Unable to Telnet to device - can't do backups or firmware updates (1178 Views)
Reply
Occasional Visitor
MJMerlina
Posts: 2
Registered: ‎08-30-2013
Message 1 of 4 (1,178 Views)

Unable to Telnet to device - can't do backups or firmware updates

I've been trying for quite some time to get this to work and I just can't seem to get it. I have followed other posts, upgraded from 5.1 to 5.2, installed Telnet from the original media source, enabled telnet on the server, verified username/pw, tried different template configs to login to the switches, etc. etc. The list goes on. Anyway, when I do a backup of a switch I get an error returned that says it couldn't telnet the device. I tried a bunch of stuff on my own, then I found this post which I was hoping would help me, but I am still unable to get it to work:

http://h30499.www3.hp.com/t5/IMC/Help-with-IMC/td-p/5952971

 

I rebooted my server, then tried to grab a backup from one switch and it did not work. I have copied everything from the log from the time after the reboot. Please see my attached file and tell me where I'm going wrong! I've double checked the username/pw many many times. I do have a password and a super password, but I've tried all different configurations of the templates to no avail.

Honored Contributor
LindsayHill
Posts: 741
Registered: ‎11-16-2011
Message 2 of 4 (1,165 Views)

Re: Unable to Telnet to device - can't do backups or firmware updates

OK, first some questions:

 

* What specific vendor and model are your switches?

* What login method are you using? SSH/Telnet?

* What file transfer method are you using - FTP, TFTP, SFTP, SCP ?

* Do you have SNMP read-write enabled?

* When you login to the switch, do you enter a username? Do you also have to enter an enable password?

 

Here's my steps for troubleshooting this sort of thing - not all steps will apply, but it's worth going through this list, and making sure you've covered the basics.

* Check that my device is actually a supported device. If it's not, you need to write a custom adapter. Let's assume it is supported out of the box.

* Login to the IMC server. Not the web console, but login to the actual server, via RDP or SSH - I don't know if you're using Windows or Linux. Go to <IMC>/server/bin. From there, run telnet <switch IP>, and check that it works. If you're using SSH, then run plink <switch>. For SCP or SFTP file transfer, you can use psftp. This step is checking that all ACLs, etc. are good. It also uses the actual telnet/plink binaries used by IMC, so you get to check that they're behaving themselves properly.

* Go to IMC system settings, and enable Plaintext display of passwords.

* Go to Services ->  Config Center -> Options. Check the File Transfer mode settings for your device - is it a specific setting, or is covered by the default? Is it the value you want? (TFTP/FTP/SFTP/SCP). If you're using FTP, make sure the FTP server is working, has a default dir set properly, and that the credentials are valid. If you don't know what file transfer mode you should use, look at the device itself. If you had to run a manual backup of that device, what methods does it support? Note that if you're using TFTP or FTP, the device pushes the config back to the server. If you're using SCP or SFTP, the server pulls the config from the device. Many adapters will also fall back to a CLI method if they can't do a file transfer - this does the equivalent of a "show run" and captures the output.

* Go to your device details page, and check the Login type is correct - SSH or Telnet. If you are NOT using SNMP read-write, then edit the SNMP credentials, and delete whatever is set in the Write string. Leave the Read string alone, it's almost certainly working.

* Go to the SSH or Telnet credentials, and see what values are set there. Are they what you expect? Make sure you understand the different options - password + super password is very different to Username+password. When they say "super", think "enable" if you've got a Cisco background.

 

OK, all that stuff is just checking out the basics. Now, if you're using Telnet, this next step is MUCH easier. Use Wireshark on the IMC server, and set it up to capture all traffic between IMC and your device. Trigger a backup from IMC. Watch the session going past - when you see username/password prompts, do you see IMC sending the right credentials? Is it what you expect?

 

While this is going on, watch <IMC>/server/conf/log/imccfgbakdm* and the <IMC>/server/tmp directory - the logfile shows what's going on, and the tmp directory has some temporary files that can be quite illuminating as to what's going on with the Expect session. 

 

From there, there next step is diving into the adapters themselves, to trace it further - but if you've got a standard device, you shouldn't need to do this just yet.

 

One other thing - if at all possible, use SCP or SFTP for backups. It's much more reliable, and it's secure. Note that Cisco and HP devices require configuration on the device to enable SCP (Cisco) or SFTP (Comware). Commands are like "ip scp server enable", and your AAA config also has to match - often needs a line like "aaa authorization default local" on a Cisco device.

 

I hope this is some help - report back with your findings, and we'll try and figure it out together.

 

 

 

CCIE 36708 | @northlandboy | lkhill.com
Occasional Visitor
MJMerlina
Posts: 2
Registered: ‎08-30-2013
Message 3 of 4 (1,157 Views)

Re: Unable to Telnet to device - can't do backups or firmware updates

* Switches are all HP Procurve. Different models (2524, 2650, 5308, 5406, etc.) - same issue on all of them

* Telnet

* Default transfer mode is TFTP

* Yes, SNMP read-write is enabled and SNMP template is configured

* We use a username (admin) to login to the switch. We have both a password and an enable password, but on HP switches at the initial prompt if you just enter admin and the enable password it brings you right into admin. I have tried to choose both username+password and username+password+super password, but neither of those worked

 

*supported out of the box - hp switches

*Windows Server 2008. I have tried to telnet using the telnet in the /server/bin directory and it does work. I also unpacked the telnet.exe from the installation files as you mentioned in your other post because telnet client was not enabled on my Windows server when IMC was installed, so it didn't unpack telnet or put it in the /server/bin dir. I had to put it there manually. 

*turned on cleartext and verified PW

 

I took your advice and used SFTP for the backups, and that is working properly, so I will just stick with that. Thanks so much for your detailed reply, very helpful!

Honored Contributor
LindsayHill
Posts: 741
Registered: ‎11-16-2011
Message 4 of 4 (1,154 Views)

Re: Unable to Telnet to device - can't do backups or firmware updates

That's good news - you'll be more secure with SFTP too. 

 

One thing to watch out for is that there is a bug with some firmware versions on Procurves where the SFTP file transfer is truncated. At a quick glance the backup looks OK, but it's only part of the config. It is fixed in later firmware versions.

CCIE 36708 | @northlandboy | lkhill.com
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.