cancel
Showing results for 
Search instead for 
Did you mean: 

Trying to upgrade firmware with XMC - Cannot negotiate, proposals do not match.

Trying to upgrade firmware with XMC - Cannot negotiate, proposals do not match.

Keith9
Contributor III

We need to upgrade our core X690 switches because they have firmware from 2018 on them.  Because they are critical we are testing the upgrade on an X450-G2 first.

We are getting Cannot negotiate, proposals do not match.

How can we efficiently use XMC to push out firmware upgrades?

 

1 ACCEPTED SOLUTION

Keith9
Contributor III

We just upgrade via the CLI.  Its easier and we know what to expect.

 

Thanks everyone, even the one that sounded like ChatGPT wrote it.  XMC Is Xtreme Management Center, not Xilix or whatever....  Its formally known as netsight, in fact we still call it netsight.

View solution in original post

4 REPLIES 4

Keith9
Contributor III

We just upgrade via the CLI.  Its easier and we know what to expect.

 

Thanks everyone, even the one that sounded like ChatGPT wrote it.  XMC Is Xtreme Management Center, not Xilix or whatever....  Its formally known as netsight, in fact we still call it netsight.

jerrymark
New Contributor

It would appear that you are having trouble upgrading the firmware via utilising XMC, which I am going to guess stands for something along the lines of "Xilinx MicroBlaze Configuration" or something similar. The error message that you are receiving, "Cannot negotiate, proposals do not match," often indicates that there is a mismatch in the cryptographic parameters or protocols that are utilised throughout the process of negotiation.

The following is a list of actions that you can take to investigate and fix this problem:

Verify Compatibility Before continuing, check to see if the version of the XMC toolchain you are utilising and the firmware that you are attempting to upgrade are both compatible with one another. Inconsistent versions may cause difficulties throughout the negotiation process.

Examine the Security Parameters It's possible that the issue occurred as a result of incompatible security parameters, such as encryption methods, key lengths, or hash functions. Check to see that the same security parameters are being applied at both the sending and receiving ends of the transaction.

Protocol Versions: Make sure that the firmware update protocol version is the same on both ends of the connection. It is possible for the negotiation to fail if there is a discrepancy in the versions.

If upgrading the firmware requires communication over a network, check to see if there are any firewalls, proxies, or network restrictions that could be preventing the communication from taking place. It is important that the ports and protocols that are needed for the update be open and allowed.

XMC Toolchain Update: If you're using an older version of the XMC toolchain, you should consider updating to the most recent version as soon as possible. It's possible that compatibility or negotiation problems have been fixed in later versions.

Documentation and Support: For help on how to diagnose an issue, go to the documentation that was provided by the developers of the firmware and toolchain. If the problem continues, you might try contacting their support channels to see if they can offer any assistance.

Debugging Tools: If you are able to do so, you should use the debugging tools that have been supplied by either the XMC or the firmware in order to collect more specific information regarding the negotiation process. It's possible that this will help identify the particular parameter that's causing the mismatch.

Logs and Error Messages: When the negotiation process is being carried out, any logs, error messages, or debug outputs that are produced should be investigated. They might be able to provide some insights into the particular step or setting that is creating the problem.

Check the Dependencies: Certain firmware updates may need certain dependencies (such as libraries, runtime environments, etc.). Be sure to check this before installing any upgrades. Ensure that these dependencies are installed and configured correctly before continuing.

Think About Using Third-Party Tools If the XMC toolchain is producing recurring problems, you should think about looking into other tools that are compatible with your hardware and firmware.

Melli22nger
New Contributor II

@Keith9wrote:

We need to upgrade our core X690 switches because they have firmware from 2018 on them. Because they are critical we are testing the upgrade on an X450-G2 first.

We are getting Cannot negotiate, proposals do not match.

How can we efficiently use XMC to push out firmware upgrades? GMGlobalConnect VSP Login


As per the Configuration Utility log provided, the firmware is successfully updated. The error you are receiving in the logs is expected since you have disabled the "firmware update feature" Can you please test and verify whether the device you have programmed is working as expected?

dpanev
Contributor

Symptoms

  • Extreme Management Center was being used to fully manage third party devices via Extreme WebShell Terminal, execute CLI Commands and/or backup / restore configuration Archives using CommandScripts.
  • The above functionality all stopped around the same time.
  • The third party devices are managed via SSH vs TELNET.
  • Inventory Manager Archives may return the following which indicates SSH KEX (Key Exchange) between XMC and the device has failed:
Cannot negotiate, proposals do not match.

Environment

  • Extreme Management Center (XMC, formerly NetSight)
  • ExtremeCloud IQ - Site Engine (XIQ-SE)
  • All Software Releases
  • WebShell Terminal
  • CLI Commands
  • Archiving CommandScripts

Cause

If a third-party device is being managed via SSH in Extreme Management Center or ExtremeCloud IQ - Site Engine this functionality may break if the SSH endpoint uses SSH ciphers or algorithms XMC is not compatible with. The endpoint may have been recently upgraded or had policies applied to it to restrict certain cipher or algorithm usage resulting in the loss of compatibility with Extreme WebShell.

Resolution

As noted below Extreme WebShell SSH client supports a limited set of ciphers and encipherment algorithms.

Available workarounds are limited to:
  • Re-enabling compatible ciphers or algorithms as noted below on the SSH endpoint, if possible; OR
  • Use TELNET as an alternative connection mode to the endpoint, if possible.

Additional notes

Extreme WebShell SSH client supports the following:
  • HMAC algorithms supported are limited to hmac-sha1,hmac-md5.
  • KEX algorithmms supported are diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1.
  • Host Key algorithms supported are limited to ssh-rsa,ssh-dss (RSA is however most common for vendors)
  • Encryption algorithms supported are aes256-ctr/aes128-ctr and a handful of legacy CBC ciphers for compatibility with legacy Extreme products.
GTM-P2G8KFN