.notice> Querying content system for job results.
Mar  1 20:01:57 Martins-Director cli[15970]: <-cli.notice>
admin@::ffff:10.103.0.30: Processing command: 1299009717280787:show version
Mar  1 20:01:58 Martins-Director cli[15972]: <-cli.notice>
admin@::ffff:10.103.0.30: Processing command: 1299009718123555:show version
Mar  1 20:02:51 Martins-Director cli[15976]: <-cli.notice>
admin@::ffff:10.103.0.30: Processing command: 1299009771878409:show version
Mar  1 20:04:38 Martins-Director cli[16015]: <-cli.notice>
admin@::ffff:10.103.0.30: Processing command: 1299009878721788:show devices "SG402"
Mar  1 20:05:48 Martins-Director cli[16187]: <-cli.notice>
admin@::ffff:10.103.0.30: Processing command: 1299009948205826:show version
sh-2.05b#

 

4b: Below is the output when you use the SG CLI, or UI,  to subjugate the SG appliance to the Director appliance:

Jul 26 18:36:23 director subjugate: <subjugate.notice> Registration request received
Jul 26 18:36:26 director ccd: <ccd.notice> Device ESCMWP02: attempting connection using ssh on port: 22
Jul 26 18:36:26 director configd: <configd.notice> Saved running configuration  to /local/sys/v5-config/061711backup.encrypted
Jul 26 18:36:26 director subjugate: <subjugate.notice> Registration succeeded for device 151.143.150.251
Jul 26 18:36:26 director cli[12984]: <-cli.notice>
admin@::ffff:151.143.73.97: Processing command: 1311705386701531:show devices "ESCMWP02"
Jul 26 18:36:26 director cli[2547]: <-cli.notice>
admin@::ffff:151.143.73.97: Processing command: 1311705386701143:show devices "ESCMWP02"
Jul 26 18:36:26 director cli[2541]: <-cli.notice>
admin@::ffff:151.143.73.97
: Processing command: 1311705386701355:show devices "ESCMWP02"
Jul 26 18:36:26 director ccd: <ccd.notice> Device ESCMWP02: connected Jul 26 18:36:26 director configd: <configd.notice> Device "ESCMWP02" is now
online.

Jul 26 18:36:26 director configd: <configd.notice> Device "ESCMWP02" is now online.
Jul 26 18:36:26 director sshd: authentication failure; (uid=0) -> admin for sshd service
Jul 26 18:36:26 director dmd: <dmd.notice> inserted device id = ESCMWP02 and serial number = 0310103039 into DB
Jul 26 18:36:27 director dmd: <dmd.notice> Health state for metric"ESCMWP02/12" "disconnected" changed to "ok", reason: "Device connection"

 

5: To register  your SG,  you need to be able to PING, and SSH to the SG from the Director appliance.  For more information on how to use the Director CLI,to test wether you can connect via SSH to the SG,  see the links below.

 

6:  TIPS for retaining connectivity with SG appliances: 

6a: Director software periodicly checks the connection status of all SGS every 3 to 5 minutes. The  'show shell' or a 'show version' is used to test the connection out.   If we cannot contact a SG in this time period, we close the connection the SG.  

NOTE: With the very latest software- SGME 5.5.2.4 and above- we slow down the connection attempts to disconnected devices to once an hour, starting at once every ten seconds, then once every 20 seconds to once a minute, gradualy moving this interval up to once an hour.  This is done so as to not cause a performance issues for Director appliances with a large amount of devices registered, but waiting to be connected.

Because of the above, it's important to monitor network heatlh, and outages, to ensure the DIrector appliance is not giving out false status alerts on the DMC.

 

6b: Check your LAN interface stats for network related errors.

  • Notice the eth0 interface stats on on this linux command in Director:

    ==================== ifconfig -a:
    eth0      Link encap:Ethernet  HWaddr 00:E0:81:B7:33:08
              inet addr:159.220.193.84  Bcast:159.220.193.255  Mask:255.255.255.0
              inet6 addr: fe80::2e0:81ff:feb7:3308/64 Scope:Link
              UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
              RX packets:3618226 errors:0 dropped:0 overruns:0 frame:0
              TX packets:5433354 errors:4625 dropped:0 overruns:0 carrier:4625
              collisions:12413 txqueuelen:100
              RX bytes:444517353 (423.9 Mb)  TX bytes:568973093 (542.6 Mb)
              Base address:0xc000 Memory:f8000000-f8020000

  • There are 4625 transmit errors... and all of those errors are "carrier" errors (both numbers match).
  • Carrier is typically a low number less than 10. The value- Carrier- means a Loss of link pulse. Sometimes recreated by removing and installing the Ethernet cable. If this counter is high, the link is flapping. (up/down) Either this Ethernet chip is having issues or the device at the other end of the cable is having issues
  • More information on Carrier errors can be found here Linux questions

7: Ensure you can connect to your SG on the standard SSH port of 22.  Some customers accidentally change their SSH port with an overlay file, and thereby lose connectivity to it. You can use an ordinary Putty ssh session for this.

Ensure you can ping and SSH to the SG appliance, as per point 5 above.

8: If you subjugate a device, do not attempt to change the password through an overlay file. See KI383 for more details.

 

NOTE: Below are some other helpful articles:

For an issue with device registration and SSL certiificates, see KB4179.

For more details on other command line interface commands, see KB4178

For more details on what CLI commands are sent to the SG, during a profile push , see FAQ1177

For details on a certificate problem that may affect your ability to register a SG, see KB4172


Rate this Page

Please take a moment to complete this form to help us better serve you.

Did this document help answer your question?
 
 
If you are finished providing feedback, please click the RATE CONTENT button. Otherwise, please add more detail in the following text box and then click RATE CONTENT.
 
 

Your response will be used to improve our document content.

Ask a Question