Help
  • Explore Community
  • Get Started
  • Ask the Community
  • How-To & Best Practices
  • Contact Support
Notifications
Login / Register
Community
Community
Notifications
close
  • Forums
  • Knowledge Center
  • Events & Webinars
  • Ideas
  • Blogs
Help
Help
  • Explore Community
  • Get Started
  • Ask the Community
  • How-To & Best Practices
  • Contact Support
Login / Register
Sustainability
Sustainability

We Value Your Feedback!
Could you please spare a few minutes to share your thoughts on Cloud Connected vs On-Premise Services. Your feedback can help us shape the future of services.
Learn more about the survey or Click here to Launch the survey
Schneider Electric Services Innovation Team!

Mass NMC Updates

APC UPS Data Center & Enterprise Solutions Forum

Schneider, APC support forum to share knowledge about installation and configuration for Data Center and Business Power UPSs, Accessories, Software, Services.

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
  • Home
  • Schneider Electric Community
  • APC UPS, Critical Power, Cooling and Racks
  • APC UPS Data Center & Enterprise Solutions Forum
  • Mass NMC Updates
Options
  • Mark Topic as New
  • Mark Topic as Read
  • Float this Topic for Current User
  • Bookmark
  • Subscribe
  • Mute
  • Printer Friendly Page
Invite a Co-worker
Send a co-worker an invite to the portal.Just enter their email address and we'll connect them to register. After joining, they will belong to the same company.
You have entered an invalid email address. Please re-enter the email address.
This co-worker has already been invited to the Exchange portal. Please invite another co-worker.
Please enter email address
Send Invite Cancel
Invitation Sent
Your invitation was sent.Thanks for sharing Exchange with your co-worker.
Send New Invite Close
Top Experts
User Count
BillP
Administrator BillP Administrator
5060
voidstar_apc
Janeway voidstar_apc
196
Erasmus_apc
Sisko Erasmus_apc
112
Teken
Spock Teken
111
View All

Invite a Colleague

Found this content useful? Share it with a Colleague!

Invite a Colleague Invite
Solved Go to Solution
Back to APC UPS Data Center & Enterprise Solutions Forum
Solved
Anonymous user
Not applicable

Posted: ‎2021-07-01 02:01 AM . Last Modified: ‎2024-03-05 11:59 PM

0 Likes
14
2178
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content

Link copied. Please paste this link to share this article on your social media post.

Posted: ‎2021-07-01 02:01 AM . Last Modified: ‎2024-03-05 11:59 PM

Mass NMC Updates

I know there are a lot of threads around this topic but I wanted to make sure I am on the right track for our particular environment with 300+ UPS devices and a mixture of 9617,9618,9619 and 9631 NMCs.

The main thing we are trying to accomplish is to update the email alerts on all NMC's so that the alarming is consistent across the board. I am new to this institution (University) but for security reasons they prefer to have FTP disabled on the NMCs.

Questions:

1) Is there a way via script or SNMP to mass enable/disable FTP on the NMCs so that we can toggle the FTP setting when we need to make config changes?

If mass enabling FTP is possible the idea was to do the following:
- Configure email alerts on one UPS exactly how we want it
- Export this updated config.ini file
- Enable FTP via SNMP (it's configured on all cards) using some type of script.
- Update all NMCs by importing the EventActionConfig section of the config.ini file either via script or using the ini utility.
- Disable FTP via SNMP using a script

2) Can the above be accomplished with any of APCs network management software? If so which one keeping in mind we only want to manage the UPS devices and nothing else.

3) Is there a way to mass upgrade the NMC firmware via scripts(preferably) or APC software?

Thanks,

Carlos

Labels
  • Labels:
  • UPS Management Devices & PowerChute Software
Reply

Link copied. Please paste this link to share this article on your social media post.

  • All forum topics
  • Previous Topic
  • Next Topic

Accepted Solutions
BillP
Administrator BillP Administrator
Administrator

Posted: ‎2021-07-01 02:02 AM . Last Modified: ‎2024-03-05 11:58 PM

0 Likes
0
2177
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content

Link copied. Please paste this link to share this article on your social media post.

Posted: ‎2021-07-01 02:02 AM . Last Modified: ‎2024-03-05 11:58 PM

i did but then i put my card back to telnet only so i did not test today. i figured you had maybe checked that out too considering how thorough you've been but just wanted to verify.

See Answer In Context

Reply

Link copied. Please paste this link to share this article on your social media post.

Replies 14
BillP
Administrator BillP Administrator
Administrator

Posted: ‎2021-07-01 02:01 AM . Last Modified: ‎2024-03-05 11:59 PM

0 Likes
0
2178
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content

Link copied. Please paste this link to share this article on your social media post.

Posted: ‎2021-07-01 02:01 AM . Last Modified: ‎2024-03-05 11:59 PM

i know in the last couple years, we've gotten away from doing configurations via SNMP.

the only OIDs for FTP and file transfer I see (which don't include enabling/disbling FTP) are under .iso.org.dod.internet.private.enterprises.apc.apcmgmt.mfiletransfer.mfiletransferConfig / .1.3.6.1.4.1.318.2.4.2

another way to consider doing something like this could also be by using DHCP which there is an option for FTP or TFTPing a boot file during a DHCP request. http://www.apc.com/site/support/index.cfm/faq/ -> search for FA156110 (maybe this is not an option for you but i figured I'd throw it out there)

anyway, the only way i know of to mass enable/disable FTP would be through the INI file itself. have you considered using SSH/SCP? SCP gets enabled when you turn on SSH and is secure. i wasnt sure if FTP is disabled because it is unsecure.

struxureware central is the product we sell that would have the capability to do all of this from a GUI. the other utility you mentioned, the INI utility, is the only other item we have to assist in mass configuration at this time. we don't have any other scripting tools.

Reply

Link copied. Please paste this link to share this article on your social media post.

Anonymous user
Not applicable

Posted: ‎2021-07-01 02:01 AM . Last Modified: ‎2024-03-05 11:59 PM

0 Likes
0
2178
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content

Link copied. Please paste this link to share this article on your social media post.

Posted: ‎2021-07-01 02:01 AM . Last Modified: ‎2024-03-05 11:59 PM

Yes - FTP is disabled for security reasons. You mentioned considering SSH/SCP but I thought the only way to update the .ini file was through FTP. How can I specifically use SSH/SCP to update the config.ini file? Do you mean logging into a NMC via a script, enabling FTP via scripted commands and then using the ini utility to upload the changes once FTP is enabled? Please clarify so I can decide what direction to take.

I'll also look at the Struxureware Central product but my uderstanding is that this tool does a lot more than what I am looking for and is priced as such. It would be nice if a smaller scale solution was available just to manage the UPS NMCs for firmware, config and alerting updates.

Reply

Link copied. Please paste this link to share this article on your social media post.

BillP
Administrator BillP Administrator
Administrator

Posted: ‎2021-07-01 02:01 AM . Last Modified: ‎2024-03-05 11:59 PM

0 Likes
0
2178
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content

Link copied. Please paste this link to share this article on your social media post.

Posted: ‎2021-07-01 02:01 AM . Last Modified: ‎2024-03-05 11:59 PM

the INI utility is what we offer for free in regards to mass configuration. this tool works with FTP only.

if you can script a file transfer using an SCP client, then you could basically make your own INI utility that works off of SCP.

just a warning, using secure protocols on NMC1 such as AP917/18/19 is kind of slow but there is no performance issue on NMC2 like AP9630/31.

some information is located here on SSH/SCP -> http://www.apcmedia.com/salestools/AKAR-7FVQ2W_R1_EN.pdf (PDF page 32).

you can transfer files via secure copy securely but the problem I see is that you'll still need to enable SSH/SCP on each card to get that started. if you are going to permanently leave it on, that's fine but if not, you might as well also consider going with FTP and the INI utility as well.

let me know if you need any further clarifications. how you script via SCP is going to depend on the SCP client that you choose most likely.

Reply

Link copied. Please paste this link to share this article on your social media post.

Anonymous user
Not applicable

Posted: ‎2021-07-01 02:01 AM . Last Modified: ‎2024-03-05 11:59 PM

0 Likes
0
2178
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content

Link copied. Please paste this link to share this article on your social media post.

Posted: ‎2021-07-01 02:01 AM . Last Modified: ‎2024-03-05 11:59 PM

After looking at all the alternatives it appears that a script using SCP is our best bet as we have SSH enabled on all the devices (hence SCP is enabled as well). I have successfully done some tests uploading config changes to a 9617 and a 9631. However, I have noticed one small difference when the APC NMCs are using local authentication versus radius. When I use an SCP client with local authentication the file uploads successfully and all login methods (SSH/WEB) work as expected.

However, when using radius authentication the file uploads successfully but when trying to access the NMC via web you get the "Someone is currently logged into the apc management web server" message. If I then log into the NMC via SSH and logout the web login then works as expected. Although this doesn't appear to be a show stopper since we can most likely use this workaround, I'm wondering if this is a bug of some sort.

Thanks,E

Reply

Link copied. Please paste this link to share this article on your social media post.

BillP
Administrator BillP Administrator
Administrator

Posted: ‎2021-07-01 02:01 AM . Last Modified: ‎2024-03-05 11:59 PM

0 Likes
0
2178
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content

Link copied. Please paste this link to share this article on your social media post.

Posted: ‎2021-07-01 02:01 AM . Last Modified: ‎2024-03-05 11:59 PM

hello,

does this happen on both cards (AP9617/18/19 and the AP9630/31s)?

what RADIUS server are you using? i do know that these cards require two requests, one to authenticate and one to connect when using RADIUS. I wonder if it is related but I am not sure - it is just what came to mind. depending on how the particular RADIUS server and how it authenticates the user, i thought maybe its coming into play. for example, when using RSA tokens with RADIUS, we have seen issues with this because of the two requests.

can you get me steps to replicate? if none of that seems right, i will try to replicate it. from what i understand it is:

1.) Configure NMC with RADIUS.
2.) Enable SSH (and SCP)
3.) Login via SCP and transfer config.ini to NMC. Log out of SCP session and disconnect.
4.) Within X minutes, access NMC web interface (via HTTP or HTTPS?) and notice it tells me someone else is already logged in.
5.) Complete same steps with local authentication only, everything works fine?

Reply

Link copied. Please paste this link to share this article on your social media post.

Anonymous user
Not applicable

Posted: ‎2021-07-01 02:01 AM . Last Modified: ‎2024-03-05 11:59 PM

0 Likes
0
2178
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content

Link copied. Please paste this link to share this article on your social media post.

Posted: ‎2021-07-01 02:01 AM . Last Modified: ‎2024-03-05 11:59 PM

Yes, this happens on both cards (961X and 963X). We are using Cisco's ACS server (TACACS/RADIUS). I am using PSCP (Putty SCP) from a Windows 7 command prompt. It's only one command to initiate the transfer so there aren't multiple steps to login/upload/transfer/disconnect.

The command looks like this: pscp -pw password c:\temp\configup.ini admin@hostname.com:config.ini. After you run the command you return to the command prompt and get the status as shown below making you think all connections have been closed.

configup.ini | 0 kB | 0.0 kB/s | ETA: 00:00:00 | 100%
c:\PSCP>

You don't need to wait any amount of time as the web login issue is seen immmediately.

Your steps 1-5 are bascially correct except for the small differences I mention above for items 3 and 4.

Reply

Link copied. Please paste this link to share this article on your social media post.

BillP
Administrator BillP Administrator
Administrator

Posted: ‎2021-07-01 02:01 AM . Last Modified: ‎2024-03-05 11:59 PM

0 Likes
0
2178
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content

Link copied. Please paste this link to share this article on your social media post.

Posted: ‎2021-07-01 02:01 AM . Last Modified: ‎2024-03-05 11:59 PM

can you post the events from the log at this time by any chance just so i have them? i will see if i can replicate.

EDIT - was able to replicate this using RADIUS then without RADIUS as you described.

here is my log:

01/24/2013 17:04:00 System: Web user 'admin' logged in from x.x.x.x
01/24/2013 17:03:48 System: Console user 'admin' logged out from x.x.x.x
01/24/2013 17:03:46 System: Console user 'admin' logged in from x.x.x.x
01/24/2013 17:01:32 System: Configuration file upload complete, with 3 valid values.
01/24/2013 17:01:32 System: Configuration change. System location.
01/24/2013 17:01:32 System: Configuration change. System contact.
01/24/2013 17:01:32 System: Configuration change. System name.
01/24/2013 17:01:32 System: SSH/SCP: File transfer complete.
01/24/2013 17:01:31 System: SSH/SCP: File transfer started.

i will see about logging this as an issue. it wouldnt be addressed on the older cards being discontinued most likely and ill have to look to see if i can upgrade a card to our upcoming release of 6.0.X firmware to see if it still does it.

Reply

Link copied. Please paste this link to share this article on your social media post.

BillP
Administrator BillP Administrator
Administrator

Posted: ‎2021-07-01 02:01 AM . Last Modified: ‎2024-03-05 11:59 PM

0 Likes
0
2178
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content

Link copied. Please paste this link to share this article on your social media post.

Posted: ‎2021-07-01 02:01 AM . Last Modified: ‎2024-03-05 11:59 PM

i did not see this behavior using FTP and RADIUS. going to try with 6.0.X beta now. i imagine it won't matter with that because we will be supporting multiple user log ins anyway but i will check to see if the session ends at least after the SCP transfer.

EDIT I checked it in 6.0.X and even though it won't matter, i verified that my only session after testing the log in via web was the web session alone.

i will have to log an issue against this for 5.1.7.

Reply

Link copied. Please paste this link to share this article on your social media post.

Anonymous user
Not applicable

Posted: ‎2021-07-01 02:01 AM . Last Modified: ‎2024-03-05 11:59 PM

0 Likes
0
2178
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content

Link copied. Please paste this link to share this article on your social media post.

Posted: ‎2021-07-01 02:01 AM . Last Modified: ‎2024-03-05 11:59 PM

Thanks for following up on this. As a workaround I am trying to automate some type of mass login/logout because manually logging in and out of each device is not really an option when you have 400 devices. I was trying to do this with SecureCRT scripting but their SSH has issues accessing your NMCs. Any suggestions on that front would be appreciated.

Reply

Link copied. Please paste this link to share this article on your social media post.

BillP
Administrator BillP Administrator
Administrator

Posted: ‎2021-07-01 02:01 AM . Last Modified: ‎2024-03-05 11:59 PM

0 Likes
0
2178
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content

Link copied. Please paste this link to share this article on your social media post.

Posted: ‎2021-07-01 02:01 AM . Last Modified: ‎2024-03-05 11:59 PM

way back when, this article was published -> http://www.apcmedia.com/salestools/VAVR-5ZJSVU_R2_EN.pdf and indicates SecureCRT was tested. it was most likely some time ago since I've been working on these devices several years ago and have not heard anyone talking about SecureCRT.

do you have details on what the problem is or what i should look at there?

also, this will be fixed in our next firmware release for sumx and sy apps which last I heard was coming out late next week. before you go crazy doing this, i didnt know if it'd be easier to consider upgrading all of the devices and then making configuration changes. on the other hand, this new firmware update is major and has a lot of changes in itself. it may be something you have to validate and check out before you consider updating but i figured i'd mention it if its an option.

Reply

Link copied. Please paste this link to share this article on your social media post.

Anonymous user
Not applicable

Posted: ‎2021-07-01 02:01 AM . Last Modified: ‎2024-03-05 11:59 PM

0 Likes
0
2178
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content

Link copied. Please paste this link to share this article on your social media post.

Posted: ‎2021-07-01 02:01 AM . Last Modified: ‎2024-03-05 11:59 PM

I have seen that document -Yes it was tested and is marked as not supported. I just tested again to give you the specifics. I can actually connect to the older NMCs (961x). It's seems I can't connect to the newer NMC2 cards. The screen just flashes and shows it's disconnected (never receiev a prompt or anything). I'm sure it has something to do with incompatible SSH standards or something like that.

A firmware upgrade would likely put me in the same spot because it would have to be done via SCP since FTP is disabled. Not to mention doing testing, etc. The short term goal is just to get the alerts and emails cleaned up and I am almost there. Even if the web login is unavailable until someone logs in to the ssh session first and logs out that might be ok. I'm just looking for a way to kill it all in one fell swoop.

Thanks,E

Reply

Link copied. Please paste this link to share this article on your social media post.

BillP
Administrator BillP Administrator
Administrator

Posted: ‎2021-07-01 02:02 AM . Last Modified: ‎2024-03-05 11:58 PM

0 Likes
0
2178
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content

Link copied. Please paste this link to share this article on your social media post.

Posted: ‎2021-07-01 02:02 AM . Last Modified: ‎2024-03-05 11:58 PM

oh, crud, i read the document incorrectly and did not see the check versus X (meaning unsupported). oops.

anyways, in your experience with your testing, does the web UI eventually become available? meaning the auto-logout is by default 3 minutes and is a max of 10 minutes (which you can configure). i am curious if you wait this amount of time after transferring via SCP if the web UI is then accessible after whatever that setting is (between 1 and 10 minutes).

Reply

Link copied. Please paste this link to share this article on your social media post.

Anonymous user
Not applicable

Posted: ‎2021-07-01 02:02 AM . Last Modified: ‎2024-03-05 11:58 PM

0 Likes
0
2178
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content

Link copied. Please paste this link to share this article on your social media post.

Posted: ‎2021-07-01 02:02 AM . Last Modified: ‎2024-03-05 11:58 PM

The timeout does not work for this issue. If it were only a matter of waiting 10 minutes I wouldn't even care. The issue is that the web session stays locked until you SSH in an then logout. I just verified again right now but last week I waited like 30 minutes and still couldn't get in. If you have you lab scenario in tact you can verify.

Reply

Link copied. Please paste this link to share this article on your social media post.

BillP
Administrator BillP Administrator
Administrator

Posted: ‎2021-07-01 02:02 AM . Last Modified: ‎2024-03-05 11:58 PM

0 Likes
0
2178
  • Mark as New
  • Bookmark
  • Subscribe
  • Mute
  • Permalink
  • Print
  • Email to a Friend
  • Report Inappropriate Content

Link copied. Please paste this link to share this article on your social media post.

Posted: ‎2021-07-01 02:02 AM . Last Modified: ‎2024-03-05 11:58 PM

i did but then i put my card back to telnet only so i did not test today. i figured you had maybe checked that out too considering how thorough you've been but just wanted to verify.

Reply

Link copied. Please paste this link to share this article on your social media post.

Preview Exit Preview

never-displayed

You must be signed in to add attachments

never-displayed

 
To The Top!

Forums

  • APC UPS Data Center Backup Solutions
  • EcoStruxure IT
  • EcoStruxure Geo SCADA Expert
  • Metering & Power Quality
  • Schneider Electric Wiser

Knowledge Center

Events & webinars

Ideas

Blogs

Get Started

  • Ask the Community
  • Community Guidelines
  • Community User Guide
  • How-To & Best Practice
  • Experts Leaderboard
  • Contact Support
Brand-Logo
Subscribing is a smart move!
You can subscribe to this board after you log in or create your free account.
Forum-Icon

Create your free account or log in to subscribe to the board - and gain access to more than 10,000+ support articles along with insights from experts and peers.

Register today for FREE

Register Now

Already have an account? Login

Terms & Conditions Privacy Notice Change your Cookie Settings © 2025 Schneider Electric

This is a heading

With achievable small steps, users progress and continually feel satisfaction in task accomplishment.

Usetiful Onboarding Checklist remembers the progress of every user, allowing them to take bite-sized journeys and continue where they left.

of