Consult the following topics to address frequently asked questions about NetMRI operation, using the Cisco Discovery Service utility software, using the NetMRI AutoUpdate feature, viewing hardware status messages from NetMRI appliances, changing the banner logo and other information.

Frequently Asked Questions

User Interface

Q. How can I do more sophisticated searching and filtering in tables?
A. Both the Quick Search field and the Filters dialog enable you to use regular expression syntax to specify search targets. Any characters enclosed between forward slashes (/*/) are treated as a regular expression.

Q. I returned to a page and data that was there has disappeared. What's going on?
A. While you were away from that page, you may have changed the date or period in another page, or you may have constrained the data to a specific device group. Check the device group/date/period at the left end of the green header to see whether that's what you want. To change the device group, or to show data for the entire network, click the corresponding row in the Select Device Groups panel. To change the date or period, see Setting the Date and Period.

Q. I have an admin account in NetMRI but I can't get my CLI connections to work - my Telnet and SSH connections time out.
A. Your admin account does not have CLI credentials enabled. To fix this, open Settings, go to User Admin –> Users, and click the Edit icon for the admin account. Click the CLI Credentials tab. Then, enable the User CLI Credentials Enabled check box, and enter the user name and password, with password confirmation. If you need an Enable password for accessing network devices through the CLI, enter that value and confirm that as well. Click Save and start a new terminal session to the NetMRI appliance.

Device Groups

Q. I added a new device to my network. Where do I find that device in NetMRI?
A. NetMRI checks for new devices every 15 minutes. A new device is assigned to a device group based on the group membership criteria where the group is defined. If NetMRI can't assign a device to a defined group, it places it in the UNKNOWN or NAME-ONLY group.

Q. Why does a Managed Devices or Asset Inventory report run for the VirtualIP default device group return "No Results Found."
A. Virtual IP devices are excluded from reports such as Managed Devices and Asset Inventory because they are not physical devices and they lack certain necessary OS and chassis information.

Q. Why do device group counts in the Select Device Groups panel appear to be out of sync with the counts at Network Explorer –> Inventory –> Devices section –> Devices?
A. Device group membership counts are recalculated every 15 minutes. When the appliance is discovering many new devices, you might see a different count until you refresh your browser following that recalculation. If no new devices are being added to the network, you are unlikely to see a difference.

Discovery

Q. How can I remove a device from NetMRI?
A. A network device is removed if it is in the included CIDR blocks and hasn't been accessed by NetMRI in a 7-day period and it hasn't shown up anywhere on the network based on data collected in the past day. This 7-day period is adjusted with the Device Expiration Days setting in the Settings icon –> General Settings –> Advanced Settings page. Data sources checked to see if the device exists include ARP, routing, CDP and any /32 or /128 CIDR blocks. A discovery diagnostic of a device will show which devices are reporting this device in those tables for help in troubleshooting problems. Any device included in a CIDR block is removed after one day. Any non-network device, such as a PC, is removed from NetMRI if it isn't seen in any collected data in the previous 24 hour period.

Q. What kinds of IPv6 networks do I need to add to my seed routers or discovery ranges?
A. IPv6 standards define several new types of network prefixes, because the address value is longer and is formatted differently. Unique local IPv6 Unicast network prefixes begin with the designation FC00:/7. (These values are similar to the familiar 10.x.x.x, 172.16.x.x and 192.168.x.x IP prefixes.) Globally routable values begin with the 2000:/ or 2001:/ prefixes but are not used as examples in this document because of the need to use private address spaces in documentation, to avoid possible conflicts with live networks.
NetMRI discovery of IPv6 networks can make use of Hints and CIDR blocks for discovery.
Do not use link-local or multicast addresses as a device hint, for a range, or a seed router. Unique local IPv6 unicast values are acceptable. As with the 10.x.x.x and other private IPv4 values, they are not globally routable and are safe for use in the local network. Also see the section Configuring Network Discovery Settings for more information.

Q. Some devices in my network only support SNMPv2c. Can I use SNMPv2c credentials as the default for discovery?
A. Yes. See Choosing SNMP Protocol Preferences for more details.

Q. Can I define SNMPv3 credentials with both types of secret keys to conform to my organization's security policies?
A. Yes. You can define SNMPv3 credentials with separate authentication and privacy key values. See SNMPv3 Credentials for Discovery and Management for more details.

Switch Port Management

Q. I've installed a Switch Port license into NetMRI but none of my Ethernet switches are showing up in the Switch Port Management device tables. The switches appear in my Switch and Switch-Router device groups, but I get a "Polling Started for 0 Devices" message whenever I try to start polling the switches.
A. You must add the switches in the device group(s) to the SPM license, whether it's an evaluation license or a paid-for SPM license. Installing the license does not automatically add the contents of the Switch and Switch-Router device groups to the licensed device count.

Configuration Management

Q. What does the Get Config button in the Config Explorer actually do?
A. The Get Config button schedules back-end processes to retrieve the current configuration files from the selected device. If there is no difference from the currently listed configuration files, then a new instance is not created in the configuration files list. Each listed instance implies a difference, and the timestamp defines when the file was first known to be changed. To determine when the file was last checked, open the "Current" "Running" configuration file. In the resulting window, the Last Update timestamp (in the header) indicates the last time checked.

User Administration

Q. Why can't I specify device groups for the SysAdmin role?
A. The SysAdmin role is not intended as an operator (i.e., restricted to certain network domains), but rather a system administrator with authority throughout the NetMRI appliance. For security and safety, you should only use this role when performing actions that require it.

Security

Q. Can I disable HTTP access to NetMRI?
A. By default, both HTTP and HTTPS modes are enabled. Infoblox recommends disabling the HTTP mode. Go to Settings icon –> General Settings –> Security – NetMRI HTTPS Settings to modify settings.

Q. What well-known ports does NetMRI use?
A. Outbound ports:

1. • 22/ssh TCP for configuration collection
   • 23/telnet TCP for configuration collection
   • 25/smtp TCP for notifications
   • 161/snmp UDP for SNMP collection
   • 162/snmptrap UDP for notifications
   • 514/syslog UDP for Syslog notifications
   • 1433 TCP TCP for CDR collection (when the IP telephony module is licensed).
   • any TCP or UDP port defined by Settings icon –> Setup section –> Port List and port scanning is enabled.

A. Inbound ports:

1. • 22/ssh TCP for administrative shell access
   • 80/http TCP for non-secured GUI access
   • 443/https TCP or secured GUI access
   • 514/syslog UDP for change detection

System Security

The NetMRI appliance is configured to prevent all non-essential servers and ports, and all user accounts are disabled except for the admin account, which is used for administrative purposes (see below for more information).

Symptom: Unable to connect to Infoblox Technical Support server.

• Use the NetMRI ping/traceroute tool via the browser interface (Tools –> Device –> Ping/Traceroute), or the ping command via the NetMRI Administrative Shell, to verify that NetMRI can reach any server on the Internet.
• Use the NetMRI ping/traceroute tool via the browser interface, or the traceroute command via the Administrative Shell, to verify that NetMRI can reach techdata.infoblox.com on the Internet.
• Verify that your firewall rules allow NetMRI to make an outbound SSH connection (tcp port 22) to techdata.infoblox.com.

Technical Support monitors the CERT advisories for all components used in the appliance and evaluates all appropriate reports with regard to their usage in NetMRI. If a serious vulnerability is discovered, a custom patch is developed and provided to all existing customers via the NetMRI User Mailing list.

Network Connections

The SSH port can be accessed using the administrator password specified by the operator during configuration. All services on the SSH port are provided through the OpenSSH v3.5p1 public domain server. The only commands that can be executed via the SSH port are those provided by the NetMRI Administrative Shell, and the user can access only a restricted directory on the server.

All other ports are supported by a Java-based application server that is inherently resilient to buffer overflow attacks and other common network-based attacks. The HTTP, HTTPS and SNMP ports support standard processing for those protocols. The HTTP and HTTPS ports can be accessed only by authorized users using a valid password, as specified by the administrator.

Access Control Lists

NetMRI supports an Access Control List (ACL) via the NetMRI Administrator Shell that allows the operator to specify one or more CIDR blocks to restrict access to all the non-SNMP ports supported by the appliance. When combined with the existing authentication mechanisms, the ACL effectively safeguards the appliance against unauthorized access.

Protocol Configuration

NetMRI allows system administrators to configure the HTTP, HTTPS, SNMP and SSH protocols used to connect to the appliance via the Console GUI and Admin Shell, and the protocols used by the appliance to connect to network devices when collecting data. Protocol configurations can be defined at the Settings icon –> General Settings –> Security page, or by executing the configure command in the NetMRI Administrative Shell.

General Settings Section

The General Settings section (Settings icon –> General Settings group) provides access to server statistics and a variety of server settings. Pages in this section enable the following tasks:

• Set and reset any of numerous advanced settings (for information, see 30804647)
• Configure authentication service settings (for information, see Defining Authentication Services)
• Configure NetMRI to automatically check for software updates, and optionally install updates (see the 30804647 30804647)
• Substitute your own banner logo (for information, see 30804647)
• Create custom fields for manually recording any device information (for information, see Defining and Using Custom Fields)
• Shut down the server (for information, see 30804647)
• Manage NetMRI server security (for information, see NetMRI Security Settings)
• Review NetMRI patches and updates

NetMRI Advanced Settings

NetMRI Advanced Settings (located in Settings icon –> General Settings –> Advanced Settings) provides a multi-page grouping of configuration settings for many NetMRI features. Advanced Settings are designed so NetMRI users can run a fully functioning system without changing any defaults settings in this category.

To modify items in Advanced Settings, click the Action icon for any setting and choose Edit. To reset the Advanced Setting to its defaults, choose Reset.

Checking Hardware Status Messages

The Hardware Status page (Settings icon –> Notifications section –> Hardware Status page) provides status information about hardware components in the NetMRI NT-4000 appliance, including component failures and general messages about the health and operation of elements such as the fan assemblies, LCD screen, removable hard disks, power supplies, events that are reported when the case is open, overall System Health messages and others.

The Hardware Status page does not apply to NetMRI virtual appliances or to NetMRI 1102-A 1U or NT-1400 appliances. Also consult the Infoblox Installation Guide For the NetMRI NT-4000 Appliance for more information about the NT-4000 system.

Auto Update

NetMRI can be configured to periodically check for minor software updates, and can optionally automatically download and install those updates. Software update notifications appear as the issue "NetMRI Update Available," and users are notified of automatic software installations through a system message, visible in the Settings icon –> Notifications –> System Messages page, to notify users of Applied or Available updates.

NetMRI must be able to reach the server techdata.infoblox.com using TCP port 22.

To configure automatic updates, do the following:

1. Select the Auto Update Setting option:
   Disabled: Do not check for updates. If you select this option, go to step 4. Notify Only: Check for updates.
   Automatic: Check for updates, and if an update is available, download and install it.
2. Select the Frequency for notification or automatic updates.
3. Select the Hour to Start and Minute to Start.
4. Click the Update button.

Replacing a Banner Logo

Use the Banner Logo page (Settings icon –> General Settings –> Banner Logo) to display your logo in reports generated by NetMRI. Your logo will replace the default logo that is provided with NetMRI.

To replace the default logo with your logo, do the following:

1. Click Browse, then locate and select the logo file.
2. The file can be any common image format, such as JPEG, GIF, PNG, etc. The ideal image size is 220 x 60 pixels (an image that is not this size is automatically resized to those dimensions).
3. Click Update.

To restore use of the default logo: Click Reset.

Shutting Down the Server

Use the Shutdown Server page (Settings icon –> General Settings –> Shutdown Server) to stop or restart NetMRI.

NetMRI includes embedded database and file systems to manage the vast amount of information it gathers from the network. Although the database and file systems are designed to be resilient to failures, it is always best to shut the appliance down gracefully whenever possible to avoid data corruption.

Note: Failure to properly shutdown NetMRI may result in corruption of one or more database tables. Although NetMRI automatically attempts to repair tables when restarted, such repairs may not always work, resulting in a loss of data or functionality. In certain cases, you may need to restore the database or reset to factory defaults.

To shutdown the server from the browser interface, do the following:

1. Select a shutdown option:
   Restart Server. This option will shutdown NetMRI and then immediately restart it.
   Power Down Server. Use this option for a planned power outage or to move NetMRI to another location.
   Disable Collection, Then Power Down Server. Use this method when removing NetMRI from a network, possibly for further review of analysis information. This option will likely be used most frequently by consulting organizations who use NetMRI on a network for a few days, then take it back to their office to prepare a customer report.
   Save Network Database and Force Re-Configuration On Server Startup. Use this method when NetMRI is being moved to a new network or to a different section of an existing network. A consultant could also use this mode when moving NetMRI between different sites. A campus or enterprise customer can use this mode when moving NetMRI to different logical sections of a single network. The next time NetMRI is booted, the setup wizard will run, allowing you to configure it for a new network or a previously existing network. If a previously existing network is selected during the startup process, the system loads the archived copy of the database for that network, allowing NetMRI to pick up where it left off or allowing you to analyze the old data.
2. Click OK.

You can also shut down the server from the Administrative Shell.
the appliance is configured for separate analysis and management operation, check its rear panel. For separate operation, the SCAN port is connected to the production network for analysis, and the MGMT port is connected to the management network for system administration. If the appliance is connected to only one network, instructions in this section are not necessary.

1. Go to Settings icon –> General Settings section –> Shutdown Server.
2. Type the CIDR-format Address (using syntax A.B.C.D/NN), type the Gateway IP address, then click Add. To delete a static route: Click the Delete button for any static route listed in the Static Route List on the page.

NetMRI Update History

The Update History page (Settings icon –> General Settings –> Update History) lists NetMRI patches and upgrades that have been installed. Each action is time-stamped. If an installation failed, it is shown in red, with the failure status code.

File Transfer Operations

Occasionally, software update files or database archive files must be transferred to or from NetMRI. NetMRI supports two methods for transferring files:

• File transfer between NetMRI and an external workstation or server using the SCP protocol.
• File transfer between NetMRI and an external server from the Administrative Shell using the SCP or FTP protocol.

Although NetMRI allows the FTP client to be used for transferring files from within the Administrative Shell, NetMRI instances of any kind do not allow external FTP clients to send or receive files directly into the system. No FTP server is provided on NetMRI appliances or VMs.

Client Workstation File Transfer Using WinSCP

The Windows Secure Copy (WinSCP) utility is a Windows-based tool with a graphical user interface that allows you to copy files to/from NetMRI using a drag-and-drop approach. WinSCP is available from http://winscp.net/eng/index.php and other public domain web sites.
Follow the directions that come with the utility to install it on a Windows-based PC. Then

1. Log in to the Administrative Shell by specifying the DNS name (or IP Address), a username of admin and the admin account's password.
2. WinSCP will display the contents of the Backup directory.
3. Transfer files between the source directory and NetMRI by dragging and dropping.

Client Workstation File Transfer Using FTP and SCP

The method for starting the SCP client will depend on the operating system. Examples below are based on Unix. All command line inputs to the SCP client are case-sensitive.
The Secure Copy (scp) utility is a command line tool that can be used to download or upload files. It runs on most major operating systems and can be obtained from http://www.openssh.org. Only the scp client utility is needed on the storage device, not the scp server daemon.
Follow the directions that come with the utility to install it on the storage device where the files are stored.

Exporting using SCP

1. Log in to the storage device that will receive the exported file, and navigate to the directory where it will be stored.
2. At the prompt, enter this command:
   scp "admin@<NetMRI>:Backup/*".
   including the double-quotes and the trailing space and period, but replacing <NetMRI> with the DNS name or IP address of the NetMRI machine that has the file to be downloaded.
3. The first time you access NetMRI from a given storage device, you will be prompted by SCP to verify the authenticity of the instance. Answer yes to continue the download. (Once authenticity has been established on the storage device, this question will no longer be asked when accessing NetMRI from the same storage device using the same login.)
4. After the connection authenticity has been established, SCP will prompt for the admin password. Enter the same password used to access the NetMRI admin account via the web interface.
5. After accepting the password, SCP will copy the file from NetMRI to the storage device.

Importing using SCP

Use SCP to download files:

1. Log in to the storage device that holds the file to be imported, and navigate to the directory where it is stored.
2. At the prompt, enter this command:
   scp <importfile> "admin@<NetMRI>:Backup"
   including the double-quotes, but replacing <NetMRI> with the DNS name or IP address of the NetMRI machine, and replacing <importfile> with the name of the file to be imported.
3. After the connection authenticity has been established, SCP will prompt for the admin password. Enter the same password used to access the NetMRI admin account via the web interface.
4. After accepting the password, SCP will copy the file from the storage device to NetMRI.

External Server Import and Export Using FTP

The NetMRI Administrative Shell supports the use of the FTP client within the shell itself to import/export files from and to an external server. Thus, instead of using your client application to access the NetMRI server, you can use the NetMRI client application to access other servers, such as the Infoblox Support FTP server.

1. Log in to the Administrative Shell using an SSH application.
2. Execute this command:

ftp <servername>
where <servername> is the name of the FTP server.

The Settings window organizes configuration options in the following sections:
User Administration section: create and manage user accounts and roles, and view the audit log.

Sending Technical Support Bundles to Infoblox

Note: Support bundle operations require the SysAdmin role.

To obtain and send technical data from any NetMRI appliance for troubleshooting purposes, do the following:

1. Click the Actions icon and choose Send Support Bundle.
–Or–

1. Go to Settings icon –> Database Settings -> Send Support Bundle.
2. Choose a Transfer Mode: Download to Client Workstation or Send to Infoblox Support Site.
3. Click, CTRL+click or SHIFT+click to select one or more Data Categories. Sending technical data requires at least one category selection. Data categories include the following:

1. • Discovery Stats: Logs documenting events related to device discovery, network path collection, ping sweep results, and discovered device support information;
   • SNMP/CLI Logs: Collections of SNMP and CLI data collection event logs;
   • Config Logs: Device configurations, downloaded from the devices that NetMRI is managing;
   • Firewall Services: NetMRI firewall services logs;
   • Standard Logs: Event log data for all server protocols and tasks used by NetMRI;
   • Visualization Logs: NetMRI GUI processing events;
   • System Health Logs: Event log journals directly related to System Health alerts;
   • Benchmark Tool Logs: NetMRI benchmark tool logs.

4. Click Start and confirm the operation. Depending on the amount of requested data, a few minutes may be required to generate and download the bundle.

NetMRI Syslog Messages List

This document provides a list of hard-coded system alert messages. It also includes a 30804647.

System Alert Messages List

The text in bold below indicates the source script for the message.

drbdmonitord.pl

The replication data is synchronized

The replication data is out of sync

The connectivity to peer MGMT port is re-established

Lost connectivity on peer MGMT port

The connectivity via replication link is re-established

Lost connectivity via peer replication link

Lost all contact with primary peer. Performing auto fail over, becoming primary.

Lost all contact with primary peer. Not performing auto fail over. Disk state unfit

DeviceLimitExceeded.pm

Device license limit exceeded by {NumAffected} devices

Interface number exceeded by {NumAffected} devices for {NetworkTotal} interfaces, polling a high number of interfaces will affect performance

Security Control license limit exceeded by {NumAffected} devices

Number of used Security Control license exceeded 85% of license limit

GlobalConfigDisabled.pm

Global config collection is disabled

NetMRIMaintenance.pm

Weekly maintenance is disabled

DevicePolicy.pm

Device policy $short_name not evaluated for {DeviceIPDotted}.  Status is $ps.

UpgradeUtil.pm

Upgrade Partitioned History Tables

Not enough database connections to upgrade table {table}. Retrying.

ibsync.pl

Infoblox Sync could not export data for NetMRI network ….

Retrying in {retryDelay} seconds.

The synchronization will not be retried until the next schedule synchronization attempt.

Could not authenticate to grid master as user ...

The network view was not found on the grid master.

CiscoCallMgrObject.pm

CCM collector error

Error connecting to Call Manger

Error collection VoIP call manager system data

Error collection VoIP call manager type

ifTableObject.pm

Not polling interface performance data for {IPAddress} because license limit is exceeded

Rapid polling interface limit exceeded

voipResponderObject.pm

IPSLA responder setup failure

voipTestObject.pm

IPSLA jitter test setup failure

UpgradeIssues.pl

NetMRI Issue Upgrade Complete

SensorsCollector.pl

System Hardware Failure

cdr.pl

CDR collector error

Can't setup CDR listener server

Received connection from unknown host $client->peerhost

Received {invalidCount} invalid CDR record(s)

{sqlError}

Can't lock PID to modify ACL

Can't modify ACL

rtcp.pl

RTCP collector error

Can't lock PID to modify ACL

Can't modify ACL {error message}

copyArchive.pl

NetMRI Database Archive Failure

Unable to create archive

Failed to copy archive to remote host

copyConfigs.pl

NetMRI Config Archive Failure

Unable to create archive

Failed to copy archive to remote host

NetMRI Config Archive Copied

Config Archive successfully copied to remote host

authKasai.pl

Failed login attempt

Error on server {auth_server} in service {service_name}

Error remote authentication is not usable, no authentication servers are reachable.

Successful Login

User {userName} successfully logged in from server {auth_server} using service {service_name}

login.tdf

Failed login attempt…

Successful Login…

User Lockout…

BackgroundUpgradeMonitor.pl

Background upgrade has aborted with {completed} of {total} tables processed.

Background upgrade has completed with {completed} tables processed.

WeeklyMaintenance

$productName maintenance process started

$productName maintenance process generated {Errors}

$productName maintenance process completed normally

AutoUpdate

NetMRI {updateTypeName} Installed

NetMRI {updatesNum} {updateTypeName(s)} Available

UpgradeNetMRI.pl

NetMRI Update Installed

NetMRI Update Available

Rebooting for kernel upgrade

checkDiskUsage.pl

General Errors

NetMRI disk usage for {mount} exceeds {diskWarningThreshold}%.  Current usage {capacity}%.  Beginning data reduction

NetMRI disk usage for {mount} after pruning is {capacity}%. It was unable to free any significant amount of space

NetMRI disk usage for {mount} after pruning is {capacity}%

NetMRI disk usage for {mount} exceeds {diskWarningThreshold}%.  Current usage {capacity}%

checkSkipjack.pl

Watchdog restarted MySQL

Watchdog restarted Skipjack Application Server

Watchdog restarted Tomcat Application Server

Watchdog restarted SNMP collector

Watchdog restarted Gromit Java service

Watchdog restarted Report Manager

Watchdog restarted discovery engine

Watchdog restarted analysis engine

Watchdog restarted Anyterm Daemon

Watchdog restarted OpenVPN service

Watchdog restarted Sensors Collector

Watchdog restarted Perl scripting service

Watchdog restarted Device Interaction Service

Watchdog restarted Message Queue Daemon Watchdog

Watchdog restarted Message Queue Server

NetMRI memory usage is extremely high.  Current swap free is {swapFree}%.  Taking corrective measures.

NetMRI memory usage is high.  Current swap free is {swapFree}%

skipjack.pl

{productName} killed by system.

{productName} started by system.

{productName} stopped by system.

CredentialCollector.pm

SNMP Credentials: Failed to authenticate

NetMRI Database Issues List

The following table lists the defined NetMRI database issues.