NSM awaiting 1st time connect
I have NSM 2004 FP2 and I have connected successfully to my 1st ns-5xt and my 2nd or 3rd 5xt will not allow me to import the device. The log file on the 5xt indicates unable to connect to the NSM reason 2 and reason 5. The NSM says “awaiting 1st time connect”. All 3 5xt have the same OS.
tekbot last edited by
I found a much easier solution. I had 60 devices to add to NSM and all but a few of them added fine using the following method:
Add Device -> Device not reachable -> (populate screenOS details) -> One time password -> Show commands.
There were a few that didn’t add properly, all saying “awaiting first time connect” in NSM and saying “NSM: Cannot connect to NSM server at x.x.x.x. Reason: 5, Incomplete write (145 connect attempt(s))” in the log files.
I ssh’d into each box and tried to ping my NSM server from the various interfaces:
ping a.b.c.d from ethernet0/0 ping a.b.c.d from bgroup0 …etc...
I found that the NSM server was only pingable from my trusted interface (for my environment, it may be different for yours). I then set my source interface in the NSM screen (Configuration -> Admin -> NSM) on the device and the device connected to NSM straight away.
Hope that helps!
coxy last edited by
is your NSM server directly connect to the netscreen or is there another layer 3 device in between the 2? If there is a Layer 3 device make sure port 1500 (and maybe 1501) is allowed so NSM can connect to the device
You can try the following which every times allow to bypass this incomplete write error. Suppress your device in NSM and delete configuration for NSM on your device with #unset nsm all.
Then create another time your device in NSM but not with the reachable device option. Copy the displayed NSM configuration and paste it yourself on your device.
I also get these errors in the 5xt logs:
NSM: Cannot connect to NSM server at 192.168.200.100. Reason: 5, Incomplete write
The device is reachable by telnet however, when I attempt via SSH, it retrieves the key and then autodetect gives 4 errors:
1. IP Address
2. Username and Password
3. Device Server status under "server Manager : Server Monitor"
4. Device Configuration : Type “get config” at the device console
I attempted the RMA command and afterwards I activated the device, however I still do not get the “update device” option. It remains greyed out.
First thing you need to check is if the time is correct on the 5XT. So try to set the time/date correct and try again? if this doesn’t help see below.
if you have ssh connection access to the 5XT. then the best you can do is:
- RMA device
- activate device again
- say not reachable => then you fill in the stuff => and click on the device commands tab => copy these.
- go on and finish this
copy the above commands in the CLI via SSH.
then it should say “update needed”.