Troubleshooting: Configuration Sync Issues from Director to Branch
This article describes how to troubleshoot configuration sync issued between Director and Branch.
Sometimes, you will not be able to sync the Director configuration with the branch and will get the following error on the Director UI.
Remote Server Exception view details malformed-message : Failed to authenticate towards device GIMEC-LAB-CPE2: Bad private SSH key for local/remote user arun.c/admin
This error state will not allow you to commit any changes to the Branch device.
This issue is caused by one of the two following causes
- Host IP moves from one device to another and the Director updates the keys of old IPs and tries to authenticate using the same keys. This authentication fails as the IPs are already configured in another host.
- The appliance is missing the Versa Director Keys
To fix the issue, we have two steps that need to be followed
Step 1: Execute the shell command sudo /opt/versa/vnms/scripts/push_keys_to_device.sh <IP-Address> <device-password>
This shell command pushes the key from the Versa Director to the affected Branch.
admin@DIRECTOR:~$ sudo /opt/versa/vnms/scripts/push_keys_to_device.sh 10.3.64.229 ****** [sudo] password for admin: Warning: Permanently added '10.3.64.229' (ECDSA) to the list of known hosts. 0 0 admin@DIRECTOR:~$Step 2: Run the CLI command request devices fetch-ssh-host-keys device <device-name>
This command, fetches the Key form the Branch Device using Versa Director.
Administrator@Director-New> request devices fetch-ssh-host-keys device Branch-2 fetch-result { device Branch-2 result unchanged fingerprint { algorithm ssh-dss value 2a:5c:1b:d1:4c:31:cd:37:35:a7:27:25:be:dd:f3:b7 } }
Once these steps are done, you will be able to sync the configuration between the Director and Branch and commit any changes via the Versa Director.
Summary
In this article, we saw what causes the sync issue between Director and Branch configuration and how to fix it by updating the Host IP address and keys.
