cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post
Level 11

Overall Running vs. Startup Config Conflicts

I've tried to understand those NCM main page graphs like "Overall Running vs. Startup Config Conflicts" and "Overall Configuration Changes Snapshot". What means the state "unknown"? I have nearly 100% of devices as unknown, as the matter of fact, they have always been like that! Not very much usefull information... I don't understand what is the meaning of possible state "unknown". Configs have the conflict of they don't have it, simple! Yeah, I understand that if system doesn't see the situation for some reason, it puts it as unknown. But if my every backup scripts are working fine, and everything else in NCM seems to be ok, why these reports are showing unknown? What should I change to make it show the real situation?

14 Replies
Level 9

We are backing up startup and running configs and the reports you are referring to seem to be working fine.

There is a little bit of cleanup that I need to do under All Settings > NCM Settings > Comparison Criteria

My Cisco ASA and Cisco Nexus gear need a few extra lines that need to be ignored when comparing startup-config with running-config

Also, I'm backing up configurations on our FortiGate firewalls, the unknowns are a result of these firewalls not having a 'startup-config' and a 'running-config' to compare.

Running v startup Capture.JPG

Edit: Added note about FortiGate not able to compare startup-config and running-config

0 Kudos

When I try to edit job so that it would backup both running and startup configs, it says

Select one config file type only to generate config change notifications.

So does that mean that I have to choose whether to see config change reports OR running/startup comparison? Sounds stupid...

Here's how my settings look like now, after adding startup configs to download too:

pastedImage_0.png

What's the point of having these options in bottom of that screen, if it's impossible to use them if also a startup config download is chosen?

0 Kudos

Ismo​ You need to run separate jobs so that the engine can do a comparison of the data from the existing config vs the one being downloaded. If you have any recommendations on how we can improve this screen please add them here: Network Configuration Manager Feature Requests .

0 Kudos

I understand what is reading on screen, but I still not understand why it works like that? I mean, if I download both configs, why system cannot compare running config to last running config, and startup config to last startup config? What prevents that? System knows which is which, so why I should need a separate job for that?

0 Kudos

I encourage you to create this as a Feature Request so that others can also upvote the improvement.

Ismo​ that is because you have Config Change Notifications selected. As per the grey note: "To generate config change notifications, only one config file type can be selected." If you want change notifications as part of your backup job then you will need to run a separate job for Startup and Running.

- David Smith
0 Kudos

Gray / Unknown status can either mean NPM is unable to poll the devices with snmp properly, or it can mean NCM cannot access nodes to show their config files and download them--or  it may mean NCM cannot compare them due to some other issue (e.g.: NCM doesn't have access to the archive folder locations or download folder locations, therefore can't analyze/compare configs from day to day, or compare between startup and running configs, there aren't the right Jobs build/enabled to download or compare configs, the nodes aren't included in the Jobs, etc.).

I know this is "basic", but remember that you may be monitoring nodes via ICMP or snmp, but those don't may not have configuration files to backup/download/compare.  Also basic:  Simply adding a Node to NPM doesn't get it backed up in NCM, doesn't validate its NCM credentials for doing the backup.  Make certain nodes that do NOT have config files to backup are not expected to be managed with NCM.  And that nodes that DO have config files for NCM to backup, are selected and properly validated / managed / and put into Jobs that are enabled.

If I saw the gray areas you showed us, I'd do some of the following:

  • Review the location NCM uses for storing configs.  If you have more than one poller, each APE should have the same path set for storing configs--for consistency and easy troubleshooting.
  • Browse to the poller's config storage directory.  Are there current configs there for every node the poller manages?  If not, find out why and fix it.
  • Review the location NCM uses to ARCHIVE configs.  If you have more than one poller, each APE should have the same path set for storing configs.
  • Browse to the Archive directory and verify ALL your nodes show up there, and they all have current running and startup configs present.  If they don't, dig into it, find why, and fix it so they DO have current files in the Archive folder.
  • There's a "Validate" feature for every polling engine to prove it has read/write access to the archive directory.  Verify each polling engine successfully validates accessing the Archive folder by clicking that Validate button for every poller.
  • The Archive directory should not be on a polling engine.  Put it somewhere else on your network that all your polling engines can access, so you don't have all your eggs in one basket.
  • Review the documentation for setting up monitoring on a node in NPM and managing it with NCM
    • Ensure you have the right snmp and login credentials entered for every node
    • Use the Test Credentials button for the snmp setup and ensure it passes
    • Enable the option within NPM to Manage the node with NCM for config backups
    • Use the Test Credentials button for the NCM credentials and ensure it passes successfully for every node
    • Verify that the right template is being used within NPM/NCM.  Some devices won't automatically get the right template even though you have Auto Determine Template enabled.  You may have to manually select the right template, or even custom build a template and then select it.  I had to do this for Cisco ASA's.
    • Verify you have a daily startup-config backup Job built and it's scheduled/enabled
      • Verify the nodes are selected / included in the start-up config backup Job
    • Verify you have a daily running-config backup Job built in NCM, and that it's scheduled / enabled
      • Verify the nodes are selected / included in the running-config backup Job
    • Test the startup & running config backup jobs.  If either have errors or fail, troubleshoot them and fix them so they successfully backup all your nodes.
    • Verify you have an NCM Job built and scheduled / enabled to move all the configs to the Archive folder.    I have NCM move them there daily, since I run other reports on everything in the Archive folder.  Plus, if an APE were to die, I wouldn't lose the configs that should not have been stored on it.
    • Ensure you have a Daily Config Change Report built and enabled and scheduled, and that it includes all the info & notification settings you need to KNOW it worked properly every day.  You should see a Daily Config Change report in your e-mail every day.  If you don't, troubleshoot this and fix the issues until you DO receive this report.
    • Verify all your Jobs have correct notification settings (smtp server info, login credentials if needed, notification e-mail addresses for success or failure of all Jobs) and test them to ensure you're receiving e-mails about the status of every job.

After all this, if it's all running correctly, you should not see ANY gray areas in your pie charts, since you've proven NPM and NCM have the right snmp / login credentials for every node, and that every node is having its startup & running configs downloaded every day, and that a config comparison report is being generated and e-mailed to you daily, and that the configs are being moved to an Archive folder that is NOT on any polling engine.

And let us know what you discovered.  Screen shots help us help you better!     ;^)

Swift packets!

Rick Schroeder

Job is working fine and access to devices is ok and they are monitored by SNMP. All backups are successful always, maybe that tells everything necessary.

Saving path... I have no idea where they are. System is built as Solarwinds told, so there are separate Orion server, Flow storage server and SQL server (they were in same server in older version). So now I don't know anymore where is everything saved. I've become more like basic user to this system, thanks to Solarwinds system architech policy. I'm guessing they are in SQL nowadays, but I'm not sure.   But backups (last 10 or something) are showing in NCM just right, so doens't that tell that access is ok?

As I wrote in last comment, could it be because I'm only backuping running-configs? So system doesn't even investigate startup configs if they are not backuped by NCM?!? I've been using Orion since version 8 or something and I'm quite sure I got some reports from differences between startup and running configs. But that may have changed later? If it is caused by that, why I don't have everything gray there?!? I mean, I don't backup startup configs from any device, everything is under same job!

0 Kudos

Are collecting both Startup and Running config from all your devices?

- David Smith
0 Kudos

No, just running configs (no idea to collect startups as running defines how network works). Does that effect to this issue? Should I add startup configs to backup?

0 Kudos

Hey Ismo,

That particular graph is comparing the Running Configuration to the Startup Configuration to see if there are any differences.

- David Smith
0 Kudos

It means that your SolarWinds server can not collect the configs from the devices properly.  Make sure that SSH is open (on the firewall) between your SolarWinds server and the devices that you are trying to collect.  After that, it should be able to successfully pull in the configs and compare them between running/startup.

0 Kudos

Getting back to this old case. I still see everything as gray. Nobody told how system is comparing these states to each other. 

I'm getting devices backed up every night, no problem with that, and I'm even getting change reports from them. But I'm not getting data for this graph, and obvously not getting reports if running and startup configs differ, as I've setup in job settings. I know everything should be green, because I actually ran a script that writes configs to flash for every switch. But why it's still gray?

pastedImage_0.png

I also getting strange graph from overal comfiguration changes snapshot. How is that calculated really? What does is mean if something is "changed"? Since what? And why is something as gray in there too?

pastedImage_1.png

I'm trying to figure out a logic behind these graphs, because if user doesn't understand that, it's impossible to react for those values.

0 Kudos
Level 14

I have the same situation!

0 Kudos