Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

Troubleshooting JUNOS device connection to NSM

0

0

Article ID: KB13944 KB Last Updated: 23 Apr 2009Version: 1.0
Summary:
Troubleshooting JUNOS device connection to NSM
Symptoms:

Solution:
For general information on the DMI connection mechanism and steps involved in creating a successful DMI connection from a device to NSM, refer to KB13940 - How does a DMI device establish a connection to NSM?. If a device connection to NSM is shown as down in waiting for 1st connect or another status, there are several possible reasons for the failure.

From the device side, review the event log (See KB13943 - How to view DMI and NSM management related JUNOS device side logs) for any DMI related messages.

Common examples:

outbound_ssh_connect_to_server: Connection to: 172.19.47.254 port: 7804 failed
The above error message indicates that the device could not connect to port 7804 to the NSM device server. This type of error is most likely due to a network configuration issue on either the device, an external network issue in the path of the connection, or the NSM server is down.
  1. Verify that the DevSvr process is up and running (See KB11372 - How to check if the NSM Server Services are ON )
  2. Verify if other devices are connected to NSM to rule out the NSM server.
  3. From the JUNOS command line, issue a ping command to the NSM DevSvr IP address.
  4. If unable to ping, verify the local device network configuration and run traceroute to identify potential devices in the path which could be the point of failure.

Check  > show log messages | last  for any of the following messages:

sshd[pid #]: Did not receive identification string from X.X.X.X

(where X.X.X.X is the NSM DevSvr IP address)
The DMI agent was able to reach the NSM server and established a TCP connection; however the NSM server refused to let the device connect and closed the connection. This message will be repeated until the connection is accepted.

From the device side, we know that networking related issues have been ruled out; however there could possibly be a mis-configuration of the device ID, shared secret key, or admin username/password.

The next step for this particular error would be to verify the reason for the failure from the NSM server error logs (See KB13953 - How to identify the cause of a DMI device connection failure from the NSM server ) for more detail on the connection denied failure.

sshd[pid#]: Failed password for root from X.X.X.X port 7804 ssh2
When this error is displayed on the device syslog message, it indicates that the NSM server cannot perform the 2nd phase authentication and create the tunneled connection for DMI configuration management within the SSH transport on port 7804. Verify that the username and password defined when adding the device in NSM matches the one created on the device.

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search