HPE Community
IMC
1752307 Members
5305 Online
108786 Solutions
New Discussion

Re: Backup Huawei S5720-28X-SI-AC on Imc

 
jeredut
Frequent Visitor

‎04-21-2021 12:39 AM - edited ‎04-21-2021 12:42 AM

‎04-21-2021 12:39 AM - edited ‎04-21-2021 12:42 AM

Backup Huawei S5720-28X-SI-AC on Imc

Hello World,

I'm trying to backup all my huawei switch on IMC but i'm facing an issue. I've already add sys oid in device manufacturer and in the xml files that point the model to backup.

I've step an SFTP server on my Huawei and set the method on imc but when I try to launch the backup i'm getting this error :

- SSH AUTENTIFICATION FAILURE -

Here is the backup logs :

 

2021-04-21 08:47:56.941 [INFO (0)] [THREAD(2212)] [CTclExecutor::exec_impl()] Begin to exec: spawn psftp.exe -P 22 admin@10.100.8.1
2021-04-21 08:47:57.317 [INFO (0)] [THREAD(2212)] [CTclExecutor::exec_impl()] Finished.
2021-04-21 08:47:57.317 [INFO (0)] [THREAD(2212)] [CCLIScriptProcessor::gotoMode()] Begin, ip: 10.100.8.1, current mode: connect, new mode: initialize
2021-04-21 08:47:57.317 [INFO (0)] [THREAD(2212)] [CTclExecutor::exec_impl()] Begin to exec: C:/Program Files/iMC/server/bin/../../server/conf/adapters/ICC/Huawei/HuaweiQuidway/clearup.tcl
2021-04-21 08:47:57.319 [INFO (0)] [THREAD(2212)] [CTclExecutor::exec_impl()] Finished.
2021-04-21 08:47:57.319 [INFO (0)] [THREAD(2212)] [CTclExecutor::exec_impl()] Begin to exec: C:/Program Files/iMC/server/bin/../../server/conf/adapters/ICC/Huawei/HuaweiQuidway/delete_file.tcl
2021-04-21 08:47:57.320 [INFO (0)] [THREAD(2212)] [CTclExecutor::exec_impl()] Finished.
2021-04-21 08:47:57.320 [INFO (0)] [THREAD(2212)] [CTclExecutor::exec_impl()] Begin to exec: C:/Program Files/iMC/server/bin/../../server/conf/adapters/ICC/Huawei/HuaweiQuidway/save.tcl
2021-04-21 08:47:57.321 [INFO (0)] [THREAD(2212)] [CTclExecutor::exec_impl()] Finished.
2021-04-21 08:47:57.322 [INFO (0)] [THREAD(2212)] [CTclExecutor::exec_impl()] Begin to exec: C:/Program Files/iMC/server/bin/../../server/conf/adapters/ICC/Huawei/HuaweiQuidway/ftp_trans_file.tcl
2021-04-21 08:47:57.323 [INFO (0)] [THREAD(2212)] [CTclExecutor::exec_impl()] Finished.
2021-04-21 08:47:57.323 [INFO (0)] [THREAD(2212)] [CCLIScriptProcessor::gotoMode()] Begin, ip: 10.100.8.1, current mode: connect, new mode: sftp-exec
2021-04-21 08:47:57.323 [INFO (0)] [THREAD(2212)] [CTclExecutor::exec_impl()] Begin to exec: C:/Program Files/iMC/server/bin/../../server/conf/adapters/ICC/Huawei/HuaweiQuidway/initialize.tcl
2021-04-21 08:47:57.324 [INFO (0)] [THREAD(2212)] [CTclExecutor::exec_impl()] Finished.
2021-04-21 08:47:57.325 [INFO (0)] [THREAD(2212)] [CTclExecutor::exec_impl()] Begin to exec: C:/Program Files/iMC/server/bin/../../server/conf/adapters/ICC/Huawei/HuaweiQuidway/enter_sftp_exec.tcl
2021-04-21 08:48:02.069 [ERROR (0)] [THREAD(2212)] [CTclExecutor::exec_impl()] Error occured to exec cmd: C:/Program Files/iMC/server/bin/../../server/conf/adapters/ICC/Huawei/HuaweiQuidway/enter_sftp_exec.tcl, error message: FATAL.
2021-04-21 08:48:02.070 [INFO (0)] [THREAD(2212)] [CTclExecutor::exec_impl()] Finished.
2021-04-21 08:48:02.070 [ERROR (11)] [THREAD(2212)] [CCLIScriptProcessor::enterToMode()] Fail to call m_poTclExecutor->execFile().AdaptName=HuaweiQuidway.file_name = enter_sftp_exec.tcl,DevIP =10.100.8.1
2021-04-21 08:48:02.070 [ERROR (11)] [THREAD(2212)] [CCLIScriptProcessor::gotoMode()] Fail to call enterToMode().AdaptName=HuaweiQuidway.DevIP =10.100.8.1.this mode=initialize,go to mode = sftp-exec
2021-04-21 08:48:02.070 [ERROR (11)] [THREAD(2212)] [CCLIScriptProcessor::sftpLogin()] Fail to call gotoMode.AdaptName=HuaweiQuidway.required mode = sftp-exec,DevIP =10.100.8.1
2021-04-21 08:48:02.084 [ERROR (7)] [THREAD(2212)] [CCLIScriptProcessor::exec_step()] Fail to call login().AdaptName=HuaweiQuidway,ServiceName=ConfigBackup,RequiredMode=sftp-exec
2021-04-21 08:48:02.084 [INFO (7)] [THREAD(2212)] [CCLIScriptProcessor::exec_impl()] Fail to call exec_step(). AdaptName = HuaweiQuidway, ServiceName = ConfigBackup.
2021-04-21 08:48:02.084 [ERROR (7)] [THREAD(2212)] [CCLIScriptProcessor::exec()] Fail to call exec_impl(). DevIP =10.100.8.1, AdaptName = HuaweiQuidway,service name = ConfigBackup, action name = backup_running_config.

2021-04-21 08:48:04.093 [INFO (0)] [THREAD(564)] [imcscriptttol] log: =============================== End===============================

Any help ?

Regards,

 

0 Kudos
7 REPLIES 7
jguse
HPE Pro

‎04-22-2021 05:17 AM

‎04-22-2021 05:17 AM

Re: Backup Huawei S5720-28X-SI-AC on Imc

Hello.

Which version of iMC exactly are you running? This looks like a script issue, and there was a fix in iMC 7.3 E0705 for Huawei devices failing to back up the config using SFTP.

Best regards,
Justin

Working @ HPE
Accept or Kudo
0 Kudos
jeredut
Frequent Visitor

‎04-22-2021 06:00 AM

‎04-22-2021 06:00 AM

Re: Backup Huawei S5720-28X-SI-AC on Imc

Hello,

First, thix for replying

Here is my version :

Intelligent Management Platform (JG747AAE) -- E0705 P04

0 Kudos
jguse
HPE Pro

‎04-22-2021 11:37 PM

‎04-22-2021 11:37 PM

Re: Backup Huawei S5720-28X-SI-AC on Imc

Hello,

The issue should be fixed there, so this is probably not the same. Does the SSH and SFTP connectivity to the device work as expected? Make sure the Login Type of the device is also set to 'SSH'.

For SSH connectivity you could verify via 'Test' button in SSH Settings for the device, and also via packet capture of the initial SSH handshake during the backup - this would show you the version of SSH used by IMC and device along with the cipher algorithms supported by each side.

You could verify the SFTP connectivity by opening a CMD and navigating to your iMC\server\bin directory. From there you should be able to execute the same command you can see iMC running according to the logs: psftp.exe -P 22 admin@10.100.8.1

Do you get a password prompt when you issue this command? Does it bring you to the SFTP prompt afterwards? That is what iMC's configuration backup process is looking for here.

Otherwise there are also these known issues related to Huawei devices in the Release Notes:

IMC fails to access some Huawei devices by using SSHv2. To solve this problem, use the undo ssh server authentication-type keyboard-interactive enable command on the devices to disable keyboard-interactive and then save the configuration.

If SSHv2 failed to access some Huawei devices, you can add the device IPs to the server\conf\ssh_v1_devices.cfg file, and use SSHv1 to access the devices.

Best regards,
Justin

Working @ HPE
Accept or Kudo
0 Kudos
jeredut
Frequent Visitor

‎04-22-2021 11:45 PM - edited ‎04-22-2021 11:58 PM

‎04-22-2021 11:45 PM - edited ‎04-22-2021 11:58 PM

Re: Backup Huawei S5720-28X-SI-AC on Imc

Hello Again,

Here is my response and my test to your answer :

Login type is set to SSH. I made a test and the connection is ok and using SSH 2.0 (Regarding Wireshark).

The command psftp.exe -P 22 admin@10.100.8.1 returns me a FATAL ERROR : Signature from server's host key is invalid, so it seems that I have a key issue on my switch? 

I've already correct on my Putty, forcing him to use RSA, how I can force IMC to use RSA with Huawei SW ?

I'm going to search what is wrong with my switch and come back when I found a solution to continue testing process that you gave me.

Thanks !

Regards,

 

EDIT : psftp.exe -P 22 admin@10.100.8.1 is now working and prompt me to type the password, but the auto backup still not working with the same issues.  -> When I write my password, FATAL ERROR : Remote side sent disconnected message, type 2 (protocol error) . I'm gonna try SSH V1 ...
I did the undo ssh server authentication-type keyboard-interactive enable but it doesn't work.

 

0 Kudos
jeredut
Frequent Visitor

‎04-23-2021 12:08 AM - edited ‎04-23-2021 12:29 AM

‎04-23-2021 12:08 AM - edited ‎04-23-2021 12:29 AM

Re: Backup Huawei S5720-28X-SI-AC on Imc

Hello Again,

Activated SSH V1.99 on huawei switch but I don't find server\conf\ssh_v1_devices.cfg  on my server.

The file doesn't exist.

Regards,

 

EDIT : Created the ssh_1_devices.cfg, added the ip.
According to Wireshark, when I click on test on device details, it uses SSH_V1 but when I launch Backup SSH_V2

Regards,

0 Kudos
jguse
HPE Pro

‎04-27-2021 11:34 PM

‎04-27-2021 11:34 PM

Re: Backup Huawei S5720-28X-SI-AC on Imc

Hello,

There's no method I'm aware of to change the key exchange algorithm priority in the built-in putty/psftp of iMC. It's never been needed as SSH works fine with default priority with all other devices - it is rather odd that these Huawei switches require RSA. Do you know if there's any possibility to change this on the device side?

I don't think there's much you could do from the iMC side, but the latest iMC 7.3 E0705P10 does have an option to enable putty 0.70. This resolved a different issue where the SSH MAC algorithms did not match between iMC and the device (it supports only sha2-based MACs which iMC could not). Not sure it will help you in this situation, and would require an upgrade of iMC, but might be worth a try anyway.

When running iMC 7.3 E0705P10, create a file putty07 with no extension in <IMC>/server/conf. Just a blank file with that name. Then restart iMC, and it will now use Putty 0.70 for tasks like config backup.

Best regards,
Justin

Working @ HPE
Accept or Kudo
0 Kudos
jeredut
Frequent Visitor

‎04-28-2021 06:38 AM - edited ‎04-29-2021 01:16 AM

‎04-28-2021 06:38 AM - edited ‎04-29-2021 01:16 AM

Re: Backup Huawei S5720-28X-SI-AC on Imc

Hello,

I'm going to try your solution. I'll upgrade IMC and keep you in touch.

As far as I know, it's not possible to pass trough RSA on Huawei Switches.

Regards,

 

Update : Nothing Works better. I'm done, I'll wait next major patch of IMC.

0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.