Version 2

    This applies to more than one version of LEM, and I've seen people asking about this since they upgraded to LEM 6.2, so I'm editing this document to reflect that.  The issue and steps are the same.  I'm also adding links to some other resources to help.

     

    • ...send me e-mails
    • ...let me log in with my domain credentials
    • ...send active responses to my Cisco/Juniper/Sonicwall devices
    • ...pull data from my Cisco IDS/IPS devices
    • ...connect to my [database driven application]

     

    Remain Calm!

     

    We're getting a lot of these lately.  The common factor here is that all of these things (and a bunch I didn't list) require that you give the LEM credentials to do stuff.  You had to provide a user name and password to connect to AD for queries.  There's a password field for the e-mail active response, even through you left it blank.  Any connectors that asked for or used credentials are probably, temporarily, "broken."

     

    If you can't log in with your AD credentials, log in with the built-in Admin account to fix things.

     

    Don't know the Admin password?  You can reset it via SSH or with access to the LEM virtual console: SolarWinds Knowledge Base :: Resetting the Admin password

     

    Good News, Everyone!

     

    The fix is easy.  Log into the LEM, find the connector, and restart it.  That'll probably resolve the issue.  You may want to take a second to re-enter the credentials, and then restart it.

     

    The connectors on your appliance can be found by:

     

    1. Go to Manage → Appliances
    2. On the line with your LEM's hostname, there is a gear on the left.  Click that gear and choose "Connectors"
    3. Check the box for "Configured" connectors to narrow the list down
    4. See a connector that's gray?  Click on the gear next to it and select "Start"

     

    But Why Did This Happen?

     

    As part of the 6.0.1 upgrade, the encryption technology used to store credentials internally and in connectors was upgraded to make it more secure.  This means all those credentials (even the blank ones) got re-encrypted.  In some cases, that means that the connector stopped and didn't restart, but it's pretty painless to restart them.

     

    My Cisco IDS/IPS Still Isn't Working

     

    That's because the Cisco software you're running is terrible.  It uses old, busted technology: TLSv1, SSLv2 and SSLv3.  In newer versions of the LEM (I think 5.4 and newer) we stopped allowing the LEM to communicate with those technologies.  However, if you haven't updated your Cisco devices in a while, they're still cruising along with some of these.  You probably called support at some point and had them hack the LEM or the Agent to allow this traffic, and when you upgraded to the new LEM/Agent, those changes will be wiped out and Cisco devices will stop communicating.

     

    Good Idea

     

    Tell Cisco to fix their stupid software and/or update your IDS/IPS to use more secure communications

     

    Bad Idea

     

    If your IPS/IDS connectors are running on an Agent (configured under Manage → Nodes), you can make the Agent use the old, insecure communications channels.  Directions are here:

     

    SolarWinds Knowledge Base :: Cisco IPS devices are not logging data when using the LEM 5.7 agent

     

    If your IPS/IDS connectors are running on the Manager (configured under Manage → Appliances), you'll need to open a support ticket so the Manager can be modified to allow this.