ExtremeCloud IQ- Site Engine & Extreme Management Center

Expand all | Collapse all

EXOS XML-Notification vs NetSight webservice: Auth failure -> Lockout for webservices

  • 1.  EXOS XML-Notification vs NetSight webservice: Auth failure -> Lockout for webservices

    Posted 07-25-2017 21:17
    Hello Guys,

    I have a customer migrating from EOS to EXOS, and we got several issues... We are working on Auth and Policy problems, but the XML-Notification (plus Identity Manager) are rising some alerts...

    We configured the switches (X440-G2 22.2.1.5 patch1-4) like this:

    #
    # Module xmlc configuration.
    # create xml-notification target netsight-target_172.18.1.50 url https://172.18.1.50:8443/axis/services/event vr VR-Default
    configure xml-notification target netsight-target_172.18.1.50 user nsadmin encrypted-auth bnNhZG1pbjouIVNjaHVsekAyMDEzIzA3
    configure xml-notification target netsight-target_172.18.1.50 from 172.18.7.241
    enable xml-notification netsight-target_172.18.1.50
    configure xml-notification target netsight-target_172.18.1.50 add idMgr

    The password was typed as asked during the config (and triple-checked), but we are getting warnings on Console Log of Auth Failed and account lockout... There are several EXOS switches sending notifications to NetSight 7.1.2.12

    The customer is running a Windows version of NetSight and the account isn't locked out on the OS.



    Any ideas?

    Best regards,

    -Leo



  • 2.  RE: EXOS XML-Notification vs NetSight webservice: Auth failure -> Lockout for webservices

    Posted 07-26-2017 11:09
    Hello Leo,

    When we setup XML notifications to NAC I believe we use the webservice credentials and not the NetSight user credentials.

    Can you try with whatever webservice credentials are configured? By default they should be admin/Extreme@pp

    Just a guess so cross your fingers.

    Thanks
    -Ryan


  • 3.  RE: EXOS XML-Notification vs NetSight webservice: Auth failure -> Lockout for webservices

    Posted 07-26-2017 11:16
    Hi Ryan,

    This customer doesn't have NAC yet... We are using the GTACKnowledge solution (IDM+Netlogin) to show users in NetSight without NAC.

    By the way, the XML-Notification doesn't work with any tested (by me) NetSight version when running EXOS 21.x... With the very same config, booting a 22.x it connects to Netsight instantly.

    As stated in the GK posts and manuals, you need a OneView enabled user (with the according rights to login to the EMC).

    Thanks for your support!

    -Leo