NSM awaiting 1st time connect

  • I have NSM 2004 FP2 and I have connected successfully to my 1st ns-5xt and my 2nd or 3rd 5xt will not allow me to import the device. The log file on the 5xt indicates unable to connect to the NSM reason 2 and reason 5. The NSM says “awaiting 1st time connect”. All 3 5xt have the same OS.

  • I found a much easier solution.  I had 60 devices to add to NSM and all but a few of them added fine using the following method:
    Add Device -> Device not reachable -> (populate screenOS details) -> One time password -> Show commands.

    There were a few that didn’t add properly, all saying “awaiting first time connect” in NSM and saying “NSM: Cannot connect to NSM server at x.x.x.x. Reason: 5, Incomplete write (145 connect attempt(s))” in the log files.

    I ssh’d into each box and tried to ping my NSM server from the various interfaces:
    ping a.b.c.d from ethernet0/0 ping a.b.c.d from bgroup0 …etc...

    I found that the NSM server was only pingable from my trusted interface (for my environment, it may be different for yours).  I then set my source interface in the NSM screen (Configuration -> Admin -> NSM) on the device and the device connected to NSM straight away.

    Hope that helps!

  • is your NSM server directly connect to the netscreen or is there another layer 3 device in between the 2?  If there is a Layer 3 device make sure port 1500 (and maybe 1501) is allowed so NSM can connect to the device

  • Engineer

    You can try the following which every times allow to bypass this incomplete write error. Suppress your device in NSM and delete configuration for NSM on your device with #unset nsm all.

    Then create another time your device in NSM but not with the reachable device option. Copy the displayed NSM configuration and paste it yourself on your device.

  • I also get these errors in the 5xt logs:

    NSM: Cannot connect to NSM server at Reason: 5, Incomplete write

  • The device is reachable by telnet however, when I attempt via SSH, it retrieves the key and then autodetect gives 4 errors:

    1. IP Address
    2. Username and Password
    3. Device Server status under "server Manager : Server Monitor"
    4. Device Configuration : Type “get config” at the device console

    I attempted the RMA command and afterwards I activated the device, however I still do not get the “update device” option. It remains greyed out.

  • Engineer


    First thing you need to check is if the time is correct on the 5XT. So try to set the time/date correct and try again? if this doesn’t help see below.

    if you have ssh connection access to the 5XT. then the best you can do is:

    on NSM:

    • RMA device
    • activate device again
    • say not reachable => then you fill in the stuff => and click on the device commands tab => copy these.
    • go on and finish this

    on 5XT:

    copy the above commands in the CLI via SSH.

    then it should say “update needed”.